Technical Guidance Note on Financial Management Assessment

Financial Management Technical Guidance Note

May 2015

Financial Management Assessment

ABBREVIATIONS

ADB

–

Asian Development Bank

CPS

–

country partnership strategy

FMA

–

financial management assessment

FMAQ

–

financial management assessment questionnaire

FMICRA

–

financial management, internal control and risk assessment

GACAP II

–

Second Governance and Anticorruption Action Plan

GGSU

–

general government sector unit

OSFM

–

Financial Management Unit

PFM

–

public financial management

PIU

–

project implementation unit

RRP

–

report and recommendation of the President

GLOSSARY

Control risk – the risk arising from the failure of the project’s financial management and internal

control arrangements to ensure that project funds are used economically and efficiently and for

the intended purpose.

Financial management – the overall arrangement for planning, directing, monitoring,

organizing, and controlling of the monetary resources of an organization, with a view to efficient

accomplishment of the enterprise objectives.

Inherent risk – risks posed by the overall environment in which the executing or implementing

agency operates, before considering the impact of the agency’s financial management systems

and controls.

Internal audit – an independent, objective assurance activity designed to add value and

improve an organization's operations.

Internal control – a process for assuring achievement of an organization's objectives in

operational effectiveness and efficiency, reliable financial reporting, and compliance with laws,

regulations and policies.

Risk – the probability or threat of damage, injury, liability, loss or other negative occurrence that

is caused by external or internal vulnerabilities that may be avoided through preemptive action.

CONTENTS

Page

I. PURPOSE, INTRODUCTION AND SCOPE 1

A. Purpose 1

B. Introduction 1

C. Scope and Coverage 2

D. Definition of Key Concepts 3

II. APPROACH AND METHODOLOGY 4

A. Dealing with Integrity, Fraud, and Corruption Risks 4

B. Use of Country PFM or Entity Financial Management Systems 5

III. FINANCIAL MANAGEMENT ASSESSMENT - PROCESS 8

A. Planning the Assessment 8

B. Conducting the Assessment 10

C. Financial Management Risk Assessment 12

D. Documentation Requirements and Validation 16

IV. CONCLUSIONS 17

APPENDIXES

1. Project Financial Management Assessment Indicative Terms of Reference

2. Financial Management Assessment Questionnaire

3. Project Financial Management Assessment Report Outline

4. Financial Management, Internal Control and Risk Assessment and Risk Management

Plan (Template)

5. Financial Management, Internal Control and Risk Assessment and Risk Management

Plan (Sample)

I. PURPOSE, INTRODUCTION AND SCOPE

A. Purpose

The purpose of this technical guidance note (TGN) is to provide guidance to Asian

Development Bank (ADB) staff, consultants and executing agencies on the ADB requirements

and considerations for financial management assessment. This TGN consolidates ADB’s

approach to project level financial management assessment (FMA), and replaces Section 4.2 of

the Financial Management and Analysis of Projects

(the Guidelines). The approach and

methodology in this TGN is based on international good practice, and is intended to explain the

underlying principles for FMA. However, it is neither a substitute for sound professional

judgment, nor a rule-book covering all possible situations. In non-typical or exceptional

situations, staff are encouraged to seek further advice from the Financial Management Unit

(OSFM) of the Operations Services and Financial Management Department (OSFMD).

B. Introduction

ADB’s requirements for financial due diligence are summarized in the Operations

Manual, section G2.

They comprise 4 major activities: (i) financial management assessment

(FMA); (ii) preparation of cost estimates and financing plans; (iii) financial cost-benefit analysis

of the proposed investment projects, or an assessment of the capacity of the executing or

implementing agency to fund incremental recurrent costs; and (iv) financial analysis and

projections of the executing and / or implementing agencies.

Article 14(xi) of the Agreement Establishing the Asian Development Bank (the Charter)

requires the Asian Development Bank (ADB) to take necessary measures to ensure that the

proceeds of any loan made, guaranteed, or participated in by ADB are used only for the

purposes for which the loan was granted, and with due attention to considerations of economy

and efficiency. Article 14(xiv) of the Charter also requires ADB to be guided by sound banking

principles in its operations. ADB’s financial due diligence requirements stem from these Charter

obligations.

During the processing stage, project teams should assess the financial management

capacity of the executing agency and the implementing agency, if any, to effectively manage the

finances of the project. ADB’s Governance Framework, as described in the Second Governance

and Anticorruption Action Plan (GACAP II),

requires that that the public financial management

(PFM) risks are assessed during the preparation of Country Partnership Strategies (CPS) at

both the country and sector levels, and assessed and mitigated at the project level as part of

project preparation.

Effective financial management is a critical success factor for efficient project

implementation and project sustainability. Irrespective of how well a particular project or

program is designed, if the executing or implementing agency does not have the capacity to

ADB. 2005. Financial Management and Analysis of Projects. Manila.

ADB. 2014. Financial Management, Cost Estimates, Financial Analysis, and Financial Performance Indicators.

Operations Manual, G2.

ADB. 2006. Second Governance and Anticorruption Action Plan. Manila - http://www.adb.org/documents/second-

governance-and-anticorruption-action-plan-gacap-ii; ADB. 2011. Revised Guidelines for Implementing Second

Governance and Anticorruption Plan. Manila; and ADB. 2014. Revised Staff Guidelines

http://www.adb.org/documents/revised-guidelines-implementing-adbs-second-governance-and-anticorruption-

action-plan

effectively manage its financial resources,

implementation may not be as efficient as desired,

and the benefits of the project are less likely to be sustainable.

FMA is a risk-based

assessment intended to (i) identify risks that country, sector or project financial management

systems and/or practices may lead to non-achievement, or sub-optimal achievement, of the

project outcomes and/or outputs; (ii) identify risks that ADB resources may be used other than

for the intended purposes, whether due to leakage or inefficiency; (iii) assess the severity of the

risk; and (iv) develop a practical risk management plan to address, at a minimum, high or

substantial financial management risks at the project level that may, otherwise, adversely affect

the achievement of the development outcomes. FMA should identify pre-mitigation risks and

mitigation actions. It is intended to help improve project design either by implementing

institutional strengthening for better financial management, or (at the very least) designing

project-specific financial management arrangements to ring-fence project finances from larger

institutional risks during the implementation stage.

The FMA assesses the capacity of executing and implementing agencies and their

systems in the areas of planning and budgeting, management and financial accounting,

reporting, auditing, and internal controls. The FMA also includes a review of proposed

disbursement and funds-flow arrangements, and identifies measures for addressing identified

deficiencies.

C. Scope and Coverage

This note covers all loans, grants, the investment component of sector development

programs, and high value TAs delegated (wholly or in part) to executing or implementing

agencies. Even if administered by ADB, FMA would be required

for high value TAs where an

advance payment facility is extended to an executing or implementing agency. This note does

not cover FMA of financial intermediary loans, or policy-based lending including the policy

component of sector development programs.

In the case of policy-based lending (including the policy component of sector

development programs), the focus of ADB support is on implementation of the policy reform,

and the ADB loan is provided for defraying a part of the adjustment costs. ADB funds flow

through the country PFM system which needs to be assessed, and the project level FMA

techniques described in this guidance note will have limited relevance.

For results-based lending, many of the techniques described in this guidance note may

be adopted, particularly where the executing or implementing agency is a special purpose

For instance, poor budgeting practices may mean inadequate allocation of resources for project implementation,

leading to inadequate financing and implementation delays.

For instance, weak internal controls may mean that quantities and quality of work executed may not be thoroughly

verified.

For instance, weak financial management may lead to non-maintenance of fixed assets registers and/or periodic

physical verifications, providing an opportunity for project assets to be pilfered, thereby jeopardizing project

completion, reducing expected service levels and/or economic life. They may also impose higher operations and

maintenance costs.

Not all requirements of loans and grants apply to high value TAs. Project teams should discuss the extent of

financial due diligence required with Financial Management Unit (OSFM) and Loan Administration Division (CTLA).

While many of the principles in this note will apply to financial intermediary loans as well as policy-based lending,

there are other considerations and requirements that are beyond the scope of this note. Specific guidance on

financial intermediation loans will be provided in a separate guidance note. Policy-based lending requires a

country- and sector-level public financial management assessment approach that is beyond the scope of this

guidance note.

vehicle, or a state-owned enterprise. ADB‘s assessment of the financial management system

will determine the degree to which it manages fiduciary risks and provides a reasonable

assurance that program funds will be used appropriately. The assessment will be guided by

commonly accepted good practice principles. It needs to be noted that in result-based lending

(RBL), ADB loan disbursements occur on achievement of disbursement linked indicators as

confirmed by verification protocols, instead of contract award, physical progress, and

disbursement. ADB does not monitor procurement in RBLs unlike in the case of project loans.

