1. Introduction
1.1 General
The President of the Republic, subject to the provisions of Laws 87 of 1993 and 489 of 1998, is responsible for setting the policies on Internal Control with the support and coordination of the Advisory Council of the National Government on the Internal Control of entities of the National and Territorial Order, a Consultative Body that has recommended establishing and adopting a Standard Model of Internal Control for the State's obligated entities that allows the development, implementation and maintenance of the Internal Control System established in the aforementioned laws.
The Standard Internal Control Model established for State entities provides a structure for the control of strategy, management and evaluation in State entities, the purpose of which is to guide them towards compliance with their institutional objectives and the contribution of these for the essential purposes of the State.
«The structure provided by the model must be in accordance with the real structure of the management and its elements; among which is control. Said structure is not explicit in this document, which allows the diversity of criteria and approaches, however when it is stated that control is made to the strategy, management and evaluation, it is clearly evident that there is no underlying, comprehensive, systemic approach to management; that the different degree of understanding and articulation of the elements or functions of management and of the whole (Management) is unknown.
According to the administrative theory, the functions or constituent elements of the administration are the direction or leadership, planning, organization and control.
It is clear that the administration in this sense by not contemplating the execution allows the divorce of the operative or executing part of an institution, from the administrative part.
Management, therefore, we could consider that it contains articulated elements or functions, each of which at the same time contains others: this is how there can be no organization without a plan, without leadership, without control; or there can be no planning without direction, organization, and control.
The management components would be:
1-Leadership or direction.
2-Strategic, functional and operational planning or by processes.
3-Organization or design of the institution, according to plans. It includes the structure, functions, relationships, methods, processes and procedures, information system and institutional culture, among others.
4-Execution. Taking into account that the management concept incorporates all the activities carried out to achieve an end, we believe it convenient to include, in addition to the components or functions of administration, the execution.
5- Control of the global management, of areas, of processes of procedures of activities and actions. It is necessary to specify that if the control is to guarantee the fulfillment of the missionary goals and objectives, it is made up of the elements necessary for this purpose, such as.
5.1. Norm, standard, measure or criterion.
5.2. Measurement method of the characteristic or variable defined in the standard.
5.3. Measurement of management results, exhaustive or through statistical sampling.
5.4. Comparison of results against the norm, standard or parameter.
5.5. Assessment of deviations from the norm, to first establish the causes and second to assign a number on an objective performance scale.
5.6. Adoption and execution of actions to correct deviations or implement improvements.
In the control process it is essential for efficiency, the use of statistical sampling to avoid exhaustive inspection, however in the audit work, some auditors advised by other officials apply mechanical sampling and absurdly, without measuring any variable in the sample, nor comment on the same variable in the population, this is "normal" in the hiring evaluation. »
This Model has been formulated with the purpose that the obligated State entities can improve their institutional performance by strengthening the control and evaluation processes that must be carried out by the Internal Control Offices, Internal Audit Units or whoever does their times.
For this, the entities must carry out an evaluation on the existence, level of development or effectiveness of each of the defined control elements, in order to establish the design, development or degree of adjustment necessary for its implementation and improvement.
«It is not correct to affirm that entities must evaluate the level of development or effectiveness, since the two terms are not equivalent. Furthermore, it is necessary to make explicit the concept of effectiveness, which according to systems theory refers to the degree of assertiveness in fulfilling the function of a system; An example of this is the number of times that a bird of prey catches a fish, out of the total number of times it tries; or the number of patients that a medicine cures from a disease, over the number of sick patients who received the medicine, …………. Thus things can happen that underdeveloped systems are very effective, as happens in nature. "
The orientation of this Model promotes the adoption of a process-based approach to operation, which consists of identifying and managing, in an efficient way, numerous activities related to each other. An advantage of this approach is the continuous control it provides on the links between the individual processes that are part of a System made up of processes, as well as on their combination and interaction.
"The process operation model is not consistent with the hierarchical, pyramidal linear structure of state organizations, therefore there would be a dysfunctionality, since the department head is not the process head or several departments with different managers, equally hierarchical level, they will carry out parts of a process and the process with its threads is not in charge of a single boss.
Process approach to the audit.
The Planning Office in the Office of the Comptroller General of the Republic of Colombia, has not fulfilled its functions by not designing and adopting an audit manual with a focus on processes, it only limited itself to thinking that, based on the dogmatic reading courses of the Quality management documents, MECI, risk management and in which not the slightest criticism or analysis is made, the auditors would be able to apply the process approach, each one as they could and as they wanted.
