Report of the Director-General on the Activities of the Internal Audit Office, and Internal Audit Recommendations and Actions Taken

Transcription

1 11 May 2015 INTERNATIONAL RENEWABLE ENERGY AGENCY Ninth meeting of the Council Abu Dhabi, June 2015 Report of the Director-General on the Activities of the Internal Audit Office, and Internal Audit Recommendations and Actions Taken I. Activities of the Internal Audit Office (IAO) 1. This report is presented pursuant to Financial Regulation 11.4 (b) which provides that The Director- General shall report to the Council at each session on internal audit recommendations and actions taken. It covers the period from 2 October 2014 to 11 May Since the submission of the last report (C/8/11 dated 2 October 2014) to the eighth meeting of the Council, the following activities have been performed by the IAO: i. The Internal Auditor submitted the Annual Audit Report for the year 2014 to the Director- General pursuant to Section VIII of the Internal Audit Charter under which: The Head of the IAO shall prepare and submit an Annual Audit Report to the Director General on the internal audit activity s performance, significant risk exposures and control issues including deviations from approved audit work schedules, staffing plans and financial budgets and the reason/s therefor. It should highlight significant engagement observations and recommendations. ii. For the year ended 31 December 2014, the Internal Auditor submitted the Comprehensive Audit Report to the External Auditor in compliance with Section VIII of the Internal Audit Charter and Financial Regulation 11.4 (c) which requires that The internal auditor shall submit a comprehensive, independent annual report to the external auditor of recommendations made and actions taken, which shall be considered by the external auditor. iii. The IAO completed audits on three areas pursuant to the Audit Plan for the year 2014, as approved by the Director-General: the Budget Process, Consultancy Services, and the Status of Implementation of the Enterprise Resource Planning (ERP). The 10 key recommendations that were identified are detailed in this report. iv. In compliance with Section VI of the Internal Audit Charter, the Internal Auditor submitted the Audit Plan of the IAO for the year 2015, which was approved by the Director-General on 29 January Pursuant to this Plan, the IAO is to complete audits on six areas.

2 2 II. Audit Recommendations issued during the reporting period 3. As a key component of the oversight mechanism established by the Director-General pursuant to Financial Regulation 11.1, the IAO conducted audits on the Budget Process and the Consultancy Services. Considering that several of the IAO recommendations would be fully implemented through the implementation of the Enterprise Resource Planning (ERP) system, the Internal Auditor also conducted a review on the status of the ERP implementation. Key recommendations on these audit areas along with related management s comments are as follows: a. Budget Process i. The Budget Manual should be prepared in alignment with the objectives and needs of the Agency and in compliance with the revised Financial Regulations and Financial Procedures, in the light of the upcoming implementation of the ERP. Once the Budget Manual is issued, all staff involved in the budget process should be trained to the extent necessary to understand and apply it. Management s Comments: A Budget Manual is under development and will be finalized by the 4 th quarter of The Budget Manual will provide an enhancement to the current process and would provide a one-stop-reference to all required budgetary guidance. ii. The automation of the budget process should be fast tracked to enhance coordination among the programme divisions, the budget unit and other functional units of the Administration and Management Services (AMS) division throughout the process and to ensure that a proper budget planning, implementation and monitoring are in place. Management s Comments: The new budget application system, rolled out during August 2014 and which is being used across the Agency, provides all divisions and units with the opportunity to plan, track, and utilise budgetary resources allotted for the implementation of the biennial Work Programme. iii. AMS management should review the gaps in the current budget process, strengthen the controls to ensure a proper coordination and timely communication among the different divisions. Roles, responsibilities and accountabilities of staff members involved in the budget process and the terminologies should be clearly defined, communicated and understood to ensure effective implementation. Management s Comments: The new budget application system that was internally developed and rolled out during August 2014 addressed many of the coordination gaps that existed during the period covered under this audit, placing the budget application as a de facto precursor to the new ERP. Several communications have been dispatched to different users including a comprehensive budget application user guide. Training sessions have been conducted for the users of the budget application. With the new ERP, there will be a specific role for each user, with training being planned to all finance/budget module users. iv. An organisational function should be considered which would be responsible in overseeing the proper implementation of the biennial Work Programme and Budget, monitoring, preparing qualitative reports and enhance coordination between the programme divisions and the Budget Unit; in order to report on the status of the budget process on a timely manner. It is essential that the assigned Unit should be fully knowledgeable of both programmatic and financial functions. Management s Comments: The Agency has developed a Programme Management Office (PMO) to help ensure management and administration of the programmatic activities