The fiduciary assessment for results-based lending requires an assessment of country or sector

PFM aspects, as ADB loan proceeds are commingled with the country’s own resources and flow

through the PFM system. The link between use of ADB loan proceeds and program outputs is

not as direct as it is in the case of conventional project lending.

D. Definition of Key Concepts

10.

Financial management can be defined as the overall arrangement for planning, directing,

monitoring, organizing, and controlling of the monetary resources of an organization, with a view

to efficient accomplishment of the enterprise objectives. It comprises multiple processes,

including financial accounting, management (and cost) accounting, asset management, cash

and treasury management, financial reporting, internal controls, and internal and external audit.

Each of these processes should incorporate sub-processes and techniques including

management, forecasting, strategic planning, planning and budgeting, procurement,

disbursement, control, and communications and reporting.

11.

Internal control is a process for assuring achievement of an organization's objectives in

operational effectiveness and efficiency, reliable financial reporting, and compliance with laws,

regulations and policies. Internal control has both active and passive components, which are

intended to function continuously and provide appropriate checks and balances.

Internal

auditing is an independent, objective assurance and consulting activity designed to add value

and improve an organization's operations. It helps an organization accomplish its objectives by

bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk

management, control, and governance processes. While it is a component of internal control,

internal control is much more than internal audit.

12.

Risk can be defined as a probability or threat of damage, injury, liability, loss or other

negative occurrence that is caused by external or internal vulnerabilities that may be avoided

through preemptive action. Risks can be divided into (i) inherent,

arising from the overall

environment in which the executing or implementing agency operates before considering the

impact of the agency’s financial management systems and controls; and (ii) control risks, the

risk that the project’s financial management and internal control arrangements are inadequate to

ensure that project funds are used economically and efficiently and for the intended purpose.

For instance, a basic internal control step is to ensure that one person is not responsible for receiving goods,

verifying invoices, and making payments for any procurement. Another example would be that bank reconciliations

are performed and exceptions reviewed by those who do not write the checks.

External environment may be a high risk situation, for example, because the audit of the public accounts of the

country are in arrears for over a year, and the audit reports are not reviewed by the public accounts committee of

the Parliament. Nevertheless, it is possible that the executing agency may be better administered, with audited

entity accounts being reviewed by those charged with governance within 6 months of the end of each financial

year, and actions initiated promptly to address weaknesses.

II. APPROACH AND METHODOLOGY

A. Dealing with Integrity, Fraud, and Corruption Risks

13.

The ownership structure of the executing or implementing agency should be ascertained.

For entities with less than 100% government ownership, integrity due diligence may be required

on the ultimate beneficial owners other than the government. In such instances, the project

team should seek the advice of the Office of Anticorruption and Integrity.

14.

While performing the FMA, the reviewer should take into consideration the risk of

corruption and fraud. Financial management arrangements are usually designed to prevent, or

minimize, the risk of misstatement, fraud and corruption. Box 1 provides a typical hierarchy of

PFM arrangements. The International Standards on Auditing (or their equivalent, International

Standards for Supreme Audit Institutions) require that an external auditor carry out an

assessment of the accounting and internal control systems and plan the audit such that the

audit risk (that the audit opinion is inappropriate due to the accounts being materially misstated)

is at an acceptably low level. Reviewers are usually not able to perform the in-depth

assessments that an external auditor would, and consequently, the external audit reports and

management letters would provide a good source of information on material issues affecting the

entity financial statements.

15.

The country PFM assessments focus on the national laws, rules and regulations

governing financial management. In some cases, sub-national assessments (or sector level

assessments) may also be available. The project level assessment should focus on the specific

risks that could impact effective project implementation.

16.

The project FMA should be informed by the country and sector PFM environment, and

the proposed arrangements in the executing or implementing agency of the project. For

instance, the country may have sound budgeting and financial reporting arrangements and

adequate legislative oversight, and the sector in general also may have many well-managed

entities, but the particular executing or implementing agency chosen for the proposed project

may not have appropriately qualified finance personnel, leading to a weakness in the

organizational structure jeopardizing overall financial management arrangements. Conversely,

despite a somewhat weak PFM at the country level, the executing or implementing agency may

have sound internal financial management arrangements.

Box 1: Typical Public Financial Management Arrangements

 Public Accounts Committee - review of external audit reports in public hearings

 Audit Committee of the Board of Directors - review internal and external audit reports and

management letters

 Internal control systems (e.g.), segregation of duties, physical verifications and

reconciliations, compulsory staff rotation of duties.

 Internal audit

 Independent external audit - performed by the supreme audit institution of the country, or by

professional accounting firms.

B. Use of Country PFM or Entity Financial Management Systems

17.

The FMA exercise is aimed at assessing the suitability and acceptability of the existing

country systems for financial management – be it the PFM systems for general government

sector units (GGSU) or the standalone financial management arrangements, of all other entities.

In many cases, the existing financial management arrangements may be found adequate for

implementing ADB-supported projects as they are, or with some modification and strengthening.

An ad hoc financial management system for the ADB-supported project should be the last resort,

to be adopted only when existing systems are found completely unreliable and unacceptable.

Such exceptional cases may even require that ADB defer the approval of the loan, and support

the executing or implementing agency with TA resources to establish and staff the project

implementation unit (PIU), develop various management systems (including financial) and

thereafter proceed with loan approval. Box 2 summarizes the considerations for GGSU.

Sometimes, the project design includes the recruitment of consultants who would provide full financial

management support. This is an undesirable (but sometimes unavoidable) arrangement, as consultants will

demobilize at project completion, and take away the financial management expertise. The design should invariably

include recruitment (if necessary) and training of executing or implementing agency staff, to mitigate the high risk

that the consultant capacity provided during project construction will disappear at completion. This would ensure

effective financial management support during operation and maintenance of the completed project facilities.

Box 2: Use of Country Public Financial Management System for

General Government Sector Unit

 REVIEW ANALYSIS OF PFM SYSTEM IN THE COUNTRY PROGRAM AND

STRATEGY

 APPLY GUIDANCE FROM STAFF INSTRUCTIONS OF SECOND GOVERNANCE

AND ANTI-CORRUPTION PLAN

Issues to be considered

 Budget:

Is external financing, whether program or project, and its intended use, included

and reported in the country’s budget documentation?

 Treasury:

Are external financing funds received into the general government revenue

account, and thereafter disbursed following the general financial rules of the country?

 Accounting:

Is external financing recorded and accounted using the country’s own

accounting system, following the country’s classification and reporting arrangements?

 Auditing:

Are externally financed projects audited by the governments’ conventional

auditing systems (e.g., by the Supreme Audit Institution, without the imposition of

additional or special accounts (other than providing an assurance on use of funds for

intended purposes, or an opinion on compliance with financial covenants)?

Source: ADB. 2014. Revised Staff Guidance for Implementing the Second Governance and

Anticorruption Action Plan (GACAP II).Manila.

18.

Project executing and implementing agencies may be either GGSU, or state-owned

autonomous or semi-autonomous entities (companies, societies, or similar), or non-

governmental organizations. For GGSUs, the proposed financial management arrangements

would tend to adopt the country’s PFM arrangements, while all other entities would tend to have

their own financial management arrangements that may be different from the country PFM

arrangements. Figure 1 illustrates the assessment of financial management arrangements for

all entities other than GGSU.

Figure 1: Use of Entity Financial Management Systems

For State-owned Enterprises, Non-governmental Organizations, Private Sector Units

Is EA/IA an

existing entity?

Implemented by an

existing department or

division?

Create a SPV or PIU

Agree upon special

financial management

arrangements

Are existing financial

management

arrangements

acceptable, as is, or

with some

modifications??

Agree upon use of existing financial

management arrangements, with necessary

modifications

YES

EA=executing agency, IA=implementing agency, PIU=project implementation unit, SPV=special purpose

vehicle

19.

It has been noted that modifications and enhancements are more common in the case of

GGSUs, where special purpose PIUs are established, sometimes requiring ring-fencing. Other

project entities may also need to establish PIUs. In all such cases, the FMA will need to be

based on proposed organization structure, its interaction with (and independence from) the

parent executing or implementing agency, and proposed internal controls. It is likely that an

existing executing or implementing agency would extend its current financial management

system to the PIU, in which case the current system should be assessed. The reviewer, in

consultation with the executing or implementing agency, should agree upon the appropriate

organizational structure, procedures manual, accounting manual, internal control and reporting

arrangements, arrangements for internal and external audit, etc. Implementation of such

recommendations would need to be documented in the Action Plan for financial management

with specific milestones, and perhaps covenanted in the legal agreements.

20.

The framework guiding financial management assessment at the country, sector and

project level is based on the cascading approach adopted under ADB’s Governance framework

and indicated in Table 1.

