Publisher year: 2020
Author: Jean-Pierre Garitte, Marius Tomoiala
The book is a useful guide for management and public sector employees for the implementation and development of internal managerial control systems within public entities. In presenting the implementation of the standards of internal managerial control provided by public entities, the authors have a practical approach, based on the explanation of specific concepts and requirements, accompanied by examples and completion of model documents. At each standard are indicated, in a logical sequence, the minimum activities and the documents necessary for an adequate implementation of the provided requirements. A novelty is the establishment of a set of quantitative and qualitative criteria for evaluating the application of each standard in practice, so as to avoid the error of declaring the standards as being implemented only on the basis of drawing up, formally, documents.
JEAN-PIERRE GARITTE is an internationally recognized expert in the field of governance, risk management, internal control and internal audit, with a practical and academic experience of over 44 years.
He is an executive professor at the Antwerp School of Management in Belgium and has given lectures in over 100 different countries. He played an essential role in the development of the internal audit profession in Belgium, Romania, Turkey, the Czech Republic, Malaysia, Hungary and Poland.
He is a member of the Audit Development Committee of the European Commission and chairman of the audit committee of the Flemish Government in Belgium.
MARIUS TOMOIALA is an internationally certified internal auditor, with concerns for the development of internal audit, internal managerial control and risk management in Romania.
PREFACE / 7
FOREWORD / 11
INTRODUCTION: THE TRANSITION OF INTERNAL MANAGERIAL CONTROL FROM THEORY TO PRACTICE / 15
CHAPTER 1. THE NEED TO IMPLEMENT INTERNAL MANAGEMENT CONTROL / 21
CHAPTER 2 ORGANIZATION OF INTERNAL MANAGEMENT CONTROL / 33
2.1. RESPONSIBILITY OF ORGANIZATION AND FUNCTIONING OF INTERNAL MANAGEMENT CONTROL / 33
2.2. ESTABLISHING THE ORGANIZATIONAL STRUCTURE IN THE FIELD OF INTERNAL MANAGEMENT CONTROL / 35
2.3. COMPONENT OF THE MONITORING COMMITTEE / 36
2.4. ORGANIZATIONAL AND WORKING MODULE OF THE MONITORING COMMISSION / 42
2.5. DUTIES OF THE MONITORING COMMISSION / 46
2.6. DEFICIENCIES REGARDING THE ORGANIZATION OF THE INTERNAL MANAGEMENT CONTROL ACTIVITY / 48
2.7. MINIMUM ACTIVITIES AND DOCUMENTS NECESSARY FOR THE ORGANIZATION OF THE INTERNAL MANAGEMENT CONTROL SYSTEM / 49
2.8. MINIMUM QUANTITATIVE AND QUALITATIVE CRITERIA FOR THE EVALUATION OF THE ORGANIZATION OF THE MANAGERIAL INTERNAL CONTROL SYSTEM / 49
CHAPTER 3 PLANNING OF ACTIVITIES REGARDING INTERNAL MANAGEMENT CONTROL / 53
3.1. DEVELOPMENT PROGRAM IN THE FIELD OF INTERNAL MANAGEMENT CONTROL / 53
3.2. MINIMUM ACTIVITIES AND DOCUMENTS NECESSARY FOR PLANNING IN THE FIELD OF INTERNAL MANAGEMENT CONTROL SYSTEM / 56
3.3. MINIMUM QUANTITATIVE AND QUALITATIVE CRITERIA FOR THE EVALUATION OF THE ACTIVITY PLANNING MODULE REGARDING THE MANAGERIAL INTERNAL CONTROL SYSTEM / 57
CHAPTER 4 IMPLEMENTATION OF INTERNAL MANAGEMENT CONTROL STANDARDS / 59
4.1. THE CONTROL MODEL IN THE ROMANIAN PUBLIC SECTOR / 59
4.2. WHAT IS INTERNAL MANAGEMENT CONTROL? / 60
4.3. ARCHITECTURE OF THE CODE OF INTERNAL MANAGERIAL CONTROL OF PUBLIC ENTITIES / 62
4.4. STAGES OF IMPLEMENTING THE MANAGERIAL INTERNAL CONTROL STANDARDS / 64
4.5. IMPLEMENTATION OF THE PUBLIC SECTOR INTERNAL MANAGEMENT CONTROL SYSTEM IN CASE OF THE EXISTENCE OF OTHER MANAGEMENT SYSTEMS / 69
4.6. POSSIBLE ERRORS IN THE IMPLEMENTATION AND DEVELOPMENT OF INTERNAL MANAGEMENT CONTROL / 72
4.7. CONTROL ENVIRONMENT / 74
4.7.1. Implementation of Standard 1 - Ethics and integrity / 74
4.7.2. Implementation of Standard 2 - Attributions, functions, tasks / 93
4.7.3. Implementation of Standard 3 - Competence, performance / 111
4.7.4. Implementation of Standard 4 - Organizational structure / 120
4.8. PERFORMANCE AND RISK MANAGEMENT / 129
4.8.1. Implementation of Standard 5 - Objectives / 129
4.8.2. Implementation of Standard 6 - Planning / 148
4.8.3. Implementation of Standard 7 - Performance Monitoring / 158
4.8.4. Implementation of Standard 8 - Risk Management / 175
4.9. CONTROL ACTIVITIES / 204
4.9.1. Implementation of Standard 9 - Procedures / 204
4.9.2. Implementation of Standard 10 - Surveillance / 226
4.9.3. Implementation of Standard 11 - Continuity of activity / 236
4.10. INFORMATION AND COMMUNICATION / 247
4.10.1. Implementation of Standard 12 - Information and communication / 247
4.10.2. Implementation of Standard 13 - Document Management / 256
4.10.3. Implementation of Standard 14 - Accounting and financial reporting / 261
4.11. EVALUATION AND AUDIT / 265
4.11.1. Implementation of Standard 15 - Evaluation of the internal managerial control system / 265
4.11.2. Implementation of Standard 16 - Internal Audit / 283
CHAPTER 5 CONCLUSIONS / 301
SELECTIVE BIBLIOGRAPHY AND SOURCES / 311
This book is published in a period when the COVID-19 outbreak is having an unprecedented effect across most countries of the world and all EU Member States on the health of their citizens and resilience of their economies. We do not know yet to what extent the world will be different once this crisis is over. However, we know already that the COVID-19 pandemic has certainly brought challenges to our societies and called into question how they are organised. It has also raised, and will continue to raise, important questions on the public service, its resilience and response in times of crisis, and the relationship between citizens and public administrations.
