77034 Internal Audit Vice Presidency (IADVP) FY13 Third Quarter Activity Report April 24, 2013 Table of Contents 1 Summary of Key Engagement Outcomes ……………………………………… 2 2 Budget Update …………………………………………………………………….. 3 3 Annex 1: List of Engagements in the FY13 Q3 Activity Report ……………… 5 The Internal Audit Vice Presidency (IAD) is an independent and objective assurance and advisory function designed to add value to the World Bank Group (WBG) by improving the operations of the WBG organizations. It assists WBG in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the organization’s risk management, control and governance processes. The purpose of this report is to provide a high level overview of IAD activities in the quarter to Senior Management and the Audit Committee. This Quarterly Activity Report is also publicly disclosed, under the Bank’s Access to Information Policy. IADVP FY13 Third Quarter Activity Report 1. Summary of Key Engagement Outcomes Five audits and one advisory review were finalized during the quarter. These included: one World Bank Group (WBG) advisory review, three International Bank for Reconstruction and Development/International Development Association (IBRD/IDA) audits, and two International Financial Corporation (IFC) audits. 1. The objective of IAD’s audit of the Bank's Fiduciary Monitoring of Bank-Funded Projects through External Though Regional FM Financial Audits was to assess whether adequate controls teams closely monitor are in place to monitor the use of funds in Bank-funded projects through external financial audits, and whether those receipt of auditors’ controls are operating effectively. The audit showed that reports, the analysis of though Regional Financial Management (FM) teams audited financial diligently review client governments’ selection of auditors, statements is much less ensuring strict adherence to the Bank’s eligibility criteria, and structured closely monitor receipt of auditors’ reports, the analysis of audited financial statements and the follow-up of key audit findings is much less structured. Management is modifying the FM information platform, to incorporate new features to streamline and strengthen audit report monitoring and documentation. 2. The objective of IAD’s audit of the Management of Operational Policy Waivers in Bank Projects was to Governance assess whether the Bank had robust processes and arrangements and governance arrangements for managing operational policy processes for managing waivers related to Bank-funded projects and those funded by operational policy trust funds administered by the Bank. The audit showed that governance arrangements and processes for managing waivers in Bank projects operational policy waivers are robust and effective. Roles are robust and effective and responsibilities are clear, and the review processes are consistently followed. Appropriate solutions are found for projects where the waiver request was rejected. The Board is informed monthly on the status of waivers, and management provided the Board a briefing on the implementation of the newly agreed waiver process in 2012. Comprehensive policies 3. IAD’s audit of IBRD’s Capital Markets Processes evaluated and procedures are in the governance mechanisms, roles and responsibilities, place governing the key policies and procedures relating to borrowing, hedging, and trading activities. Comprehensive policies and procedures activities of the Bank’s are in place and there is adequate management oversight of Capital Markets the key activities, traders are provided guidance regarding processes the hedging strategy, and trading activities are reviewed and monitored. IADVP FY13 Third Quarter Activity Report 2 1. Summary of Key Engagement Outcomes (contd.) 4. IAD’s advisory review of the PeopleSoft HR System Renewal evaluated processes and controls to determine Management whether effective program governance practices had been implemented remediation established to align project decisions with organizational plans to expedite the requirements. In addition, the review covered testing strategies and management monitoring. The review PeopleSoft HR System highlighted that the application was at risk of not being Renewal project implemented on the planned date of July 1, 2013. Management implemented remediation plans to expedite the project. 5. The objective of IAD’s audit of the Management of Integrity Due Diligence (IDD) in IFC's Projects was to assess whether IFC has a robust IDD process for investment and IFC management has advisory projects. The audit showed that the IFC paid increased attention management has paid increased attention to integrity risk to integrity risk and and developed an improvement plan, which introduces a more systematic approach to risk identification with a view to developed an ensuring that all projects with a high integrity risk are improvement plan identified and referred to the Investment and Credit - Integrity and AML/CFT unit (CRVIA). However, the plan currently does not include effective oversight of the business units’ rigor in adhering to IFC’s corporate principles on integrity risk management. Management has agreed to implement a more robust oversight process to address the weaknesses identified in the audit. IFC’s institutional 6. The audit of IFC’s Corporate Budget Process noted the strategy formulation and following in IFC’s budget process: (i) formulation of IFC’s institutional strategy and work-program precedes, and is work-program is integrated with, the development of its corporate budget; (ii) integrated with the IFC has established an integrated institutional framework for development of its the use of external funds (donor funds and client fees); (iii) corporate budget results are institutionally monitored by IFC’s Management Team both at the aggregate IFC level as well as VPU level; and, (iv) IFC’s Management Team is effectively supported by key corporate center teams. 2. Budget Update Total expenditures during FY13 Q3 were $7.4 million representing approximately 65% of the FY13 budget of $11.2 million. IADVP FY13 Third Quarter Activity Report 3 Annex 1: List of Reports issued in the FY13 Q3* WBG Engagements No. Entity Engagement Title Report No. Date Issued 1 WBG Advisory Review of HR Systems Renewal Program WBG FY13-03 February 14, 2013 IBRD/IDA Engagements No. Entity Engagement Title Report No. Date Issued 2 IBRD/IDA Audit of IBRD’s Capital Markets Processes IBRD FY13-07 February 14, 2013 Audit of the Management of Operational Policy Waivers in 3 IBRD/IDA IBRD FY13-08 February 26, 2013 Bank Projects Audit of the Bank's Fiduciary Monitoring of Bank-Funded 4 IBRD/IDA IBRD FY12-15 March 21, 2013 Projects through External Financial Audits IFC Engagements No. Entity Engagement Title Report No. Date Issued Audit of the Management of Integrity Due Diligence (IDD) in 5 IFC IFC FY13-05 April 3, 2013 IFC's Projects 6 IFC Audit of IFC’s Corporate Budget Process IFC FY13-06 April 24, 2013 FY12 carry-overs: One IBRD/IDA audit has been carried over from FY12. ------------------------------------- *As per paragraph 16 (d) of the Bank’s Access to Information Policy, July 1, 2010, audit reports prepared by IAD shall not be pub licly disclosed, except its finalized Annual and Quarterly Activity Reports. IADVP FY13 Third Quarter Activity Report 4