GUIDANCE AND SELF-ASSESSMENT QUESTIONNAIRE ... - rks … · GUIDANCE AND SELF-ASSESSMENT...
-
Upload
duongthuan -
Category
Documents
-
view
229 -
download
0
Transcript of GUIDANCE AND SELF-ASSESSMENT QUESTIONNAIRE ... - rks … · GUIDANCE AND SELF-ASSESSMENT...
GUIDANCE AND SELF-ASSESSMENT QUESTIONNAIRE FOR THE FINANCIAL MANAGEMENT AND CONTROL SYSTEM
Ministria e Financave – Departamenti Qendror Harmonizues
Ministarstvo za Finansije – Centralni Departament za Harmonizaciju 1 Ministry of Finance – Central Harmonization Department
SELF ASSESSMENT QUESTIONNAIRE FOR
FINANCIAL MANAGEMENT AND CONTROL COMPONENTS
GUIDANCE
The self-assessment questionnaire has been conceived to be used by budget organisations for
the self-assessment of the organisation internal control system (including the central level
and subordinate structures). Questionnaire is comprised of five sections corresponding to five
components of Financial Management and Control (FMC) according to COSO and INTOSAI
international standards:
1. Control Environment;
2. Risk Management;
3. Control Activities;
4. Information and Communication;
5. Monitoring.
Within the document, requests have been structured according to FMC principles.
How to fill in the questionnaire?
Each section contains a certain number of requests relating to each and every of these
components.
Along every request, Chief Administrative Officer will initially provide the
comment/feedback accompanied with respective references of corroborating / supporting
evidences (e.g. number, date of approval and naming of the document).
Afterwards, CAO will provide his/her opinion on the level of filling in of the request through
self-assessment in a special column of the questionnaire. The self-assessment is carried out
according to the following procedure:
Every request is assessed from 1 to 3 points
3- The assessment with 3 points shows that this FMC aspect has been understood and it
functions very well throughout all BO structures. CAO, in his/her opinion, will assess with
maximum points those requests which are not applied in the organisation. This is carried out
by providing comments in the respective column (e.g.: if there are no Information
Technology integrated systems in the organisation and if they are not assessed to be
integrated in the future, since the needs are met with the existing systems, then requests
related to them are assessed with N/A (not applied) and the assessment is scored with 3
points).
2- The assessment with 2 points shows that this FMC aspect has been understood
partially/functions only in some integral chains of BO or the meeting of the request has been
planned and is under process.
1- The assessment with 1 point shows that this FMC aspect is still not applied and/or is not
understood by integral parts of BO.
GUIDANCE AND SELF-ASSESSMENT QUESTIONNAIRE FOR THE FINANCIAL MANAGEMENT AND CONTROL SYSTEM
Ministria e Financave – Departamenti Qendror Harmonizues
Ministarstvo za Finansije – Centralni Departament za Harmonizaciju 2 Ministry of Finance – Central Harmonization Department
The total of points from five components of Financial Management and Control should be
presented along with the naming of each component.
The total of points for the entire questionnaire will be calculated and should be written down
at the end.
At the end of the questionnaire, CAO may present relevant measures he/she has decided to
undertake in the future to improve the internal control system in the organisation he/she runs.
How to interpret the results?
If some of the questions have been assessed with 1 point, the issue in question requires an
immediate intervention for improvement.
If some of the questions have been assessed with 2 points, CAO should take into
consideration the possibility to conduct system improvements on the issue in question.
If some of the questions have been assessed with 3 points, this area requires no further
intervention.
We would kindly ask you to fill in the questionnaire with sincerity, answering the questions
and also taking into account the findings of the Internal Auditor and Auditor General.
Legal framework for Financial Management and Control has recently entered into force. This
means that some of the FMC aspects are a novelty for BOs in Kosovo and a high score self-
assessment which means that no system improvement is needed, would be something
unrealistic. One has to take into account that the questionnaire will help in the identification
of those FMC aspects of BOs in which measures should be taken for the system
improvement, where further understanding is needed on the importance and system
efficiency as well as on the directions for the personnel capacity building.
