The Road to the SDGs

X A Risk Control Matrices (RCM) approach was applied to build awareness and individual accountability, focusing on business unit objectives, risks and mitigating controls. X The COSO team obtained template approvals from the stakeholders and used these for developing RCMs across various processes established in IsDB. X A Test of Design was performed to ensure that controls are designed appropriately and will prevent or detect risks of material misstatement in financial reporting or fraud. X A Test of Operating Effectiveness was conducted to ensure that the controls were operating effectively during the financial year 2020. X Gaps / improvement opportunities were identified in the existing control environment, providing management with recommendations to remediate the gaps along with providing alternative / compensating controls. X All deficiencies / deviations were highlighted and analysed in a separate tracker to evaluate whether: – The nature of deviation is limited to a certain type of transaction – A lack of control owner competence has led to the deviation – Changes to the volume of activity and transactions have led to the deviation. ACHIEVEMENTS X Entity-level controls were documented based on the COSO principles. X Proposed processes and controls for financial reporting and fraud risk were tested and implemented. X Anti-fraud controls were developed and documented, and a permanent anti-fraud programme was established. X A formal inventory of all processes affecting IsDB’s financial results was carried out (i.e. from entity level controls to control activities). X Process flows and key control tables were developed for all business processes affecting financial results. X Recommendations were provided to optimise processes and controls and a gap analysis of financial controls was performed. X Existing process flows and control tables were reviewed and updated to reflect process/system changes and improve the design of key processes and controls. X An inventory of all IsDB applications in use affecting financial results (including end-user computing applications) was carried out, and key controls over those applications were documented. X Improvements and enhancements in IT application controls were proposed. X A methodology, work programme, operational procedures and templates for self-assessment were developed, together with an ongoing audit of the controls in terms of their design and effectiveness. X A staff training programme on ICFR was developed to ensure the effective operation of the controls. INVESTMENT X Investments were made in terms of: – Formalised and institutionalised system of effective internal controls – Improved internal controls which will allow IsDB to better mitigate financial reporting risks and access the data necessary to support sound financial decision making – Positive attention from sukuk investors, making IsDB more attractive for these investors and better prepared for sukuk issuances and international rating reviews – Documented risk control library, Key Risk Indicators (KRI), ICFR methodology and detailed gap report – Further enhancements to IsDB’s integrity and ethical values – The appropriate levels of management to be held accountable for their internal control responsibilities in the pursuit of P5P objectives. S C O P E O F I M P L E M E N T A T I O N 8 Functions 150 sub-processes 800+ risks documented 200+ gaps identified as part of Phase I 150+ gaps remediated / compensating controls 100+ IT remediations [ 199 ] T H E R O A D T O T H E S D G s | P R O G R E S S A N D A C H I E V E M E N T S