THE CAPABILITY OF THE PUBLIC INTERNAL AUDIT FUNCTION IN SERBIA TO EFFECTIVELY CARRY OUT ITS ROLE
Abstract
The aim of this paper is to assess the capability of the internal audit function in the Serbian public sector to add value to the public sector entities by performing its work effectively, to support progress of and achieve the requirements of EU Chapter 32 – Financial control, opened in 2015. We reviewed the annual reports regularly published by the Ministry of finance as well as SAI’s annual activity reports for the period from 2016 to 2022. The results of our analysis show that the internal audit function in the Serbian public sector is still at the initial stage of its development. Our recommendation refers to the change of the model of organization of the internal audit function in the small entities and providing adequate resources for internal auditor’s continual professional education.
Article
Introduction
The fundamental premise of the Three Lines Model or the public sector is that the governments and other public sector entities are essential for maintaining orderly and fair societies (INTOSAI and The Institute of Internal Auditors 2022). These entities operate on behalf of the public and use public resources, and consequently bear responsibility for the effective, efficient, ethical, equitable and sustainable management of the public sector resources. The decision making and operating processes of public sector entities must be transparent to all stakeholders. Establishing process of good governance, including internal audit function as a third line is essential for good governance. Budgeting and public financial management (PFM) are probably the most important instruments for proper implementation of public policies. PFM deals with the management of public resources, the allocation and use of resources collected from the economy.
Starting from 2015, the Republic of Serbia implemented a comprehensive set of reforms in the field of public finance management with the aim of increasing accountability, ensuring good financial management, and improving the efficiency and effectiveness of public resource management. This set of activities is included in the Public Financial Management Reform Program (PFMRP). The first part of this program took place in the period 2016-2020, and the second covers the period from 2021-2025 (Government of the Republic of Serbia 2021).
PFMRP pertains to the Cluster I – Basics within the public administration reform program and is important for macroeconomic stability, good governance, business environment, transparency and the similar. This program is the base for a few other EU negotiation chapters (Government of the Republic of Serbia 2021). A few of these chapters were opened in the previous period, 5 – Public procurement (December 13, 2016), 17-Economic and monetary policy (December 10, 2018),
29-Customs union (June 20, 2017), 32-Financial control (December 14, 2015) and 33-Financial and budgetary provisions (June 25, 2018) (Republika Srbija n.d.).
To develop transparency in public finances, the Law on the Budget System (Republika Srbija 2009 ..2021) defined a comprehensive system of measures for the management and control of public revenues, expenditures, assets, and liabilities, established by the government through public sector organizations. with the aim of managing and controlling public funds in accordance with the regulations, the budget, and the principles of good financial management, i.e., economy, efficiency, effectiveness, and openness. Financial management and control (FMC) in Serbia are regulated in line with the COSO model (Republika Srbija Ministarstvo finansija 2018), a framework for internal control, enterprise risk management, and fraud deterrence developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). PFMRP was the first reliable framework for monitoring of results of implementation of new governance system and financial management policies (Government of the Republic of Serbia 2021).
Public internal financial control
The most famous and widely recognized definition of internal control is the one by COSO. COSO defines internal control as “a process, affected by people, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.” (The Committee of Sponsoring Organizations of the Treadway Commission (COSO) 2013).
The aim of the public internal financial control (PIFC) system is primarily based on the management responsibility, which is defined by the Law on the Budget System as the obligation of managers at all levels of users of public funds to perform all work legally, respecting the principles of economy, effectiveness, efficiency, and publicity, as well as that their decisions, procedures, and results correspond to whoever appointed them or delegated responsibility to them. The Law on the Budget System stipulates that PIFC includes financial management and control of users of public funds, internal audit of users of public funds and harmonization and coordination of financial management and control and internal audits performed by Central harmonization unit (CHU) of the Ministry of finance.