The BO Chief Administrative Officer is recommended to distribute this questionnaire to
managers of different BO departments/structures under his/her responsibility (the integral
parts of the central body as well as to the subordinate units) in order to fill it in and obtain
complete information. In doing so, CAO will make use of the results in order to form a
consolidated response related to BOs.
The questionnaire is completed upon the signature of Budget Organisation Chief
Administrative Officer after it has been filled in electronically in the website, the same
copy is printed out, signed and stamped by CAO and is sent in a hard copy to Division
for Financial Management and Control in the Ministry of Finance.
The questionnaire may also be found in the website of the Ministry of Finance.
GUIDANCE AND SELF-ASSESSMENT QUESTIONNAIRE FOR THE FINANCIAL MANAGEMENT AND CONTROL SYSTEM
Ministria e Financave – Departamenti Qendror Harmonizues
Ministarstvo za Finansije – Centralni Departament za Harmonizaciju 3 Ministry of Finance – Central Harmonization Department
QUESTIONNAIRE FOR SELF-ASSESSMENT OF THE FINANCIAL MANAGEMENT AND CONTROL SYSTEM
Budget Organisation
Budget value for the reporting year in Euro
Chief Administrative Officer
Number of units controlled by BO (subordinate units, offices, agencies,
public companies)
Address of website (where the organigram of BO is attached)
E-mail;
Telephone;
Reporting period: January – December 2014
No.
of
quest
ion
DESCRIPTION OF QUESTIONNAIRE REQUIREMENTS
ACCORDING TO FINANCIAL MANAGEMENT AND CONTROL
COMPONENTS
Select the
answer from
1 to 3
according to
the guidance
Provide the answer
and/or
your comments
Component I. CONTROL ENVIRONMENT Total points
for C1
Control environment is the organisation’s fundamental basis since it is linked to main rules of the internal functioning such as:
strategic objectives, internal regulations, organisational structures, human resource policies, etc. It comprises the foundations upon
which all other components of Financial Management and Control are established.
Principle 1 –Commitment for integrity and ethical values
Total points
for P1
1 Are there internal regulations/procedures in your organisation in compliance
with relevant laws, on defining the conflict of interest situations which are
specific to this BO?
(if CAO deems the existing legal framework sufficient, without it being
necessary to further specify rules for BO, he/she can assess this question with
3 points)
2 Is there a Code of Conduct in your organisation?
(If yes, please provide no. and date of the approval of the act, or the relevant
laws, if they are deemed to be sufficient)
3 Are there procedures in BO which do assess the compliance/harmonisation of
the employees with the Code of Ethics/ and Organisation regulations?
(For example, if it is determined that the newly hired officers are forced to be
familiar with codes/ regulations and/or human resource department should
electronically forward the Code of Ethics to officers, as a reminder he/she
should organise periodic meetings for this purpose, etc.). If yes, please
explain in the column “Comments” and specify the title and date of the
approval of this procedure.
4 Is there any procedure for reporting the violation of rules on the ethics and
thus undertaking measures as a result of this?
(If yes, please explain in the column “Comments” and specify the title and
date of the approval of this procedure).
GUIDANCE AND SELF-ASSESSMENT QUESTIONNAIRE FOR THE FINANCIAL MANAGEMENT AND CONTROL SYSTEM
Ministria e Financave – Departamenti Qendror Harmonizues
Ministarstvo za Finansije – Centralni Departament za Harmonizaciju 4 Ministry of Finance – Central Harmonization Department
5 Have you undertaken administrative actions/measures for the reported cases
of the violation of procedures of ethics, conflict of interest within the
organisation? If yes, please provide the type of measures undertaken.
6 Which employee in the BO is responsible for monitoring the compliance of
employees with the Code of Conduct and is he/she a direct subordinate to
CAO?
Principle 2 – Exercise of the oversight responsibility
Total points
for P2
7 How many of Publicly Owned Enterprises are under your control as a main
shareholder or controller?
(This question refers to the profitable organisations or those with self-
administration implementing the Law on Publicly Owned Enterprises)
If it is not applicable for a BO – give 3.
8 If there is Publicly Owned Enterprises: Do you receive regular reporting from
the Board of Companies on the performance of companies and on the
decisions taken by Oversight Body during the discharge of their activities?
