Public Internal Financial Control in Ukraine: Achievements and the Road Ahead
In the beginning of 2024, the Ministry of Finance of Ukraine, with the support of the EU4PFM Programme, hosted a conference on Public Internal Financial Control.
This hybrid event brought together over 130 heads of internal audit departments from central and regional levels, both in person and online.
This article highlights the key insights shared during the conference by the Department of State Internal Financial Control Harmonisation of the Ministry of Finance and distinguished international speakers.
Achievements in the Ukrainian public sector
Over the years, a lot of achievements have been made in the development of Public Internal Financial Control (PIFC). This reform, driven by the Ministry of Finance through the Department of State Internal Financial Control Harmonisation focused on strengthening and enhancing internal control arrangements as well as the internal audit function.
Much has been achieved: a robust regulatory framework for PIFC is in place: specific decrees were issued by the Ministry of Finance on internal control and internal audit aligned with international standards and frameworks, internal audit units were installed, risk management guidelines were developed. Recently the governance and quality of internal control and audit were strengthened by introducing Audit Committees as well as a certification programme for internal auditors.
Audit Committees will serve as advisory platforms for senior management at public sector entity level (for example a Ministry). The advice for senior management will be aimed at ensuring that the internal audit function covers the key risk areas the entity is facing and is able to play its role in an independent and objective manner. The external members of the Audit Committees play a crucial role in adding an outsider’s perspective in advising on risk management, audit and control issues.
The certification programme for internal auditors aims to raise the capacity of internal auditor’s skills and competences and align those with the international requirements for the function. The Institute of Internal Auditors (the IIA), the professional body that defines the international standards for internal audit, stresses the importance of skilled audit professionals through mandatory standards. The certification programme, facilitated by the Department of State Internal Financial Control Harmonisation (PIFC Department) and overseen by a certification commission in the Ministry of Finance, creates compliance with these standards.
Key challenges ahead
Achievements have been made in PIFC, but challenges still lie ahead. These challenges are formulated based on recently conducted assessments, such as those carried out by SIGMA/OECD and the European Commission’s Enlargement Report. They include:
Strengthening the efficiency of internal audit capacity throughout the public sector
Currently, the overall capacity of the internal audit function is unevenly spread across Ukraine’s public sector. Some audit units have sufficient capacity, while others are poorly staffed with a potential huge coverage for audits. A solution to this issue is to look for ways to use the current audit capacity within the public sector more efficiently. Within the EU there are several examples of how this can be done:
- by pooling or combining audit resources;
- by grouping audit resources around audit specialisms (such as IT audit or performance audit);
- by outsourcing and/or by exchanging audit resources to address capacity gaps.
A clear-cut solution for internal audit’s capacity problem in Ukraine is not yet on the table. However, discussions on this issue are ongoing, fueled by international inspiration and experiences. The international standards for internal audit (IPPF, issued by the IIA) require that management ensures that capacity of internal audit (in numbers and in skills) stays up to par, so that the function can play its role in accordance with these standards. EU4PFM will keep delivering support to the Ministry of Finance to seek for a solution for the capacity issue of internal audit that fits the Ukrainian context.
Enhancing the value-added function of internal audit; aligning with international standards
A direct consequence of the unevenly distributed internal audit capacity throughout Ukraine’s public sector is the impact it has on delivering added value for management. First, the aim is to position the internal audit function as a tool of management on which management can rely on. By delivering assurance and advisory services, internal audit should be able to keep management informed of key issues/highlights related to governance, risk and control. To play this role adequately, the internal audit function should align itself with the international standards for internal auditing issued by the Institute of Internal Auditors (the IIA).
Currently, national standards for internal audit in Ukraine are largely aligned with international standards, which were last updated in 2017. In 2025, these international standards will receive a significant update. It’s a challenge for the PIFC Department to identify the areas in the current standards that need to be updated to ensure that alignment with international standards stays in place.
In addition, the update towards the new global internal audit standards will also have repercussions for the audit methodology and the mentioned training and certification processes. EU4PFM supports the PIFC Department of the Ministry of Finance in this process. This is, for example, done by enhancing the focus on specific risky areas that have gained more attention in the newly updated international standards (e.g. IT, cyber risks and risks related to fraud).
Enhancing managerial accountability
A key cornerstone for the proper functioning of internal control arrangements within public sector entities is a clearly defined and working system of managerial accountability. This means that there should be a clear alignment between strategical and operational objectives of each public sector entity, with a clear division of tasks and responsibilities for different managerial functions and with clear accountability structures both internally and externally.
Assessments have shown that the managerial accountability in the Ukrainian public sector is not yet comparable with European best practice. Mainly this revolves around limited delegation of responsibilities which results in limited accountability arrangements for middle and lower management. Accountability structures in Ukraine are still to a big extent centrally driven which has implications for the set-up of inter controls within public sector entities. Enhancing delegated managerial responsibilities with, for example, risk management, control and budgetary tasks, together with a broader set of decision-making rooms, would enforce stronger internal control and accountability arrangements at these levels. EU4PFM experts are working with the Ministry to strengthen managerial accountability arrangements. For this, a broader approach is necessary since managerial mandates go beyond the influence sphere of the PIFC Department. Linking this issue with Public Administration and Budget reform in this respect will be necessary.
Strengthening risk management practices
Risk management (alongside managerial accountability) is a key component of internal control. Having reliable mechanisms in place to identify, prioritize and monitor key risks that public sector entities can face, is a necessity to build internal control arrangements on. The mentioned assessments have shown that currently in Ukraine, risk management practices within public sector entities are still in its rudimentary phase.
Often, risk management is seen as an additional aspect on top of what management is already doing. The challenge for Ukraine is to embed risk management practices into the day-to-day operations and task sets of managers and employees. This can be achieved, for example, by ensuring that risks are discussed in management meetings when managerial decisions are made. Or, to include risk-notions and risk analysis into key business processes, such as budget planning. Together with the PIFC Department, EU4PFM experts are working on the practical strengthening of risk management practices within public sector entities. This is done through the exchange of international practices as well as through practical support and advice.
The road ahead
The PIFC conference highlighted perspectives for the future. As mentioned in the challenges, these perspectives have clear target points which Ukraine will not face alone. The support of EU4PFM continues in all the areas mentioned. It is worth mentioning that one of the aspects under development is the strengthening of the capabilities of the Department of State Internal Financial Control Harmonisation to fulfill its tasks. A major development in this respect is the development of the Technical Specifications for an IT solution that would facilitate not only the Department’s monitoring role in PIFC, but also would facilitate audit and control processes within public sector entities.
More than just a series of presentations, the conference sparked lively discussions both on stage and among the participants, including those attending remotely. This event for heads of internal audit was a crucial moment to synchronise efforts within the profession and to gain insight into the ongoing challenges in public internal financial control. These challenges affect not only internal audit, but also the roles and responsibilities of managers at all levels in the Ukrainian public sector.
Looking ahead, the follow-up conference is scheduled for October 2024, targeting high-level and operational management. This event will address critical challenges specific to their roles, such as the requirements for financial control under Chapter 32 of the acquis, and other key issues like governance and the role of Audit Committees.
By equipping managers with the necessary knowledge and tools, and by fostering a culture of risk awareness and accountability, Ukraine can build a public financial system that is transparent, efficient, and delivers value to its citizens.