Enterprise Risk Management and Internal Control Practices in Financial Audit - Turkey
Explore the framework of enterprise risk management and internal control practices in Turkey, focusing on the application within the Turkish Court of Accounts (TCA). Understand the roles, responsibilities, and strategic planning aspects related to ERM and IC. Discover how public financial management laws in Turkey emphasize transparency, accountability, and performance-based budgeting.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Enterprice Risk Management and Internal Control Practices in Financial Audit ERM and IC Practices in Turkey and the TCA ANKARA, May 2021 1
Learning Objective To understand the framework of enterprice risk management internal control practices in Turkey and To understand briefly how enterprice risk management and Internal Control is applied in the Turkish Court of Accouts(TCA), and what duties the TCA has in this field in its audits.
Content Introduction The Strategic Management Model in Turkish Public Administration Enterprice Risk Management in Turkey Internal Control in Turkey Roles and Responsibilities in Strategic Planning, Enterprise Risk Management and Internal Control Enterprice Risk Management and Internal Control Practices in the TCA 3
Introduction It is considered the constitution of public financial management in Turkey. All elements of strategic management (Strategic plan, Performance program and Budget, Activity Report) can be found in this law. With this Law; Revolutionary arrangements were made in public financial management with the introduction of concepts transparency, accountability, performance-based budgeting, internal control and internal audit. Public Financial Management and Control Law No. 5018 such strategic annual as financial planning, reports, 4
Introduction It has been made obligatory for public administrations to determine their strategic goals and objectives and to conduct and evaluate the processes of monitoring their performance. Both Law No. 5018 and secondary legislation clearly regulate Internal Control. Enterprice Risk Management practices can be found in the strategic management process with the implemetation of secondary legislation. ERM and internal control can be considered as assisting tools in achieving the strategic goals and objectives determined by public administrations in line with their visions and missions in public management legislation. Both frameworks facilitate and support thestrategic management process when implemented effectively. Their purpose is to help the enterprise achieve its objectives and to optimizethe enterprise s value Public Financial Management and Control Law No. 5018 5
Strategic Management Model in Turkish Public Administration Strateg c Plan -Mission Enterprice Risk Management -Vision - Strategic Goals and Objectives -Performance Measures -Risks Performance Program and Budget -Priorities -Performance Objectives External Audit -Activities/Projects -Performance Measures -Resource Allocation -Risks Activity Report -Activity/Project Results -Performance Objectives and Their Realization Internal Control -Deviations and Their Causes -Recommendations and Measures 6
Strategic Management Model in Turkish Public Administration Strategic plan refers to a plan which includes medium and long-term strategic goals, basic principles and policies, objectives and priorities, and performance indicators of public administrations, as well as the methods and the resource distribution to achieve theme. Strategic Plan Public administrations must prepare strategic plans in order to form missions and visions for the future; determine strategic goals and measurable objectives; measure their performances according to predetermined indicators; and monitor and evaluate the overall process. Risks related to each objective should be identified and analyzed and the measures related to these risks should be determined in the cource of setting strategic goals and objectives. if a more detailed risk study is done, better alternative strategies can be determined. 7
Strategic Management Model in Turkish Public Administration Especially Enterprise risk management is very involved in the strategic planning stage. Strategic plans also benefit from previous year s experience in internal control and enterprise risk management. Strategic Plan ERM should instill within the public entities a discipline around management and should discuss risks and how they are managed while setting strategic goals and objectives. ERM basically makes this contribution in two ways: risk management strategy and risk appetite. The risk management strategy is the set of shared beliefs and attitudes characterizing how the entity considers risk in everything it does, from strategy development and implementation to its day-to-day activities. It communicates the importance of risk throughout the entire entity. Risk appetite reflects the entity s risk management philosophy, and in turn influences the entity s culture and operating style. Risk appetite is usually established in a risk appetite statement; which, frames the risks the organization should accept, the risks it should avoid and the strategic and operating parameters within which the organization should operate. Changes can be made in strategic planning( the objectives, performance indicators, indicator values, and the effect of the indicator on the objectives, strategies, and cost) as a result of ERM involvement in the process. 8
Strategic Management Model in Turkish Public Administration Performance programs establish a connection between the goals and objectives of the public administration and their resource needs. Program and Budget Performance Through the performance program, the public entities determine the annual implementation of the medium and long-term strategic goals and objectives which are determined in their strategic plans and prepare their budgets accordingly. While doing so, they also decide which of the goals and objectives they set in their strategic plans have priority. In this sense, they include annual targets regarding medium and long-term goals and objectives in strategic plans, activities determined to achieve these objectives and their resource needs. Performance indicators created to measure and evaluate the achievement of performance objectives are also included in those programs. Similar to Strategic planning, Enterprise risk management and Internal Control systems are used in the preparation and implementation of performance programs and budgets. Just as Strategic plans, performance programs and budgets also benefit from previous year s experience in internal control and Enterprise risk management systems. 9