3 included in the biennial Work Programme. Expertise will be recruited on an as needed basis, and located under the Deputy Director-General s responsibilities, to evaluate qualitative outcomes of the activities. b. Consultancy Services i. The Human Resources Policy Manual should be updated and the Human Resource Process Manual should be finalised, in consultation with programme managers. Management s Comments: A full review of the Human Resources Policy Manual, including the relevant provisions on the engagement of consultants, will take place in the coming months, particularly to align it with the upcoming ERP. ii. The Human Resources Office in coordination with programme managers should develop a roster of consultants as required by the Human Resources Policy Manual and expand the information contained in the current database maintained in the Human Resources Office. The roster should be updated regularly to consider new hires or inputs from the programme divisions. Management s Comments: The Human Resources Office has a roster of candidates for consultants that have been pre-vetted for various positions within IRENA in different areas of expertise. This will continue to be further expanded and built upon on an on-going basis. iii. Proper planning should be done by the programme divisions to include realistic dates and consider as much as possible all the necessary areas to be covered by the consultant s work to minimize or avoid contract amendments and additional expenses. Moreover, management should consider simplifying the process for amending contracts after studying the various reasons or causes of amendments of the provisions of the contracts or Terms of Reference and revise the Delegation of Authority Manual to align it accordingly. Management s Comments: AMS, in consultation with the programme divisions and the Legal Advisor, has implemented a new procedure to minimize extensions of and amendments to contracts, whereby only the Terms of Reference state the expected dates of deliverables. This has allowed the programme divisions to avoid several amendments to the same consultancy contract, and going through the entire approval process, particularly when there is only a delay in the deliverable and no change in fees payable to the consultant. c. Status of the ERP Implementation i. A new contract amendment should be executed with the ERP Contractor to provide an updated project plan with new timelines showing the expected completion dates of each module. Moreover, Management should revisit their contract with the Contractor in charge of the quality review of the ERP implementation and decide whether to end or amend the contract or replace the Contractor and move forward with the ERP implementation. Management s Comments: The contract of the ERP Contractor will be amended once the project plan is approved by IRENA to reflect newly agreed dates for deliverables. Moreover, actions are being taken to review the deliverable provided by the Contractor engaged for the execution of the quality assurance functions of the ERP implementation vis-à-vis the contractual obligations. ii. A clear action plan should be set by AMS and communicated to concerned units at the earliest, to include the responsible parties and the milestones to complete the templates with the master data required by the Contractor. Moreover, a close supervision should be put in 3

4 place by the IRENA Chief Information Officer and the Heads of the AMS Sections and the programme divisions to ensure master data is provided as set in the project plan until the ERP is fully Management s Comments: Focal points from all units within AMS are identified to work with the ERP project team to support data migration efforts. Master data is already identified and a subset of the master data is already uploaded into the ERP system under development. iii. Consultants/Specialists who are experienced and have the adequate skills in ERP applications should be hired for a period of time to the various AMS units and coordinate or assist the ERP assigned personnel in the collection and completion of master data required for the migration phase. Continuous functional trainings should be provided to staff in different divisions on the ERP System and technical trainings for the ICT teams. Management s Comments: Data migration efforts will continue with the help of specialist resources personnel currently being recruited. Within AMS, focal points have been identified and are currently engaged in the ERP implementation process. Technical training has been carried out while end-user functional training is planned to soon take place. 4. The Director-General shall report on the status of implementation of these audit recommendations at the tenth meeting of the Council. III. Actions taken on the Internal Audit Recommendations 5. The Report of the Director-General on the Activities of the Internal Audit Office, as contained in document C/8/11, enumerated thirteen recommendations covering four audit areas. Annex I of this report provides information on actions taken by the IRENA Secretariat in response to these recommendations and on their status of implementation. Based on results of the validation procedures performed by the IAO, seven recommendations have been found fully The remaining six are currently under implementation, including two recommendations whose implementation is subject to the ERP system implementation. 4

5 Status of Implementation of the Internal Audit Recommendations Topic Audit recommendation Management action taken to implement the recommendation 1. Members Contributions Receivables and Income Accounts 2. Information Technology General Controls The Finance Policy Manual and the Finance Process Manual should be updated and finalised in light of the upcoming implementation of the ERP and the revised Financial Regulations approved by the Assembly in its decision A/4/DC/2 on 19 January 2014 and Financial Procedures as noted by the Assembly at its fourth session. The Finance Office within AMS should coordinate with the Governance Support Office for the documentation or link/shared folder on the IRENA membership to serve as the basis for the Finance Office to prepare notes verbales and for recognition in the books of accounts. The Bank Reconciliation Statements should be prepared promptly on a monthly basis for all bank accounts following proper reconciliation procedures. Monthly closure of books of accounts should be considered in the implementation of the ERP. Once closed, no accounting transactions should be recorded for that month unless approved by the Chief Finance Officer. The draft templates with the basic or common provisions of an Agreement should be finalized to facilitate the documentation of voluntary contributions. Establish an ICT Steering Committee which shall consist of management, IT and non-it staff to discuss all ICT concerns including status on issues, recommendations and actions taken. The Finance Policy Manual has been updated, approved and promulgated taking into consideration amendments made to the Agency s Financial Regulations and Procedures. The Finance Policy Manual is subject to ongoing monitoring and will be updated as required by corresponding business requirements. The Governance Support Office has made available relevant documentation on membership to support the Finance Office s preparation of Requests for contributions and subsequent recognition in the books of account. A proper segregation of duties has been addressed for the preparation of the Bank Reconciliation Statements on a monthly basis for all bank accounts following proper reconciliation procedures. Monthly closure of books of account will be considered in the course of the implementation of the ERP. A draft directive on the administration of voluntary contributions is undergoing its final review stages. Templates of voluntary contributions agreements are available and currently in use. The terms of reference of the IT Advisory Board have been prepared and were circulated to different divisions for discussion and enhancing comments. Following this process, the Board will shortly be established. C/9/7 Annex I Status of Implementation implemented and ongoing monitoring implemented and ongoing reviews. Under implementation.