Principle 3 –Setting strategic objectives and organisational structure
Total points
for P3
9 Have you drafted and approved the BO Mission Statement you are covering?
(If yes, please specify in the column “Comments” the date of its approval).
10 Have you prepared and approved the BO strategic plan?
If YES: for what reporting period? (over 3 years)
11 Which BO Departments are responsible for coordination and development of
the strategic plan?
12 Are managers of subordinate units involved in the discussion of the strategic
plan? What about third parties?
(for example: organisation of round tables with other budget organisations,
civil society, academicians)
13 Is the cost of strategy calculated?
14 Is the strategic plan sent to the system of Strategic Planning of the Office of
Prime minister?
15 Is BO defining in the strategic planning the performance indicators for
monitoring the achievement of objectives?
16 Do you have annual action plans approved for the achievement of the
strategic purposes, which contain concrete actions, deadlines and responsible
persons for every anticipated action?
17 Are performance reports prepared (in the achievement of objectives)?
18 Are BO managers/employees informed on the contents of the mission,
objectives and strategic statement?
(Specify in the column “Comments” what was the way and the date of
distribution of documents, e.g., electronically, via letter, through meetings,
etc.).
GUIDANCE AND SELF-ASSESSMENT QUESTIONNAIRE FOR THE FINANCIAL MANAGEMENT AND CONTROL SYSTEM
Ministria e Financave – Departamenti Qendror Harmonizues
Ministarstvo za Finansije – Centralni Departament za Harmonizaciju 5 Ministry of Finance – Central Harmonization Department
19 Is the structure of your organisation appropriate for the character of its
activity?
(This question deals with the fact that, if the structure of organisation is
appropriate to achieve its objectives/ if the structure covers all duties and
responsibilities given to BO by law/ if this structure is centralised, or
decentralised/ how does it facilitate the circulation of information).
20 Does the BO organisational (published) structure also include the subordinate
units/controlled units?
(The question deals with the fact that the published structure often contains
only the main part of the central body, thus excluding the subordinate units.
Therefore, the link between them and the reporting lines is not clearly seen).
21 Is the structure able to provide the necessary information for your decision
taking?
(For example; if you receive complete information including financial
information combined with information for the achievement of planned
purposes/product; or the information comes partial or uncoordinated from
different departments)
22 Does every department/directory/division/sector, or unit have clear defined
duties and responsibilities and in particular by other directories / department /
sectors.
(If yes, please specify which document describes these responsibilities).
23 Does the BO organisational structure provide clear reporting lines?
24 Are responsibilities of managers clearly defined? And have they understood
them clearly?
25 Do managers have the appropriate knowledge and experience to meet their
responsibilities?
26 Are managers of budget programmes directly subordinate to CAO?
Principle 4 – Commitment for competence
Total points for
P4
27 Have you approved job descriptions for each job position in BO, which
include individual work to be accomplished, requirements related to
necessary qualifications and reporting lines?
(This question is related to employees of all levels in BO and includes senior
managers).
28 Is there any analysis of knowledge and skills required to meet the work in the
recruitment process of personnel in new working positions or for job
promotion?
29 Is there a Board and /or Audit committee which is independent from
management and which can challenge or address questions to CAO?
(As a rule, there is a Board in municipal organisations, public companies and
in regulatory offices/authorities. There may be Audit Committees in all
budget organisations).
30 Do Board and Audit Committees members have the necessary knowledge and
experience?
31 Are there frequent meetings between the Board/ Audit Committee and
finance mangers, internal and external auditors?
(According to LIA, Boards/Audit Committees are obliged to convene at least
4 times a year)
32 Is accurate and timely information sent to the Board and Audit Committee to
allow the monitoring of managing objectives and the financial position in
BO?
GUIDANCE AND SELF-ASSESSMENT QUESTIONNAIRE FOR THE FINANCIAL MANAGEMENT AND CONTROL SYSTEM
Ministria e Financave – Departamenti Qendror Harmonizues
Ministarstvo za Finansije – Centralni Departament za Harmonizaciju 6 Ministry of Finance – Central Harmonization Department
33 Who is responsible for HR management?
(provide position (department, directory, division, sector, officer depending
on the size of organisation)
34 Are there periodic appraisals of employees carried out in your institution
relating to the duties they perform, as part of their responsibilities?