The European Commission staff working document for Serbia in 2015 addressed several issues that are necessary for improving financial controls, as mentioned in Chapter 32 – Financial control (European Commission 2015). According to the Report, Serbia has already made some progress in terms of external audits. However, the principle of managerial accountability was not fully integrated into the management culture of public sector entities yet. The working document emphasized the need for annual review reports on the implementation of public internal financial control (PIFC) by CHU, which should include reviewing the implementation results, a comprehensive analysis of systemic weaknesses and propose corrective measures.
Internal auditing in the public sector
The assumption that the management is responsible for ensuring the establishment of internal control is widely accepted. In a broad sense, internal control includes all the controls operated by an organization to facilitate it to achieve its goals. The internal audit provides assurance that an adequate and effective internal control system is put in place.
Internal audit plays a critical role in a entity’s corporate governance. It is an operationally independent unit, checking that internal controls are working properly and making recommendations for optimization of controls. It should audit internal control systems, risk management, and corporate governance procedures. In the public sector, internal audit reports may be made available to the public upon request, in accordance with jurisdictional public record laws (INTOSAI and The Institute of Internal Auditors 2022).
In 2023, The Institute of Internal Auditors (The IIA) proposed new internal auditing standards. The proposed IIA’s Global Internal Audit Standards™ for the first time highlight the public sector’s unique characteristics, such as its purpose and governance structure. The new draft Standards include the definition of public sector which reads: “governments and all publicly controlled or publicly funded agencies, enterprises, and other entities that deliver public programs, goods, or services.” (The Institute of Internal auditors 2023).
Draft of proposed standards pay significant attention to the public sector interest, referring to the public as the ultimate customer of all public sector services. Although the internal audit activity does not typically report directly to the public, proposed standards consider that all public sector internal audit work should be done on behalf of the public and with the public benefit and interest in mind. Consequently, internal auditors must assess what the organization is doing to provide value to the public. (The Institute of internal auditors 2022).
Establishing and properly supporting internal audit functions within governments at all levels should be considered a universal best practice. The absence of internal audit functions within government could significantly increase the risk of fraud, waste, abuse, malfeasance, inefficiency, cybersecurity and data privacy breaches, national security failures, breakdowns in the provision of government services, reduced public accountability, a lowered ability to identify and manage current and emerging risks facing the government and its citizens, and wasted resources.
In the case of the provision of internal audit services to smaller government subdivisions, policymakers may opt, for reasons of economies of scale, to set up internal audit functions that are shared among various entities. Options for outsourcing, sourcing or combined services enable the same team of auditors to be involved in audits across multiple entities.
The latest apprehension of the purpose of internal auditing “acknowledges that internal auditing enhances the organization’s ability to serve the public interest, the collective well-being of the community of people, and entities that the auditors serve. This responsibility is an important characteristic of an internal audit in the public sector where the purpose of the organization is to provide services to the public.” (The Institute of Internal auditors 2023).
The aim of the study is to examine the development of the internal audit function and its capabilities to effectively carry out its role in the public sector of the Republic of Serbia following the opening of EU Chapter 32 - Financial Control, in December 2015.
Methodology
Ministry of finance - CHU monitors the work of internal audit in the public sector of the Republic of Serbia through the analysis of annual reports on the functioning of the internal controls system and internal audit submitted by public sector entities. The results of this analysis are presented in a consolidated annual report which have been regularly prepared since 2009. The consistency of the presentation of data varies over the years. Following the opening of EU accession Chapter 32 – Financial Control in 2015, the consistency of presentation significantly increased. The available data include the number of public entities that submitted their annual reports to the CHU, the status of internal audits in the reporting entities, the number of internal auditors, the number of audits, audit findings, and similar. The analysis of these data enables the assessment of the development of the function of internal auditing in the entire public sector. Since 2016, the content and format of the consolidated annual report have been improved in accordance with European Committee recommendations.
Serbian State audit institution (SAI) also reports on the development of the internal control system and internal auditing in the public sector for audited entities since 2007. SAI annual operating reports on the annual results of annual audit programs, thus, the greatest number of entities differs from year to year. Nevertheless, the considerable number of audited entities, on the other hand, represents a good base for an overall assessment of the status of internal auditing in the public sector, as all entities operate in the same environments and under the same regulation.