Table 1: Financial Management Assessment - Framework

When

Output

What, How and Who

CPS

Country (and priority

sector) Governance and

Risk Assessment

As part of the Governance Risk Assessment, the

CPS team reviews the PFM environment at the

country and priority sector levels, supplemented by

primary assessments of specific issues, and review

of existing diagnostic studies such as ADB’s own

prior assessments, Public Expenditure and Financial

Accountability,

Report on the Observance of

Standards and Codes,

etc. This will also take into

consideration prevailing legal and institutional

context.

Project Concept

Financial due diligence

requirements, and

potential risk areas

The concept paper should outline the extent of due

diligence required for the executing or implementing

agency based on the Country PFM Assessment, an

existing FMA or other diagnostic studies.

Processing

FMA Report, inputs to

PAM, RAMP, RRP

The FMA to be performed by the project team, with

support from the regional financial management

specialist. In appropriate cases, the support of the

Financial Management Unit of Operations Services

and Financial Management Department may be

sought. This will take into consideration the CPS

assessment for the country and sector,

recommendations from project procurement related

review of ADB, procurement risk assessments, and

update any existing FMA and assessments by other

development partners.

When

Output

What, How and Who

Implementation

Updated Action Plan (and

FMA report, if required)

The FMA is a dynamic assessment, and should be

reviewed regularly during implementation,

particularly with reference to implementation of the

Action Plan for risk mitigation and capacity

development, and updated as necessary.

CPS=country partnership strategy, FMA=financial management assessment, PFM=public financial management,

PAM=project administration manual, RAMP=risk assessment and risk management plan, RRP= report and

recommendation of the President.

The Public Expenditure and Financial Accountability (PEFA) Program was founded in 2001 as a multi-donor

partnership between seven donor agencies and international financial institutions to assess the condition of country

public expenditure, procurement and financial accountability systems and develop a practical sequence for reform

and capacity-building actions. This is country-led, with support from multi-lateral and bilateral development

organizations. National and sub-national assessments can be found at this link: www.pefa.org.

In this exercise, the International Monetary Fund and the World Bank are undertaking a large number of summary

assessments of the observance of selected standards relevant to private and financial sector development and

stability. Of particular interest for ADB FMA are assessments relating to corporate governance, and accounting and

audit. National assessments can be found at this link: Reports on the Observance of Standards and Codes

http://www.worldbank.org/ifa/rosc.html.

III. FINANCIAL MANAGEMENT ASSESSMENT - PROCESS

A. Planning the Assessment

21.

The project team is responsible for the FMA. Being a skilled, but subjective, exercise,

FMAs should be performed by persons possessing an advanced qualification in a financial

discipline (preferably a chartered accountancy or equivalent designation), and prior experience

in performing such assessments.

Control and supervision of the FMA exercise should rest with

qualified and experienced ADB staff

even though some of the work may be out-sourced to the

project preparatory technical assistance (PPTA) consulting firm, individual or staff consultant. In

planning the assessment, consideration should be given to the country and sector governance

risk assessments and PFM assessments. It is recommended that the project team should

include staff with adequate skills in financial due diligence, to either perform the FMA, or guide

the consultants. Figure 2 illustrates the FMA process.

The practice of recruiting a single consultant to perform both economic and financial due diligence is not

recommended, as it is often not successful due to the limited supply of consultants who are equally skilled in both

disciplines. Consultants with experience in similar assignments with other development partners may be engaged.

It is envisaged that staff from a regional department, resident mission or OSFMD, with financial management

expertise, could conduct and/or supervise the review. Where available, the Financial Management Specialist of

Regional Departments should support such reviews. It is recommended that this work should not be “out-sourced”

to project executing or implementing agencies, i.e., a self-assessment is not recommended.

22.

Project teams may rely upon the country and sector PFM assessments prepared during

the CPS. If the assessments are not available (perhaps because this is a new country / sector),

or are outdated, it may be necessary to complete (or update) the country or sector PFM

assessment

to better understand the systemic issues that could impact project performance.

The Staff Instructions for GACAP II also recommend that, in the event of ADB interventions in

new sectors, a governance risk assessment should be prepared for the sector.

23.

The FMA will usually involve, but is not limited to (i) the review of country PFM

assessments; (ii) an assessment of financial management systems and capacity of the

executing and implementing agencies, including potential strengths / weaknesses of project-

specific financial management arrangements; (iii) risk assessment and preparation of a risk

management plan; (iv) initial draft of the project’s financial management, funds flow, accounting

and auditing arrangements; and (v) the development of appropriate covenants to address these

Updating a country or sector level governance risk assessment or PFM assessment is both resource- and skills-

intensive task. Project teams should adopt this approach only under exceptional circumstances, and seek

specialist staff and/or consultant resources at the concept paper stage. They should also discuss this with the team

responsible to prepare CPS.

Figure 2: Financial Management Assessment Process

Literature

Review

FMAQ, Interviews,

discussion

Risk identification and

rating

FMA Report, RRP and PAM

Text, RAMP

Time-bound Action

Plan

FMA=financial management assessment, PAM=project administration manual, RAMP=risk

assessment and risk management plan, RRP=report and recommendation of the President.

issues. An indicative terms of reference (TOR) is provided in Appendix 1. While PPTA or staff

consultants may be assigned to deliver the whole or part of the TOR, the project team remains

responsible to supervise the consultants for quality control purposes.

24.

In the case of the second or subsequent tranches in a multi-tranche financing facility, or

for second or subsequent loans to the same executing or implementing agency, project teams

should update the FMA conducted earlier. Even in the case of first-time executing or

implementing agencies, diagnostic work performed by other development partners, if it is

recent,

may be updated. Special attention should be paid to risks earlier identified, and the

assessment should verify if the mitigation / avoidance actions proposed were fully implemented,

and their impact on the risks. The current situation should be assessed, and any new risks that

may be identified should also be rated and addressed suitably.

25.

It is essential that the risk assessment in the project FMA is realistic, as this is the only

way for appropriate risk mitigations to be identified and built into the project design. If the risks

are understated, the absence of appropriate risk mitigations may lead to financial accountability

issues and potential reputational risks. It is also important that the assessment is conducted

more rigorously on those units, facilities and staff within the executing and implementing

agencies that will directly contribute to project implementation. The assessment of higher level

entities, under whom the units would function, should focus more narrowly on the interaction

between the financial management systems.

B. Conducting the Assessment

26.

Box 3 provides an illustrative list of secondary literature that should be reviewed before

the project team (or consultants) embarks on a field visit. It may be emphasized that there may

be other sources of information that are available for a particular project, sector, or country,

beyond those listed here. The primary source of fresh information will be interviews conducted

with counterpart staff,

development partners and other stakeholders. The reviewer may

perform verifications of key or material issues, through test-checks, walk-throughs,

etc.

Prepared within the last 3 years.

Should it be required, project teams may need to enter into a confidentiality and nondisclosure agreements. They

should consult with OSFM and OGC for each such transaction.

An external auditor would normally perform actual walk-throughs and tests of internal control and systems to form

an assessment of the financial management systems and arrangements, to establish their reliability. However, the

FMA exercise of ADB does not necessarily require such an approach, due to considerations of budget, time, and

also ADB’s status as a lender rather than an auditor.

27.

To elicit information in a structured and comprehensive manner, the Financial

Management Assessment Questionnaire (FMAQ, Appendix 2), should be administered by the

reviewer. It needs to be emphasized that the FMAQ is a useful, but not mandatory,

tool for

structured information gathering, but it is not a substitute for the FMA report. The FMAQ may be

filled in jointly by the reviewer and the counterpart staff, to ensure acceptability and a common

understanding.

More information may be required than envisaged in the FMAQ, and should be

obtained by the reviewer through supplementary questions, interviews, or research (e.g., from

the internet or other published or unpublished sources). This would be supplemented by a

critical review of the external audit reports of the executing agency / implementing agency, the

auditors’ management letters, internal audit reports.

Copies of these key documents should

be obtained, apart from others such as budgets, organization charts, accounting manuals,

charts of accounts, etc. Such reviews should take into consideration the actions taken by the

executing or implementing agency to address the external audit qualifications, and observations

and recommendations in the management letter and internal audit reports.

28.

The results are analyzed and form the basis for completing the assessment of the

project financial management arrangements. An outline for the Financial Management

Assessment Report is provided in Box 4 below, and an annotated outline is available in

Appendix 3.

For second or subsequent loans (or tranches), it may not be necessary to administer the full FMAQ; instead, it

may be administered selectively, or the FMA updated based on past experience.

The FMAQ is not intended to be a self-assessment by the executing or implementing agency. Because of its critical

nature as a source of information, the responses should be elicited by the reviewer.

A qualification in an external audit report should be carefully considered, as it would have been reported by the

external auditor only because it is material in the entity context. However, the impact at the project level needs to

be measured or evaluated.

Preferably, at least the reports for the preceding 3 years should be reviewed.

Box 3: Literature Review for FMA

ADB Internal Sources

 Country Partnership Strategy – Governance Risk Assessments, including for priority sectors.

