Internal Audit of WFP s Per- Capita Funding Modality for Corporate IT Services. Office of the Inspector General Internal Audit Report AR/14/13

Similar documents
Internal Audit of WFP Operations in Cambodia. Office of the Inspector General Internal Audit Report AR/14/08

Internal Audit of ICT Governance in WFP. Office of the Inspector General Internal Audit Report AR/15/11

Internal Audit of Third Party Monitoring in WFP. Office of the Inspector General Internal Audit Report AR/16/09

Internal Audit of WFP s Supply Chain Division IT-Based Applications

Internal Audit of the Management of CERF Funded Activities in Ethiopia. Office of the Inspector General Internal Audit Report AR/16/17

Internal Audit of WFP Operations in Burundi. Office of the Inspector General Internal Audit Report AR/14/10

Internal Audit of Management Performance Indicators and Supporting Information Systems

Internal Audit of WFP Operations in Lebanon. Office of the Inspector General Internal Audit Report AR/15/17

The Syria Crisis: WFP Operations in Syria and Neighbouring Countries

Internal Audit of WFP Operations in Ethiopia. Office of the Inspector General Internal Audit Report AR/15/06

Internal Audit of WFP Operations in the Democratic Republic of Congo. Office of the Inspector General Internal Audit Report AR/14/21

Internal Audit of WFP Operations in the Republic of the Congo. Office of the Inspector General Internal Audit Report AR/15/07

Internal Audit of WFP s Procurement of Goods and Services. Office of the Inspector General Internal Audit Report AR/16/06

Internal Audit of WFP Operations in the Democratic People s Republic of Korea. Office of the Inspector General Internal Audit Report AR/17/10

Internal Audit of WFP s Country Capacity Strengthening. Office of the Inspector General Internal Audit Report AR/16/14

Internal Audit of WFP Operations in Mozambique. Office of the Inspector General Internal Audit Report AR/17/15

Internal Audit of WFP CBT Retailer Implementation in Jordan and Lebanon. Office of the Inspector General Internal Audit Report AR/17/03

Internal Audit of WFP s Operations in Jordan. Office of the Inspector General Internal Audit Report AR/17/08

Internal Audit of WFP s Management of Food Assistance for Assets. Office of the Inspector General Internal Audit Report AR/17/14

Internal Audit of WFP Operations in Somalia. Office of the Inspector General Internal Audit Report AR/17/20

Hundred and Sixty-seventh Session. Rome, May Note by the Executive Director on the Annual Report of the Inspector General

Note by the Executive Director on the annual report of the Inspector General

Internal Audit of WFP Operations in Yemen. Office of the Inspector General Internal Audit Report AR/18/02

AUDIT UNDP HAITI GRANTS FROM THE GLOBAL FUND TO FIGHT AIDS, TUBERCULOSIS AND MALARIA. Report No Issue Date: 15 April 2014

October 2018 FC 173/7. Hundred and Seventy-third Session. Rome, November Results Framework Functional Objectives

Making the choice: Decentralized Evaluation or Review? (Orientation note) Draft for comments

Internal Oversight Division. Audit Report. Audit of Enterprise Risk Management

October 2014 FC 156/15. Hundred and Fifty-sixth Session. Rome, 3-7 November Progress Report on an Accountability and Internal Control Framework

Management response to the recommendations in the report of the External Auditor on the scale-up and scale-down of resources in emergency operations

Internal Audit of Food Quality and Safety in the WFP Jordan and Lebanon Operations. Office of the Inspector General Internal Audit Report AR/17/05

Management Plan. Follow-up Briefing October 5th, 2011

The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II

Grant Thornton s annual report on the HCPC s governance, risk management and internal control systems is attached.

