REPORT OF THE INDEPENDENT EXTERNAL AUDITOR ON THE AUDIT OF
THE FINANCIAL STATEMENTS OF THE WORLD TRADE ORGANIZATION (WTO)
FOR THE YEAR ENDED 31 DECEMBER 2014
1
EXECUTIVE SUMMARY. 3
2 SCOPE AND APPROACH OF THE AUDIT. 5
2.1 Scope of the Audit 5
2.2 Audit Objective and Approach. 5
2.3 Audit Conclusion. 6
3 FINANCIAL AUDIT. 7
3.1 General 7
3.2 Contributions. 7
3.3 Financial Position/Performance. 9
3.3.1 Statement of Financial Position. 9
Assets and Liabilities. 9
Cash and Cash Equivalents. 10
Receivables from Members and Observers. 10
Inventories. 10
Other receivables. 11
Advances and prepayments. 11
Building. 11
Equipment 12
Pension Plan Assets. 12
Assessed contributions received in advance. 13
Short-term employee benefits. 13
Loan. 13
Pension Benefits. 14
ASHI 14
Net assets (total) 14
3.3.2 Statement of Financial
Performance. 15
Revenue and Expenses. 15
Net result/surplus (deficit) for the Period. 17
4 PERFORMANCE AUDIT. 18
4.1 Procurement activities of WTO. 18
Focus and procedure of the audit 18
Rules and Guidance. 18
Procurement Planning. 18
Requisition of consulting services. 19
Amendments to Contracts. 20
Contract Management 21
Conclusion. 22
4.2 IT‑Governance. 23
Focus and procedure of the audit 23
IT in the Secretariat 23
Adoption of IT standards. 24
Business strategy, IT strategy and IT
policy framework. 26
IT Security. 28
5 CASES OF FRAUD OR SUSPECTED FRAUD.. 29
6 FOLLOW‑UP. 29
6.1 WTO Financial Regulations. 29
6.2 US‑Tax reimbursement for WTO
staff 29
6.3 IPSAS‑compliant WTO financial
statements. 30
7 ACKNOWLEDGEMENT. 30
LIST OF ABBREVIATIONS AND ACRONYMS. 31
Annex. 32
My team and I have audited the financial
statements of the WTO.
1. My
team and I have audited the financial statements of the World Trade
Organization (hereinafter "WTO") for the financial period from
1 January to 31 December 2014. These comprise:
·
the statement of financial
position;
·
the statement of financial
performance;
·
the statement of cash flow;
·
the statement of changes in net
assets;
·
notes and annexes to the
financial statements.
Responsibility of Management
2. The
Director‑General is responsible for preparing the financial statements in
accordance with the Financial Regulations of the WTO.
Responsibility of the External Auditor
3. My
responsibility, under Chapter XIII of the Financial Regulations, is to express
an opinion on these financial statements based on my audit.
Scope of the audit
4. The
audit included the examination, on a test basis, of evidence supporting the
amounts and disclosures in the financial statements. It also included an
assessment of the accounting principles used, and significant estimates made by
the Director‑General, as well as an evaluation of the overall presentation of
the financial statements.
I have conducted my audit in conformity
with the International Standards on Auditing
5. I conducted
my audit in conformity with the International Standards on Auditing
(ISA) as adopted and amended by the International Organization of Supreme Audit
Institutions (INTOSAI) and issued as International Standards for Supreme Audit
Institutions (ISSAIs). These standards oblige me to
comply with ethical requirements and to plan and carry out the audit to obtain
reasonable assurance that the financial statements are free from material
misstatement.
My audit provides a reasonable basis for
the audit opinion
6. The ISA, as well as the ISSAI, require the
auditor to carry out an audit of an organization's accounts and financial
transactions which includes examining, on a test basis, evidence supporting the
amounts and disclosures in the financial statements. It also includes assessing
the accounting principles and significant estimates made by the Director‑General,
as well as evaluating the overall presentation of the financial statements. I
believe that my audit provides a reasonable basis for the audit opinion.