I personally believe that the audit process approach can be applied as follows:
• Request for process and procedure manuals.
• Verification of its formal adoption.
• Verification of its content regarding procedures, activities, controls, partial and final results, clients, managers, suppliers.
• Verification of the existence and sufficiency of the indicators that allow to control the fulfillment of the processes and the quality characteristics, which requires the adoption of quality characteristics for inputs, partial and final results, and the requirements of the executors.
• Drafting of observations, communication to the entity, response analysis and adjustments, if necessary.
The above activities constitute application of the deductive method that will allow us to validly affirm, regarding the quality, completeness, controllability of the processes and procedures.
However, scientific methodology and reality make the inductive method more important and necessary, which through statistics prescribes to selectively evaluate, through statistical sampling, the actual performance of the process, to make a valid judgment on it. If a valid inference method is not applied, the audit statement would only be valid for the cases studied, without being able to be generalized, unless the examination is carried out on all the elements of the population. "
The Standard Internal Control Model for State entities is generated based on Article 1 of Law 87 of 1993, which is made up of a series of Subsystems, Components and Control Elements, established in Figure 1, Thus illustrating the links between each of them, under the systemic approach established by the aforementioned Law.
"A system is an articulated whole in which the subsystems, elements, functions, relationships are clearly defined, interrelated and all contribute to the achievement of the end, but subsystems of the same level cannot be considered as those that do not have it, or those that do not they are included in another already stated. Management is the broadest, inclusive or comprehensive concept, on a second level we find the functions or components and on the third level the elements or subcomponents of the functions.
Law 87, although exhaustively defining control, does not define it precisely, technically, scientifically, nor does it manage to build a comprehensive approach to control, in addition to not articulating it with the other elements of management, to build the whole.
In simple terms, we can affirm that a process is controlled when all the actions prescribed in the manuals are executed and its results comply with the established quality standards, that is, non-conformities only occur in the percentage less than or equal to the predetermined one. (Taking into account that science has statistical theory and this considers variation to be normal, inherent to all processes and that, at a certain level of development of processes and procedures, according to scientific development, it is normal that the results present a percentage of conformities.) »
Standard Internal Control Model
In this way, given that this Model has been proposed as a System, each of the parts that make it up has unique and necessary characteristics for its operation.
This Document will establish the conceptual framework of the Standard Model of Internal Control for State entities, which must be developed through the methodologies, procedures and instructions that the Administrative Department of the Public Function - DAFP - establishes for the implementation of the Internal Control System.
Public function
The Administrative Department of the Public Function –DAFP- will administer and distribute to all obligated State entities, the necessary instruments for the design, development and implementation of each of the Elements, Components and Subsystems of the Standard Model of Internal Control.
1.2 principles of the standard internal control model
The principles of the Internal Control System are framed, integrated, complemented and developed within the constitutional principles.
The following principles applicable to the Internal Control System have been identified:
a) Self-control: It is the capacity of each public servant to control their work, detect deviations and carry out corrections for the adequate fulfillment of the results expected in the exercise of their function, in such a way that the execution of processes, activities and / or tasks under its responsibility, are developed based on the principles established in the Political Constitution.
“Self-control includes all the activities necessary to guarantee that the process and its results are controlled, therefore it incorporates the measurement, the detection of deviations, the evaluation of causes and the degree of control of the process and the adoption and execution of corrective actions..
Regarding this principle of AUTOCONTROL, the internal control regulations emphasize too much, without prescribing control methods, processes and procedures; without giving the fundamental conceptual elements so that the officials can do self-control. This approach is reductionist, partial and disintegrated because it does not know that the official acts in an institution and that control is somewhat complex and that various elements and causes are articulated and influenced by the direct official or executor. (Lack of knowledge and control methods, control charts, statistical control, risk, inherent, control and audit concepts, originated in the conceptual and training deficiencies of the administrative areas, including the Office of Internal Control.)
As if that were not enough, the practice of control without parameters, without norms, without standards and without measure became widespread, in which many public officials who have achieved excellent degrees in universities are experts, but are unaware of a control chart and the fundamentals of measurement theory. "
b) Self-regulation: It is the institutional capacity to apply in a participatory manner within the entities, the methods and procedures established in the regulations, which allow the development and implementation of the Internal Control System under an environment of integrity, efficiency and transparency in the public performance.
c) Self-management: It is the institutional capacity of any public entity to interpret, coordinate, apply and evaluate in an effective, efficient and effective way the administrative function that has been assigned to it by the Constitution, the Law and its Regulations.
