« Do Sanctions Improve Compliance with Public Finance Laws and Regulations? | Main | Colombia Emerges Strong in its Fiscal Transparency Evaluation »

July 31, 2018

Leveraging the Internal Control Framework to Improve Fiscal Risk Management

Posted by Suzanne Flynn and Nihad Nakaš[1]

Many South East European (SEE) countries identify enhancing fiscal risk management as a priority in their PFM reform plans. They are increasingly publishing information on fiscal risks and moving to more active risk management, often to help compliance with fiscal rules. In parallel, these countries are working to enhance internal controls through public internal financial control (PIFC) reforms as a part of their European Union (EU) accession processes. These reforms center on public sector managers and internal auditors and focus on institutional risks and how to manage these risks. In this blog, we explore how these two reforms could be better linked to enhance comprehensive risk management across the public sector.

Sources and Actors in Fiscal Risk Management

The types of fiscal risks reported in the region generally follow the global patterns identified in the June 2016 IMF policy paper[2] and include: macroeconomic shocks, interest and exchange rates shocks, calls on guarantees, loss-making public corporations, court decisions, restitution claims, risks from PPPs and arrears at both central and local government levels.

In a typical Ministry of Finance (MoF), the fiscal risk function rests with the macro fiscal or budget departments. However, other risks are deconcentrated across public sector entities, among these, specific institutional level risks such as the accumulation of expenditure arrears and contingent and real liabilities arising from judicial claims against governments. These types of risks are common in the region. As demonstrated in fiscal transparency evaluations,[3] information on risks is often fragmented but is available within government agencies across central and local government.

Internal Control Frameworks in SEE

Over the past decade, countries seeking EU membership have been aligning their management and control systems with international standards and Member States’ best practices.  Whereas substantial progress has been made in setting up the legislative and institutional framework for PIFC, PEFA assessment scores for most of the SEE countries indicate that these efforts remain a work in progress, raising important questions about the effectiveness of internal control and internal audit (IA) in managing risk.

All MoFs in the SEE have established Central Harmonization Units (CHU) that are charged with developing the legal, institutional and methodological framework for public sector financial management and control and internal audit, providing training, certification, and quality reviews, reporting annually to the government on systemic PFM issues, and coordinating implementation with other PFM reforms. Within this system, institutional risk management remains a central concept relevant for managers and internal auditors alike.

What can Internal Control Actors and CHUs Contribute to Fiscal Risk Management in SEE?

Public entities’ management, with support from the IA function, should be well positioned to mitigate risks through controls on the institutional level before they materially affect the government’s overall fiscal position. CHUs, or their equivalents in MoFs elsewhere in the world, could better contribute to systematic fiscal risk management through:

  • Raising awareness amongst policy-makers, managers and internal auditors of fiscal risks including their understanding of common control weaknesses, potential risks, helping to quantify risks, and to develop mitigation strategies to manage them.
  • Providing managers and internal auditors in public sector entities with consistent standards and methodologies, practical tools and training that focuses on the most potentially damaging risks (e.g. contingent liabilities and arrears in the SEE region), and ensuring that findings of supreme audit institutions are reflected in internal audit planning.
  • Adjusting the IA reporting requirements to capture and communicate information on the quality of institutions’ risk management practices, mitigation measures and the degree of IA focus on fiscal risks.
  • Providing an explicit link between the IA function at the institutional level and its importance for maintaining aggregate fiscal discipline.
  • Coordinating with fiscal risk functions in MoFs to ensure risks are given due attention in reform strategies, strategic policy documents, budget documents and in economic reform programs.
  • Ensuring that internal audit resources are focused in high risk PFM areas and public entities, such as those with a history of accumulating arrears, those generating significant contingent liabilities in the form of court judgements, or those with direct responsibility for management and/or oversight of public enterprises, particularly when the MoF does not actively oversee these companies.

Considering the limited capacities for fiscal risk management in this and other regions, leveraging all the resources available to the government to ensure that potential risks to public finances are identified, and developing a solid understanding of the source, size and probability of risks materializing is crucial. An effective risk management framework therefore requires the active involvement of many actors, both within the MoF and in other government agencies. Actively involving the CHU in informing fiscal risk units on specific risks may also help to raise the profile of PIFC reforms and bring closer attention to the role of the function in the reporting, management and mitigation of risk.

For MoFs to fully leverage the potential of the CHUs and the IA function, more needs to be done on building their capacity to identify and assess fiscal risks in a coordinated manner. IMF FAD and CEF are helping to bridge this gap by providing complementary support to reform efforts in SEE through targeted fiscal risk capacity development, improving fiscal reporting, training in PIFC and risk management, and certification programs in internal audit.

[1] Suzanne Flynn is the EC-financed IMF Public Financial Management Adviser based in Ljubljana, covering Albania, Bosnia and Herzegovina, Kosovo, FYR Macedonia, Montenegro and Serbia. Nihad Nakas is Senior Program Adviser at the Center of Excellence in Finance (CEF), an international institution based in Slovenia which provides capacity development for public finance officials in the SEE.

[2] Analyzing and Managing Fiscal Risks—Best Practices FAD IMF, available here which analyzed global risks over a 24 year period and quantified them as follows: macroeconomic shocks (9 percent of GDP), financial sector (10 percent), legal cases (8 percent), subnational governments (4 percent), bail-outs of public corporations (3 percent), and more modest risks related to private non-financial companies (1½ percent), natural disasters (1½ percent) and PPPs (1 percent).

[3] Published FTEs are available here

Note: The posts on the IMF PFM Blog should not be reported as representing the views of the IMF. The views expressed are those of the authors and do not necessarily represent those of the IMF or IMF policy.


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.

Back to top of page
©2007 IMF. All Rights Reserved. About Us | Terms of Use
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/ var s_code=s.t();if(s_code)document.write(s_code)//-->