Statement on Internal Financial Control
Responsibility for the System of Internal Financial Control
We acknowledge the responsibility for ensuring that an effective system of internal financial control is maintained and operated.
The system can only provide reasonable and not absolute assurance that assets are safeguarded, transactions authorised and properly recorded, and that material errors or irregularities are either prevented or would be detected in a timely manner.
Key Control Procedures
We have taken steps to ensure an appropriate control environment by:
- establishing appropriate governance structures with clearly defined management responsibilities;
- establishing formal procedures for reporting significant control failures and ensuring appropriate corrective action;
- establishing an Audit and Risk Committee to advise us on discharging our responsibilities for the internal financial control system.
The National Treasury Management Agency (‘the Agency’) has established processes to identify and evaluate business risks by:
- identifying the nature, extent and financial implication of risks facing the organisation;
- assessing the likelihood of identified risks occurring;
- assessing the organisation’s ability to manage and mitigate the risks that do occur;
- assessing the costs of operating particular controls relative to the benefit obtained.
The system of internal financial control is based on a framework of regular management information, administrative procedures including segregation of duties, and a system of delegation and accountability. In particular it includes:
- a comprehensive budgeting system with an annual budget which is reviewed and approved by the Agency members and submitted to the Minister for Finance;
- regular reviews of periodic and annual financial reports which indicate financial performance against forecasts;
- setting targets to measure financial and other performance;
- clearly defined capital investment control guidelines;
- formal project management disciplines;
- adoption of an Anti-Fraud policy and the Reporting of ‘Relevant Wrongdoing’ and Protected Disclosures Policy (formerly the Good Faith Reporting Policy).
The Agency has an Audit and Risk Committee which operates in accordance with the principles in the Code of Practice for the Governance of State Bodies. The Agency’s internal audit function is overseen by this Audit and Risk Committee. The work of the internal audit function is informed by an analysis of the risks to which the Agency is exposed, and annual internal audit plans are based on this analysis. These risk-based internal audit plans are agreed with the Chief Executive and management of the Agency and approved by the Agency’s Audit and Risk Committee. On a regular basis, the internal audit function provides the management of the Agency and the Agency’s Audit and Risk Committee with reports of internal audit activity. These reports outline any findings and recommendations in relation to internal controls that have been reviewed. Progress against recommendations is monitored and reported to the Audit and Risk Committee.
The Agency has a Code of Practice on Confidentiality and Professional Conduct which sets out the agreed standards of principles and practice in relation to confidentiality, conflicts of interest, insider dealing, market manipulation and personal account transactions.
The Agency has put in place an appropriate framework to ensure that it complies with the Data Protection Acts. As part of this framework, the Agency has implemented systems and controls to restrict the access to confidential data. Under the framework, where the Agency becomes aware of breaches or alleged breaches of confidential data, these are fully investigated and where necessary reported to the appropriate authorities.
The Agency’s monitoring and review of the effectiveness of the system of internal financial control is informed by the management within the Agency who have responsibility for the development and maintenance of the financial control framework, the findings from the work of the internal audit function and comments made by the Office of the Comptroller and Auditor General in management letters or other reports.
Annual Review of Controls
We confirm that, in respect of the year ended 31 December 2016, the Agency members, having taken advice from the Agency’s Audit and Risk Committee, conducted a review of the effectiveness of the system of internal financial control.
On behalf of the Agency members
Willie Walsh, Chairperson
National Treasury Management Agency
Martin Murphy, Chairperson, Audit and Risk Committee
National Treasury Management Agency
8 May 2017