Strategic Management Model in Turkish Public Administration While ERM is predominantly involved in the preparation of the performance program and the prioritization of performance targets and the preparation of the budget, internal control is generally used in the implementation of the performance program and the budget. Program and Budget Performance The control activities and information and communication components in Internal Control framework in paticular support the execution of performance program because this is how business objectives are achieved. Control Activities; These activities consist of actions of people to implement established policies, directly or through application of technology, to help ensure that management s risk responses are carried out. They are vital to successful execution of the business model because they are intended to mitigate the risks of relevant objectives not being achieved. Information and Communication; Both information and communication are vital to execution at all levels of an organization to identify, assess and respond to risk on an ongoing basis and ensure the achievement of objectives. 10
Strategic Management Model in Turkish Public Administration The aim of preparing activity reports is to display the results of the activities and objectives envisioned and planned to be realized in the strategic plans of the administrations and their performance programs, which are the annual projections of these plans. Answers to questions such as to what extent the objectives (which were determined at the planning stage of the strategic management and made more specific with the performance program and budget) were achieved, the success of the institution's performance, to what extent the control activities implemented within internal control system prevent the risks to achieving objectives are given in the activity report. Activity Report As activity reports are a document in which the annual performance of the administration is measured and evaluated, public institutions benefit from the ERM and especially internal control systems while preparing this document. Activity reports also reveal the success of the ERM and internal control systems as well as the success of the strategic management. The monitoring component of both ERM and Internal Control frameworks plays an important role in entity s activity reports because it provides the discipline to improve strategic management capabilities as well as risk management and internal control capabilities. Monitoring assesses progress towards attaining objectives and evaluates performance of processes, risk responses and internal control activities. It identifies new issues, risks as well as deficiencies in ERM and internal control. 11
Enterprice Risk Management Risk Management Strategy(Risk appetite,Risk Tolarance) Review and Reporting of Risks Risk Identification Risk Management Process Risk Risk Response Assesment 12
Enterprice Risk Management To be properly implemented, ERM must be part of the strategic planning and performance program preparation process to ensure that the risks that would prevent a public entity from achieving its objectives have been identified and are being managed within the entities acceptable risk level (Risk appetite). According to Turkey s legislation, ERM should especially be implemented in the strategic planning and performance program preparation process to increase the organization's value and make sure that the organization will achieve its goals and objectives which are aligned with its mission and vision. During the strategic planning, alternative goals and objectives are evaluated based on the possible risks that may arise from these goals and objectives. After determining the goals and objectives in the strategic plan, public entities make their goals and objectives more specific with the performance programs. A public entity, which determines its goals and objectives by considering possible risks, also takes into account the effectiveness of the internal control system it has established. Entities, which has stronger and sound Internal Control System, might be willing to take more risks (high risk appetite) while entities with weaker internal control system do not want to push their chances. 13
Enterprice Risk Management Why integrate ERM and Strategic Planning in Turkey? Integrating ERM and strategic planning can make strategic plans stronger while helping public entities focus on their limited resources on the risks that matter most. With integration, public administrations can: Strike the right balance in dedicating attention/resources between alternative goals and objectives; Eliminate separate ERM and strategic planning processes involving the same stakeholders and similar topics; Design strategic goals, objectives, and performance measures that anticipate risks to their success; Create resilient strategies that plan for potential risk exposures and are more likely to succeed; Focus on not only goals and objectives which are more important and essential for success but also risks that matter the most; and Monitor external indicators that provide early warning and trigger control activities. 14
Internal Control in Public Financial Management The main objectives of public administrations are to fulfill the duties assigned to them by law, to ensure that; The activities they carry out for this purpose are carried out In accordance with law(Compliance Objectives), In an effective, economic, and efficient manner(Operations Objectives), And prepeare realiable, timeless and transparent financial or non- financial reports (Reporting Objectives) The best way for public administrations to fulfill these duties can be achieved by establishing and implementing an effective internal control system to identify possible risks to attain their objectives and to ensure that enough controls are taken against these risks. 15
Internal Control in Public Financial Management According to Law no.5018, internal control is the sum of the financial and other controls comprising organization, methodology, procedure, and internal audit established by the administration in order to ensure that the activities are performed in an effective, economic and efficient way (Operational objective) in accordance with the goals, defined policies of the administration and with legislation, (Compliance Objective) the accounting records are held correctly and completely, the financial information and management information securely.(Reporting Objective) The strategic plans of the administrations are the basis of their objectives and their pre-laid policies explained in the definition of Internal Control. As stated in the definition, internal control covers all the works and procedures performed by an entity to achieve its goals and objectives. These activities and transactions are the financial or non-financial transactions and activities. In other words, Law No. 5018 does not limit internal control to financial control only. are produced in time and 16
Internal Control in Public Financial Management IC is under the Responsibility of Management Internal Control is a Tool, Not a Purpose Risk-Based Basic Principles of Internal Control Needs to be evaluated and improved (at least once in a year) Involves all personel Covers all transactions(Fi nancial or non- financial) 17
