1

2011 IAS Conference – Brussels

Practical Experiences of

International Organizations

with Audit Committees

Thierry Rajaobelina

Acting Director, Office of Internal Oversight

Organization for Security and Co-operation in Europe

3

I will cover….

Introduction to the OSCE Challenges in the internal audit function in International

Organizations (IOs) Position statement by IOs on Audit Committees (ACs) Practices to follow and to avoid Benchmarking data

4

South Eastern Europe

Eastern Europe

Central AsiaCaucasus

17 Field Operations in four regions 3 Institutions & Secretariat

56 participating States & 12 Partners for Co-operation

5

The OSCE: A forum for dialogue

6

Audit Committees: A new process for International Organizations (IOs)

A professional and independent internal audit (IA) function evolved starting in the mid-nineties

IIA standards were adopted However subsidiary committees (finance,

administration, budget…) of ultimate Governing Body were perceived as fulfilling the Audit Committee role

First Audit Committees appeared a decade ago UN system: 2002

7

Challenges faced by the Audit Function in IOs (1)

Significant progress achieved in enhancing the audit function in the past 10 years in response to public pressure for better scrutiny, transparency and accountability

Internal Auditing Many organizations need to improve independence, capabilities,

resources and processes Political context

Other issues: Follow-up/ implementation of recommendations Communicating audit results

8

Challenges faced by the Audit Function in IOs (2)

External Auditing Usually a Supreme Audit Institution of a member/participating State Selection/rotation process not clearly regulated in some IOs Quality assessment review of external auditors lacking

Other issues: Potential overlap with IA function/audit engagement Potential conflict of interest Single audit principle/request for third party verifications

9

ACs in IOs are evolving into Oversight Committees

Many IA offices are now part of a larger Oversight department/service combining audit, evaluation and investigation functionsOversight Committee membership has to reflect such

expertise

However, some IOs have yet to establish an AC have an AC exclusively composed of internal

membership i.e. staff members

10

OSCE Reporting Relationships

Secretary Secretary General (CAO)General (CAO)

Audit Audit CommitteeCommittee

Internal Internal OversightOversight

External External AuditorsAuditors

Permanent Permanent Council Council

(Governing Body)(Governing Body)

11

How does your Audit Committee behave?

12

Challenges to effective ACs in IOs (1)

Political context, e.g. appointments Composition (internal / external, expertise,

remuneration...) Terms of reference/mandate/responsibilities

including selection of CAE/external auditor

Professional assessment of AC performance AC Reporting lines and independence

13

Challenges to effective ACs in IOs (2)

Number of members Mix of expertise Interaction of members (within AC and with

Organization) Level of activity from too detached to interfering Understanding of role Understanding of business

14

Sleeping

15

The Big Four Banner

4

16

The Diplomat

17

Some good practices observed

Respect for existing oversight functions and assurance providers

Decline issues referred to it (unless within mandate) Choose one or two issues and make a difference Review Terms of Reference and modus operandi Selection/reappointment of CAE and External Auditor Combined certification/experience in

audit/accounting/oversight Independent AC secretariat (reporting to AC)

18

Some practices to avoid

Terms of reference confusion e.g. almost exclusive focus on IA function; interference in operations

Poor induction resulting in briefings overload Lack of follow-up on previous annual reports and

recommendations Unclear roadmap resulting in poor scheduling of

meetings No standardized format for meeting records resulting in

unclear outputs, action items or recommendations Too many or too few field visits (cost!)

19

Communicating with Governing Bodies through Audit Committees

“ Few components of oversight are as critical to effective and successful audit committee oversight of internal auditing as its two-way communication with the internal audit activity.” (IIA paper on audit committees)

20

Good communication from the AC point of view

The AC should Agree on the IA charter with the Chief Audit Executive Periodically ensure that the IA activity has the appropriate financial

and human resources Review the scope and determine the appropriateness of the audit

plan Be informed of risks that could hinder the achievement of the

objectives Be informed of any fraud risks Be assured of the reliability of the operational information Be assured of appropriate disclosure mechanisms

21

IOs issued a Position Statement

RIAS (Representatives of Internal Audit Services of the UN and Multilateral Institutions) formed in 1969 by a handful of UN IA offices to discuss issues of

common interests – annual meetings and working groups Over four decades participation has extended to the International

Financial Institutions (IFIs) and other international organizations AC related issues have been a long standing agenda item In 2008 RIAS promulgated a Position Statement providing a

description of generally accepted AC principles and some identified good practices

22

RIAS Position Statement

RIAS consulted The IIA in preparing the Position Statement

Recommends the establishment of effective and independent audit committees for United Nations entities and other similar multilateral institutions

with written charters approved by their governing bodies; and

composed of independent, objective, experienced and competent members

23

RIAS Position Statement: Principles

PurposeAuthority Composition

24

RIAS Position Statement: Responsibilities

Risks and ControlFinancial statementsInternal auditExternal audit Values and Ethics

25

RIAS Position Statement: Operation

Status Annual plan Meetings Resources Conditions of service

26

IIA GAIN Benchmarking Report on ACs

422 organizations participated in the GAIN Survey 2010 (= ‘universe’), 50 per cent with international activities

Heterogeneous group of organizations; e.g. size, expenses, assets, industries

Close to 100% of organizations have an AC in place

27

IIA GAIN Benchmarking Report (continued)

Average number of AC members: five On average the AC meets five times a year Ninety percent of ACs are chaired either by

someone from outside the organization or independent of the organization

28

IIA GAIN Benchmarking Report (continued)

“HoIA” – Fourteen Heads of Internal Audit in International Organizations in Europe

Four out of five organizations have an AC in place Average number of AC members: nine On average the AC meets three times a year Two out of three ACs are chaired by an external

member

ACs have generally a less strong role than at the “universe” level

29

IIA GAIN Benchmarking Report (continued)

30

IIA GAIN Benchmarking Report (continued)- Composition

31

IIA GAIN Benchmarking Report (continued)-– Private sessions

32

IIA GAIN Benchmarking Report (continued)- Meetings

33

IIA GAIN Benchmarking Report (continued)- Responsibilities

34

IIA GAIN Benchmarking Report (continue) - Professional developmentprovided by Internal Audit

35

The Future

Evolution of Audit Committees in IOs

From heavy-handedness to a balanced role

Potential of sub-committees for larger Audit Committees

Better networking of IO Audit Committees

De-politicizing the appointment of members

36

Thank you for your attention!