(Please use the column “Comments” to explain how often these appraisals
are carried out, and how the employees are informed on the appraisal
results).
35 Are requirements for skills and needs for personnel training identified by
BOs?
36 Does BO have a training plan including the Financial Management training?
(For example; in strategic planning areas, preparation of financial plans,
risk management, procurement and contracting, accounting systems, etc.).
37 How many employees have been trained in financial management during the
reporting period?
Principle 5 – Implementation of accountability (authority and responsibility
in the achievement of objectives)
Total points
for P5
38 Are there regular meetings of the Senior Management Team held to discuss
on issues relating to Financial Management and Control?
(Please specify the frequency of these meetings during the year in the column
“Comments”. The reference documents may be meeting minutes or records
which are sent electronically to members).
39 Does the Senior Management Team often visit its personnel in their working
positions? Are there regular meetings held?
40 Do managers of departments have the authority of he budget management of
their departments?
Please provide no. and date of budget document for each department.
(While providing the answer, one should take into account if managers also
have all the tools for monitoring the use of their budget. Do they have access
to their financial information or not)
41 Is this valid for all departments? If NOT: for which ones?
42 Are there written procedures, approved by Head of BO, which do handle the
delegation of duties and the way of its documentation?
(It is about delegation of the signature, not only for the segregation of duties,
is there is any standard authorisation format which will mention the person to
whom the competence is delegated, type of competence, time period, the
reporting mode).
43 How do delegated officers report to their supervisors for the performance?
44 How is the performance of employees appraised?
(achievement of short and long- term objectives; standards of conduct)
45 Does the BO provide for
- Stimulation or rewards for extraordinary employee performance? (it is not
only about material rewards but also about moral rewards)
- Disciplinary sanctions and corrective measures in case of poor
performance of an employee?
46 How many certification officers are there in BO?
GUIDANCE AND SELF-ASSESSMENT QUESTIONNAIRE FOR THE FINANCIAL MANAGEMENT AND CONTROL SYSTEM
Ministria e Financave – Departamenti Qendror Harmonizues
Ministarstvo za Finansije – Centralni Departament za Harmonizaciju 7 Ministry of Finance – Central Harmonization Department
47 Which is their institutional position (department, organisational unit) and who
do they report to?
Component 2 – RISK MANAGEMENT Total points
for C2
Risk management includes identification, assessment, risk analysis which may be important to the achievement of organisational
objectives and defining an appropriate response to these risks.
Principle 6 –Specification of objectives as the basis for identification and
risk assessment relating to these objectives
Total points
for P6
48 Does the BO, as an entirety, set mid-term objectives during the preparation
of Mid-term Expenditure Framework (MTEF)?
49 Are these objectives published?
(The management is obliged to publish the objectives within MTEF in the
BO website).
50 Does the BO set objectives at the level of:
Budget programmes?
Projects?
51 Does the BO approve annual plans at the level of department?
52 How does it communicate objectives to employees and to the Board of
Directors (if there is a Board)
53 Which procedure regulates the implementation and monitoring of the
execution of objectives within MTEF?
Principle 7– Risk identification and risk analyses for achievement of BO
objectives
Total points
for P7
54 Does BO conduct identification of potential risks impacting on the failure to
execute objectives for each project?
55 Has the BO appointed a risk coordinator to whom the competencies are
delegated?
(CAO may delegate some of the rights to a managing programme/project
officer).
56 Is there a system for risk identification from external sources? (For example:
with reference to external supplies, technology, economic and political
conditions, legal requirements, natural events, etc.).
57 Is there a system for risk identification from internal sources? (For example:
with reference to human resources, finances, Information Technology
systems, etc.).
58 Do you record risks in writing and in which document:
a) Strategic documents/ development plans of programmes / annual
action plans (defining responsibilities to employees on risk
management)?
b) Risk registers drafted according to FMC requirements?