6 Topic Audit recommendation Management action taken to implement the recommendation 3. Information Communication Technology Assets The Backup Strategy Policy Manual should be reviewed, updated and approved. Also, the back-up activities done by the contractual services should be included in the monthly Service Management report showing the results of backup restoration testing and any issues indicated during the period. Develop Contingency Plan that includes Business Continuity Plan and Disaster Recovery Plan which should be thoroughly tested and evaluated on a regular basis. Policy/Procedures related to IT Equipment access rights should be enhanced by the Human Resources Office in coordination with the ICT Section to include the granting and disabling access to/from staff members and related personnel who join or leave the Agency. A detailed procedure or guideline on physical count, unserviceable assets, loss, impairment, disposal and stocking of assets should be developed and issued. Before year end, an Inventory Team should be created to conduct a physical count, reconcile with the books of accounts and make the necessary adjustments. The asset management system included in the ERP should consider easy tracking, monitoring, recording and reconciliation of all the property of IRENA. A revision of data backup policy and strategy is planned to be carried out by the third quarter of 2015 which will also take into consideration the introduction of Cloud based services. Also, backup activities are being carried out and have been included in the monthly Service Management reports for the year 2015 showing results of backup restoration testing and other related indications as required. Development of IT Contingency Plans is currently ongoing in order to provide assurance of business continuity and to mitigate disaster and extraordinary events that might present certain risks to the Agency IT infrastructure and information data. As part of the Contingency Plan, all critical databases including the SharePoint and the databases are currently being backed up and replicated on Azure Cloud and Geo-backup. Access Rights processes have been enhanced by the ICT Section, in coordination with the Human Resources Office, which included the granting and disabling access to/from employees who join or leave the Agency. The Check-Out Form has been updated and new forms have been established as required. A detailed procedure on physical count, write-off and disposal of fixed assets is currently under development. During December 2014, a designated Inventory Team conducted a physical count with the outcome contributing to the reconciliation of assets with the book of accounts. In preparation for the ERP implementation that will include Asset Management capabilities, the Agency is currently in the process of deploying a new Fixed Asset Management software with a planned implementation date within the third Quarter Status of Implementation Under implementation. 6

7 Topic Audit recommendation Management action taken to implement the recommendation 4. Accruals on Employees Entitlements Recognize full provision of relocation grant for all staff members in the Professional and higher categories after the completion of one year in service for those holding fixed-term appointments; and after the completion of six months for those holding temporary appointments in accordance with rules governing staff entitlements and benefits. Pursuant to the provisions of the Human Resources Policy Manual, for all internationally recruited staff in the Professional and higher categories, repatriation grant should be accrued for those who hold a contract of one year or more and home leave be accrued only for those who hold two years fixed-term contracts. Discrepancies noted should be adjusted in the books. All leave balances carried forward to the next calendar year should be monitored properly throughout the year to ensure that no more than 15 days per year is carried forward, as stated in the Human Resources Policy Manual, unless approved by the Director-General. Observed omissions should be adjusted in the books of accounts. Moreover, the Current Staff Balance portion of the Leave Request Form should be filled up by the Human Resources Office before filing. Full provision of relocation grant had been recognized for all staff members holding fixed-term appointments and for those holding temporary appointments in accordance with rules governing staff entitlements and benefits. Necessary adjustments have been recorded in the books of account and reflected in the 2014 audited financial statements. Repatriation grant and home leave have been accrued pursuant to the provisions of the Human Resources Policy Manual. Necessary adjustments have been recorded in the books of account and reflected in the 2014 audited financial statements. The Human Resources Section conducted a thorough review of staff members leave balances including the number of days carried forward to the following year. Accordingly, necessary adjustments were made to the amounts related to the Annual Leave Accrual in the 2014 audited financial statements. Moreover, the process of leave application and monitoring has been reviewed and further enhancements has been made. Status of Implementation implemented and ongoing reviews. 7