The financial statements present fairly
the financial position
7. As a result of my audit, I am of the opinion
that the financial statements present fairly, in material respects, the
financial position as at 31 December 2014, that they have been
prepared mostly (except for the remarks concerning ITC, see paragraphs 77‑81)
in accordance with International Public Sector Accounting Standards (IPSAS) and
WTO's stated accounting policies, and that the transactions have been in
accordance with the Financial Regulations. Furthermore I have assumed that the
IT system the Secretariat is responsible for and which it uses for accounting
and for the preparation of the financial statements works properly and
according to ISSAI‑standards (even though, in the course of this audit, I had
no chance to ensure that), especially concerning IT security (see also my
recommendations in paragraph 126 in
this report).
I have placed an audit opinion with a
reservation on the financial statements
8. The audit revealed no weaknesses or errors which
I considered material to the accuracy, completeness and validity of the
financial statements as a whole. Nevertheless, I have placed an audit opinion
with a reservation on WTO's financial statements for 2014 due to non‑consolidation
of the ITC (see 3.3.2). Therefore, from my point of
view, the financial statements are not completely IPSAS‑compliant.
Areas covered by this report
9. My report includes observations and
recommendations intended to contribute to the improvement of financial
management. For 2014, my audit work has mainly covered the areas described in
the following paragraphs.
Overall financial situation (Part 3)
10. In accordance with Chapter XIII of the Financial
Regulations, I present an analysis of WTO's financial statements. In Part 3 of
my report I comment on the overall financial situation.
Performance audit (Part 4)
11. Regulation 44 of the Financial Regulations
stipulates that my annual audit shall also include performance audits as
defined by the INTOSAI Auditing Standards.
WTO has presented financial statements
mostly in accordance with IPSAS
12. The financial statements for the year ending
31 December 2014 are the third official financial statements to be
prepared and presented mostly in accordance with IPSAS.
Cases of fraud or suspected fraud
(Part 5)
13. The Secretariat reported that it did not have
any information on cases of fraud or suspected fraud. During our audit, my team
did not detect any cases of fraud or suspected fraud.
Follow Up (Part 6)
14. In the last report of the External Auditor
(2013) my predecessor commented on a number of aspects. My team reviewed the
pending implementation of these recommendations.
Acknowledgement (Part 7)
15. I wish to convey my appreciation for the
cooperation and assistance extended by the Director‑General, the management and
staff of the Secretariat. I am very grateful for their assistance during the
entire external audit process.
Principles governing my audit
16. My
staff and I have audited the financial statements of the WTO for the financial
period from 1 January to 31 December 2014. These statements
comprise the statement of financial position, the statement of financial
performance, the statement of cash flow, the statement of the changes in net
assets and notes and annexes to the financial statements. We also examined the
related financial accounts and transactions.
Responsibility of Management
17. The
Director‑General is responsible for the preparation and fair presentation of
these financial statements in accordance with WTO's Financial Regulations, and
with such internal controls as management determines are necessary to permit
the preparation of financial statements that are free from material
misstatement, whether due to fraud or error.
Responsibility of the External Auditor
18. I am
responsible for expressing an opinion on the financial statements based on
evidence obtained during my audit. I planned and performed the audit in such a
way as to obtain reasonable assurance that the financial statements are free
from material misstatement.
Audit of the financial statements
19. The financial
statements of the WTO, together with my audit report and the audit opinion,
have been discussed with the Director‑General. He has taken note of the
contents of my report.
Performance audits
20. In addition
to my audit of WTO's financial statements, accounts and financial transactions,
I carried out the reviews (under Regulation 44 of the Financial
Regulations) that I deemed necessary with respect to the efficiency of the
Procurement and the IT Division, its accounting system, its internal controls,
and the financial consequences of existing administrative practices.
Objective of financial audit: Forming the
audit opinion
21. The
purpose of the audit was to enable me to form an opinion on whether the expenditure
recorded for the year had been incurred for the purposes approved by the
Council; whether revenues and expenses were properly categorized and recorded
in accordance with WTO's Financial Regulations; and whether the financial
statements presented fairly the financial position as at
31 December 2014.
Substantive testing convinced me of the
correctness of WTO's records
22. My
audit opinion is based on substantive testing of the transactions recorded in
all areas of the financial statements. The examination was carried out to
ensure that the financial statements accurately reflect the accounting records
and present fairly the financial situation of the WTO.