 Project Procurement Related Reviews.

 Existing FMA for the executing or implementing agency.

 Findings and recommendations of project completion reports for the executing or

implementing agency.

 Experience in past or ongoing projects with the same agencies.

 Special reviews or reports by the Office of the Auditor General.

 Procurement capacity assessments.

 Assessments by the Independent Evaluation Department such as Sector or Country

Assistance Program Evaluations.

External Sources

 Public Expenditure and Financial Accountability reports

 Report on Observance of Standards and Codes – Accounting and Audit

 Financial management capacity assessments by the World Bank or other multilateral or

bilateral development partners

 Country Procurement Assessment Reports

 Reports on websites, such as Bloomberg, Standard and Poor, Bankscope, etc.

Note: This is an illustrative, and not exhaustive list.

Box 4: Financial Management Assessment Report Outline

Executive Summary

I. Introduction

II. Project Description

III. Country and Sector Financial Management Issues (from CPS assessments)

IV. Project Financial Management System

A. Overview of the executing agency/implementing agency, Financial Management

System and Institutional Context

B. Strengths

C. Weaknesses

D. Personnel, Accounting Policies and Procedures, Internal and External Audit

E. Financial Reporting Systems, including Use of Information Technology

F. Disbursement Arrangements, Funds Flow Mechanism

V. Risk description and rating

VI. Proposed Action Plan

VII. Suggested Covenants

VIII. Conclusion

Appendixes

C. Financial Management Risk Assessment

29.

Risk Identification: The risk assessment process is illustrated in Figure 3. If a

weakness is identified, it may be necessary to gather additional information to determine the

root cause of the weakness and how it may result in a risk. See Box 5 for an example.

Figure 3: The Risk Assessment Process

Risk Identification and

Description

Risk

Assessment

and Rating

List and

Monitor

Low

Prepare Action Plan for Risk Mitigation by Risk Avoidance,

Transfer, Mitigation

Moderate, Substantial or High

Box 5: Risk Identification - Example

Weakness: Executing agency has weak control over its fixed assets – it does not maintain a

fixed assets register, conduct periodic physical verification and perform a

reconciliation of the books with physical assets.

Risk: Risk of loss or abuse of its assets, leading to misappropriation, inability to

complete the project or efficiently operate project facilities, and financial losses.

Risk of incorrect or incomplete annual financial statements.

30.

Risk Assessment: Once risks have been identified, it is necessary to determine

whether or not the risk is likely to occur and, if it were to occur, the impact it could have on the

project. Likelihood of occurrence is to be assessed in terms of probability of occurrence. Impact

if a risk were to materialize is to be assessed by the assessor based on experience, and should

take into consideration potential damages (in terms of loss to the project and/or the enterprise).

Box 6 illustrates an example of how a weakness is translated to a risk, and then rated.

31.

Individual risks should be categorized and rated for their potential impact, and the

combined impact of all risks should guide the FMA exercise in making a comprehensive

assessment of project level financial management risk. The risks should be categorized as

follows:

High - likely to occur, will have high impact if occurs

Substantial - unlikely to occur, will have high impact if occurs

Moderate - likely to occur, will have low impact if occurs

Low - not likely to occur, will have low impact if occurs

32.

Risk assessment is a subjective exercise, and requires prior experience and an

appropriately qualified and skilled practitioner. It requires not only knowledge of good financial

management practices, but also country context and sector- and entity-specific conditions. The

purpose of the risk assessment is to identify situations or events and the extent to which they

could hamper the achievement of project outcomes and/or outputs, and hinder effective project

Box 6: Risk Identification – Example

Weaknesses: External audit report for the last 3 years has noted that original supporting

documents are not always available, and hence the audit trail is incomplete.

The agency does not have a document retention policy as regards location,

safe preservation, and retention period.

Risk: Risk of errors, fraud or misappropriation remaining undetected due to non-

availability of original supporting documents; lack of an audit trail to enforce

accountability.

Likelihood of

occurrence: Likely

Impact: High

Risk Rating: High

implementation. The categorization of risk also helps to guide the nature and extent of mitigating

measures required. Mitigation measures will need to be tailored to fit each project, and a “one-

size-fits-all” approach may fail. An example is provided in Box 7.

Box 7: Risk Assessment – Example

Weakness

Risk and Impact

Likelihood

Rating

Executing Agency does not maintain a fixed assets

reconciliation with the books. Assets are portable

and stored in scattered locations without fencing or

access controls.

High – Chances of

misappropriation of

assets.

Likely

High

Executing Agency does not maintain original

supporting documents, and does not have a

document retention policy.

High – Chances of error

or fraud remaining

undetected.

Likely

High

Project accounts are proposed to be maintained on

Excel, and re-entered into the accounting software

of the enterprise on a quarterly basis.

High – errors of data re-

entry; Excel-based

accounting is error-prone

Likely

High

33.

Risk Mitigation and Management: Risks are assessed and categorized based on the

responses in the FMAQ and the supplementary information gathered, to help focus and

prioritize remedial action. A variety of options exist for managing risks, these include:

 Avoidance / mitigation / transfer (for risks rated “High” or “Substantial”) – specific

measures to minimize or eliminate unacceptable risks. Avoidance may require re-design

of part or whole of the project, or particular processes. Mitigation measures are directed

at reducing the severity of the risk, reducing the probability of the risk materializing or

reducing exposure to the risk. Risk transfer could occur, for instance, through insurance

(against theft, damage, etc.).

 Monitoring (for risks rated “Substantial” or “Moderate”) – mechanisms to track and report

on exposure to risks, particularly to ensure that neither the probability nor the impact

associated with the risk is increasing.

 Identification and documentation (for risks rated “Low”) – measures to document and

draw attention to risks without needing to formally mitigate or monitor them.

Example of Time-bound Action Plans

Weakness

Mitigation Actions

Responsibility

Timeframe

Weak control over

inventory can lead to

theft or

misappropriation,

inability to construct or

operate the project.

Introduce inventory

accounting, control over

issue and utilization,

physical verification and

reconciliation.

3 staff to be recruited

and trained.

Implementing agency

Staff recruitment within 3

months of loan

effectiveness.

First year – with 100%

help of project

implementation

consultants.

Second year, staff take

over with supervision by

consultants.

Third year onwards by

staff.

Executing agency does

not maintain original

supporting documents,

and there is no

document retention

policy

At the project level,

initiate procedure for

safe custody of original

supporting documents

including safe storage,

and retention period,

access control, etc.

Initiate policy dialogue

to persuade the

management to adopt a

similar policy for the

enterprise.

Implementing agency

Implementing Agency

and ADB

Policy to be adopted and

implemented at project

level as a condition for

disbursement

Enterprise level dialogue

to be continued until

satisfactory resolution is

achieved.

34.

Risks that are likely to impact the achievement of the project outcome or output need to

be mitigated. Particular attention should be accorded to mitigating high and substantial risks.

The purpose of risk mitigation is to strike a balance between the efficiency of the mitigation

measure and the cost of implementing it. Figure 4 provides a high level approach to

determining how and when to mitigate risks.

Figure 4: Risk Categories

Likely

Moderate Risk–

Monitoring

High Risk–

Mitigation

Likelihood of

Occurrence

Low Risk–

Documentation

Substantial Risk–

Mitigation and/or Monitoring

Unlikely

Low

High

Impact

D. Documentation Requirements and Validation

35.

The FMA exercise should be fully documented in the working files of the project team,

and preferably saved electronically in eStar. In case some of the work was performed by

consultants, the final report of the consultants should include all the details, including the FMAQ

and all supplementary information. Copies of documents (e.g., audit reports, accounts manuals,

organization charts, management letters, etc.) should also be submitted to ADB along with the

final report. The final FMA should be reviewed and validated either by the financial specialist

(ADB staff on the project team) or the regional financial management specialist for quality,

consistency and acceptability.

36.

The governance section of the report and recommendation of the President (RRP)

should have a summary assessment along with the overall risk rating of the financial

management arrangements. The FMA should be broadly described in the Project Administration

Manual, and the time-bound Action Plan included for monitoring during implementation. The

FMA description in the project administration manual should be analytical, and provide an

assessment of the financial management arrangements, as illustrated in Box 8. Although not

mandatory, the project team may consider including the full FMA as a supplementary linked

document to the project documents.

37.

Financial Management, Internal Control and Risk Assessment (FMICRA) Table:

Once the risks have been identified and categorized

and mitigation measures identified, the

FMICRA is prepared to include the risks and mitigations identified from the FMA exercise.

The

template is provided as Appendix 4.

38.

It is recommended that the mitigation Action Plan that is developed as part of the FMA

should be time-bound, preferably with interim milestones. This would help monitoring the

implementation of such plans during project implementation, and while updating the FMA for

second or subsequent tranches or new loans to the same executing agency or implementing

agency. This will also facilitate a constructive policy dialogue with the executing agency and

Disclosure may be subject to any non-disclosure agreement that may have been entered into during processing.