For this paper, we analyzed the date for the period commencing in 2016, with the aim of assessing the results of the efforts invested in improving the internal audit function in the public sector following the opening of EU Chapter 32 - Financial Control, in December 2015. Although the dates are not consistently presented in all these reports, the lack of their consistency does not impact the overall assessment results.
Results on the implementation process and discussion
The development of internal control system and internal audit in the Serbian public sector can be tracked by analyzing reported data in the Serbian Ministry of finance CHU reports. For example, we can track the progress of awareness of public entities’ management on the importance of the implementation of the proposed processes in the public management system by the number of entities which submitted their reports to the Ministry of finance CHU.
Table 1. The number of entities which submitted their mandatory annual reports to the Ministry of Finance's Central harmonization unit (CHU)
The data presented on the Table 1 reveals that the number of public entities which submit their reports on financial management and control (FUK) continualy increases, with the spike 2020. The difference between submitted reports and processed reports is another indicator of the quality of submitted reports. Namely, the differences relate to the emply reports. From 2020, all submitted reports were processed. Analysis of the structure of entities which submitted their reports, most difficulties occur at the municipality level, as the percentinge of municipalities which submitted their reports is the lowest. The overall assessment is positive, as the awareness of public entities management significantly raised. Part of this success relate to the intensive training of employees responsible for public management held in the latest period, as a greater number of public fund beneficiaries have undergone the training and submitted their first annual reports on financial management and control (Government of the Republic of Serbia 2021).
FUK is a system of policies, procedures, and activities which provides reasonable assurance that the objectives of the public entity will be realized in a proper, economical, efficient, and effective way. The FUK system includes five interrelated elements that are defined in accordance with COSO framework: control environment, risk management, control activities, information and communication and monitoring and evaluation of the system.
During the regular audit process, the State Audit Institution in Serbia (SAI) examines the FUK system. Based on performed reviews, SAI could not find assurance that the internal control system was established in a way to ensure operations in accordance with regulations, internal acts, and contracts in the majority of audited entities. It was also determined that the conditions for adequate functioning of the internal audit were not appropriate. The SAI’s analysis of irregularities in the functioning of financial controls reveals that the most of irregularities occur at the local level.
Table 2. Irregularities in the functioning of financial controls in 2018
Table 3. Development of the internal audit function in the public sector
The scope of the audit is primarily analyzed according to the scope of the internal auditing of the budget by categories of given entities. The results presented in Table 5 show most of the budget expenditures occur in entities with functional internal auditing.
Table 4. The scope of re budget of public entities audited by internal auditors
Although the data on the assessment of the quality of internal auditing work is not available, an average number of internal auditors by public entities raises skepticism about its quality (Table 6).
Table 5. The number of internal audit functions and internal auditors in the Serbian public sector
The data in the table above reveal that the average number of internal auditors by a public entity is between 1,5 and 2,1, with the continually decreasing trend. The average number of internal auditors at the central level, presented in Table 7, is above average for the entire public sector. Thus, the decreasing trend may be explained by the increase in the number of entities that establish internal audit functions with one or two internal auditors in the internal audit function.
Table 6. Established internl audit functions and proposed and actual number of internal auditors in public entities at the central level in 2021
During its regular audit process, State audit instituion in Serbia (SAI) examines internal audit function. Auditees are the direct and indirect beneficiaries of the budget funds, beneficiaries of funds of organizations of mandatory social insurance, the public enterprises, units of territorial autonomy and local self-government, the National Bank of Serbia in the part relevant to use of public funds, and all other users of public funds (State Audit Institution 2019).
Table 7. The status of internal audit function in audited entities
Professional competencies of internal auditors
To comply with the International standards for the professional practice of internal auditing, internal auditors must obtain appropriate professional designation and possess or obtain the knowledge, skills and abilities to perform their responsibilities successfully (The Institute of internal auditors 2017). Funding for training and professional development should be included in the internal audit budget, i.e. provided by the organizations. Training opportunities may include enrolling in courses, working with a mentor, or being assigned new tasks under supervision during an engagement. Membership in a professional organization is also beneficial for maintaining internal audit knowledge on a day-to-day basis.