INTERNAL AUDIT DIVISION AUDIT REPORT 2013/102

Informal Consultation on Oversight Matters. September 2017

Internal Audit of the Integrated Road Map Pilot Phase in WFP. Office of the Inspector General Internal Audit Report AR/18/05

REPORT 2015/171 INTERNAL AUDIT DIVISION. Audit of the implementation of the interface between Umoja and Galileo

DIVISION FOR OVERSIGHT SERVICES AUDIT OF THE UNFPA COGNOS REPORTING SYSTEM FINAL REPORT

NOT PROTECTIVELY MARKED. Item Number 5.10 Gary Devlin, Partner, Scott- Moncrieff Recommendation to Members Members are requested to note the report.

AUDIT UNDP COUNTRY OFFICE AZERBAIJAN. Report No Issue Date: 22 January 2014

REPORT 2015/086 INTERNAL AUDIT DIVISION. Audit of the Kuwait Joint Support Office

REPORT 2016/023 INTERNAL AUDIT DIVISION. Review of recurrent issues in the implementation of Umoja in field missions

AUDIT UNDP COUNTRY OFFICE KUWAIT. Report No Issue Date: 20 May 2014

May 2017 FC 167/6. Hundred and Sixty-seventh Session. Rome, May Annual Report of the Inspector General

AUDIT UNDP GLOBAL SHARED SERVICE CENTRE MALAYSIA. Report No Issue Date: 21 March 2014

Financial CIA-I. Certified Internal Auditor (CIA) Download Full Version :

Internal Audit of Cash and Voucher Modalities in the Field Project Design and Set Up. Office of the Inspector General Internal Audit Report AR/15/02

UNFPA Strategic Plan Organizational effectiveness and efficiency Results framework

UNITED NATIONS DEVELOPMENT PROGRAMME Office of Audit and Investigations PERFORMANCE AUDIT OF UNDP MONITORING PRACTICES

INTERNAL AUDIT REPORT PROJECT MANAGEMENT PRACTICE (PMP)

REPORT 2015/102 INTERNAL AUDIT DIVISION

Office of the Superintendent of Financial Institutions. Internal Audit Report on Supervision Sector: Deposit Taking Group - Conglomerates

REPORT 2015/024 INTERNAL AUDIT DIVISION. Audit of the Office of the United Nations High Commissioner for Human Rights Country Office in Guatemala

Internal Oversight Division. Internal Audit Strategy

INTERNAL AUDIT DIVISION REPORT 2018/122. Audit of the United Nations Office on Drugs and Crime operations in Pakistan

INTERNAL AUDIT DIVISION AUDIT REPORT 2013/093

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL

Core Humanitarian Standard

AUDIT UNDP COUNTRY OFFICE JAMAICA. Report No Issue Date: 24 April 2015

AUDIT DIVISION FOR OVERSIGHT SERVICES OF THE UNFPA COUNTRY OFFICE IN BOSNIA AND HERZEGOVINA. FINAL REPORT N o BIH 101

PART 6 - INTERNAL CONTROL

REPORT 2015/007 INTERNAL AUDIT DIVISION

REPORT 2016/001 INTERNAL AUDIT DIVISION

REPORT 2014/095 INTERNAL AUDIT DIVISION. Audit of the United Nations Office for West Africa and the Cameroon-Nigeria Mixed Commission

REPORT 2016/033 INTERNAL AUDIT DIVISION

REPORT 2016/074. Audit of the United Nations Environment Programme Environmental Governance Subprogramme FINAL OVERALL RATING: PARTIALLY SATISFACTORY

The Evaluation Function in WFP

REPORT 2014/103 INTERNAL AUDIT DIVISION. Audit of the recruitment process at the United Nations Conference on Trade and Development

AUDIT UN WOMEN EAST AND HORN OF AFRICA SUB-REGIONAL OFFICE KENYA. Report No Issue Date: 28 June 2013

Hundred and Fifty-third Session. Rome, May 2014

May Food and. Agricultura. Organization of the United Nations. Hundred and Forty-ninth Session. Rome, May 2013