Financial management risks are identified on a four-point scale of Low, Moderate, Substantial or High. The current

template of the RAMP envisages only a three-point scale of Low, Medium, or High. As a temporary workaround, it

is suggested that financial management risks rated Low, Moderate and High be classified as Low, Medium or High

in the RAMP. The reviewer should exercise judgment in classifying a risk rated Substantial as either Medium, or

High, depending upon its significance. It is expected that the RAMP will be eventually modified to allow a four-point

scale.

Pre-mitigation risks are disclosed with their “as-is” rating. The implementation of mitigation measures,

measurement of their impact, and re-assessment of the risk, is a time-consuming process.

Box 8: Descriptive Vs. Analytical

Descriptive – The entity uses CSP accounting software. The project will use HVDC software, to be

specially procured for project accounting.

Analytical – The entity uses CSP accounting software, but will procure a new software, HVDC, for

project accounting. Project accounting staff will need to be specially trained in HVDC. Electronic

transfer of project accounts cannot be accomplished from HVDC to CSP, and integration of the project

accounts with the entity accounts will require use of Excel spreadsheets, and manual re-entry of data

from the project accounts into the CSP software. This arrangement is considered to have substantial

risk associated with it, and requires additional training, monitoring, audit checks and reconciliations to

ensure acceptable quality of the entity financial statements.

implementing agency. Preferably, the risk assessment should be fully reviewed at least once

every year, having regard to implementation of the mitigation actions. The time-bound Action

Plan should be monitored regularly to ensure actions are implemented as agreed. A sample

completed FMICRA is provided in Appendix 5.

39.

The final step of the risk assessment is to determine the overall project financial

management risk. The overall risk should be rated as high, substantial, moderate or low, and

summarized in the main text of the RRP. In considering the overall risk rating, the reviewer

considers the cumulative impact of the risks identified and the likelihood of that impact occurring.

This requires professional judgment and is unlikely to be a straight average of individual risk

ratings. Significant financial management risks (at least all those rated substantial or high)

should be reported in the Risk Assessment and Risk Management Plan (link document to the

RRP) as illustrated in Box 9.

Box 9: Risk Assessment and Management Plan - Example

Risk Description

Risk Assessment

Mitigation Measures or Risk Management Plan

Due to weak control

over fixed assets,

there is risk of loss of

project assets, leading

to risks for project

completion and

operation

High

 A fixed asset register for project assets will be

introduced as a condition for contract award.

 A Periodic physical verification plan will be

developed prior to contract award, with provision

for periodic counts including reconciliations.

 Agency staff will be trained in fixed asset

management (including reporting and monitoring)

 Policy dialogue will continue to strengthen

awareness of the importance of asset

management and internal control over fixed

assets across the executing agency.

Internal control

weakness – risks of

misappropriation of

bank funds, due to

long delays in

performing bank

reconciliations. Even

when performed, the

same person

maintaining the bank

book performs the

reconciliation, and the

reconciliation is not

reviewed by any senior

officer.

High

 At the project level, a standard operating

procedure will be introduced whereby the

reconciliation is to be performed by someone

other than the person maintaining the bank book.

Bank reconciliations will be performed at a

minimum, on a monthly basis, perhaps more

frequently should there be higher volume

transactions.

 The reconciliations must be reviewed and signed

off by a senior officer, and every item carefully

scrutinized for appropriate resolution.

 Policy dialogue will continue to encourage

management to adopt similar bank reconciliations

procedures across the entire agency and

covering all bank accounts.

IV. CONCLUSIONS

40.

These guidelines and associated tools are provided to assist country, sector and project

teams to better assess financial management risk at the project level, to ensure that this is

effectively mitigated or managed through project implementation arrangements. However,

guidelines cannot substitute for professional judgment. It is up to the ADB country, sector or

project team to determine how best to obtain sufficient comfort that ADB funds will be used for

intended purpose, with due regard to efficiency and effectiveness. In exceptional situations,

OSFM’s advice should be sought.

18 Appendix 1

PROJECT FINANCIAL MANAGEMENT ASSESSMENT

INDICATIVE TERMS OF REFERENCE

A. Background

This section should include details pertaining to the project, as well as a description of the

country and sector financial management environment that could impact the project

implementation.

B. Purpose and Scope of the Assessment

The purpose of the assessment is to (i) identify the capacity, procedural and organizational

constraints that could hinder effective project implementation and agree on an action plan with

the executing agency/implementing agency and the developing member country (DMC)

concerned, to address these constraints; and (ii) determine the overall financial management

risk, and establish appropriate review and supervision processes, to mitigate these risks.

Scope: The review team will:

(i) Review (and update if necessary) the Governance and Risk Assessments at the

Country and Sector level from the current Country Partnership Strategy.

(ii) Assess strength and weaknesses in project financial management practices and

capacity from the perspective of (a) organizational and staff capacity; (b)

information management; (c) financial management practices; (d) effectiveness;

(iii) Identify and evaluate financial management and internal control risks at the

project level.

(iv) Propose risk mitigation and management strategies and/or activities with

appropriate timelines and suggested responsibilities.

C. Approach and Methodology

The review will include, but not be limited to:

(i) Identification of the organisation, entity or unit that is to be the prime focus of the

assessment. This could be the executing agency, and/or the implementing

agency, and/or the project implementation unit.

(i) Assess relevant previous experience with the executing and implementing

agencies, assess how much reliance can be placed on PFM systems by

reference to CPS, FMAs from similar prior projects by ADB or other development

partners. Review the available secondary information sources, including internal

audit reports, external audit reports, management letters, for the last 3 years;

reports on Public Expenditure and Financial Accountability,

Report on

Observance of Standards and Codes; Project Procurement Related Reports by

ADB; etc.

Public Expenditure and Financial Accountability (PEFA) http://www.pefa.org

Appendix 1 19

(ii) Assessment of project financial management arrangements – based on

interviews with government counterparts, executing and implementing agencies,

development partners and relevant stakeholders supported by review of the

internal control arrangements, internal and external auditor’s reports, and

sampling of specific transactions. The Financial Management Assessment

Questionnaire should be completed by the reviewer, in consultation with the

counterparties, for each of project’s executing and implementing agencies.

a. The assessment should include a review of the tone at the top, budgetary

framework, external and internal audit , staffing, fund flows mechanism,

financial accounting and reporting, management information systems, and

detailed internal control activities (over payments, payroll, maintenance of

bank balances, imprest accounts, advances, fixed assets, completeness of

liabilities, etc.)

b. Identify and recommend appropriate funds flow mechanism for all sources of

project funding; recommend ring-fencing of ADB funded expenditure, if

necessary

(iii) Prepare a narrative description of the project financial management systems,

including identification of strengths and weaknesses.

(iv) Identify and assess financial management and internal control risks, on the basis

of degree of impact and likelihood of occurrence using the following scale:

High: likely to occur, high impact if occurs

Substantial: unlikely to occur, high impact if occurs

Moderate: likely to occur, low impact if occurs

Low: unlikely to occur, low impact if occurs

(v) Propose risk mitigation/management strategies to address identified risks:

High: risk avoidance / mitigation / transfer recommended

Substantial: risk avoidance/ mitigation/ monitoring recommended

Moderate: risk monitoring recommended

Low: risk documentation/identification

(vi) Summarize findings in the Financial Management and Internal Control

Assessment Report.

(vii) RRP and PAM inputs prepared

D. Key Deliverables

(i) Financial Management Assessment Report

(ii) RRP and PAM inputs

E. Consultants Terms of Reference

This TOR can be executed by ADB project teams. However, if they intend to use consultants to

execute a part or the whole of this TOR, the following additional information would be required.

Number of consultants, specific skills and expertise will depend upon the amount of field work

20 Appendix 1

required, the number of sectors to be assessed, and the specific financial management issues

identified during the initial country, sector and agency financial management assessments. The

consultants should preferably be qualified chartered accountants, certified public accountants

(or equivalent) with relevant experience (to be defined). A combined Economics and Financial

Expert position is not recommended, as it has not been found to be successful in delivering the

full scope of work defined in the terms of reference, as there is a limited number of practitioners

with sufficient skills and competence in both disciplines.

Appendix 2 21

Financial Management Assessment Questionnaire

(Note: This questionnaire should be used as a tool only to gather information relevant for

assessing financial management capacity of executing and implementing agencies. It

may be used selectively for second subsequent projects, or periodic financing reports.

Additional questions may be required as deemed fit).

Topic

Response

Potential Risk

Event

1. Executing / Implementing Agency

1.1 What is the entity’s legal status / registration?

1.2 How much equity (shareholding) is owned by the

Government?

1.3 Obtain the list of beneficial owners of major blocks

of shares (non-governmental portion), if any.