1.3 compatibility with other management systems
The Internal Control System is complementary to the Quality Management and Administrative Development System.
It is possible for a Public Entity to adapt its existing Internal Control System, so that it meets the requirements of this document.
The Internal Control System must be understood as a tool that shares some elements with other systems. Therefore, implementation of some of the requirements in this document may allow for full or partial compliance with other systems requirements. In the implementation of the Internal Control System, special care must be taken in the identification of these common elements, to avoid duplicating efforts.
Specifically, in the case of the Quality Management and Internal Control systems, some elements of convergence have been identified in Annex A of this document.
2. Purpose
This document specifies the requirements for an Internal Control System applicable to entities bound by Law 87 of 1993, which constitutes a management tool that allows establishing the actions, policies, methods, procedures and mechanisms of prevention, control, evaluation and continuous improvement of the Public Entity.
For this, the following specific objectives have been identified:
2.1 Compliance Control Objectives. The following are control objectives for compliance with the administrative function of the public entity:
a) Establish the actions that allow the Entity to guarantee the fulfillment of the functions in its charge, based on the applicable legal framework.
b) Determine the legal framework that is applicable to the Entity, based on the principle of self-regulation.
c) Design the verification and evaluation procedures that guarantee compliance with the applicable legal framework.
2.2 Strategic Control Objectives. The following are the Strategic Control objectives of the Public Entity:
a) Create awareness in all Public Servants about the importance of control, by generating and maintaining a favorable environment that allows the application of the principles of the Standard Internal Control Model.
b) Establish the procedures that allow the design and organizational development of the Entity in accordance with its nature, characteristics and purposes that are inherent to it.
c) Design the necessary procedures that allow the Public Entity to fulfill the mission for which it was created and protect the resources that are in its custody, seeking to diligently manage the possible risks that may be generated.
2.3 Execution Control Objectives. The following are the objectives of Control of Execution of the Public Entity:
a) Determine the prevention, detection and correction procedures that allow institutional functions, operations and activities to be maintained in harmony with the principles of effectiveness, efficiency and economy.
b) Ensure that all the Entity's activities and resources are directed towards the fulfillment of its mission.
c) Establish the procedures that guarantee the generation and registration of timely and reliable information necessary for decision-making, compliance with the Mission and Accountability to the Community.
d) Design the procedures that allow effective internal and external communication to be carried out in order to publicize the information generated by the Public Entity in a transparent, timely and truthful manner, guaranteeing that its operation is properly and conveniently executed.
2.4 Evaluation Control Objectives. The following are the Control Objectives for the Evaluation of the Public Entity:
a) Guarantee the existence of mechanisms and procedures that allow real-time monitoring of the Entity's management by the different levels of authority, allowing for timely correction and improvement actions.
b) Establish permanent verification and evaluation procedures for Internal Control.
c) Guarantee the existence of the Independent Evaluation function of the Internal Control Offices, Internal Audits or whoever takes their place on the Public Entity, as a verification mechanism for the effectiveness of Internal Control.
d) Promote the continuous improvement of the Entity's Control and Management, as well as its ability to respond effectively to the different interest groups.
e) Establish the procedures that allow the observations of the Fiscal Control Bodies to be integrated into the improvement plans established by the entity.
2.5 Information Control Objectives. The following are the objectives of Control of the Information of the Public Entity:
a) Establish the necessary procedures to guarantee the generation of accurate and timely information.
b) Establish the procedures that allow the generation of the information that by legal mandate, corresponds to supply the Entity to the External Control Bodies.
c) Guarantee the publicity of the information generated within the Entity.
d) Guarantee the supply of truthful and timely information for the Public Accountability process.
