Seoul, Korea – October, 2014

Brazilian Court of Accounts

Objective

Why PDIS should be evaluated

Brazil – economics indicators

Background

ISSAI 5450 – improvements and changes

Comparison: 2nd and 3rd version of ISSAI 5450

Next steps

To help the WGPD to develop a guidance on audit of Public Debt Information Systems (PDIS) that can be useful for all the INTOSAI community

What are we doing?

Auditing on general controls and application controls of Public Debt Information Systems

What is the object of

guidance?

ISSAI 300 - Principles of Performance Auditing Auditors should choose a result-, problem- or system-oriented approach, or a combination thereof, to facilitate the soundness of audit design.

- a system-oriented approach examines the proper functioning of management systems, e.g. financial management systems

ISSAI 5410 - Guidance for Planning and Conducting an Audit of Internal Controls of Public Debt Computer-based debt information systems have major implications for audits of sovereign debt operations. Auditors must have sufficient computer expertise to perform tests of the internal controls built into computer systems, which are commonly classified into general and application controls.

UNCTAD: Principles on promoting responsible sovereign lending and borrowing Debtors should make public disclosure of their financial and economic situation, providing among others the following information: (i) accurate and timely fiscal data; (ii) level and composition of external and domestic sovereign debt including maturity, currency, and forms of indexation and covenants; (iii) external accounts; (iv) the use of derivative instruments and their actual market value; (v) amortization schedules and, (vi) details of any kind of implicit and explicit sovereign guarantees. (11. Disclosure and publication)

IMF: Revised Guidelines for Public Debt Management Debt management activities should be audited annually by external auditors. Information technology (IT) systems and risk control procedures should also be subject to external audits. In addition, there should be regular internal audits of debt management activities, and of systems and control procedures. (Transparency and Accountability)

Relevant info for decision making

demands security, reliability, accuracy and readiness from

the information systems

31%

23% 18%

17%

7% 4%

Creditors Base - December/ 2013

Financial Institutions Investment fundsPension funds Non-residentsGovernment Insurers

39.3%

21.9% 24.8%

2.9

4.2

0

1

2

3

4

5

0%

5%

10%

15%

20%

25%

30%

35%

40%

2004 2005 2006 2007 2008 2009 2010 2011 2012 2013

Maturing in 12 months (%) Medium-term

3,3 3,4 3,6 3,7 3,8 4,0 4,3 4,2 4,6 4,7 4,7 4,8

2,7

1,1

5,7

3,2

4,0

6,1

5,2

-0,3

7,5

2,7

1,0

2,3

2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013

PIB - em valores de 2013 Taxas Reais de Crescimento - em %GDP REAL GROWTH (%)

http://www.tcu.gov.br/

0

10

20

30

40

50

60

70

80

90

100

0

500

1,000

1,500

2,000

2,500

3,000

dic./02 dic./03 dic./04 dic./05 dic./06 dic./07 dic./08 dic./09 dic./10 dic./11 dic./12 dic./13

% G

DP

R$

Bill

ion

DBGC em R$ Bilhões DBGC em % do PIBGROSS DEBT R$ billion GROSS DEBT – GDP (%)

Brazilian Court of Accounts headed the investigation theme “Evaluation on Information Systems Related to Public Debt Management” in July 2009 (Kyiv, Ukraine)

First version draft presented in the WGPD meeting in September, 2012 (Helsinki, Finland)

The draft was submitted to the WGPD members for comments

Comments from Lithuania, USA, Moldova

The exposure draft of the ISSAI 5450 “Guidance of Auditing on Public Debt Information System” has been approved by the Steering Committee of the Knowledge Sharing Committee (KSC)

WGDP Secretariat submitted to INTOSAI Professional Standards Committee (PSC) in June, 2013

PSC submitted the Exposure draft of the ISSAI 5450 to INTOSAI community for comments in July, 2013

Comments received until November, 2013

Comments Argentina Malaysia Australia Moldova Canada Netherlands Chile Oman China Poland Honduras Thailand Hungary United States of America India United Arab Emirates Kazakhstan United Kingdom Kuwait Vietnam Latvia Zambia

Improvement Who did suggest? Where is it?

Description of the importance of auditing the system public debt and the possible consequences of not performing it

Austrália, Latvia Page 1

Description of the objectives of the debt information system

Australia Page 1

Explanation about the importance of this guide within a large context

United Kingdom, Latvia, India Pages 1, 2

Indication of the necessity of a process mapping

Argentina, Australia, United Arab Emirates

Pages 6, 7, 20

Setting out the importance of a risk based audit approach

Australia, United Kingdom, United Arab Emirates, Hungary

Pages 6, 7, 21

Highlight in Application Controls United Kingdom, Honduras, Chile, United Arab Emirates, Poland, Netherlands, India,

Hungary

Pages 11 to 18

Improvement Who did suggest? Where is it?

Creation of a specific list of application controls (testing matrix)

Chile, United Arab Emirates Pages 27 to 37 (matrix)

Mention of the functions, queries and connections that the public debt system should provide

Hungary, Chile Pages 27 to 37 (matrix)

Making references to INTOSAI documents United Kingdom, India, USA, Hungary

Pages 7, 9, 18

Indication of the necessity of an IT expert (the table of sophistication level was removed)

Argentina, Kwait, Chile

Page 6

Modification on the document structure Australia, United Kingdom, Hungary

Entire document

Improvement of the text structure Australia, Canada, Malaysia, Hungary

Entire document

Matrix Structure

REQUIREMENT/ FUNCTIONALITY

GENERAL/APPLICATION CONTROL

TESTING PROCEDURES

TESTING

AREAS

GENERAL

CONTROLS

APPLICATION

CONTROLS

- Organizational controls

- Physical Access controls

- Logical Access controls

- Environmental controls

- Program Change controls

- Business Continuity Planning and

Disaster Recovery

- Documentation standards

- Input controls

- Processing controls

- Output controls

0

5

10

15

20

25

30

35

40

2nd version 3rd version

N.

Page

s

ISSAI 5450: 2nd X 3rd versions

Bibliography Application Controls & Testing MatrixGeneral Controls & Testing Matrix PlanningPre-textual elements

Pages

2nd version

3rd version

1 1

14 21

16 7

6 5

2 4

The approval of the last version of the ISSAI

5450 – Guidance of Auditing on Public Debt Information System

Becoming a INTOSAI document at the INCOSAI 2016

Seoul, Korea - October, 2014