Click here for search results

Review of IDA Internal Controls

ida banner

April 2009
The key purpose of the International Development Agency's (IDA) internal control system is to assure its stakeholders that IDA complies with its articles and policies, and that the funds it provides for development purposes are used as intended and show measurable results.

This evaluation is the first of its kind done by any international development finance institution. It was carried out over several stages through a detailed management self-assessment, a review by the Bank’s Internal Auditing Department (IAD), and a comprehensive independent evaluation by IEG.

A senior outside advisory panel (three distinguished former Auditor-Generals) has validated IEG’s approach and its conclusions.

Download the Report

This evaluation was carried out in two parts, during the period of 2006-2009. Volume I is the main component, synthesizing all findings (more details below) 

box

Volume I: Main Text and Overall Evaluation  
boxVolume II: Completing Part II and Integrating Parts I and II  
boxVolume III: Report on the Completion of Part II 
boxVolume IV: Report on the Completion of Part I Incorporating Compliance Testing of Key Controls (Part IB) 
boxVolume V: Report on the Completion of Part IA Process Mapping and Effectiveness of Control Design  

gearDownload all five volumes as a single document (8 MB) 

Also See: World Bank's IDA website 


MAIN FINDINGS:

IEG finds that overall IDA’s internal controls framework operates effectively and with high standards, but with some important qualifications.

IEG also finds that the management assessment is transparent, well documented and comprehensive.

However, while the overall framework is robust there are weaknesses (classified as significant deficiencies) that are concentrated in six areas: some fiduciary processes; management oversight of project processes; keeping the Bank’s Operational Policies and Bank Procedures (OP/BPs) in line with current policy; maintaining ready access to operational documentation; improving operational risk management; and greater IT security in some areas.

IEG identifies one important weakness (classified as a material weakness) in the complex of controls to manage the risk of fraud and corruption in operations supported by IDA.

This finding is based on the identification of the risk that fraud and corruption may occur rather than on an assessment of actual occurrences. The weaknesses identified by IEG could potentially increase the risk of misuse of funds for IDA and its development partners unless actions are taken. The finding presents the challenge of addressing the risks more explicitly and to match them with appropriate risk management controls, recognizing that weak governance is a fundamental dimension of the development challenge for IDA and all of its development partners.



KEY RECOMMENDATIONS:

box Controls over possible fraud and corruption in IDA operations should be addressed on a broad front.

Some actions for this and the other identified control issues could include:

  • Deploy specific measures and controls to address fraud and corruption risks into overall risk management and key processes for country assistance strategies, lending design and project supervision.
  • Accelerate implementation of the ongoing Governance and Anticorruption (GAC) program and devote additional attention and resources to building an organizational culture and incentive structure that addresses the risks of fraud and corruption, explicitly and cost-effectively.
  • Intensify IDA support to strengthen its controls over fiduciary and governance systems and to improve local governance and fiduciary system in client countries.
  • Closely monitor the implementation of the remedies for the six significant deficiencies, all of which are contained in one or other of management’s remedial action plans already being implemented.

box Closely monitor the implementation of remedies for control deficiencies, including:

  • The measures currently in progress to update the OP/BPs.
  • A mechanism to ensure the future currency of OP/BPs.
  • Improved documentation retention and accessibility and a user-friendly documentation management system.
  • Mechanisms to correct and monitor the several IT systems deficiencies identified.
  • Measures to address the about 100 identified other as yet unresolved smaller deficiencies.



MANAGEMENT RESPONSE:

In its response to the evaluation, Senior Bank Management states that it has moved in formulating and beginning the implementation of corrective measures to address the issues identified by IEG, with most actions in process and many expected to be completed by June 2009. These actions are aimed at strengthening and refocusing IDA’s internal controls to address better governance and anti-corruption issues, enhancing risk identification and management at transaction and entity-levels, and improving effectiveness and efficiency of investment lending.



CONCLUSION:

IEG supports the actions proposed by Bank management as they correspond well to those suggested by the IEG evaluation. At the same time, they are not yet sufficiently operative at this time to be tested or their results evaluated.



A LOOK INSIDE THE REPORT
This evaluation was carried out in two parts, both involving contributions from Bank’s Management, the Internal Audit Department (IAD), and the Independent Evaluation Group (IEG). Part one (volumes IV and V) looks at process mapping and effectiveness of control design (October 2006), and the compliance testing of key controls (June 2007). Part two (volumes I through III) covers a review of entity-level controls (December 2008), and the final evaluation text. The table below presents a further breakdown:

Volume I: Main Text and Overall Evaluation Volume II: Completing Part II and Integrating Parts I and II Volume III: Report on the Completion of Part II 

in this Volume:

IEG Evaluation Summary

Chairmen’s Summary: Committee on Development Effectiveness (CODE) and the Audit Committee of the Board of Executive Directors

Summary of Management's Response

Chapter 1. Origins of the Review, Status after Completion of Parts I and II

Chapter 2. The IEG Evaluation

Chapter 3. Summary of Management’s Assessment and the IAD Review

Chapter 4. Summary of Key Findings, Lessons, and Recommendations of IEG

arrowhighlight.gif Download this volume 

In this Volume:

Section I: Entity-Level Controls Review (Concluding Part II)

Section II: The Integrated Internal Controls Framework
(Combining Parts I and II)

arrowhighlight.gif Download this volume 

In this Volume:

Attachment 1: Management's Overall Assessment

Attachment 2: The IAD Review and Opinion

arrowhighlight.gif Download this volume 

Volume IV: Report on the Completion of Part I
Incorporating Compliance Testing of Key Controls (Part IB)
Volume V: Report on the Completion of Part IA
Process Mapping and Effectiveness of Control Design
 

In this Volume:

Chapter 1. Background and Status After Completion of Part IA

Chapter 2. Management's Assessment

Chapter 3. The IAD Review

Chapter 4. The IEG Evaluation

Chapter 5. Conclusions and Recommendations

arrowhighlight.gif Download this volume 

In this Volume:

Chapter 1. Background and Description of Approaches

Chapter 2. Management's Assessment

Chapter 3. The IAD Review and Report

Chapter 4. Conclusions and Recommendations

arrowhighlight.gif Download this volume