Transcript Titre du slide show

European Union
Republika Slovenija
Homologues Group Meeting
Slovenia, October 2009
IT audits
Workshop 2 – Report
Ljubljana, 12-13 October 2009
Mr. Gilles RECKERT
Inspection générale des Finances, Ministère
des Finances, Luxembourg
1
European Union
Republika Slovenija
Homologues Group Meeting
Slovenia, October 2009
Mr. Billi’s presentation
• Council Regulation 1083/2006 obliges to
have computerised accounting records
• Commission’s Guidance Note on
certification provides suggestions on the
main elements of an IT-system
• Commission’s implementing rules
1828/2006 obliges to maintain reliable ITsystems
2
European Union
Republika Slovenija
Homologues Group Meeting
Slovenia, October 2009
The processing picture: underlying risks
• Unreliable / inaccurate accounting and monitoring
data
• Irregularities or fraud left undetected
• A risk free system is an IT-system unplugged (no
electricity)
• A well-functioning IT-system adds great value to the
programme
and can mitigate a great deal of risks
Unreliable IT system / data
 Less money for projects
3
European Union
Republika Slovenija
Homologues Group Meeting
Slovenia, October 2009
Conclusion
• IT system is mandatory for this
programming period
• It is mandatory to provide assurance on the
reliability of the data and the functioning of
the system
• The therefore developped system has to be
tested, i.e. IT-audited for reliabililty by
professionals in compliance with
international standars
4
European Union
Republika Slovenija
Homologues Group Meeting
Slovenia, October 2009
Ms Garsoux’ presentation
• The MIS has to be well audited to assure it is:
–
–
–
–
–
Reliable
Continuous
Secure
Efficient/effective
Compliant
• Presentation of the ISACA (Information
Systems Audit and Control Association)
5
European Union
Republika Slovenija
Homologues Group Meeting
Slovenia, October 2009
Ms Garsoux’ presentation
• Definition of an IT-auditor competencies
• Use of the Cobit standard for key controls
• The steps of an IT-audit (plan, execute the
audit, write a report)
• Contents of an IT-audit (environment, input,
process, output)
• Example of an IT audit Framework
• Reporting
6
European Union
Republika Slovenija
Homologues Group Meeting
Slovenia, October 2009
Conclusion & Reference
• IT audit is a mature and regulated profession with
available tools and techniques from ISACA.
• WWW.ISACA.ORG for Cobit and the Assurance Guide
and IT assurance framework -> free downloadable
Email : [email protected]
Tel: + 32 472739836
7
European Union
Republika Slovenija
Homologues Group Meeting
Slovenia, October 2009
The Ministry of Economy and Finance’s
(MEF IGRUE) role is to coordinate
EUROPEAN
COMMISSION
 DG REGIO
NATIONAL
ADMINISTRATIONS
MEF
IGRUE
IGRUE
 DG EMPL
 DG AGRI
 DG MARE
 MINISTRIES
 REGIONS
FINANCIAL
MANAGMENT
 AUTONOMOUS
PROVINCES
 OTHER BODIES
Ljubljana, 12-13 October 2009
8
European Union
Republika Slovenija
Homologues Group Meeting
Slovenia, October 2009
Mr Di Nuzzo’s presetation
• description of the IGRUE’s role only
coordination
• experiences of the old period (2000-2006)
• new requirements (digitalisation, availability of
audit-data, deadlines)
• description of IGRUE’s tasks in the financial
management of EU-funds
Ljubljana, 12-13 October 2009
9
European Union
Homologues Group Meeting
Slovenia, October 2009
Republika Slovenija
Financial Management – General view
IGRUE IT System Area
Local IT System Area
Managing
Authority
Central
Coordinating
Administrations
Certifying
Authority
SFC 2007
System Area
European
Commission
MEF-IGRUE
Payment
Body
Beneficiaries
Treasury
Payment
request process
EU Accrediting
Payment orders
Ljubljana, 12-13 October 2009
Fund Transfer
10
European Union
Republika Slovenija
Homologues Group Meeting
Slovenia, October 2009
Mr Di Nuzzo’s presentation
• records of irregularities
• controls exercised by the MA, CA, and AA
and the IGRUE’s role therein
• the monitoring process
• key features of the IT-system and the
respective data flows
Ljubljana, 12-13 October 2009
11
European Union
Republika Slovenija
Homologues Group Meeting
Slovenia, October 2009
Controls - general view
Local IT System Area
Managing
Authority
IGRUE IT System Area
SFC 2007 System Area
Audit
Authority
European
Commission
MEF-IGRUE
Certifying
Authority
Irregularities
Evaluation Body
Cabinet
Presidency
Other controlling bodies
(Court of Auditors,
Financial Police, etc.)
Recoveries
Irregularities
Annual Audit Report
O.L.A.F.
Annual summary
12
European Union
Republika Slovenija
Homologues Group Meeting
Slovenia, October 2009
Monitoring - general view
SFC 2007 System
Area
European
Commission
IGRUE IT
System
Area
MEF-IGRUE
IT System
Institutional
Users
Programming data
Projects progress data
Local IT System
Area
Managing
Authority
Beneficiaries
Implementing
bodies
Operations programming /implementing data
System report
Ljubljana, 12-13 October 2009
13
European Union
Republika Slovenija
Homologues Group Meeting
Slovenia, October 2009
Di Nuzzo’s Conclusions
The exploitation of the IT System allows:
• coping easily with deadlines set by
common legislation
• the minimisation of potential errors
connected with manual activities and
paper flows
• the immediate availability of information
and either internal and external reports
(EU, Court of Auditors, ISTAT, Italian
Central Bank, etc.)
Ljubljana, 12-13 October 2009
14