Enel Guidelines of internal control and risk management system

Hundred and Seventy-first Session. Rome, May 2018

Boards and internal audit: Working together to strengthen risk management

Independent Evaluation Office Review of the Quality Assessment Of 2016 Decentralized Evaluations

MOPAN. Institutional report. World Food Programme (WFP) Multilateral Organisation Performance Assessment Network D O N O R

AUDIT UNDP ENTERPRISE RISK MANAGEMENT SYSTEM. Report No Issue Date: 4 April 2014

REPORT 2015/058 INTERNAL AUDIT DIVISION. Audit of the United Nations Environment Programme Regional Office for Latin America and the Caribbean

Assessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive

REPORT 2015/146. Audit of the United Nations Interregional Crime and Justice Research Institute FINAL OVERALL RATING: PARTIALLY SATISFACTORY

Auditor General s Office REVIEW OF THE CITY SAP COMPETENCY CENTRE APPENDIX 1. June 1, 2010

AUDIT UNDP COUNTRY OFFICE AFGHANISTAN ASSET MANAGEMENT. Report No Issue Date: 14 February 2014

AUDIT & RISK COMMITTEE INTERNAL AUDIT PERFORMANCE REPORT 1 ST APRIL -31 ST DECEMBER 2009

INTERNAL AUDIT DIVISION REPORT 2018/073. Audit of procurement and contract management at the United Nations Office on Drugs and Crime in Colombia

Internal Control Questionnaire and Assessment

Integrity. Purpose of the Checklist. Description

Audit of Entity Level Controls

REPORT 2015/077 INTERNAL AUDIT DIVISION

INTERNAL AUDIT DIVISION REPORT 2018/136

AUDITING. Auditing PAGE 1

Internal Control Questionnaire and Assessment

AUDIT REPORT INTERNAL AUDIT DIVISION. Human resources management of the Umoja project

Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009

REPORT 2014/156 INTERNAL AUDIT DIVISION. Audit of the recruitment process at the United Nations Office on Drugs and Crime

Emergency Preparedness & Response Framework

COMMISSION OF THE EUROPEAN COMMUNITIES COMMUNICATION TO THE COMMISSION

Management Response to the Recommendations of the Report of the External Auditor on Decentralization

Internal Audit of Beneficiary Management Office of the Inspector General Internal Audit Report AR/17/17

REPORT 2014/112 INTERNAL AUDIT DIVISION. Audit of recruitment of national staff in the African Union-United Nations Hybrid Operation in Darfur

Transcription:

Fighting Hunger Worldwide Internal Audit of WFP s Per- Capita Funding Modality for Corporate IT Services Office of the Inspector General Internal Audit Report AR/14/13

Contents Page I. Executive Summary 3 II. Context and Scope 5 III. Results of the Audit 6 Annex A Audit Definitions 10 Annex B Acronyms 13 Report No. AR/14/13 May 2014 Page 2

Internal Audit of WFP s Per-Capita Funding Modality for Corporate IT Services I. Executive Summary Introduction 1. As part of its annual work plan, the Office of Internal Audit conducted an audit of WFP s Per- Capita Funding Modality for Corporate IT Services ( Per-Capita ). The audit took place during November 2013 and covered activities from 1 January 2012 to 31 October 2013. It looked at events prior and subsequent to this period as required. The audit was conducted at WFP Headquarters in Rome. 2. In August 2012, WFP adopted a Per-Capita cost recovery model for selected corporate IT service operational costs with the aim of scaling the costs to the relevant size of each operation to accurately reflect them against the most appropriate cost category. The total estimated cost of the services charged under the Per-Capita model in 2013 amounted to USD 26.9 million, equivalent to a unit cost of approximately USD 2,250 for each user. 3. The audit was carried out in accordance with the Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing. Audit Conclusions 4. Based on the results of the audit, the Office of Internal Audit has come to an overall conclusion of satisfactory. Conclusions by internal control component are summarised in Table 1: Table 1: Summary of conclusions by Internal Control Components Internal Control Component Conclusion 1. Internal environment Low 2. Risk assessment Medium 3. Control activities Medium 4. Information and communication Medium 5 Monitoring Low Key Results of the Audit Positive practices and initiatives 5. The Per-Capita cost-recovery process provided WFP with a means to charge the recurring cost of certain IT-related services to the correct cost category. A system was in place to monitor and record the cost recovered from offices. USD 24.3 million of the USD 26.9 million Per-Capita charge for 2013 had been recovered by 14 January 2014. Audit observations 6. No high-risk observations arose from the audit. The audit report contains five medium risk observations. Report No. AR/14/13 May 2014 Page 3