According to the regulation of internal auditing applied in the public sector of the Republic of Serbia, the duty of internal auditors is to improve their knowledge, skills, and other abilities through continuous professional development. The Rulebook on professional training of certified internal auditors in the Serbian public sector prescribes the areas and forms of professional training of authorized internal auditors in the public sector and criteria for recognizing professional training (Republika Srbija, Ministar finansija 2019). The Ministry of Finance CHU publishes the Record of professional training of certified internal auditors in the Serbian public sector. The records show that only fifty percent of public sector internal auditors obtain continual professional education, and subsequently maintain their professional designation. The summary of these records is presented in Table 9 (Republika Srbija Ministarstvo finansija 2021).
The number of public sector internal auditors who are the members of the most influential professional organization is presented in the annual reports of the IIA Serbia (Udruženje internih revizora Srbije n.d.). These figures show that only ten percent of public sector internal auditors are members of this professional organization.
Table 8. Professional competencies of internal auditors in the public sector
Conclusion and recommentations
The aim of the study is to examine the development of the internal audit function and its capabilities to effectively carry out its role in the public sector of the Republic of Serbia following the opening of EU Chapter 32 - Financial Control, in December 2015.
Despite the advanced normative regulation, operating capabilities of the internal audit function in the public sector are in the initial phase. This conclusion is based on two results. The first is that the average number of auditors in public entities continually decreases, from 2.1 in 2016 to 1.5 in 2021. The number of public entities that have established internal audit functions continually increases, but the actual number of auditors in these entities varies between 1 and 2. It is hard to believe that such a small number of internal auditors can comply with international internal audit standards. Analysis of the qualifications of public sector internal auditors reveals that about half of them do not have access to continual professional education, which is of the utmost importance for qualified professionals. Moreover, just ten percent of public sector internal auditors are members of authoritative professional organization IIA Serbia and majority of them have no access to the cheapest source for continual professional education.
The research finds an increase in awareness of the value of internal auditing since the opening of the EU Chapter 32. The analysis of irregularities in the functioning of internal control systems reveals that the greatest average number of irregularities occur at the local level, in entities with the least developed internal audit function. The least irregularities occur at the central level and public entities owned by the central government, with the functional internal audit function. We conclude that a key public sector challenge is to ensure appropriate internal audit at the local level.
The overall conclusion is that internal audit function, regardless of its well-done normative regulation, has not significantly improved its capabilities to effectively carry out its role in the Serbian public sector since the opening of the EU Chapter 32 – Financial control.
Based on the findings enumerated above, the following are some recommendations that will improve the capability of internal audit functions in performing their roles and responsibilities: The first one refers to the promotion of compound internal audit function with more auditors, whereas internal audit staff is concentrated at one point and performs internal auditing for more entities. The second one refers to providing adequate resources and incentives for public sector internal auditors for their intensive continual professional education.
References
2.Enofe, A. O., C. J. Mgbame, V. E. Osa-Erhabor, and A. J. Ehiorobo. 2013. "The Role of Internal Audit in Effective Management in Public Sector." Research Journal of Finance and Accounting 4 (6): 162-168. Accessed 10 2, 2023. https://iiste.org/journals/index.php/rjfa/article/download/5660/5772.
3.European Commission. 2015. "Commission staff working document Serbia 2015 report." EUROPA. untitled (europa.eu).
4.Government of the Republic of Serbia. 2021. The Public Financial Management Reform Programme 2021-2025. Belgrade: Ministry of finance of the Republic of Serbia.
5.INTOSAI and The Institute of Internal Auditors. 2022. "Applying the Three Lines Model In the Public Sector. Applying the Three Lines Model in the Public Sector." theiia.org.
6.Republika Srbija. n.d. Istorijat odnosa Srbije i EU. Edited by Ministarstvo za evropske integracije. MEI - Istorijat odnosa Srbije i EU.
