Dr Igors Ludboržs Member of the European Court of Auditors (ECA) INTOSAI Working Group on Public Debt Helsinki, 11 September 2012 Stipulated by the Protocol of the Statute of the European System of Central Banks and of the ECB which states: “The provisions of Article 287 of the Treaty on the Functioning of the European Union shall only apply to an examination of the operational efficiency of the management of the ECB”. Annual task; Topics selected based on: ◦ results of previous audits; ◦ assessment of value-added of proposed audit task; ◦ availability of audit staff with appropriate skills and knowledge; ◦ other considerations. 2011: The new ECB premises project; 2010: Risk management of the ECB; 2009: The management of human resources at the ECB; 2008: The systems and procedures established by the ECB for managing its Business Areas' activities; 2007: ECB’s management of IT projects; 2006: The operational efficiency of the ECB’s budgetary management; 2005: The new ECB premises project; 2004: The efficiency of human resources policy at the ECB; 2003: The decision-implementation process and the reliability of data processed by the IT system for financial and management accounting. To assess the adequacy of the ECB’s operational and financial risk management framework. Did the ECB establish an appropriate and comprehensive governance framework for risk management? Did the ECB manage its operational risks in an effective manner? Did the ECB manage its financial risks in an effective manner? • • • Review of the overall risk management framework at the ECB including review of the best practices in other similar international organisations in the area of risk management; Review of the operational risk management framework and testing of six selected business areas; Review of the financial risk management framework and detailed testing. ECB has established a comprehensive organisational structure, roles and responsibilities are clearly assigned; BUT there is a strong demarcation between the management of financial and operational risks in the ECB. Adequate operational risks management policies outlining ECB’s approach to assessing, monitoring and controlling/mitigating risks; No integration of planning and operational risk management cycles; Sound framework for Business Continuity Management, but no full Business Impact Analysis made since the start of the financial crisis. Adequate framework and sound financial risk management methodology for the management of investment and policy operations; However, improvements required in the practical application of the methodology. To consider setting-up a hierarchically independent, single, risk management function, that would concentrate solely on risk management and ensure a comprehensive view of the ECB’s exposures; To further improve ECB’s public disclosure of risk management practices to external parties in the annual accounts by applying best practices, such as IFRS 7.