Were our societies and the actors of the public, semi-public and private sectors (governments, regional and local administrations, health authorities, hospitals, research centres, laboratories and companies) sufficiently prepared? Have they done enough before and during the crisis to anticipate and limit its impact and consequences?
These are just a few key questions for which there are no definitive answers yet and which will certainly trigger many different interpretations through books, articles, in-depth analyses, talk-shows, seminars or conferences over the years to come.
While many issues related to the coronavirus crisis are still to be assessed, it is already clear now that this crisis reinforces the responsibility and the accountability of the public sector. The challenging socio-economic situation that unfortunately lies ahead will trigger additional scrutiny and pressure from citizens and the public opinion on the managers of international, national, regional and local authorities.
But what exactly is the relationship between the crisis provoked by the COVID-19 pandemic and a book on internal control management in the public sector?
In my opinion, it is in times of deep crisis in particular that one desperately needs the resilience and soundness of systems. Many political leaders and governments have stated that the depth and breadth of the coronavirus shock on the public health and socio-economic situation requires organisations that are able to provide a response unprecedented in scale and speed. It is in times of crisis that the quality, efficiency and effectiveness of public authorities need to be proven.
This is exactly the point of the current handbook: it highlights the necessary ingredients for successful internal control management in the public sector. All the requirements and conditions that make the internal control system for public management efficient and effective are presented in a clear and informative way and with plenty of practical examples. The underlying analysis is structured around four key areas: why do we need to implement internal control management, how do we organise it, how do we plan the related activities and how do we implement in practice the internal control management standards?
But at the same time one could ask the question, is it still relevant to have a long list of requirements and conditions on internal control management, when flexibility and rapidity of the implementation of public action are now a top priority, and even more so in a crisis situation?
I would refer here to one of the fundamental legal texts at European level, the Financial Regulation applicable to the EU budget, which in its Article 36 lists the key objectives of internal control for budget implementation: (a) effectiveness, efficiency and economy of operations; (b) reliability of reporting; (c) safeguarding of assets and information; (d) prevention, detection, correction and follow-up of fraud and irregularities; and (e) adequate management of the risks relating to the legality and regularity of the underlying transactions, taking into account the multiannual character of programmes as well as the nature of the payments concerned. The internal control framework of the European Commission is designed to be able to respond to these key objectives. Without prejudice to national specificities, they are applicable to all forms of public management and budget spending, and, as such, they are not subject to crisis considerations. In line with the legal requirements, citizens and stakeholders will continue to expect managers in the public sector to be held accountable based on these principles.
I therefore very much welcome the approach of this handbook and its conclusions on recommended areas for improvement. The research and guidance on internal control at international level has progressively evolved over the last decade from a compliance-led to a principle-based approach. Indeed, this was the objective of the latest revision of the highest international standards on internal control set by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) in 2013. The aim of a move to a principle-based approach is to maintain a robust internal control framework, while providing the necessary flexibility that enables management to adapt it to the specific characteristics and circumstances of a particular organisation. The European Commission took this path in 2017 when it revised its own internal control framework. After the first two years of implementation, it has proven to be a positive development in terms of a fresh assessment of the actual implementation of internal control, and in reporting to stakeholders.
I recommend this handbook as an excellent tool for all managers and practitioners of internal control in the public sector. It provides many practical examples and a useful perspective on all the key assurance building blocks (control environment, risk assessment, control activities, information and communication, and monitoring activities), towards a result-oriented implementation of the internal control framework.
I would like to congratulate the two distinguished authors, Jean-Pierre Garitte and Marius Tomoială, for their practical approach and insightful perspective, based on years of experience as internal control and audit practitioners.
Dr Manfred Kraff
Director-General of the Internal Audit Service of the European Commission
Customer Support Monday - Friday, between 8.00 - 16.000745 200 718 0745 200 357 firstname.lastname@example.org
write a review
The review was sent successfully.