1 into-. 2 what is intosaint? intosai self assessment integrity vulnerabilities integrity controls

1

Into-

2

What is IntoSAINT?

Intosai Self Assessment INTegrity

vulnerabilities Integrity controls

3

Two day workshop

With cross section of employees

4

Utilises knowledge and experience of employees

Promotes integrity awareness

!

5

Quick results

Practical and applicable recommendations

6

Ownership

Integrity

7

SAI leads by example

Integrity in public sector

8

9

Mini-workshop

10

Assessment methodology

Object definition- organisation

- processes

Assessment vulnerabilities

Assessment Maturity level

Integrity Control System

Gap analysis

Recommendations - Reducing vulnerability - Strengthening controls

11

Vulnerabilities

• Vulnerable processes exist in all government organisations

• Some activities and processes are inherently more vulnerable than others

• Some factors can make processes more vulnerable

12

Inherent vulnerabilitiesElements Vulnerable areas /activities /actions

Relationship of the entity with its environment

Contracting procurement, tenders, orders, assignments, awards

Payment subsidies, benefits, allowances, grants, sponsoring

Granting / Issuance

permits, licenses, identity cards, authorizations, certificates

Regulating conditions of permits, setting standards / criteria

Inspection / audit

supervision, oversight, control, inspection, audit

Enforcement prosecution, justice, sanctioning, punishment

Managing public property

Information national security, confidential information, documents, dossiers, copyright

Money treasury, financial instruments, portfolio management, cash/bank, premiums, expenses, bonuses, allowances, etc.

Goods handling, management and consumption (stocks, computers)

Real estate buying / selling

I nherent vulnerabilities

0,00

0,50

1,00

1,50

2,00

2,50

3,00

Contr

act

ing

Paym

ent

Gra

nti

ng /

issu

ance

Regula

ting

Insp

ect

ion /

audit

Enfo

rcem

ent

Info

rmati

on

Money

Goods

Real Est

ate

1 2 3 4 5 6 7 8 9 10

Sco

re AverageStDev

I nherent vulnerabilities

0,00

0,50

1,00

1,50

2,00

2,50

3,00

Contr

act

ing

Paym

ent

Gra

nti

ng /

issu

ance

Regula

ting

Insp

ect

ion /

audit

Enfo

rcem

ent

Info

rmati

on

Money

Goods

Real Est

ate

1 2 3 4 5 6 7 8 9 10

Sco

re AverageStDev

I nherent vulnerabilities

0,00

0,50

1,00

1,50

2,00

2,50

3,00

Contr

act

ing

Paym

ent

Gra

nti

ng /

issu

ance

Regula

ting

Insp

ect

ion /

audit

Enfo

rcem

ent

Info

rmati

on

Money

Goods

Real Est

ate

1 2 3 4 5 6 7 8 9 10

Sco

re AverageStDev

MR Average

14

Vulnerability enhancing factors

1. Complexity

2. Change / dynamics

3. Management

4. Personnel

5. Problem history

Vulnerability enhancing factors

0,000,200,400,600,801,001,201,401,601,802,00

Com

ple

xit

y

Ch

an

ge/d

yn

am

ics

Man

ag

em

en

t

Pers

on

nel

Pro

ble

m h

isto

ry

1 2 3 4 5

Score Average

StDev

Vulnerability enhancing factors

0,00

0,50

1,00

1,50

2,00

2,50

3,00

Com

ple

xity

Change/d

ynam

ics

Managem

ent

Pers

onnel

Pro

ble

m h

isto

ry

1 2 3 4 5

Sco

re AverageStDev

Vulnerability enhancing factors

0,00

0,50

1,00

1,50

2,00

2,50

3,00

Com

ple

xity

Change/d

ynam

ics

Managem

ent

Pers

onnel

Pro

ble

m h

isto

ry

1 2 3 4 5

Sco

re AverageStDev

16

Assessment maturity level Integrity Control System

What is the maturity level of the integrity control system?• Existence of controls• Operation of controls• Effectiveness of controls

Object definition

- organisation

- processes

Assessment

vulnerabilities

Assessment

Maturity level Integrity Control System

Gap analysis

Recommendations

- Reducing vulnerability - Strengthening controls

17

Integrity Control System General controls

1. Integrity policy framework Hard controls 2. Vulnerability / risk analysis Soft controls

3. Responsibilities 8. Values and standards

4. SAI legal framework 13. Recruitment and selection 9. Professional SAI standards

5. Integrity legislation and regulations

10. Integrity awareness

6. Administrative organisation / internal

control

14. Response to integrity violations

11. Management attitude

7. Security 12. Organisational culture

15. Accountability and transparency

16. Audit and monitoring

18

Maturity levelsLevel Criteria

0 - The measure does not exist

1 - The measure exists

- The measure is not implemented / observed

2 - The measure exists

- The measure is implemented / observed

- The measure is not effective

3 - The measure exists

- The measure is implemented / observed

- The measure is effective

19

IntoSAINT webpage

http://www.courtofaudit.nl/IntoSAINT