1.4 Has the entity implemented an externally-financed

project in the past? If yes, please provide details.

1.5 Briefly describe the statutory reporting

requirements for the entity.

1.6 Describe the regulatory or supervisory agency of

the entity.

1.7 What is the governing body for the project? Is the

governing body for the project independent?

1.8 Obtain current organizational structure and

describe key management personnel. Is the

organizational structure and governance

appropriate for the needs of the project?

1.9 Does the entity have a Code of Ethics in place?

1.10 Describe (if any) any historical issues reports of

ethics violations involving the entity and

management. How were they addressed?

2. Funds Flow Arrangements

2.1 Describe the (proposed) project funds flow

arrangements in detail, including a funds flow

diagram and explanation of the flow of funds from

ADB, government and other financiers, to the

government, EA, IA, suppliers, contractors,

ultimate beneficiaries, etc. as applicable.

2.2 Are the (proposed) arrangements to transfer the

proceeds of the loan (from the government /

Finance Ministry) to the entity and to the end-

recipients satisfactory?

2.3 Are the disbursement methods appropriate?

This questionnaire should be administered by ADB staff or consultant (the Reviewer), and utilized only to obtain

information, and to identify and describe potential risk events. Rating of risks should be carried out separately by

assessing their likelihood and impact.

In such cases, consult OAI on the need for integrity due diligence on non-governmental beneficial owners.

22 Appendix 2

Topic

Response

Potential Risk

Event

2.4 What have been the major problems in the past

involving the receipt, accounting and/or

administration of funds by the entity?

2.5 In which bank will the Imprest Account (if

applicable) be established?

2.6 Is the bank in which the imprest account is

established capable of −

 Executing foreign and local currency

transactions?

 Issuing and administering letters of credit (LC)?

 Handling a large volume of transaction?

 Issuing detailed monthly bank statements

promptly?

2.7 Is the ceiling for disbursements from the imprest

account and SOE appropriate/required?

2.8 Does the (proposed) project implementing unit

(PIU) have experience in the management of

disbursements from ADB?

2.9 Does the PIU have adequate administrative and

accounting capacity to manage the imprest fund

and statement of expenditure (SOE) procedures

in accordance with ADB’s Loan Disbursement

Handbook (LDH)? Identify any concern or

uncertainty about the PIU’s administrative and

accounting capability which would support the

establishment of a ceiling on the use of the SOE

procedure.

2.10 Is the entity exposed to foreign exchange risk? If

yes, describe the entity’s policy and arrangements

for managing foreign exchange risk.

2.11 How are the counterpart funds accessed?

2.12 How are payments made from the counterpart

funds?

2.13 If project funds will flow to communities or NGOs,

does the PIU have the necessary reporting and

monitoring arrangements and features built into its

systems to track the use of project proceeds by

such entities?

2.14 Are the beneficiaries required to contribute to

project costs? If beneficiaries have an option to

contribute in kind (in the form of labor or material),

are proper guidelines and arrangements

formulated to record and value the labor or

material contributions at appraisal and during

implementation?

Appendix 2 23

Topic

Response

Potential Risk

Event

3. Staffing

3.1 What is the current and/or proposed

organizational structure of the accounting

department? Attach an organization chart.

3.2 Will existing staff be assigned to the project, or will

new staff be recruited?

3.3 Describe the existing or proposed project

accounting staff, including job title,

responsibilities, educational background and

professional experience. Attach job descriptions

and CVs of key existing accounting staff.

3.4 Is the project finance and accounting function

staffed adequately?

3.5 Are the project finance and accounting staff

adequately qualified and experienced?

3.6 Are the project finance and accounting staff

trained in ADB procedures, including the

disbursement guidelines (i.e., LDH)?

3.7 What is the duration of the contract with the

project finance and accounting staff?

3.8 Identify any key positions of project finance and

accounting staff not contracted or filled yet, and

the estimated date of appointment.

3.9 For new staff, describe the proposed project

finance and accounting staff, including job title,

responsibilities, educational background and

professional experience. Attach job descriptions.

3.10 Does the project have written position descriptions

that clearly define duties, responsibilities, lines of

supervision, and limits of authority for all of the

officers, managers, and staff?

3.11 What is the turnover rate for finance and

accounting personnel (including terminations,

resignations, transfers, etc.)?

3.12 What is training policy for the finance and

accounting staff?

3.13 Describe the list of training programs attended by

finance and accounting staff in the last 3 years.

4. Accounting Policies and Procedures

4.1 Does the entity have an accounting system that

allows for the proper recording of project financial

transactions, including the allocation of

expenditures in accordance with the respective

components, disbursement categories, and

sources of funds (in particular, the legal

agreements with ADB)? Will the project use the

entity accounting system? If not, what accounting

system will be used for the project?

24 Appendix 2

Topic

Response

Potential Risk

Event

4.2 Are controls in place concerning the preparation

and approval of transactions, ensuring that all

transactions are correctly made and adequately

explained?

4.3 Is the chart of accounts adequate to properly

account for and report on project activities and

disbursement categories? Obtain a copy of the

chart of accounts.

4.4 Are cost allocations to the various funding sources

made accurately and in accordance with

established agreements?

4.5 Are the General Ledger and subsidiary ledgers

reconciled monthly? Are actions taken to resolve

reconciliation differences?

4.6 Describe the EA’s policy for retention of

accounting records including supporting

documents (e.g, ADB’s policy requires that all

documents should be retained for at least 1 year

after ADB receives the audited project financial

statements for the final accounting period of

implementation, or 2 years after the loan closing

date, whichever is later). Are all accounting and

supporting documents retained in a defined

system that allows authorized users easy access?

4.7 Describe any previous audit findings that have not

been addressed.

Segregation of Duties

4.8 Are the following functional responsibilities

performed by different units or persons: (i)

authorization to execute a transaction; (ii)

recording of the transaction; (iii) custody of assets

involved in the transaction; (iv) reconciliation of

bank accounts and subsidiary ledgers?

4.9 Are the functions of ordering, receiving,

accounting for, and paying for goods and services

appropriately segregated?

Budgeting System

4.10 Do budgets include physical and financial targets?

4.11 Are budgets prepared for all significant activities in

sufficient detail to allow meaningful monitoring of

subsequent performance?

4.12 Are actual expenditures compared to the budget

with reasonable frequency? Are explanations

required for significant variations against the

budget?

4.13 Are approvals for variations from the budget

required (i) in advance, or (ii) after the fact?

Appendix 2 25

Topic

Response

Potential Risk

Event

4.14 Is there a ceiling, up to which variations from the

budget may be incurred without obtaining prior

approval?

4.15 Who is responsible for preparation, approval and

oversight/monitoring of budgets?

4.16 Describe the budget process. Are procedures in

place to plan project activities, collect information

from the units in charge of the different

components, and prepare the budgets?

4.17 Are the project plans and budgets of project

activities realistic, based on valid assumptions,

and developed by knowledgeable individuals?

Is there evidence of significant mid-year revisions,

inadequate fund releases against allocations, or

inability of the EA to absorb/spend released

funds?

Is there evidence that government counterpart

funding is not made available adequately or on a

timely basis in prior projects?

What is the extent of over- or under-budgeting of

major heads over the last 3 years? Is there a

consistent trend either way?

Payments

4.18 Do invoice-processing procedures require: (i)

Copies of purchase orders and receiving reports

to be obtained directly from issuing departments?

(ii) Comparison of invoice quantities, prices and

terms, with those indicated on the purchase order

and with records of goods actually received? (iii)

Comparison of invoice quantities with those

indicated on the receiving reports? (iv) Checking

the accuracy of calculations? (v) Checking

authenticity of invoices and supporting

documents?

4.19 Are all invoices stamped PAID, dated, reviewed

and approved, recorded/entered into the system

correctly, and clearly marked for account code

assignment?

4.20 Do controls exist for the preparation of the

payroll? Are changes

(additions/deductions/modifications) to the payroll

properly authorized?

26 Appendix 2

Topic

Response

Potential Risk

Event

Policies And Procedures

4.21 What is the basis of accounting (e.g., cash,

accrual) followed (i) by the entity? (ii) By the

project?

4.22 What accounting standards are followed

(International Financial Reporting Standards,

International Public Sector Accounting Standards

– cash or accrual, or National Accounting

Standards (specify) or other?

4.23 Does the project have adequate policies and

procedures manual(s) to guide activities and

ensure staff accountability?

4.24 Is the accounting policy and procedure manual

updated regularly and for the project activities?

4.25 Do procedures exist to ensure that only

authorized persons can alter or establish a new

accounting policy or procedure to be used by the

entity?

4.26 Are there written policies and procedures

covering all routine financial management and

related administrative activities?

4.27 Do policies and procedures clearly define conflict

of interest and related party transactions (real and

apparent) and provide safeguards to protect the

organization from them?