Proposed agreed action 7. Management, in discussion with the Office of Internal Audit, has agreed to take measures to address the reported observations. Work is in progress and management plans to have all the agreed actions implemented by 31 December 2014. 8. The Office of Internal Audit would like to thank managers and staff for the assistance and cooperation accorded during the audit. David Johnson Inspector General Report No. AR/14/13 May 2014 Page 4

II. Context and Scope WFPs Per-Capita Funding Modality for Corporate IT Services 9. WFP s main corporate IT services were delivered to a broad and decentralised WFP organisational structure and supported a variety of business processes and offices. The contracting of these services was centralised in WFP Headquarters in Rome while services were delivered directly to staff in WFP offices worldwide. The operational cost of these services represented a significant portion of WFP s recurring operational expenses. Prior to the introduction of Per Capita, the majority of these recurring services were charged against the Country Office (CO) Direct Support Costs (DSC) but a significant amount was charges against the Programme Support and Administrative (PSA) budget of the Information Technology Division. 10. In August 2012, WFP adopted a cost recovery model for selected corporate IT service operational costs with the aim of scaling the costs to the relevant size of each operation to accurately reflect them against the most appropriate cost category. The Information Technology Division was assigned to estimate the annual costs of the services to be included in the Per-Capita model, and the Budget and Programming Division was given responsibility for recovering the share of costs from each office. The Per-Capita unit cost was calculated by dividing the projected total annual cost of the selected IT services by the number of users registered in the WFP global Active Directory (AD). In 2013, the total estimated cost for the services charged under the Per-Capita model was USD 26.9 million. This was equivalent to a unit cost of USD 2,250 for each of the approximately 12,000 persons registered in the AD account. USD 24.3 million had been recovered as of 14 January 2014. Objective and scope of the audit 11. The objective of the audit was to evaluate and test the adequacy and effectiveness of the processes associated with the implementation and management of Per-Capita as part of the process of providing an annual and overall assurance statement to the Executive Director on governance, risk management and internal control processes. 12. The audit was carried out in accordance with the Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing. It was completed according to an approved planning memorandum and took into consideration the risk assessment exercise carried out prior to the audit. 13. The scope of the audit covered the Per-Capita process for the period from 1 January 2012 to 31 October 2013. It looked at events prior and subsequent to this period as required. The audit took place from 11 November to 29 November 2013 and was conducted at WFP Headquarters in Rome. The audit team used structured interviews and electronic questionnaires to obtain and evaluate the views of Per Capita users across WFP in line with objectives of the audit. Report No. AR/14/13 May 2014 Page 5