"Regarding the types of control, we should only affirm that control is one, that it can and should be applied to the whole of management, to functional areas or directions, to processes, to activities, to actions, but especially guaranteeing compliance with quality standards. Because at present, with hype and cymbals, the entities celebrate the quality certification of their processes, which ONLY GUARANTEES THAT THEY ARE COMPLYING WITH THE ACTIONS, NOT THAT THEIR RESULTS ARE OF QUALITY. »
3. CONTROL STRUCTURE.
Based on Articles 3 and 4 of Law 87 of 1993, the standard
Internal Control Model will be made up of Subsystems, Components and Control Elements as follows:
1. Strategic control subsystem
1.1. Control environment component Control
elements
1.1.1. Agreements, commitments or ethical protocols
1.1.2. Development of human talent
1.1.3. Management style
1.2. Strategic targeting component
Control elements
1.2.1. Plans and programs
1.2.2. Process operation model
1.2.3. Organizational structure
1.3. Risk management component
Control elements
1.3.1. Strategic context
1.3.2. Risk identification
1.3.3. Risk analysis
1.3.4. Risk
assessment 1.3.5. Risk management policies
2. Management control subsystem
2.1. Control activities component Control
elements
2.1.1. Operation policies
2.1.2. Procedures
2.1.3. Controls
2.1.4. Indicators
2.1.5. Procedures manual
2.2. Information component
Control elements
2.2.1. Primary information
2.2.2. Secondary information
2.2.3. Information systems
2.3. Communication component
Control elements
2.3.1. Organizational communication
2.3.2. Informative communication
2.3.3. Media
3. Evaluation control subsystem
3.1. Self-evaluation component
Control elements
3.1.1. Control self-assessment
3.1.2. Management self-assessment
3.2. Independent evaluation component
Control elements
3.2.1. Evaluation of the internal control system
3.2.2. Internal audit
3.3. Improvement plans component
Control elements
3.3.1. Institutional Improvement Plan
3.3.2. Process Improvement Plans
3.3.3. Individual Improvement Plans
4. Terms and definitions.
Based on the Structure established in numeral 3, the following terms and definitions are applicable for the purpose of this Standard Internal Control Model.
1. Strategic control subsystem: It is the Set of Control Components that, when interrelated with each other, allow compliance with the strategic and organizational orientation of the Public Entity.
1.1 control environment component: Set of Control Elements that, when interrelated, give control awareness to the Public Entity, deeply influencing planning, operations management and institutional improvement processes, based on the legal framework that is applicable to the Entity.
1.1.1 Agreements, Commitments or Ethical Protocols. Control Element, which defines the standard of conduct of the Public Entity. It establishes the explicit declarations that in relation to the behaviors of the Public Servants, are agreed in a participative way for the achievement of the purposes of the Entity, maintaining the coherence of the management with the principles enshrined in the Constitution, the Law and the social purpose of the State.
1.1.2 Development of Human Talent: Control Element, which defines the commitment of the Public Entity with the development of the competences, abilities, aptitudes and suitability of the Public Servant. It determines the human management policies and practices to be applied by the Entity, which must incorporate the principles of justice, fairness and transparency when carrying out the selection, induction, training, training and performance evaluation processes of the State Public Servants.
1.1.3 Management Style: Control Element, which defines the philosophy and the mode of administration of the Governor or Public Manager, a style that must be distinguished by its competence, integrity, transparency and public responsibility. It constitutes the form adopted by the management level to guide or direct the Entity's actions towards the fulfillment of its Mission, in the context of the social purposes of the State.
1.2 strategic direction component. Set of Control Elements that, when interrelated, establish the frame of reference that guides the Public Entity towards the fulfillment of its Mission, the scope of its Vision and leads it towards the fulfillment of its global objectives.
1.2.1 Plans and Programs. Control Element, which allows the projection of the Public Entity to be modeled in the short, medium and long term and to promote and guide its activities towards the goals and expected results.
1.2.2 Process Operation Model: Control Element, which allows the organizational standard that supports the operation of the Public Entity to be established, harmonizing the Institutional Mission and Vision with a systemic approach, guiding it towards a Process Organization, which in their interaction, interdependence and cause-effect relationship guarantee efficient execution and compliance with the objectives of the Public Entity.
1.2.3 Organizational Structure. Control Element, which integrally and articulately configures the positions, functions, relationships and levels of responsibility and authority in the Public Entity, allowing to direct and execute the processes and activities in accordance with its Mission.
1.3 risk management component: Set of Control Elements that, when interrelated, allow the Public Entity to evaluate those negative events, both internal and external, that may affect or impede the achievement of its institutional objectives or positive events, that allow identifying opportunities, for a better fulfillment of its function.
1.3.1 Strategic Context: Control Element, which allows establishing the strategic guideline that guides the decisions of the Public Entity, facing the risks that may affect the fulfillment of its objectives as a result of the observation, distinction and analysis of the set of internal circumstances and external that may generate events that create opportunities or affect the fulfillment of their institutional function, mission and objectives.