4.28 Are manuals distributed to appropriate personnel?

4.29 Describe how compliance with policies and

procedures are verified and monitored.

Cash and Bank

4.30 Indicate names and positions of authorized

signatories for bank accounts. Include those

persons who have custody over bank passwords,

USB keys, or equivalent for online transactions.

4.31 Does the organization maintain an adequate and

up-to-date cashbook recording receipts and

payments?

4.32 Describe the collection process and cash handling

procedures. Do controls exist for the collection,

timely deposit and recording of receipts at each

collection location?

4.33 Are bank accounts reconciled on a monthly

basis? Or more often?

Is cash on hand physically verified, and reconciled

with the cash books? With what frequency is this

done?

4.34 Are all reconciling items approved and recorded?

4.35 Are all unusual items on the bank reconciliation

reviewed and approved by a responsible official?

4.36 Are there any persistent/non-moving reconciling

items?

Appendix 2 27

Topic

Response

Potential Risk

Event

4.37 Are there appropriate controls in safekeeping of

unused cheques, USB keys and passwords,

official receipts and invoices?

4.38 Are any large cash balances maintained at the

head office or field offices? If so, for what

purpose?

4.39 For online transactions, how many persons

possess USB keys (or equivalent), and

passwords? Describe the security rules on

password and access controls.

Safeguard over Assets

4.40 What policies and procedures are in place to

adequately safeguard or protect assets from

fraud, waste and abuse?

4.41 Does the entity maintain a Fixed Assets Register?

Is the register updated monthly? Does the

under lien or encumbered, or have been pledged?

4.42 Are subsidiary records of fixed assets, inventories

and stocks kept up to date and reconciled with

control accounts?

4.43 Are there periodic physical inventories of fixed

assets, inventories and stocks? Are fixed assets,

inventories and stocks appropriately labeled?

4.44 Are the physical inventory of fixed assets and

stocks reconciled with the respective fixed assets

and stock registers, and discrepancies analyzed

and resolved?

4.45 Describe the policies and procedures in disposal

of assets. Is the disposal of each asset

appropriately approved and recorded? Are steps

immediately taken to locate lost, or repair broken

assets?

4.46 Are assets sufficiently covered by insurance

policies?

4.47 Describe the policies and procedures in identifying

and maintaining fully depreciated assets from

active assets.

Other Offices and Implementing Entities

4.48 Describe any other regional offices or executing

entities participating in implementation.

4.49 Describe the staff, their roles and responsibilities

in performing accounting and financial

management functions of such offices as they

relate to the project.

4.50 Has the project established segregation of duties,

controls and procedures for flow of funds and

financial information, accountability, and reporting

and audits in relation to the other offices or

entities?

4.51 Does information among the different offices/

implementing agencies flow in an accurate and

timely fashion? In particular, do the offices other

28 Appendix 2

Topic

Response

Potential Risk

Event

than the head office use the same accounting and

reporting system?

4.52 Are periodic reconciliations performed among the

different offices/implementing agencies?

Describe the project reporting and auditing

arrangements between these offices and the main

executing/implementing agencies.

4.53 If any sub-accounts (under the Imprest Account)

will be maintained, describe the results of the

assessment of the financial management capacity

of the administrator of such sub-accounts.

Contract Management and Accounting

4.54 Does the agency maintain contract-wise

accounting records to indicate gross value of

contract, and any amendments, variations and

escalations, payments made, and undisbursed

balances? Are the records consistent with

physical outputs/deliverables of the contract?

4.55 If contract records are maintained, does the

agency reconcile them regularly with the

contractor?

Other

4.56 Describe project arrangements for reporting fraud,

corruption, waste and misuse of project

resources. Has the project advised employees,

beneficiaries and other recipients to whom to

report if they suspect fraud, waste or misuse of

project resources or property?

5. Internal Audit

5.1 Is there an internal audit (IA) department in the

entity?

5.2 What are the qualifications and experience of the

IA staff?

5.3 To whom does the head of the internal audit

report?

5.4 Will the internal audit department include the

project in its annual work program?

5.5 Are actions taken on the internal audit findings?

5.6 What is the scope of the internal audit program?

How was it developed?

5.7 Is the IA department independent?

5.8 Do they perform pre-audit of transactions?

5.9 Who approves the internal audit program?

5.10 What standards guide the internal audit program?

5.11 How are audit deficiencies tracked?

5.12 How long have the internal audit staff members

been with the organization?

5.13 Does any of the internal audit staff have an IT

background?

5.14 How frequently does the internal auditor meet with

the audit committee without the presence of

Appendix 2 29

Topic

Response

Potential Risk

Event

management?

5.15 Has the internal auditor identified / reported any

issue with reference to availability and

completeness of records?

5.16 Does the internal auditor have sufficient

knowledge and understanding of ADB’s guidelines

and procedures, including the disbursement

guidelines and procedures (i.e., LDH)?

6. External Audit – entity level

6.1 Is the entity financial statement audited regularly

by an independent auditor? Who is the auditor?

6.2 Are there any delays in audit of the entity? When

are the audit reports issued?

6.3 Is the audit of the entity conducted in accordance

with the International Standards on Auditing, or

the International Standards for Supreme Audit

Institutions, or national auditing standards?

6.4 Were there any major accountability issues noted

in the audit report for the past three years?

6.5 Does the external auditor meet with the audit

committee without the presence of management?

6.6 Has the entity engaged the external audit firm for

any non-audit engagements (e.g., consulting)? If

yes, what is the total value of non-audit

engagements, relative to the value of audit

services?

6.7 Has the external auditor expressed any issues on

the availability of complete records and supporting

documents?

6.8 Does the external auditor have sufficient

knowledge and understanding of ADB’s guidelines

and procedures, including the disbursement

guidelines and procedures (i.e., LDH)?

6.9 Are there any material issues noted during the

review of the audited entity financial statements

that were not reported in the external audit

report?

External Audit – project level

6.10 Will the entity auditor audit the project accounts or

will another auditor be appointed to audit the

project financial statements?

6.11 Are there any recommendations made by the

auditors in prior project audit reports or

management letters that have not yet been

implemented?

6.12 Is the project subject to any kind of audit from an

independent governmental entity (e.g. the

30 Appendix 2

Topic

Response

Potential Risk

Event

supreme audit institution) in addition to the

external audit?

6.13 Has the project prepared acceptable terms of

reference for an annual project audit? Have these

been agreed and discussed with the EA and the

auditor?

6.14 Has the project auditor identified any issues with

the availability and completeness of records and

supporting documents?

6.15 Does the external auditor have sufficient

knowledge and understanding of ADB’s guidelines

and procedures, including the disbursement

guidelines and procedures (i.e., LDH)?

6.16 Are there any recommendations made by the

auditors in prior audit reports or management

letters that have not yet been implemented?

[For second or subsequent projects]

6.17 Were past audit reports complete, and did they

fully address the obligations under the loan

agreements? Were there any material issues

noted during the review of the audited project

financial statements and related audit report that

have remained unaddressed?

7. Reporting and Monitoring

7.1 Are financial statements and reports prepared for

the entity?

7.2 Are financial statements and reports prepared for

the implementing unit(s)?

7.3 What is the frequency of preparation of financial

statements and reports? Are the reports prepared

in a timely fashion so as to be useful to

management for decision making?

7.4 Does the entity reporting system need to be

adapted for project reporting?

7.5 Has the project established financial management

reporting responsibilities that specify the types of

reports to be prepared, the report content, and

purpose of the reports?

7.6 Are financial management reports used by

management?

7.7 Do the financial reports compare actual

expenditures with budgeted and programmed

allocations?

7.8 How are financial reports prepared? Are financial

reports prepared directly by the automated

accounting system or are they prepared by

spreadsheets or some other means?

Appendix 2 31

Topic

Response

Potential Risk

Event

7.9 Does the financial system have the capacity to

link the financial information with the project's

physical progress? If separate systems are used

to gather and compile physical data, what controls

are in place to reduce the risk that the physical

data may not synchronize with the financial data?

7.10 Does the entity have experience in implementing

projects of any other donors, co-financiers, or

development partners?

8. Information Systems

8.1 Is the financial accounting and reporting system

computerized?

8.2 If computerized, is the software off-the-shelf, or

customized?

8.3 Is the computerized software standalone, or

integrated and used by all departments in the

headquarters and field units using modules?

8.4 How are the project financial data integrated with

the entity financial data? Is it done through a

module in the enterprise financial system with

automatic data transfer, or does it entail manual

entry?

8.5 Is the computerized software used for directly

generating periodic financial statements, or does it

require manual intervention and use of Excel or

similar spreadsheet software?

8.6 Can the system automatically produce the

necessary project financial reports?

8.7 Is the staff adequately trained to maintain the

computerized system?

8.8 Do the management, organization and processes

and systems safeguard the confidentiality,

integrity and availability of the data?