I found no material weaknesses. Nevertheless,
I have placed a qualified opinion on WTO's financial statements
23. Notwithstanding
the observations in this report, my examination revealed no weaknesses or
errors which I considered material to the accuracy, completeness and validity
of the financial statements as a whole. In accordance with normal practice, my
team reported additional findings to the management of the Secretariat in the
course of the audit. I certify with the mentioned reservation (see paragraph
77) that the financial statements and schedules present fairly the financial
situation of WTO, and I have placed a qualified opinion on WTO´s financial
statements for 2014.
My
team examined the accounting records.
24. My
audit included a general review, and such tests of the accounting records and
other supporting evidence as I considered necessary in the circumstances. These
audit procedures are primarily designed to allow an opinion on WTO's financial
statements to be formed.
Random
sample check
25. We
analysed data records and transactions. From a total of 69,507 transactions we
eliminated automatically generated entries in the accounts by means of the
audit software "IDEA". We clustered all transactions and took a
random sample of a significant number of the remaining 21,609 transactions from
all clusters. We checked if invoices and the related documents had been filed
in accordance with the regulations and cross‑checked the basis for payment and
the necessary approvals. None of the transactions examined gave cause for
serious criticism. The Secretariat was able to clarify all open questions.
I
report on WTO's financial development.
26. In
the following paragraphs, I report on trends and tendencies and provide
background information. For that purpose, my staff carried out an analysis of
several of the Organization's key figures and their trend.
2014
budget was approved in November 2013.
27. All
regular WTO activities are financed from the regular budget (beside voluntary
contributions) covering expenses and income for a biennium, this time 2014‑2015.
The 2014 budget was approved by the Council in its meeting on 26th
of November 2013. The budget is financed from assessed contributions and
miscellaneous income.
Calculation
of contributions
28. The
contributions are calculated on the basis of each Member State's international
trade (imports plus exports) in relation to the international trade of all WTO
Member States, based on statistics over a five year period
Reviewing
of contributions
29. I
reviewed contributions for 2014.
2014
|
Assessed Contributions*
|
%
|
Outstanding Contributions
|
%
|
Member States
|
195.6
|
|
11.6
|
|
Observers
|
0.7
|
|
0.2
|
|
Total
|
196.3
|
94
|
11.8
|
6
|
Source:
WTO Financial Statements 2014; in million CHF; *(Differences due to
rounding).
In
2014, assessed Member States' contributions amount to
CHF 195.6 million.
30. Assessed
contributions by Member States amounting to CHF 195.6 million,
contributions by Observers totalled CHF 0.7 million. At the end of
2014 WTO has 160 Member States; one new Member State, Yemen, formally acceded
in 2014. There are 24 Observers of WTO.
31. Assessed
contributions paid in advance by Members and Observers amount to
CHF 13.9 million, CHF 13.8 million contributions, the rest
of it are interests earned by this advance payment.
Outstanding
contributions totalled CHF 19.3 million.
32. The
outstanding contributions totalled CHF 19.3 million ‑ coming from a
peak in 2003 with a total of CHF 31.5 million outstanding
contributions. 56 out of 160 Members and 9 Observers out of 24 had payment
arrears, 8 Members accepted a payment plan to suspend Administrative Measures,
and 2 Members have been put back under Administrative Measures due to non‑compliance
with the agreed payment plan. Details of Administrative Measures and their
different levels are defined in Annex B of WTO's Financial Regulations.
Administrative
Measures for Members/Observers in arrears.
33. Concerning
to Regulation 14 in the WTO
Financial Regulations Members and Observers with arrears shall be subject to
Administrative Measures. Furthermore, there might be (inactive) Members without
a payment plan but with long‑term outstanding contributions (e.g. states no
longer in existence). This is not a standard practice within WTO. Due to IPSAS,
contributions that are uncollectible should be written off completely.
I
recommend developing a procedure for dealing with uncollectible contributions.
34. I
recommend that the WTO develop a practice or procedure and coming to a decision
about how to deal with uncollectible contributions (e.g. in the case of states
no longer in existence such as Yugoslavia). The
Secretariat will assess the feasibility of the write off of uncollectable
contributions and take proper action where possible.