7.Republika Srbija Ministarstvo finansija. 2021. "Evidencija o stručnom usavršavanju internih revizora u javnom sektoru." Евиденција о стручном усавршавању интерних ревизора у јавном сектору (mfin.gov.rs).
8.Republika Srbija Ministarstvo finansija. 2020. "Konsolidovani godi[nji izveštaj ya 2019. godinu o stanju interne finansijske kontrole u javnom sektoru u Republici Srbiji." Centralna jedinica za harmonizaciju, Beograd. Консолидовани годишњи извештај (mfin.gov.rs).
9.Republika Srbija Ministarstvo finansija. 2017. "Konsolidovani godišnji izveštaj za 2016. godinu o stanju interne finfnaijske kontrole u javnom sektoru u Republici Srbiji." Sektor za internu kontrolu i internu reviziju, Beograd.
10.Republika Srbija Ministarstvo finansija. 2018. "Konsolidovani godišnji izveštaj za 2017. godinu o stanju interne finansijske kontrole u javnom sektoru u Republici Srbiji." Centralna jedinica za harmomonizaciju, Beograd. Консолидовани годишњи извештај (mfin.gov.rs).
11.Republika Srbija Ministarstvo finansija. 2019. "Konsolidovani godišnji izveštaj za 2018. godinu o stanju interne finansijske kontrole sektora javne kontrole u Republici Srbiji." Centralna jedinica za harmonizaciju, Beograd.
12.Republika Srbija Ministarstvo finansija. 2020. "Konsolidovani godišnji izveštaj za 2019. godinu o stanju interne finansijske kontrole u javnom sektoru u Republici Srbiji." Centralna jedinica za harmonizaciju, Beograd. Консолидовани годишњи извештај (mfin.gov.rs).
13.Republika Srbija Ministarstvo finansija. 2021. "Konsolidovani godišnji izveštaj za 2020. godinu o stanju interne fifnansijske kontrole u javnom sektoru u Republici Srbiji." Centralna jedinica za harmonizaciju, Beograd.
14.Republika Srbija Ministarstvo finansija. 2022. "Konsolidovani godišnji izveštaj za 2021. godinu o stanju interne finansijske kontrole sektora javne kontrole u Republici Srbiji." Centralna jedinica za harmonizaciju. Консолидовани годишњи извештај (mfin.gov.rs).
15.Republika Srbija. 2009 ..2021. Zakon o budžetskom sistemu. Službeni glasnik Republike Srbije broj 54/29 …118/21.
16.Republika Srbija, Ministar finansija. 2019. Pravilnik o stručnom usavršavanju ovlašćenih internih revizora u javnom sektoru. Službeni glasnik Republike Srbije, broj 15 od 8. marta 2019.
17.State Audit Institution. 2019. "2018 Activity Report - State Audit Institution." Državna revizorska institucija. Annual Activity Report 2018.pdf (dri.rs).
18.The Committee of Sponsoring Organizations of the Treadway Commission (COSO) 2013. "COSO Internal Control- Integrated Framework." Internal Control | COSO.
19.The Institute of internal auditors. 2017. "Atribute standards." The Institute of internal auditors. Standards (theiia.org).
20.The Institute of Internal auditors. 2023. "Globalni standardi interne revizije - Nacrt za javnu raspravu." The Institute of Internal auditors. March. iia-global-internal-audit-standards-public-comment-draft-serbian.pdf (theiia.org).
21.The Institute of internal auditors. 2022. "Practice guide: Building an effective internal audit activity in the public sector." The Institute of internal auditors. July. Building an Effective Internal Audit Activity in the Public Sector (theiia.org).
22.Udruženje internih revizora Srbije. n.d. "Finansijski izveštaji." Finansijski izveštaji Удружење интерних ревизора Србије | УИРС (uirs.rs).
Published in
Vol. 10 No. 1 (2024)
Keywords
🛡️ Licence and usage rights
This work is published under the Creative Commons Attribution 4.0 International (CC BY 4.0).
Authors retain copyright over their work.
Use, distribution, and adaptation of the work, including commercial use, is permitted with clear attribution to the original author and source.
Interested in Similar Research?
Browse All Articles and Journals