1.3.2 Risk Identification: Control Element, which makes it possible to know potential events, whether or not they are under the control of the Public Entity, which jeopardizes the achievement of its Mission, establishing the generating agents, the causes and effects of its occurrence.
1.3.3 Risk Analysis: Control Element, which allows establishing the probability of occurrence of positive and / or negative events and the impact of their consequences, qualifying and evaluating them in order to determine the capacity of the Public Entity for its acceptance and driving.
1.3.4 Risk Assessment: Control Element, which determines the level or degree of exposure of the Public Entity to the impacts of risk, allowing to estimate the priorities for its treatment.
1.3.5 Risk Management Policies: Control Element, which allows structuring guiding criteria in decision-making, regarding the treatment of risks and their effects within the Public Entity.
«Regarding risk management, it is necessary to specify the concept of risk and make it operational or functional, in such a way that it is useful in management. Therefore, it would be convenient to establish as a risk the probability of presence of non-conformities in the management results, either due to non-compliance with activities or due to non-compliance with predetermined quality standards. The impact of these risks must be measured in fiscal terms, that is, in money and the probability in percentages, not nominal or interval scales that are poorly functional. The aforementioned would allow establishing goals to reduce the probability and impact of this risk, which would also facilitate the objective evaluation of the effectiveness of the Internal Control System.
Each process would contain all the causes or risk factors classified nominally and ordinally according to their probability of affecting the outcome of the process, of which a statistical record would be kept to guarantee control. I have made this proposal to the Administrative Department of the Public Function, without obtaining any response, I have also commented on some aspects to CGR Planning, and I have been waiting for a response for several years.
It is worth remembering that the current methodology establishes an inappropriate Nominal-interval scale to measure the probability and impact of risk. »
2. Management control subsystem: A set of Control Components that, when interrelated under the action of the corresponding levels of authority and / or responsibility, ensure control over the execution of the processes of the Public Entity, guiding it towards achieving the results and products necessary for the fulfillment of its Mission.
"Management as a whole, without defining, without establishing its components or functions and the evaluation methods of each of its elements, can hardly be objectively controlled and evaluated."
2.1 control activities component: Set of Control Elements that guarantee control of the execution of the function, plans and programs of the Public Entity, making effective the necessary actions for risk management and guiding the operation towards the achievement of its results, goals and objectives.
2.1.1 Operation Policies: Control Element, which establishes the action guides for the implementation of the execution strategies of the Public Entity; defines the limits and parameters necessary to execute the processes and activities in compliance with the function, plans, programs, projects and risk management policies previously defined by the Entity.
2.1.2 Procedures: Control Element, made up of the set of specifications, relationships and ordering of the tasks required to comply with the activities of a process, controlling the actions required by the operation of the Public Entity. It establishes the methods to carry out the tasks, the assignment of responsibility and authority in the execution of the activities.
2.1.3 Controls. Control Element, made up of the set of actions or mechanisms defined to prevent or reduce the impact of events that jeopardize the proper execution of the processes required to achieve the objectives of the Public Entity.
2.1.4 Indicators: Control Element, made up of the set of mechanisms necessary for evaluating the management of all Public Entities.
They are presented as a set of quantitative and / or qualitative variables subject to measurement, which allow observing the situation and the trends of change generated in the Entity, in relation to the achievement of the planned objectives and goals.
“Regarding the indicators, normally the entities consider effectiveness as fulfillment of activities and actions, without taking into account that effectiveness really measures the degree of scope of the desired effects and in this sense efficacy and effectiveness, according to systems theory, would be two identical concepts.
Of course there is a formula that establishes that effectiveness equals efficiency plus effectiveness, however this formula is no more than that, a formula, because in mathematics it is not acceptable to multiply dogs by cats since it is the product that would be indefinite and would lack utility.
If the effectiveness levels of two policies, programs, projects, activities or actions are the same, it makes sense to choose the lowest fiscal cost, but if achieving the effect is really important, as in the case of health, we would be forced to discard the fiscal cost or efficiency factor. "
2.1.5 Procedures Manual. Control Element, materialized in an internal self-regulation regulation that contains and regulates the way to carry out the procedures of the Public Entity, becoming a guide for individual and collective use that allows knowledge of the way in which its execution is carried out or developed. administrative function, promoting the performance of work under a language common to all Public Servants.