III. Results of the audit 14. In performing the audit, the following positive practices and initiatives were noted: Table 2: Positive practices and initiatives 1. Control activities The portion of the IT recurring costs that previously were charged to the IT Division PSA were now charged to a specific cost category. There was a process requesting offices to confirm the number of persons registered in the AD account by Business Area. USD 24.3 million of the USD 26.9 million Per-Capita charge for 2013 had been recovered by 14 January 2014. 2. Monitoring A system was in place to monitor the status of cost-recoveries. 15. Having evaluated and tested the controls in place, the Office of Internal Audit has rated the internal control components as follows: Table 3: Conclusions on risk by internal control component and business process Internal Control Component/Business Process 1. Internal environment Strategic planning and performance accountability 2. Risk assessment Enterprise risk management 3. Control activities IS/IT plan and organize Finance and accounting 4. Information and communication Internal communication 5. Monitoring Monitoring of cost-recoveries Risk Low Medium Medium Medium Medium Low 16. Based on the results of the audit, the Office of Internal audit has come to an overall conclusion of satisfactory 1. 17. No high risk observations arose from the audit. The audit report contains five medium risk observations. These are presented in Table 4. Agreed action 18. Management, in discussion with the Office of Internal Audit, has agreed to take measures to address the reported observations. Work is in progress and management plans to have all the agreed actions implemented by 31 December 2014. 2 1 See Annex A for definitions of audit terms. 2 Implementation will be verified through the Office of Internal Audit s standard system for monitoring agreed actions. Report No. AR/14/13 May 2014 Page 6

Table 4: Medium-risk observations Observation Agreed action Risk categories 3 Underlying cause category Risk Assessment Owner Due date 1 Enterprise risk management: Absence of a risk, cost-benefit and business impact analysis Although Per-Capita was a new cost-sharing model for WFP, a risk and cost-benefit analysis to determine the impact on the business was not performed before the model was presented to the Executive Management Group for review and approval. Establish criteria and issue instructions for the mandatory undertaking of a risk and costbenefit analysis in the case of cost-sharing processes that will have a global impact on WFP operations. Operational Processes & Systems Institutional Guidelines Office of the Executive Director 30 September 2014 Control Activities 2 IS/IT Plan and Organise: Calculation Criteria - The Per-Capita unit charge for each office was calculated on the basis of the number of Active Directory (AD) accounts. The audit noted instances when the use of this criterion made the charge to offices inaccurate and a need for stronger controls to ensure that the calculation only considered staff that had an active WFP contract. Sample testing identified 61 active accounts related to people who had left WFP and 207 records that had a contract shorter than 360 days but were charged a full annual fee. The Information Note stated that an average of 12 monthly counts of the AD should be used to determine the annual cost calculation but the number of users as at 31 January 2013 was used instead. Review the criteria for calculating the Per-Capita unit cost for each Business Area to obtain a more accurate charge. Operational Accountability & Funding Institutional Guidelines Information Technology Division 30 June 2014 3 See Annex A for definition of audit terms. Report No. AR/14/13 May 2014 Page 7

Observation Agreed action Risk categories 4 Underlying cause category Control Activities Owner Due date 3 IS/IT Plan and Organise: Composition and estimated costs of services included in the Per-Capita The services covered under Per- Capita met the established criteria; however the basis for determining the criteria, the selection of the services to be included and the estimation of the individual costs was not documented. For example, the PASport payroll application was not used by all offices but formed part of the global cost calculation while applications that were in use throughout WFP (e.g. Asset Management Database, TeamCentral, Vehicle Tracking System) were excluded from Per-Capita. Review and document the criteria for including services and applications in the Per-Capita charge, and make any changes that may be called for. Operational Accountability & Funding Institutional Best practice Information Technology Division 31 December 2014 4 Finance and Accounting: Actual cost recovery - Organizational Budgeting Service determined that the USD 26.9 million Per- Capita cost for 2013 was to be recovered in two tranches. USD 24.3 million had been recovered by 14 January 2014. However, there were no procedures for dealing with cases when offices were unable to pay their share of Per-Capita. In March 2014, USD 2.1 million was outstanding with four offices owing between USD 50K and USD 100K, five offices between USD 100K and USD 200K and one office owing USD 270K. Establish written procedures for dealing with cases when an office is unable to pay its share of Per-Capita within the required timeline. Operational Accountability & Funding Institutional Guidelines Organizational Budgeting Service 30 June 2014 4 See Annex A for definition of audit terms. Report No. AR/14/13 May 2014 Page 8