Table
1 ‑ Statement of Financial Position as at 31 December 2014*
(In million CHF)
|
2014
|
2013
|
2012 (restated)
|
Current Assets
|
|
|
|
Cash and cash equivalents
|
107.7
|
83.5
|
88.3
|
Receivables from Members
|
9.9
|
12.7
|
12.6
|
Receivables from Observers
|
0.5
|
0.6
|
0.2
|
Inventories
|
0.4
|
0.4
|
0.4
|
Other receivables
|
3.6
|
5.6
|
4.6
|
Advances and prepayments
|
5.2
|
5.0
|
4.4
|
Non‑Current Assets
|
|
|
|
Building
|
118.4
|
119.1
|
49.7
|
Work in Progress ‑ Building
|
‑
|
‑
|
68.1
|
Work in Progress ‑ Equipment
|
‑
|
2.0
|
12.3
|
Equipment
|
16.9
|
16.9
|
3.2
|
Intangible assets
|
0.6
|
0.3
|
0.5
|
Pension Plan Assets
|
487.6
|
441.3
|
397.5
|
TOTAL ASSETS
|
750.8
|
687.4
|
641.7
|
Current
Liabilities
|
|
|
|
Payables
|
4.3
|
3.7
|
9.6
|
Accruals
|
1.0
|
1.2
|
2.4
|
Assessed contributions
received in advance
|
13.9
|
8.0
|
12.9
|
Voluntary contributions
refundable
|
32.6
|
33.6
|
31.3
|
Short‑term employee benefits
|
11.7
|
12.7
|
12.3
|
Grant
|
‑
|
‑
|
12.6
|
Non‑Current
Liabilities
|
|
|
|
Loan
|
57.6
|
58.8
|
60.0
|
Pension benefits
|
1,209.6
|
852.7
|
945.8
|
ASHI
|
342.9
|
247.1
|
270.5
|
Other Long‑term employee
benefits
|
10.6
|
9.0
|
8.9
|
Provision for right of use
|
48.5
|
49.1
|
49.7
|
Funds
|
4.3
|
6.0
|
12.2
|
TOTAL LIABILITIES
|
1,736.9
|
1,281.9
|
1,428.1
|
NET ASSETS
|
(986.1)
|
(594.5)
|
(786.4)
|
WCF
|
10.7
|
10.6
|
10.5
|
Actuarial gain (loss)
|
(226.1)
|
155.5
|
(41.4)
|
Accumulated surplus
|
(770.7)
|
(760.5)
|
(755.5)
|
TOTAL NET ASSETS
|
(986.1)
|
(594.5)
|
(786.4)
|
Source: WTO Financial Statements
2014 and 2013; *(Differences due to rounding).
Assets and Liabilities
My
team examined the statement of assets and liabilities.
35. Full
reporting of assets and liabilities in a balance sheet enables the reader to
understand the financial position of an organization. Such a statement of
financial position is also required under IPSAS. My team examined this
statement and the presentation of the major underlying accounts.
Assets
Current
Assets
Cash and Cash Equivalents
Overall
cash situation with a total of CHF 107.7 million is sufficient.
36. WTO's overall cash situation is sufficient. Compared to the balance
in the previous year, total cash and cash equivalents increased by
CHF 24.2 million from CHF 83.5 million in 2013 to
CHF 107.7 million as at 31 December 2014
(CHF 88.3 million in 2012). Cash and cash equivalents include cash in
hand and cash accounts at bank.
Cash
deposits in CHF increased in 2014.
37. The
increase in 2014 is almost complete due to a cash deposit amounting to
CHF 103.5 million (in 2013 CHF 81.4 million).
38. Other
currencies (USD, EUR and GBP) are of minor importance for WTO. In 2014, the
total amount of assets in other currencies was equivalent to approximately
CHF 4 million.
No
formal decision concerning accounting exchange rates.
39. WTO
uses the United Nations Operational Exchange Rate for accounting transactions
in foreign currencies. There is no official decision or document supporting
this practice.
Following
my recommendation, a decision document was presented during our audit.
40. I
recommended that the Secretariat ask for an authorization and an official
decision to use UN Operational Exchange Rate as official accounting rate for
WTO transactions.
The Secretariat accepted the recommendation and,
during our audit, presented a memorandum on this topic signed by the DDG.
Receivables from Members and Observers
Provision
for arrears amount to CHF 9.4 million
41. Receivables
from Members and from Observers (receivables from non‑exchange transactions)
include a provision for outstanding contributions. The provision for arrears
from Members and Observers amount to CHF 9.4 million
(CHF 9 million from Members; CHF 0.4 million from
Observers).