59 If there is a risk register, how frequently is it updated?
(normally updating has to take place not less than once a year)
GUIDANCE AND SELF-ASSESSMENT QUESTIONNAIRE FOR THE FINANCIAL MANAGEMENT AND CONTROL SYSTEM
Ministria e Financave – Departamenti Qendror Harmonizues
Ministarstvo za Finansije – Centralni Departament za Harmonizaciju 8 Ministry of Finance – Central Harmonization Department
60 If there is a risk register, is every proposed response towards the identified
risk documented?
(Best practices suggest that there should be a certain response identified
towards a risk, which may be: tolerance (thus, we do nothing), treatment
(which means controls are introduced to limit the risk), transfer (to a third
party), or termination (ceasing the activity).
61 If there is a risk register, does every risk have its “owner”, therefore, a
person who has taken over the risk management in question (risk manager)?
(risk register has to clearly indicate “the owner” of each risk and /or each
control)
Principle 8 – Fraud risk assessment
Total points
for P8
62 Do you have a reporting system for monitoring the most important risks?
63 Do you have a reporting system for reporting irregularities noticed in the
organisation? (as a rule: every BO employee should report the violation of
rules in force or cases of fraudulent reporting, fictitious notes, loss of assets,
corruption to the Head of Organisation, or to the officer/structure appointed
by him/her)?
Component 3 – CONTROL ACTIVITIES Total points
for C 3
Control activities are policies and procedures established to address risks and to achieve objectives of institution. They include a
range of controlling activities with preventive and detecting character.
Principle 10 – Selection and development of control activities for risk
mitigation
Total points
for P10
64 Are there detailed internal rules/instructions describing main operational and
financial work processes, including circulation of documentation and
information, chains of decision taking and internal controls that an officer
has to exercise in every process? Please provide in detail the no. and date of
approval of the following documents:
65 a) The preparation process and execution of the strategic planning
66 b) The preparation process and execution of financial annual budget
plan?
67 c) Keeping and recording of accounting transactions (which employee
is responsible for what)
68 d) Procurement and contracting process?
69 e) The process of management of current and non-current assets
70 f) Management of own source revenues (assigning employees with
duties)
71 g) Safeguarding, using and archiving documentation?
72 Are the above mentioned instructions reviewed regularly every time the
working processes change?
GUIDANCE AND SELF-ASSESSMENT QUESTIONNAIRE FOR THE FINANCIAL MANAGEMENT AND CONTROL SYSTEM
Ministria e Financave – Departamenti Qendror Harmonizues
Ministarstvo za Finansije – Centralni Departament za Harmonizaciju 9 Ministry of Finance – Central Harmonization Department
73 Is there a procurement plan approved along with the availability of budget
funds approved? Is it updated during the year in accordance with the changes
of the BO funds available?
74 Are asset registers completed based on legal and sublegal requirements?
75 Are all changes of assets constantly recorded during the fiscal year and also
at the time of their completion?
76 Which procedures are there in a BO to prevent an employee not to be
responsible for more than one of the following tasks: authorisation,
processing, recording, reviewing of transactions?
77 Do you monitor the compliance of employees with the segregation of duties?
78 Are documented actions undertaken for the improvement of the budgeting
process? (When are there considerable deviations from the initial budget
with the final budget; failing to execute planned expenditures; big number of
reallocations during the year)
79 Is there an ex-post control executed in a BO?
(If yes, mention some of them and what document describes them)
80 Are these controls regular or ad hoc, instructed by the Head of
Organisations as needed?
(it is about control teams with a minimum of 3 officers)
81 Do you undertake subsequent actions following the findings which resulted
from such ad hoc missions?
Principle 11 – Selection and development of IT controls
Total points
for P11
82 Are there other main IT systems used by a BO (besides the access of a BO to
KMFIS)?
If NOT and if there is no need for such systems, assess it with 3 points
83 How is the segregation of duties implemented in the functioning of IT
systems in BO, in order to prevent that a single employee controls all the
stages of IT functioning (e.g. software installation, programing, testing)?
