brazilian court of accounts - wgpdwgpd.org.mx/anexos/130215/14brasystem_i.pdf · 3,000 dic./02...
TRANSCRIPT
Seoul, Korea – October, 2014
Brazilian Court of Accounts
Objective
Why PDIS should be evaluated
Brazil – economics indicators
Background
ISSAI 5450 – improvements and changes
Comparison: 2nd and 3rd version of ISSAI 5450
Next steps
To help the WGPD to develop a guidance on audit of Public Debt Information Systems (PDIS) that can be useful for all the INTOSAI community
What are we doing?
Auditing on general controls and application controls of Public Debt Information Systems
What is the object of
guidance?
ISSAI 300 - Principles of Performance Auditing Auditors should choose a result-, problem- or system-oriented approach, or a combination thereof, to facilitate the soundness of audit design.
- a system-oriented approach examines the proper functioning of management systems, e.g. financial management systems
ISSAI 5410 - Guidance for Planning and Conducting an Audit of Internal Controls of Public Debt Computer-based debt information systems have major implications for audits of sovereign debt operations. Auditors must have sufficient computer expertise to perform tests of the internal controls built into computer systems, which are commonly classified into general and application controls.
UNCTAD: Principles on promoting responsible sovereign lending and borrowing Debtors should make public disclosure of their financial and economic situation, providing among others the following information: (i) accurate and timely fiscal data; (ii) level and composition of external and domestic sovereign debt including maturity, currency, and forms of indexation and covenants; (iii) external accounts; (iv) the use of derivative instruments and their actual market value; (v) amortization schedules and, (vi) details of any kind of implicit and explicit sovereign guarantees. (11. Disclosure and publication)
IMF: Revised Guidelines for Public Debt Management Debt management activities should be audited annually by external auditors. Information technology (IT) systems and risk control procedures should also be subject to external audits. In addition, there should be regular internal audits of debt management activities, and of systems and control procedures. (Transparency and Accountability)
Relevant info for decision making
demands security, reliability, accuracy and readiness from
the information systems
31%
23% 18%
17%
7% 4%
Creditors Base - December/ 2013
Financial Institutions Investment fundsPension funds Non-residentsGovernment Insurers
39.3%
21.9% 24.8%
2.9
4.2
0
1
2
3
4
5
0%
5%
10%
15%
20%
25%
30%
35%
40%
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013
Maturing in 12 months (%) Medium-term
3,3 3,4 3,6 3,7 3,8 4,0 4,3 4,2 4,6 4,7 4,7 4,8
2,7
1,1
5,7
3,2
4,0
6,1
5,2
-0,3
7,5
2,7
1,0
2,3
2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013
PIB - em valores de 2013 Taxas Reais de Crescimento - em %GDP REAL GROWTH (%)
0
10
20
30
40
50
60
70
80
90
100
0
500
1,000
1,500
2,000
2,500
3,000
dic./02 dic./03 dic./04 dic./05 dic./06 dic./07 dic./08 dic./09 dic./10 dic./11 dic./12 dic./13
% G
DP
R$
Bill
ion
DBGC em R$ Bilhões DBGC em % do PIBGROSS DEBT R$ billion GROSS DEBT – GDP (%)
Brazilian Court of Accounts headed the investigation theme “Evaluation on Information Systems Related to Public Debt Management” in July 2009 (Kyiv, Ukraine)
First version draft presented in the WGPD meeting in September, 2012 (Helsinki, Finland)
The draft was submitted to the WGPD members for comments
Comments from Lithuania, USA, Moldova
The exposure draft of the ISSAI 5450 “Guidance of Auditing on Public Debt Information System” has been approved by the Steering Committee of the Knowledge Sharing Committee (KSC)
WGDP Secretariat submitted to INTOSAI Professional Standards Committee (PSC) in June, 2013
PSC submitted the Exposure draft of the ISSAI 5450 to INTOSAI community for comments in July, 2013
Comments received until November, 2013
Comments Argentina Malaysia Australia Moldova Canada Netherlands Chile Oman China Poland Honduras Thailand Hungary United States of America India United Arab Emirates Kazakhstan United Kingdom Kuwait Vietnam Latvia Zambia
Improvement Who did suggest? Where is it?
Description of the importance of auditing the system public debt and the possible consequences of not performing it
Austrália, Latvia Page 1
Description of the objectives of the debt information system
Australia Page 1
Explanation about the importance of this guide within a large context
United Kingdom, Latvia, India Pages 1, 2
Indication of the necessity of a process mapping
Argentina, Australia, United Arab Emirates
Pages 6, 7, 20
Setting out the importance of a risk based audit approach
Australia, United Kingdom, United Arab Emirates, Hungary
Pages 6, 7, 21
Highlight in Application Controls United Kingdom, Honduras, Chile, United Arab Emirates, Poland, Netherlands, India,
Hungary
Pages 11 to 18
Improvement Who did suggest? Where is it?
Creation of a specific list of application controls (testing matrix)
Chile, United Arab Emirates Pages 27 to 37 (matrix)
Mention of the functions, queries and connections that the public debt system should provide
Hungary, Chile Pages 27 to 37 (matrix)
Making references to INTOSAI documents United Kingdom, India, USA, Hungary
Pages 7, 9, 18
Indication of the necessity of an IT expert (the table of sophistication level was removed)
Argentina, Kwait, Chile
Page 6
Modification on the document structure Australia, United Kingdom, Hungary
Entire document
Improvement of the text structure Australia, Canada, Malaysia, Hungary
Entire document
Matrix Structure
REQUIREMENT/ FUNCTIONALITY
GENERAL/APPLICATION CONTROL
TESTING PROCEDURES
TESTING
AREAS
GENERAL
CONTROLS
APPLICATION
CONTROLS
- Organizational controls
- Physical Access controls
- Logical Access controls
- Environmental controls
- Program Change controls
- Business Continuity Planning and
Disaster Recovery
- Documentation standards
- Input controls
- Processing controls
- Output controls
0
5
10
15
20
25
30
35
40
2nd version 3rd version
N.
Page
s
ISSAI 5450: 2nd X 3rd versions
Bibliography Application Controls & Testing MatrixGeneral Controls & Testing Matrix PlanningPre-textual elements
Pages
2nd version
3rd version
1 1
14 21
16 7
6 5
2 4
The approval of the last version of the ISSAI
5450 – Guidance of Auditing on Public Debt Information System
Becoming a INTOSAI document at the INCOSAI 2016
Seoul, Korea - October, 2014