2.2 information component. Set of Control Elements, made up of data that when ordered and processed acquires meaning for the stakeholders of the Public Entity to which it is addressed. It is a fundamental part of the Entity's operation by becoming an input for the execution of the processes and in turn a product thereof. It guarantees the basis of the transparency of public action, the Accountability to the Community and the fulfillment of information obligations.
2.2.1 Primary Information. Control Element, made up of the set of data from external sources from the instances with which the organization is in permanent contact, as well as variables that are not directly related to the Entity, but that affect its performance.
2.2.2 Secondary Information. Control Element, made up of the set of data that originate and / or process within the Public Entity, from the exercise of its function. They are obtained from the different information systems that support the management of the Public Entity.
“Information is not an element of control, it is an input for control, it is an input or a result for management. Furthermore, as if the error were not enough, the primary information, in epistemology, is what we obtain or generate in the investigative activity, secondary is what others have provided us. »
2.2.3 Information Systems. Control Element, made up of the set of human and technological resources used for the generation of information, aimed at supporting operations management in the Public Entity more efficiently.
2.3 public communication component. Set of Control Elements, which supports the construction of a shared vision, and the improvement of the human relations of the Public Entity with its internal and external interest groups, facilitating the fulfillment of its institutional and social objectives, in accordance with the provisions of Article 32 of Law 489 of 1998.
2.3.1 Organizational Communication. Control Element, which guides the dissemination of policies and the information generated within the Public Entity for a clear identification of the objectives, strategies, plans, programs, projects and operations management towards which the focus is actions of the Entity.
2.3.2 Informative Communication. Control Element, which guarantees the dissemination of information from the Public Entity on its operation, management and results in a broad and transparent way to the different stakeholders and external.
2.3.3 Communication Media: Control Element that is constituted by the set of procedures, methods, resources and instruments used by the Public Entity, to guarantee the dissemination, wide and focused circulation of the information and its meaning, towards the different interest groups.
3. Joint evaluation subsystem of Control Components that, by acting interrelatedly, allow us to permanently assess the effectiveness of the Internal Control of the Public Entity; the efficiency, efficacy and effectiveness of the processes; the level of execution of the plans and programs, the results of the management, detecting deviations, establishing trends and generating recommendations to guide the improvement actions of the Public Organization.
"Evaluation is an element of control, that is true, but control is an element of management, it must be remembered.
The indicators must have a parameter or standard against which the comparison can be made. This parameter can be theoretical, potential, or average performance of entities, processes, or activities, which leads us to the necessary interrelation with other entities to know their operating structure, processes, and levels of performance, in order to make comparisons.
In addition to the above, it is necessary and pertinent to specify the concepts of efficiency, effectiveness and effectiveness.
Efficiency is the relationship between inputs and results or products, a technical efficiency can be established that would relate the amount of effort, input, time to the amount of actions, activities or partial and final results obtained. On the other hand, economic efficiency would relate the cost of the process, activity, action with the value of the result or product generated.
The effectiveness, contrary to what is included in the official documents of the DAFP, is the degree or percentage of the achievement of the desired effect, that is, in the numerator we consider the number of positive cases of the desired effect and in the denominator the number of attempts, This concept is equivalent to the concept of effectiveness raised in the general theory of systems. We cannot affirm that effectiveness is the achievement of the objectives, when the objectives and goals refer solely and exclusively to the execution of actions or activities. The most accurate example is given by pharmaceutical laboratories that determine the effectiveness of a vaccine as the percentage of people who heal themselves when taking it, out of the total number of people who took it.
Regarding effectiveness, it is no more than a formula that aims to add non-summable aspects or multiply different elements, effectiveness and efficiency. My teacher Margarita, in the first year of primary school in 1961, in San Juan de Rioseco, a municipality unknown to many, taught me that you cannot add dogs with cats, as the result would be "perrgatos" or "gaperros", the The same principle applies to multiplication. Before making a formula it is necessary that the concept exists clearly defined. But what is the concept of effectiveness that applies to the formula usually described in management texts? Effectiveness is the sum of effectiveness times efficiency, or the multiplication of effectiveness times efficiency, what does this concept tell us about effectiveness? Nothing, just describes the elements and operations of a formula.But it does not even explain what efficiency we use, the technical or the economic, much less if it is possible and valid to compare two results in terms of the formula. »
3.1 self-evaluation component: Set of Control Elements that, acting in a coordinated manner in the Public Entity, allows in each organizational area to measure the effectiveness of controls in the processes and the results of management in real time, verifying their ability to comply with the goals and results under its charge and take the necessary corrective measures to fulfill the objectives set by the Entity.
