The back office has two main functions: recording, updating and maintaining data; and undertaking debt payments after verification of claims by the creditors. This has been deal with in Part 1 of Module 2.
_______________________________________________________________________________
www.unitar.org/pft 54
Auditing the Recording Function
Control Environment: Recording and updating data files and their corresponding operations.
Audit Objective: Determine whether a there is a proper recording function in place, supported by a well-designed CBDMS with proper trained and support personnel.
Audit Procedures: The auditor would obtain oral and documentary evidence to answer the following questions:
1. Does the back office have a procedures manual for recording and processing disbursements and debt service into the CBDMS? If so, who is in charge of its implementation and how often is it updated?
2. Is there in place a specific CBDMS
designed for PDM? If so, is the CBDMS locally developed, DMFAS, CS-CDRMS or other? Note that Excel spreadsheets cannot be considered as a CBDMS.
3. The database is unique in the sense that there is only one
government agency in charge of collecting, updating and maintaining the database? Note that in many cases the Ministry of Finance is in charge of recording domestic debt and the Central Bank in charge of external debt. If so, are there duplications in the databases or there is a well-established procedure for putting the whole public debt together without risking duplications?
4. How and with what frequency loan and other debt related
agreements are made available to the back office?
5. Does the database include guaranteed and on-lent loans by the central government or other public agency?
6. How often is the database updated? Is it updated at regular time intervals or each time a transaction or new loan is recorded?
7. Where are original or duly copied of signed loan and other debt instrument agreements stored?
8. Are there hard copy filing at the back office for loan contracts, securities issues and related transactions? If so, are these files properly protected against fire, drought or other? Are these files systematically scanned and backed up with the CBDMS electronic files?
9. Is there a well-established routine of data validation? If so, how is this routine implemented and who is the responsible supervisor? 10.Does the back office reconcile debt data with creditors and domestic
_______________________________________________________________________________
www.unitar.org/pft 55
11.Are there specific teams for data recording and data validation? If so, how are they organised and how are they coordinated?
12.In addition to direct, guaranteed and on-lent debt, are there other types of financial instruments like derivatives or currency and interest swaps recorded in the system?
13.For marketable debt instruments, are they valued at market price? If so, what is the methodology for doing so, i.e. internal market pricing or collecting information from Bloomberg or Reuters?
14.How is the back office organised for data dissemination and what debt reporting standards are applied?
15.What is the process and who is responsible for preparing a debt statistical bulletin or equivalent debt report? How frequently is this debt information published? Is this publicly available? If so, how and in what format?
16.Does the debt statistical bulletin or equivalent include information on central government debt stocks (by creditor, residency classification, instrument, currency, interest-rate basis, and residual maturity), on debt flows (principal and interest payments), debt ratios or indicators and basic risk measures of the debt portfolio? 17.What is the frequency of debt reports? What validation measures are
used to ensure the accuracy of these reports in addition to the regular data validation routines for debt recording?
18.Who is responsible for signing off on or authorising the release of these reports?
Auditing the Operating Function
Control Environment: Verifying creditor claims, ordering correctly and timely debt service payments by following Treasury and Budget Execution guidelines, in coordination with the Central Bank for external debt payments.
Audit Objective: Determine whether a there is a proper operating function in place, supported by a well-designed Treasury and Budget Execution guidelines.
Audit Procedures: The auditor would obtain oral and documentary evidence to answer the following questions:
1. Who is involved in arranging debt service payments for central government debt, and what is the authorisation process?
2. There is a readily accessible procedures manual for the processing of debt service?
3. Are all payment notifications checked with internal records before payments are made?
4. Is there controlled access to cash, checks, and electronic payment systems that are located in locked areas? If so, are there controls to
_______________________________________________________________________________
www.unitar.org/pft 56
ensure that there is a minimum two-person authorisation process to validate and process payments?
5. Is there an IFMS in place? If so, is the CBDMS fully integrated with it and what are the budgetary steps that are followed in order to honour government debt?
6. Does the back office have a suspense account to order domestic debt service?
7. How is external debt service handled and what institution is in charge of foreign currency payment transfers?
8. How is the exchange rate variation handled by the back office when ordering external payments? Is the exchange rate updated for the effective exchange rate value actually applied for the payment in the CBDMS?
9. Does the back office verify creditor payment claims? If so, what is the methodology followed for verification?
10.Has the back office found mistakes in creditor claims? If so, what were the steps taken to amend the claim and what was the creditor’s feedback?
11.Has the government met all debt services payment obligations by the due date? If not:
• How often have payments been late, and how late have they been?
• What were the reasons for, or sources of, the delay?
• Were penalty charges imposed for late payment?
• If so, how significant were these penalty charges?
12.What are the domestic procedures to monitor project disbursements and what dependencies are in charge of monitoring? Does the back office have a particular role in this monitoring?
13.How often are disbursement updated in the CBDMS and the database lined up for accurate estimation of interest payments? Are these new debt service estimations communicated swiftly to the Treasury and the Budget Department?
Auditing Information, CBDMS and Business Continuity
The CBDMS is not necessarily a direct responsibility of the back office in all cases, however, the back office is a key user of it, and the accuracy and timeliness of the information is closely linked to the effectiveness in which the back office uses the CBDMS.
Audit Objective: To determine if debt data in the CBDMS are secure, as well as a catastrophe recovery plan is in place for business continuity ensuring debt administration records recovery, therefore assuring that PDM can relays on the CBDMS database information.
_______________________________________________________________________________
www.unitar.org/pft 57
Audit Procedure: Obtain sufficient evidence to answer the following questions:
1. Who is in charge of reporting debt data to the World Bank DRS? Is the DMO’s CBDMS used for this purpose? If so, is the reporting satisfactory?
2. Who is in charge of reporting debt data to the IMF? Is the DMO’s CBDMS used for this purpose? If so, is the reporting satisfactory? 3. If the country has enrolled either in GDDS or SDDS, is the reporting
of public debt done accordingly to the required standards? 4. Are there documented procedures for controlling access to the
CBDMS? If so, where are these located, what are the controls, and how frequently are they updated?
5. Who is the authority that sets the access levels and functions for the staffs accessing the CBDMS? Does this authority also input data to the system?
6. Is the CBDMS located in a locked area, and access to the system by back office users and IT specialists is tightly controlled through access permissions and password controls?
7. Are the computer software changes controlled in order to ensure that all changes to the CBDMS configuration are handled accurately, completely and in a timely manner?
8. CBDMS database and support files (like loan contracts scanned files) backed up once a month and stored in a separate secure location where they are protected from catastrophe incidents?
9. Are CBDMS database and support files backed up incrementally, i.e. only the files that have been changed since last backup, on weekly or daily overnight basis and stored in a separate secure location where they are protected from catastrophe incidents?
10.Are comprehensive business recovery procedures to ensure that government debt management operations can continue to operate in the event of natural disasters or other events?
11.Are the types of disaster scenario that the DMO wishes to protect the CBDMS against identified? If so, are the associated risks regarding financial, physical and human capital assessed?
12.Are the critical functions that need to be undertaken in business continuity setting identified? If so, are the minimum functions to access the CBDMS and networks ensured?