Payment
plans are covering arrears of CHF 7 million.
42. There
are payment plans with 10 Members (8 are following the agreed payment plan)
with total arrears of CHF 7 million.
Inventories
Inventories
consist mainly of WTO publications and co‑publications.
43. Inventories
within current assets for WTO are mainly publications and co‑publications
totalling CHF 0.4 million. Not all inventories are held internally; a
part of the WTO publications and co‑publications are stored at a third party
storage facility.
44. Minor
inventory adjustments (about CHF 4,000 in 2014) are made as a result of a difference
between value in the financial accounts and value of the physical inventory.
Other receivables
Recoverable
United States taxes amount to CHF 3 million.
45. Other receivables include recoverable taxes, e.g. from the United
States (US) and Switzerland. In 2014, other receivables totalled amount to CHF 3.6 million (2013: CHF 5.6 million); CHF 3 million of the 2014 total
were recoverable US taxes.
WTO
pays for staff estimated US tax in advance.
46. Staff
members of WTO, like those of other international organizations, are exempt
from income tax. Nevertheless, the US requires its citizens and residents to pay
tax worldwide. The WTO pays estimated tax payments in advance and asks for
a reimbursement from the US Government based on an agreement between WTO
and US of 22 December 2000.
47. The
WTO Secretariat's method of calculating reimbursements is different from the
method used by the US Government, although the WTO method is validated by the
International Labour Organization (ILO).
Different
reimbursement methods result in a write-off for WTO.
48. The
difference in 2014 not reimbursed by the US results in a write off for the WTO
shared by all Member States amounting to CHF 98,194 (2013: CHF 115,370).
I
recommend that the WTO Secretariat agree with the US Gov. on a similar
reimbursement method.
49. I
recommend, just like my predecessor the years before, that efforts be continued
to accelerate the refunding procedure and to negotiate and agree with the US
Government on a similar reimbursement method based on the ILO approach.
The Secretariat will continue to pursue efforts to accelerate the refunding
procedure from the US Government.
Advances and prepayments
Advances
and prepayments amount to a total of CHF 5.2 million.
50. In 2014, advances and prepayments with a total of CHF 5.2 million
include staff advances made for salary, travel and education grants
representing CHF 3.3 million and advances relating to Trust Funds
activities with an amount of CHF 1.1 million.
Non‑Current
Assets
Building
Net
carrying amount as at 31 December 2014 CHF 118.4 million.
51. With
regard to non‑current assets, a balance sheet item of high value is "building"
with a net carrying amount of CHF 118.4 million (2013: CHF 119.1 million).
The accumulated depreciation of buildings as at 31 December 2014 amounts to
CHF 16 million (depreciation for 2014 only: CHF 3 million).
52. Work
in progress (WIP Building/Equipment) in the financial statements of 2014 is
zero (in the financial statements for 2012 still indicated
CHF 68.1 million WIP – Building and CHF 12.3 million WIP –
Equipment). After finalizing the New Administrative Building in the end of 2014
all work in progress is completed.
Equipment
The
value of equipment totals CHF 16.9 million.
53. The value of equipment totals CHF 16.9 million. The most
significant items are furniture (CHF 7.5 million), audiovisual
equipment (CHF 6.5 million), security equipment (CHF 1.9 million)
and IT equipment (CHF 0.5 million).
No
regular physical inventory for assets (exception: publications).
54. For
equipment assigned to non‑current assets there is no procedure for a regular
physical inventory. Only for inventories (see above) categorized as current
assets, there is a regular physical inventory.
I
noted that WTO is going to implement special software for improving the process
of registering all assets in 2015.
55. In
2015, WTO is going to implement special software to register all assets and to
facilitate the depreciation process for assets to fulfil all requirements of
IPSAS (all assets should be clearly documented in the Financial Statements) and
to improve the documentation process.
I will
monitor further activities and experiences concerning this topic.
Pension Plan Assets
Fair
value of Plan assets: CHF 487.6 million.
56. The
fair value of Plan assets at the beginning of 2014 (31 December 2013) was
CHF 441.3 million. With all expenses, contributions and benefits
paid, the fair value as at 31 December 2014 was CHF 487.6 million.
Actuarial
gain 2014: CHF 16 million.