3.1.1 Control Self-evaluation. Control Element that, based on a set of verification and evaluation mechanisms, determines the quality and effectiveness of internal controls at the level of the processes and of each responsible organizational area, allowing to undertake the required control improvement actions.
3.1.2 Management self-evaluation. Control Element, which based on a set of management indicators designed in the Plans and Programs and in the Processes of the Public Entity, allows a clear and comprehensive vision of its behavior, obtaining the goals and the expected results and identifying the deviations on which the corrective measures must be taken to guarantee maintaining the orientation of the Public Entity towards the fulfillment of its institutional objectives.
3.2 independent evaluation component. Set of Control Elements that guarantees the autonomous and objective examination of the Internal Control System, the management and corporate results of the Public Entity by the Office of Internal Control, the Internal Audit Unit or whoever takes its place.
It presents as characteristics the independence, neutrality and objectivity of the person who carries it out and must correspond to a plan and a set of programs that establish specific evaluation objectives for the control, management, results and monitoring of the Improvement Plans of the Entity.
3.2.1 Evaluation of the Internal Control System. Control Element, whose objective is to verify the existence, level of development and degree of effectiveness of Internal Control in meeting the objectives of the Public Entity.
“Regarding the evaluation of the internal control system in terms of efficiency and effectiveness, this is only possible if there were information on the control actions in terms of time, costs invested, achieving the desired effect in reducing the number of events, or Non-conforming events, however, in the absence of clarity in this regard, the Comptroller General of the Republic and the DAFP have adopted subjective methodologies for evaluating the effectiveness of the Internal Control System, which they resist modifying despite their ineffectiveness and all the criticism that has been made of them.
These methodologies built on COSO, a foreign organization, contain some components such as: control environment, risk assessment, control activities, monitoring, information and communication. Each of the items has quite a few questions about whether the item in the question exists, is applied, or is effective. The answer is binary, yes or no, in such a way that the element cannot partially exist, cannot be partially applied, nor can it be partially effective, this is an aberration of the theory of measurement and measurement scales, without However, it is maintained and applied, subjectively, and its creative geniuses, pupils of the compiling genius of the Government Audit Guide, Audite, enjoy recognition and hierarchy in the entities.
On the other hand, the methodology released by the DAFP to assess the state of the MECI, does not use variables or numbers to measure efficiency, effectiveness and effectiveness, but rather beautiful figures of happy faces, green, yellow or red, how cute !, but the heads of internal control of the entities, do not support these faces with statistical data. »
3.2.2 Internal Audit. Control Element, which allows a systematic, objective and independent examination of the processes, activities, operations and results of a Public Entity.
Likewise, it allows making judgments based on evidence on the most important aspects of management, the results obtained and the satisfaction of different interest groups.
“Internal audits do not seek to determine if the process is really controlled, since the functional concept of control is unknown, one that says that a process is controlled when the error is less than or equal to the accepted error. Likewise, they do not carry out the evaluation of the experiences that have produced better results of efficiency or effectiveness to make the feedback and implementation.
It is necessary that the internal auditors do not settle for having taken a course on Quality Internal Auditor at INCONTER, in which they did not teach them the theory of quality management; statistical quality control; the design, administration, control and improvement of processes, nor the minimum elements of problem solving, systems theory, administrative theory, among others. »
3.3 component improvement plans. Set of Control Elements, which consolidate the improvement actions necessary to correct the deviations found in the Internal Control System and in operations management, which are generated as a consequence of the Self-evaluation, Independent Evaluation and formal observations processes. from the Control Bodies.
3.3.1 Institutional Improvement Plan. Control Element, which allows the continuous improvement and fulfillment of the institutional objectives of corporate order of the public entity. It integrates the improvement actions that the public entity must operate at the level of its macroprocesses or corporate components to comprehensively strengthen its institutional performance, fulfill its function, mission and objectives in the terms established in the Constitution, the Law, taking into account the commitments acquired with the fiscal control, political control organisms and with the different interest groups.
3.3.2 Process Improvement Plans. Control Element, which contains the administrative plans with the improvement actions that, at the process level and in the responsible areas within the Public Organization, must be carried out to strengthen their performance and operation, in pursuit of the goals and results that guarantee the fulfillment of the Entity's objectives as a whole.
3.3.3 Individual Improvement Plans. Control Element, which contains the improvement actions that each of the Public Servants must execute to improve their performance and that of the organizational area to which they belong, within a defined time and space framework, for greater productivity of activities and / or tasks under their responsibility.
