Working Group on Public DebtINTOSAI

Seoul, Korea – October, 2014

ISSAI 5450GUIDANCE OF AUDITING ON PUBLIC DEBT

INFORMATION SYSTEM

Brazilian Court of Accounts

SUMMARY

Objective

Why PDIS should be evaluated

Brazil – economics indicators

Background

ISSAI 5450 – improvements and changes

Comparison: 2nd and 3rd version of ISSAI 5450

Next steps

OBJECTIVE

To help the WGPD to develop a guidance on audit of Public Debt Information Systems (PDIS) that can be useful for all the INTOSAI community

What are we doing?

Auditing on general controls and application controls of Public Debt Information Systems

What is the object of

guidance?

WHY PDIS SHOULD BE EVALUATED?

ISSAI 300 - Principles of Performance Auditing

Auditors should choose a result-, problem- or system-oriented approach, or a combination thereof, to facilitate the soundness of audit design.

- a system-oriented approach examines the proper functioning of management systems, e.g. financial management systems

WHY PDIS SHOULD BE EVALUATED?

ISSAI 5410 - Guidance for Planning and Conducting an Audit of Internal Controls of Public Debt

Computer-based debt information systems have major implications for audits of sovereign debt operations. Auditors must have sufficient computer expertise to perform tests of the internal controls built into computer systems, which are commonly classified into general and application controls.

WHY PDIS SHOULD BE EVALUATED?

UNCTAD: Principles on promoting responsible sovereign lending and borrowing

Debtors should make public disclosure of their financial and economic situation, providing among others the following information: (i) accurate and timely fiscal data; (ii) level and composition of external and domestic sovereign debt including maturity, currency, and forms of indexation and covenants; (iii) external accounts; (iv) the use of derivative instruments and their actual market value; (v) amortization schedules and, (vi) details of any kind of implicit and explicit sovereign guarantees. (11. Disclosure and publication)

WHY PDIS SHOULD BE EVALUATED?

IMF: Revised Guidelines for Public Debt Management

Debt management activities should be audited annually by external auditors. Information technology (IT) systems and risk control procedures should also be subject to external audits. In addition, there should be regular internal audits of debt management activities, and of systems and control procedures. (Transparency and Accountability)

WHY PDIS SHOULD BE EVALUATED?Relevant info for decision making

demands security, reliability, accuracy and readiness from

the information systems

32%

23%18%

17%7% 4%

Creditors Base - December/ 2013

Financial Institutions Investment funds Pension fundsNon-residents Government Insurers

2004 2005 2006 2007 2008 2009 2010 2011 2012 20130%

5%

10%

15%

20%

25%

30%

35%

40%

0

1

2

3

4

539.3%

21.9%24.8%

2.9

4.2

Maturing in 12 months (%)Medium-term

BRAZIL: GROSS DOMESTIC PRODUCT

3,3 3,4 3,6 3,7 3,8 4,0 4,3 4,2 4,6 4,7 4,7 4,8

2,7

1,1

5,7

3,2

4,0

6,1

5,2

-0,3

7,5

2,7

1,0

2,3

2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 PIB - em valores de 2013 Taxas Reais de Crescimento - em %GDP REAL GROWTH (%)

BRAZIL: INFLATION

BRAZIL: CENTRAL GOVERNMENT GROSS DEBT

37591 37834 38078 38322 38565 38808 39052 39295 39539 39783 40026 40269 40513 40756 41000 41244 414870

500

1,000

1,500

2,000

2,500

3,000

0

10

20

30

40

50

60

70

80

90

100

DBGC em R$ Bilhões DBGC em % do PIB

R$ B

illio

n

% G

DP

GROSS DEBT R$ billion GROSS DEBT – GDP (%)

Background – ISSAI 5450 (1st version)

Brazilian Court of Accounts headed the investigation theme “Evaluation on Information Systems Related to Public Debt Management” in July 2009 (Kyiv, Ukraine)

First version draft presented in the WGPD meeting in September, 2012 (Helsinki, Finland)

The draft was submitted to the WGPD members for comments

Comments from Lithuania, USA, Moldova

Background – ISSAI 5450 (2nd version) The exposure draft of the ISSAI 5450 “Guidance of

Auditing on Public Debt Information System” has been approved by the Steering Committee of the Knowledge Sharing Committee (KSC)

WGDP Secretariat submitted to INTOSAI Professional Standards Committee (PSC) in June, 2013

PSC submitted the Exposure draft of the ISSAI 5450 to INTOSAI community for comments in July, 2013

Comments received until November, 2013

ISSAI 5450 – INTOSAI Community

CommentsArgentina MalaysiaAustralia MoldovaCanada NetherlandsChile OmanChina PolandHonduras ThailandHungary United States of AmericaIndia United Arab EmiratesKazakhstan United KingdomKuwait VietnamLatvia Zambia

ISSAI 5450 (3rd version) - main improvementsImprovement Who did suggest? Where is it?

Description of the importance of auditing the system public debt and the possible consequences of not performing it

Austrália, Latvia Page 1

Description of the objectives of the debt information system

Australia Page 1

Explanation about the importance of this guide within a large context

United Kingdom, Latvia, India Pages 1, 2

Indication of the necessity of a process mapping

Argentina, Australia, United Arab Emirates

Pages 6, 7, 20

Setting out the importance of a risk based audit approach

Australia, United Kingdom, United Arab Emirates, Hungary

Pages 6, 7, 21

Highlight in Application Controls United Kingdom, Honduras, Chile, United Arab Emirates, Poland, Netherlands, India,

Hungary

Pages 11 to 18

ISSAI 5450 (3rd version) - main improvements

Improvement Who did suggest? Where is it?

Creation of a specific list of application controls (testing matrix)

Chile, United Arab Emirates Pages 27 to 37 (matrix)

Mention of the functions, queries and connections that the public debt system should provide

Hungary, Chile Pages 27 to 37(matrix)

Making references to INTOSAI documents United Kingdom, India, USA, Hungary

Pages 7, 9, 18

Indication of the necessity of an IT expert (the table of sophistication level was removed)

Argentina, Kwait, Chile Page 6

Modification on the document structure Australia, United Kingdom, Hungary

Entire document

Improvement of the text structure Australia, Canada, Malaysia, Hungary

Entire document

Testing Matrix – General and Application Controls

Matrix Structure

REQUIREMENT/FUNCTIONALITY

GENERAL/APPLICATION CONTROL TESTING PROCEDURES

TESTING AREAS

GENERAL CONTROLS

APPLICATION CONTROLS

- Organizational controls- Physical Access controls- Logical Access controls- Environmental controls- Program Change controls- Business Continuity Planning and

Disaster Recovery

- Documentation standards- Input controls- Processing controls- Output controls

ISSAI 5450: Comparison

2nd version 3rd version0

5

10

15

20

25

30

35

40

ISSAI 5450: 2nd X 3rd versions

Pre-textual elements PlanningGeneral Controls & Testing Matrix Application Controls & Testing MatrixBibliography

N.

Pa

ge

s

Pages2nd

version3rd

version

1 1

14 21

16 7

6 5

2 4

Next Steps

The approval of the last version of the ISSAI 5450 – Guidance of Auditing on Public Debt Information System

Becoming a INTOSAI document at the INCOSAI 2016

THANKS!

Seoul, Korea - October, 2014