8.9 Are there back-up procedures in place?

8.10 Describe the backup procedures – online storage,

offsite storage, offshore storage, fire, earthquake

and calamity protection for backups.

32 Appendix 3

PROJECT FINANCIAL MANAGEMENT ASSESSMENT

REPORT OUTLINE

EXECUTIVE SUMMARY

Overall Assessment of project financial management risk (High, Substantial, Moderate or Low)

Summary of weaknesses and risks identified

Summary of mitigation/management measures to be adopted

I. INTRODUCTION

The introduction should indicate that the assessment was prepared in accordance with the

technical guidance note for financial management assessment. The assessment should indicate

when and how the assessment was undertaken “The FMICRA was undertaken from <<< to >>>

by (indicate names of ADB staff and consultants). Preparation activities included reviewing

documents, ADB’s ongoing experience, interviews with counterpart and discussions with

stakeholders.”

II. BRIEF PROJECT DESCRIPTION – Summarize the project outcome and outputs, total cost

estimates and financing plan, period of implementation, names of the executing and

implementing agencies.

III. COUNTRY AND SECTOR FINANCIAL MANAGEMENT ISSUES (EXTRACT FROM CPS

ASSESSMENTS) – With special attention to identified High or Substantial financial management

risks.

IV. PROJECT FINANCIAL MANAGEMENT SYSTEM

A. Overview

This section should provide a narrative description of the country public financial

management systems covering:

(i) Organization and Staff Capacity

(ii) Information Management

(iii) Budgeting and Funds Flow Arrangements

(iv) Effectiveness

(v) Accountability Measures (e.g., public audits, legislative oversight)

B. Strengths

This section should identify strengths of project financial management arrangements,

particularly those elements that ADB may wish to rely upon. This should include those

elements considered fully capable or competent.

C. Weaknesses

This section should identify weaknesses of the project financial management

arrangements. This should be include those elements considered to be weak or need of

improvement

D. Personnel, accounting policies and procedures, internal control, internal and

external audit

E. Financial reporting systems, including use of information technology

F. Disbursement arrangements, funds flow mechanism

Appendix 3 33

V. RISK DESCRIPTION AND RATING – INCLUDING THE FINANCIAL MANAGEMENT AND

INTERNAL CONTROL RISK ASSESSMENT

Based on the weaknesses identified, fiduciary risks should be identified, assessed on the basis of

likelihood of occurrence and degree of impact, and mitigation measures identified. Risks should

first be classified as inherent or project risk, and then an overall risk assessment combining both

should be provided.

VI. PROPOSED TIME-BOUND ACTION PLAN

VII. SUGGESTED FINANCIAL MANAGEMENT COVENANTS

VIII. CONCLUSION

The overall conclusion including an opinion as to whether or not the project arrangements with

appropriate mitigation measures, are considered satisfactory.

Appendixes:

(Illustrative list)

Completed financial management assessment questionnaires, funds flow arrangements,

organization charts, audit reports, management letters, etc.

34 Appendix 4

FINANCIAL MANAGEMENT, INTERNAL CONTROL AND RISK ASSESMENT AND RISK

MANAGEMENT PLAN TEMPLATE

Risk Description

Risk

Assessment

Mitigation Measures or Risk Management Plan

Inherent Risk

1. Country Specific

1. Entity-specific

Overall Inherent Risk

Project Risk

1. Implementing entity

2. Funds flow

3. Staffing

2. Accounting policies and

Procedures

3. Internal Audit

4. External Audit

5. Reporting and Monitoring

6. Information Systems

Overall Project Risk

Overall (Combined) Risk

Instructions:

1. Risk Assessment – Assign any one rating - High, Substantial, Moderate, or Low (no combinations)

2. Mitigation Measures - For risks that can be mitigated by the executing agency, implementing agencies,

and ADB, specify major actions planned for mitigation, responsible agencies, and timelines for

implementation. For risks that are mitigated by other agencies (e.g., government and other development

agencies), outline the key mitigating measures.

Appendix 5 35

SAMPLE COMPLETED FINANCIAL MANAGEMENT, INTERNAL CONTROL AND RISK

ASSESSMENT WORKING TABLE

Risk Description Impact Likelihood

Risk

Assessment

Mitigation Measures or Risk Management Plan

1. CountrySpecific - Audit reports of supreme audit

institution are submitted with a delay of over 2

years, and are not reviewed by the Public Accounts

Committee of Parliament. Consequently, audit

opinions are ignored, and tend to get repeated

without satisfactory resolution. (From PEFA

assessment of November 2013)

High Likely

High

World Bank, ADB, USAID and other development partners are in dialogue with

the government. Grants have been provided by the US Government and World

Bank to strengthen the capacity of the SAI to provide timely audits. The

government has been requested to request the Parliament to ensure that the

Public Accounts Committee meets regularly, and reviews the SAI's audit

reports.

1. Entity-specific - The roles of the Entity as a

whole, the Project Implementation Unit for the ADB-

assisted project, and the design and supervision

consultants are not clearly delineated, leading to

confusion and overlaps.

Low Likely

Moderate

A clear organizational structure will be prepared; specific terms of reference will

be developed for PMU staff and the design and supervision consultants.

Overall Inherent Risk

Moderate

Control Risk

1. Implementing Entity - The Finance function of

the executing agency is headed by a Manager level

officer, who is quite junior compared to General

Managers who head all other functions. There is no

Board-level representation for the finance function.

High Likely

High

Appointment of a Director (Finance) to the Board, upgrading the staff head of

the Finance function to the level of General Manager, and appointment of a

suitably qualified and experienced person to both positions are conditions for

loan disbursement.

2. Funds flow - Due to weak financial position, the

executing agency is unable to provide sufficient

liquidity to pay for ADB share of project expenditure

in advance, and will need 100% of the counterpart

resources to be provided by the government.

High Likely

High

ADB's direct payment and commitment letters will be adopted to pay ADB's

share of project costs. A covenant to be included in the loan agreement

requiring the government to provide adequate and timely counterpart funding. An

imprest fund is not recommended.

3. Staffing - While adequate book-keeping skills

are available, there is a high staff turnover in the

finance department. There is no procedure in place

for regular rotation of staff on different duties; and

there is no process for periodic performance

evaluation and imposition of penalties for non-

performance. Accounting staff have limited

knowledge of ADB requirements.

Moderate Likely

Moderate

Staff to be remunerated at market rates to mitigate high turnover. Rotation of

staff to be implemented to the extent feasible. A performance management

system to be put in place. Staff to be provided specific training in ADB

requirements.

3. Accounting policies and Procedures - There are

no written Accounting Policy or Procedure manuals.

Bank reconciliations are in arrears by over 6

months at any point of time. Customer and supplier

account reconciliations have never been carried

out.

High Likely

High

A consultant will be provided to assist the executing agency to prepare an

Accounting Manual, and disseminate the manual among all staff including

handholding for initial implementation. Strict policy will be put in place for

carrying out bank reconciliations in a timely manner.

4. Internal Audit - there is no internal audit function. High Likely

High

An Audit Committee of the Board will be constituted, and a chartered

accounting firm recruited to carry out internal audit functions, particularly

focusing on effective operation of internal controls (including review of bank

reconciliations). The internal audit reports, to be provided on a quarterly basis,

will be reviewed by the Audit Committee and actions taken to address the

findings.

5. External Audit - Audit is carried out by the

Supreme Audit Institution. While competent, the SAI

is short-staffed, leading to inordinate delays of up to

1 year in finalizing audits. This has knock-on effects

on preparation of accounts for subsequent years as

the opening balances are not finalized in a timely

manner.

Moderate Likely Moderate

Audit of the project accounts will be out-sourced to a private firm of chartered

accountants under the supervision of the SAI. This will be funded by the ADB

loan proceeds, and audit will be required to be submitted within 5 months after

the close of each financial year.

6. Reporting and Monitoring - No in-year reporting

is provided, with annual financial reports being

provided based on unreconciled accounts with a

delay of up to 6 months (unaudited) and over 1 year

for audited. There is no comparison of actual with

budget.

High Likely

High

Project financial reports will be generated on a quarterly basis with the help of

the design and supervision consultants. Project budget figures will be compared

with actual in each quarterly report. Annual unaudited repors will be provided

within 45 days of the close of each financial year; and audited annual reports

will be submitted within 5 months after the close of each financial year.

7. Information Systems - There is partial

computerization, with heavy reliance on Excel

spreadsheets to produce financial reports. The IT

department is poorly staffed and resourced, and the

Excel spreadsheets are inherently open to

accidental (or intentional) errors..

High Likely

High

A computerized accounting software will be procured for the project financial

reporting, and implemented initially through consultants in the design and

supervision consultancy. Staff will be trained to operate the software during the

project implementation.

Overall Control Risk

High

Overall (Combined) Risk

Substantial

Inherent Risk