84 Has BO approved policies, instructions or security IT procedures?
85 What access controls are there in place to prevent:
a) Unauthorised modifications in the existing software
86 b) Unauthorised modifications, loss and disclosure of data
87 c) External threats (such as viruses)
88 d) Unauthorised physical access (in equipment and installations)
89 Is there a recovery facility in case of disasters (equipment, backup of data)
and procedures to make sure that important (critical) operations do function
uninterruptedly and that critical data are protected, when unexpected events
take place?
90 Are there procedures set in BO for maintenance of IT controls?
Component 4 – INFORMATION AND COMMUNICATION Total Points
for C 4
Information and communication are essential for the implementation of all internal control objectives
Principle 13 – Use of information to support internal control functioning
Total points
for P 13
GUIDANCE AND SELF-ASSESSMENT QUESTIONNAIRE FOR THE FINANCIAL MANAGEMENT AND CONTROL SYSTEM
Ministria e Financave – Departamenti Qendror Harmonizues
Ministarstvo za Finansije – Centralni Departament za Harmonizaciju 10 Ministry of Finance – Central Harmonization Department
91 Does the (manual and/or electronic) reporting system in your organisation
provide information for monitoring the progress of the entire achievement of
organisation objectives and of its special units?
92 Does the reporting system support drafting of the following reports and how
quickly does the BO prepare them?
Budget execution reports
93 Cash flow forecast reports
94 Commitment reports
95 Financial liability reports (recognised but outstanding expenditures)
96 Do you have integrated IT systems for different work processes?
97 Does the BO operate its own accounting system (besides KFMIS)?
98 If yes, does this accounting system provide for monitoring of expenditures
and revenues according to programmes and projects?
If this system does not provide for this, have you planned improvements to
the accounting system?
Principle 15 – Communication related to issues impacting on the internal
control functioning
Total points
for P 15
99 What kind of processes are there in BO to communicate the information to
all employees (from high to low level; from low to high level; between the
same levels)?
100 Do all employees have access to official e-mail accounts?
101 Is there a mechanism for obtaining information from outside on the changes
on relevant legislation and economic conditions, or for the exchange of
information with other public sector organisations, with citizens, non-profit
organisations, media and with private sector representatives?
Component 5 – MONITORING ACTIVITIES Total points
for C 5
Internal control systems should be monitored in order to assess the quality of the performance system during time periods.
Monitoring is carried out through a constant monitoring, through separate assessments, or by combining them both. Internal control
monitoring activities should be clearly differentiated from verification and monitoring of institution operations.
Principle 16 – Special assessment on constant basis
Total points
for P16
102 Is the progress related to the achievement of objectives regularly monitored
and are causes for potential failure in this aspect analysed?
(Please use the column “Comments” to describe how is the progress related
to the achievement of objectives monitored – by whom, for whom, how
frequent, etc.).
103 Does an organisation regularly carry out a self-assessment of systems of
Financial Management and Controls? (this question refers to the
organisation as a whole)
104 Are there internal rules approved for monitoring the systems of Financial
Management and Controls, which specify the periodicity of verification of
these systems as well as the procedures for undertaking the repair measures?
(Please use the column “Comments” to describe how the managers are
made aware of their responsibilities in the risk management. This may occur
through trainings, through a manual or through dissemination of relevant
information, etc.).
GUIDANCE AND SELF-ASSESSMENT QUESTIONNAIRE FOR THE FINANCIAL MANAGEMENT AND CONTROL SYSTEM
Ministria e Financave – Departamenti Qendror Harmonizues
Ministarstvo za Finansije – Centralni Departament za Harmonizaciju 11 Ministry of Finance – Central Harmonization Department
105 Are verification lists, questionnaires or other tools included in the
methodology used?
106 How many recommendations for the internal control systems have been
included in the internal auditing reports in the reporting period?
107 How many of them have been implemented to date?
108 Is the implementation of recommendations directly supervised by you?
109 How many recommendations for internal control systems have been included
in the OAG last report?
110 How is the implementation of recommendations monitored by Audit
Committee?
Is a report required from CAO?
TOTAL QUESTIONNAIRE POINTS
Provide main measures you have planned for the improvement of IC system in the BO.
Please provide your comments and your suggestions for the improvement of the internal control
regulatory acts.
(Signature of Chief Administrative Officer of
the BO and the stamp)