Observation Agreed action Risk categories 5 Underlying cause category Owner Due date Information and Communication 5 Information and Communication: Internal Communication A proper communication mechanism was not put in place prior to implementing Per-Capita. The minutes of the Executive Management Group meeting that approved Per-Capita highlighted the need for the Regional Bureaus to properly communicate with country offices so that they understood the benefits and challenges associated with the changes being brought about by Per-Capita but there was no evidence that this communication took place. The Per-Capita Information Note showing the estimated and per-unit costs of the services included in Per-Capita was only issued in early 2013. Due to the delay, offices were not able to properly plan and budget for their share of cost. In coordination with the Information Technology Division and Organizational Budgeting Service, determine the internal communication lessons that can be learned from the Per-Capita implementation and develop an action plan for Per-Capita and for use in future similar projects. Reporting Processes & Systems Institutional Best practice Office of the Executive Director 30 September 2014 5 See Annex A for definition of audit terms. Report No. AR/14/13 May 2014 Page 9

Annex A Audit definitions 1. WFP s Internal Control Framework (ICF) A 1. WFP s Internal Control Assurance Framework follows principles from the Committee of Sponsoring Organizations of the Treadway Commission s (COSO) 6 Integrated Internal Control Framework, adapted to meet WFP s operational environment and structure. The Framework was formally defined in 2011. A 2. WFP has defined internal control as a process designed to provide reasonable assurance regarding the achievement of objectives relating to (a) effectiveness and efficiency of operations; (b) reliability of reporting; and (c) compliance with WFP rules and regulations. WFP recognizes five interrelated components (ICF components) of internal control which need to be in place and integrated for it to be effective across the above three areas of internal control objectives. The five ICF components are (i) Internal Environment, (ii) Risk Management, (iii) Control Activities, (iv) Information and Communication, and (v) Monitoring. 2. Risk categories A 3. The Office of Internal Audit evaluates WFP s internal controls, governance and risk management processes, in order to reach an annual and overall assurance on these processes in the following categories: Table A.1: Categories of risk based on COSO frameworks and the Standards of the Institute of Internal Auditors 1 Strategic: Achievement of the organization s strategic objectives. 2 Operational: Effectiveness and efficiency of operations and programmes including safeguarding of assets. 3 Compliance: Compliance with laws, regulations, policies, procedures and contracts. 4 Reporting: Reliability and integrity of financial and operational information. A 4. In order to facilitate linkages with WFP s performance and risk management frameworks, the Office of Internal Audit maps assurance to the following two frameworks: Table A.2.1: Categories of risk WFP s Management Results Dimensions 1 People: Effective staff learning and skill development Engaged workforce supported by capable leaders promoting a culture of commitment, communication & accountability Appropriately planned workforce Effective talent acquisition and management. 2 Partnerships: Strategic and operational partnerships fostered Partnership objectives achieved UN system coherence and effectiveness improved Effective governance of WFP is facilitated. 3 Processes & Systems: High quality programme design and timely approval Cost efficient supply chain enable timely delivery of food assistance Streamlined and effective business processes and systems Conducive platforms for learning, sharing and innovation. 4 Programmes: Appropriate and evidence based programme responses Alignment with Government priorities and strengthened national capacities Lessons learned and innovations mainstreamed Effective communication of programme results and advocacy. 5 Accountability & Funding: Predictable, timely and flexible resources obtained Strategic transparent and efficient allocation of resources Accountability frameworks utilised Effective management of resources demonstrated. 6 Committee of Sponsoring Organizations of the Treadway Commission. Report No. AR/14/13 May 2014 Page 10