Internal Control in Public Financial Management To manage the public revenues, expenditures, assets and liabilities in an effective, economic and efficient way, To ensure that public administrations operate in accordance with the laws and other legislations, Objectives of Internal Control To prevent irregularities and frauds in all kinds of financial decisions and transactions, To ensure regular, timely and reliable reporting and acquisition of information for making decisions and monitoring, To prevent the misuse and waste of assets and protect against losses 18
Internal Control in Public Financial Management Elements of Internal Control Control environment is a general framework that forms the basis for the other elements of internal control. It includes the issues related to personal and professional integrity, ethical values of management and personnel, supportive internal control, professional structure, human resources policies and practices, management philosophy and business style. Risk assessment is the process of defining and analyzing the risks that will prevent the realization of the objectives of the administration and determining the necessary precautions. attitude towards competence, organizational Information and communication includes the information, communication and recording system that will ensure that the necessary information is transmitted to the person, personnel and manager, who need it, in a specific format and within a time frame that will allow those concerned to fulfill their internal control and other responsibilities. Control activities are policies and procedures created to ensure the achievement of the objectives of the administration and to manage the identified risks. Monitoring includes all monitoring activities carried out to evaluate the quality of the internal control system. 19
Roles and Responsibilities Ministry of Treasury and Finance The duty of central harmonization in the field of financial management and internal control is carried out by the Ministry of Treasury and Finance Internal Audit Coordination Council The Council is affiliated to the Ministry of Treasury and Finance. It consists of seven members. It carries out duties such as organizing, monitoring of the internal audit system, directing and coordination, training, management of internal audit resources, cooperation, and information technologies. Heads of Administrations The heads of public administrations are responsible for the preparation and implementation of the strategic plans and budgets of their administration, for monitor and supervision of the operation of financial management and control system; and for the accomplishment of the duties and responsibilities defined with the legislation The heads of administrations perform the requirement of this responsibility through authorizing officers, financial services units, and internal auditors Heads of administrations are responsible for the establishment and supervision of the internal control system. Authorizing Officer According to the provisions of Law no.5018, the spending unit refers to the unit for which appropriation is allocated within the budget of the public administration, and which is authorized to spend; and the head of each spending unit to which appropriation is allocated with the budget is the authorizing officer. Authorizing officers, who are allocated appropriation through the budget, are responsible to the head of administration that works and transactions have been realized in accordance with sound management principles, control arrangements, and the legislation and that the internal control system is effective and efficient. 20
Roles and Responsibilities Accounting and Financial Services Unit According to Article 60 of Law no.5018, the duties of the accounting and financial services unit in the context of strategic planning and internal control are: -Coordinating the preparation of the strategic plan and performance program of the administration and carrying out the works for consolidating the results, -Preparing the administration budget, -Recording the budget, collecting and evaluating the data regarding the budget implementation results and preparing the budget final account and financial statistics, -To prepare the activity report of the administration, -To execute control activities( before payments are made), -To work for the establishment of an internal control system, implementation and improvement of the standards. Internal Auditors (Ex-post Control) Internal audit is an independent and objective activity of providing assurance and consultancy. Besides some other responsibilities, internal auditors evaluate entity s ERM and Internal Control cprocesses. 21
ERM and Internal Control Practices in the TCA As a public administration responsible for implementing Law No. 5018, the TCA applies the above- mentioned Strategic Management process. Besides, the TCA has a legal obligation to evaluate the financial and internal control systems of the public administrations it audits. Therefore, the TCA also has a responsibility to set an example for public administrations. Moreover, the TCA management is aware of the importance of ERM and Internal Control and their impact on increasing institutional capacity. For this reason, the TCA puts an intensive effort to develop ERM and internal control systems in addition to the requirements of the legislation and allocates significant resources to these areas. Here are some of the activities carried out by the TCA for this purpose: A team has been formed to follow the internal legislation, standards, methodology, and current issues regarding ERM and Internal Control, A guide has been prepared to increase the ERM and Internal control capacity and guide the implementation, In-service training on ERM and Internal Control is provided for auditors regularly, Workshops are held regularly with the wide participation of the personnel to identify the risks that may prevent the TCA from achieving its goals and objectives, Participation in seminars, conferences, workshops, training, etc. organized in Turkey or abroad to increase the capacity of the personnel. 22
ERM and Internal Control Practices in the TCA The TCA evaluates the strategic management, ERM, and internal control systems of entities within the scope of its regularity audits. The TCA analyzes the audit results in detail and presents them to the Parliament. On the other hand, the results of the analysis including numerical evaluations of the strategic management, ERM, and internal control systems of the auditees are presented to the public in a separate booklet to increase the level of awareness on these issues and contribute to the stakeholders. In addition to these, as a part of planning during financial audits, auditors examine the ERM and internal control systems of the audited administrations in order to identify control risks. 23
Thank You 24