Internal Audit in the Ministry of Finance
Welcome to the website of the Internal Audit Division of the Ministry of Finance
After the EU accession of the Republic of Bulgaria the safeguarding of the public finance interests became an even more responsible task. Its execution by the Ministry of Finance is determined by observing the principles of conformity with the law, good financial management and transparency.
That is why all of us, the employees of the Ministry of Finance, have to be an example for their implementation. Our obligation is the careful preservation and safeguarding of the assets of the Ministry of Finance - its financial resources, equipment, premises and information, as well as observing the current law, internal policies and procedures. Correctness and integrity should be the basis for our institutional behaviour.
In that connection, the purpose of internal audit is to support the Ministry of Finance by identifying and assessing the risks and the adequacy of the financial management and control systems with regard to:
1. the identification, assessment and management of the risks from the management side;
2. the compliance with laws, internal acts and contracts;
3. the reliability and comprehensiveness of financial and operational information;
4. the effectiveness, efficiency and economy of operations;
5. safeguarding of assets and information;
6. the performance of the tasks and the attainment of the objectives.
With the attainment of that goal the internal audit contributes to improving the work of the Ministry of Finance and provides assistance in achieving its present and future goals.
Selection of audit assignments
The main functions of the division are to implement the internal audit function of all structures, programmes, activities and processes in the Ministry, including the EU-funded ones, as well as of the administrative structures whose heads are lower-level spending units to the Minister of Finance, the commercial corporations with more than 50 percent state participation in the capital where the state's property rights are exercised by the Minister of Finance, the commercial corporations whose capital is owned by the above commercial corporations and the state-owned enterprises pursuant to Article 62, paragraph 3 of the Commerce Law where the state's property rights are exercised by the Minister of Finance, which do not have a separate internal audit unit.
The assessment of the risk and the results of previous audits play an important role in the selection of the units to be audited. Each structural unit defined as bearing high risk is included in the annual plan for the relevant year. The Internal Audit Division conducts approximately 20-30 audits annually.
Mutual expectations of an audit assignment
Although ad-hoc audit assignments are initiated where appropriate, typically a representative of the Internal Audit Division schedules a meeting with the management of the structure which will be audited to discuss the planned objectives, duration and scope of the audit. At this initial meeting, the management of the audited structure is given the opportunity to ask questions about the audit, to identify any issues or areas to be specifically addressed during the audit, and to give proposals how the audit process can be facilitated. The audit assignment, which continues between 20 and 50 business days on average, is an opportunity to obtain an independent assessment of the effectiveness and efficiency of the audited unit. The typical audit has several stages, including preliminary research; data collection (usually through interviews and questionnaires), analysis and review; wrap-up meeting; drafting and reporting of the results from the audit assignment. The weaknesses and discrepancies identified during the audit will be noted in the audit report, and a follow-up check will subsequently be performed to determine whether corrective action has been taken.
Reporting of the audit results
At the final stage of the audit the management of the audited unit is provided with a draft audit report which contains the results of the conducted audit assignment. Additional clarifications and information or notes on the findings, conclusions and recommendations may be given within 5 business days from the receipt of the preliminary report. The final report is prepared within 10 business days from the wrap-up meeting and the submission of the preliminary report and is addressed to the head of the audited structure. A summary of the final report is delivered to the Minister of Finance and the relevant line Deputy Minister.
Within a reasonable period of time the Director of the Control Methodology and Internal Audit Directorate plans a follow up on the fulfilment of the given recommendations and improvement of the internal control in the relevant structures.
Nature and importance of internal control
Internal control is a process which involves all employees of the Ministry. It has to be designed in a way to provide reasonable assurance that the Ministry:
- manages its resources effectively;
- achieves its goals in an effective and efficient way;
- possesses a reliable financial and accounting system;
- abides by the applicable laws in the relevant areas.
Internal control is intended to:
- prevent or minimize the risk of errors and violations;
- identify any areas of concern;
- ensure that corrective action is taken.
Examples of internal controls
Examples of the most common internal controls can be:
Procedures for permission, approval and authorization
The Management must put in place appropriate rules and procedures for permission, authorization and approval, taking into account the following:
The permission procedures refer to the decision making by the authorized persons (heads or other authorized persons), which results in certain consequences for the organization. These procedures should be laid down according to the statute, the organizational structure and the management bodies of the relevant organization (single or collective bodies of management). The approval means endorsement (certification) of transactions, data or documents for closing or validating processes, activities, suggestions and/or certain consequences thereof. The permission and approval are only performed by authorized persons. The authorization means that the operations are only performed by persons who act in the framework of their powers. The process of authorization requires employees to act according to the orders and within the limits established by the head of the organisation or by the law.
Segregation of responsibilities
In order to ensure effective checks and balance, during operation performance the relevant responsibilities should be segregated in a way that does not allow one and the same employee to have more than one responsibility for approval (authorization), execution, accounting and control at the same time.
Double signature system
The double signature system gives assurance that an obligation is taken or a payment is ordered by authorized persons and the financial and budgetary discipline is observed.
Ex-ante control is a preventive control activity with which the relevant decisions/actions, before their making/performance, are compared with the requirements of the applicable law with a view to their observance.
Procedures for complete, correct, accurate and timely accounting of all operations
These procedures should be introduced by the management and should be elaborated in accordance with the Accountancy Law, the individual charter of accounts, respectively the Accounting Standards and the charter of accounts of budget enterprises, etc.; their aim is to reflect the information about the economic operation in the accounting document at a certain time, with a certain volume and mandatory requisites so as to allow making the right decision which result in financial consequences.
Procedures for monitoring and self-assessment
The management should introduce monitoring procedures as part of the routine operational control. The monitoring procedures are carried out on a daily basis by the direct heads with regard to the assignment of tasks and their implementation. The assignment of tasks by the supervisors does not lessen their own responsibility for the performance thereof. The supervisors should provide the employees with the relevant guidance and instructions so as to ensure understanding and prevent errors and abuses in the execution of their duties as well as to ensure the correct performance of the tasks.