5. Roles and responsibilities.
5.1. Senior Management Responsibility.
Senior management must ensure that the different levels of responsibility and authority regarding Internal Control are defined and communicated within the Entity.
5.2. Management representative.
In order to guarantee the operationalization of the actions necessary for the development, implementation and continuous improvement of the Internal Control System based on the Internal Control Standard Model established in this Standard, the legal representative may delegate said function to the first-level manager of the respective Entity competent for it, who will act under the policies established by the Internal Control Coordination Committee.
At the same time, the independent and objective evaluation of the development, implementation, maintenance and continuous improvement of the Standard Model of Internal Control will be carried out by the Head of the Office of Internal Control, Internal Auditor or whoever takes his place in the respective Entity.
5.3 Internal Control Coordination Committee.
The Internal Control Coordination Committee will meet at least every two (2) months. You must adopt internal regulations and comply with the functions established in Decrees 1826 of 1994 and 2145 of 1999.
5.4 Public and / or private servants who exercise public functions.
The Public Servants and / or individuals who exercise public functions are responsible for the efficient operation of the processes, activities and tasks in their charge; for continuous monitoring of the effectiveness of integrated controls. Likewise, for developing permanent self-evaluation of the results of their work, as part of meeting the goals set by the agency or administrative unit to which they belong.
5.5 Office of Internal Control, Internal Audit Unit or whoever substitutes for it.
The Office of Internal Control, Internal Audit Unit or whoever substitutes it, based on articles 3, numeral d), 9, and 12 of Law 87 of 1993, is responsible for carrying out the Independent Evaluation of the Internal Control System and the Management of the Public Entity, as well as for the follow-up to the Institutional Improvement Plan, generating the corresponding recommendations and advising senior management for its implementation.
6. Implementation of the standard internal control model
The Public Entity must establish, document, implement and maintain the Internal Control System continually improving its effectiveness, efficiency and effectiveness in accordance with the requirements of this Standard Model. For this, the Entity must provide the following stages and activities:
6.1 stage 1: Planning the Design and Implementation of the
Internal Control System.
- Establish the Senior Management Commitment.
- Define the Organization of the Work Team.
- Define the different levels of implementation or Adjustment of the
current Internal Control System in terms of the Standard Internal Control Model.
- Prepare the Work Plan for Design and Implementation.
• Define Operating Standards.
• Define development and implementation activities.
• Assign Responsibilities.
• Define Schedule of Activities.
• Establish the resources that guarantee development and implementation.
• Carry out the Training of the Working Group.
• Socialize managers of the Entity.
6.2 Stage 2: Design and Implementation of the Internal Control System.
For the Design and implementation of the Standard Internal Control Model, an evaluation must be carried out on the existence or state of development and implementation of each element of Control in the Public Entity and define the activity and those responsible for the design, adjustment or implementation using to This is the methodology, procedures and instruments defined for this purpose by the Administrative Department of the Public Function - DAFP.
6.3. Stage 3: Evaluation of the Implementation of the Standard
Internal Control Model.
The Office of Internal Control, the Internal Audit Unit or whoever acts as its Public Entity, will carry out a permanent evaluation of the design, development and implementation processes of the Internal Control Model, thereby guaranteeing the effectiveness of the Control System. Internal of the Entity.
6.4. Stage 4: Internal Control System Normogram
In order to guarantee compliance control, the Public Entity shall prepare a Normogram with the applicable constitutional, legal, regulatory and self-regulatory standards, verifying through the development of the Standard Internal Control Model, compliance and all and each one of said norms.
Correspondence between the internal control system and the quality management system
This annex aims to guide entities on the complementarity of the Internal Control System with respect to the Quality Management System. To this end, a table is included below that compares the elements of the Internal Control System with those corresponding to the other systems.
The correspondences presented are generic in nature, and therefore some may not have been identified. A correspondence indicates a complementarity or coincidence between the elements, of a total or partial nature, which must be understood from the specific scope of each System.
When an element is correlated with numerals on which other sub-numerals depend, it should be understood that these are also included within the identified correspondence.
“Here it is necessary and pertinent to clarify that control, being an element of management, is an integral part of the quality management system and it is not necessary to harmonize it.
Finally, as a critical task and exercise, it would be very positive for each person to make a conceptual map of the official MECI and confront it with another of management and its components. »
Thank you.