Table A.2.2: Categories of risk WFP s Risk Management Framework 1 Contextual: External to WFP: political, economic, environmental, state failure, conflict, humanitarian crisis. 2 Programmatic: Failure to meet programme objectives and/or potential harm caused to others though interventions. 3 Institutional: Internal to WFP: fiduciary failure, reputational loss, financial loss through corruption. 3. Causes or sources of audit observations A 5. The observations were categorized on the basis of causes or sources: Table A.3: Categories of causes or sources 1 Compliance Requirement to comply with prescribed WFP regulations, rules and procedures. 2 Guidelines Need for improvement in written policies, procedures or tools to guide staff in the performance of their functions. 3 Guidance Need for better supervision and management oversight. 4 Resources Need for more resources (funds, skills, staff, etc.) to carry out an activity or function. 5 Human error Mistakes committed by staff entrusted to perform assigned functions. 6 Best practice Opportunity to improve in order to reach recognised best practice. 4. Risk categorisation of audit observations A 6. The audit observations were categorised by impact or importance (high, medium or low risk) as shown in table A.4 below. Audit observations typically can be viewed on two levels: (1) observations specific to an office, unit or division, and (2) observations which may relate to a broader policy, process or corporate decision and may have broad impact. 7 Table A.4: Categorization of observations by impact or importance High risk Medium risk Low risk Issues or areas arising related to important matters that are material to the system of internal control. The matters observed might cause a corporate objective not to be achieved, or result in exposure to unmitigated risk that could have a high impact on the corporate objectives. Issues or areas arising related to matters that significantly affect controls but may not require immediate action. The matters observed may cause a business objective not to be achieved, or result in exposure to unmitigated risk that could have an impact on the objectives of the business unit. Issues or areas arising that would, if corrected, improve internal controls in general. The recommendations made are for best practices as opposed to weaknesses that prevent the meeting of systems and business objectives. A 7. Low risk observations, if any, are communicated by the audit team directly to management, and are not included in this report. 7 An audit observation of high risk to the audited entity may be of low risk for WFP as a whole; conversely, an observation of critical importance for WFP may have low impact for a specific entity, but globally be of high impact. Report No. AR/14/13 May 2014 Page 11

5. Monitoring the implementation of agreed actions A 8. The Office of Internal Audit tracks all high and medium-risk observations. Implementation of observations will be verified through the Office of Internal Audit s system for monitoring the implementation of audit observations. The purpose of this monitoring system is to ensure that actions agreed with management are effectively implemented within the agreed timeframe so as to manage and mitigate the associated risks identified, thereby contributing to the improvement of WFP s operations. 6. Rating system A 9. Internal control components and processes are rated according to their risk severity. These ratings are part of the system of evaluating the adequacy of WFP's risk management, control and governance processes. A rating of satisfactory, partially satisfactory, and unsatisfactory is reported in each audit, and these categories are defined as follows: Table A.5: Rating system Engagement rating Definition Assurance level Satisfactory Internal controls, governance and risk management practices are adequately established and functioning well. No issues were identified that would significantly affect the achievement of the objectives of the audited entity. Reasonable assurance can be provided Partially Satisfactory Internal controls, governance and risk management practices are generally established and functioning, but need improvement. One or several issues were identified that may negatively affect the achievement of the objectives of the audited entity. Reasonable assurance is at risk. Unsatisfactory Internal controls, governance and risk management practices are either not established or not functioning well. The issues identified were such that the achievement of the overall objectives of the audited entity could be seriously compromised. Reasonable assurance cannot be provided. Report No. AR/14/13 May 2014 Page 12

Annex B Acronyms AD CO DSC ED EMG ICT OST PSA RMBB SAP WINGS WFP Active Directory Account Country Office Direct Support Costs Executive Director WFP s Executive Management Group Information Communication and Technology WFP s Information Technology Department Programme Support and Administrative WFP s Budget and Programming Service A software package named for its German developer, SAP AG. WFP s corporate ERP system World Food Programme Report No. AR/14/13 May 2014 Page 13

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback