Client: European Multilateral Development Bank
The Client’s Finance Directorate was in the process of performing its annual update of the Internal Control Framework (‘ICF’) review and submission, as required to meet the client’s internal risk and control governance. The Finance Directorate wished to launch a mission to review the quality of its completed ICF documentation for its Treasury and Borrowing activities, analyse the operational activities reflected in the ICF, ensure key risks are identified and mitigated by the controls, perform interviews with key Finance interlocutors to update the ICF submission as required, identify any gaps and observed deficiencies to the required ICF standard, and present outcomes and findings to Finance Management.
More specifically, Finance wanted to review and make recommendations in relation to the number and constituency of key controls identified across finance processes, the risks those controls are linked to, the control descriptions and attributed, and how the adequacy and effectiveness of these controls can be measured on an ongoing basis (such as through proposed key risk indicators). The mission needed to align the ICF submission with both internal policy and industry standard practices. The deliverables from this mission included a high-level Risk Assessment and updated Risk and Control Matrix.
New Link Consulting executed by mission by:
- Gathering current ICF documentation including ICF policy requirements and the Finance Directorate ICF submission
- Documenting / reviewing standards to define what makes a control a ‘key control’ and defining / reviewing guidelines on how to document a key control (control objectives how the controls should be linked to risks, standards to evaluate both control adequacy and effectiveness. These standards leveraged those already defined for the ICF policy, and were supplemented with Best Banking Practice, where needed.
- Reviewing Finance ICF documentation and:
- Identifying / validating which controls are ‘key controls’ and which are linked to ‘significant’ risks
- Comparing the controls to the key control standards
- Conduct interviews with key nominated Finance Directorate contacts to validate and supplement the documentation
- Documenting a high-level Risk assessment and identify activities related to ‘significant’ risks.