57. Actuarial
gain on Plan assets net of actual investment expenses as at
31 December 2014 amounts to CHF 16 million (2013: CHF
15.3 million).
Liabilities
Current
Liabilities
Assessed contributions received in
advance
Contributions
paid in advance: CHF 13.9 million.
58. The total amount of contributions paid in advance by Members and
Observers is CHF 13.9 million (2013: CHF 8.0 million). This
includes interest of CHF 132,000 earned through the Early Payment Scheme
implemented by the Council to encourage early payment.
Short-term employee benefits
Short-term
employee benefits total CHF 11.7 million.
59. Short-term
employee benefits comprise dependency allowance, untaken annual leave,
education grant and home leave. The total as at 31 December 2014
amounts to CHF 11.7 million.
Short term Employee Benefits
|
31/12/2014
(In million CHF)
|
Dependency allowance
|
0.05
|
Untaken annual leave
|
9.17
|
Education grant
|
1.39
|
Home leave
|
0.90
|
Separation grant
|
0.23
|
Total
|
11.74
|
Several
adjustments in Note 14 and some tables concerning employee benefits.
60. I
requested several adjustments regarding the figures, phrases and presentation
in the tables of Note 14. In particular, this pertained to updated calculation
bases and the clarity of descriptions of provisions.
61. The Secretariat accepted the recommendation and will follow
my suggestions.
Non‑Current
Liabilities
Loan
WTO
received an interest‑free loan of CHF 60 million.
62. The
WTO received a CHF 60 million loan from the Swiss Authorities to
finance renovation work on its headquarters (CHF 20 million for the
south and north courtyards and another CHF 40 million for the new
administrative building).
The
duration is 50 years; annual repayment is CHF 1.2 million.
63. The
loan is interest‑free; its term is 50 years. WTO started reimbursement in 2013
with CHF 1.2 million (1/50 of 60 million); in 2014 WTO repaid
another CHF 1.2 million. The total of the residual debt as at
31 December 2014 is CHF 57.6 million.
Pension Benefits
Pension
benefits total CHF 1,209.6 million.
64. The WTO Pension Plan is a defined benefit plan. The value of its
commitments according to IPSAS amounts to CHF 1,209.6 million as at
31 December 2014 (2013: CHF 852.7 million). The most
important change in 2014 was the actuarial loss of CHF 313.3 million.
Discount
rate as an essential assumption decreased from 2.6% to 1.1%.
65. Actuarial
assumptions changed significantly compared to the valuation as at
31 December of the previous year. In particular, the key date‑related
discount rate decreased from 2.6% to 1.1% (for ASHI (see below) and Pension). Furthermore,
the expected long‑term rate of return on Plan assets decreased from 4.5% to 4.0%.
ASHI
ASHI
total CHF 342.9 million.
66. The
After Service Health Insurance (ASHI) benefits are calculated, just like the
pension liability, by consulting actuaries. The related liability at the end of
2014 totalled CHF 342.9 million (2013: CHF 247.1 million).
Actuarial
loss in 2014: CHF 84.3 million.
67. Just
like in the position for pension benefits the increase mainly results from the
above mentioned change in the discount rate from 2.6% to 1.1%, which led to an
actuarial loss of CHF 84.3 million at the end of 2014.
Net assets (total)
Net
assets/equity of the period is CHF (986.1) million
68. Considering all assets as at 31 December 2014 (CHF
750.8 million) and all liabilities (CHF 1,736.9 million) there
is a negative total net assets/equity of CHF (986.1 million) (2013: CHF (594.5 million)).
This is mainly due to the inclusion of the Pension and ASHI liabilities in the
financial statements and their valuation according to IPSAS. In particular the
Pension liability will be offset by future contributions and return on
investment income.
Revenue and Expenses
The table below shows
comparative figures of 2012, 2013 and 2014.
69. The
IPSAS equivalents of income and expenditure are revenue and expenses (as shown
in the Statement of Financial Performance). The table presents the figures for
2012, 2013 and 2014.
Table
2 ‑ Statement of Financial Performance as at 31 December 2014*
Source:
WTO Financial Statements 2014 and 2013; *(Differences due to rounding).
Revenue
Total
revenue amounts to CHF 241.7 million.
70. Revenue
at year‑end totalled CHF 241.7 million (2013: CHF 255.8 million).
71. The
most significant revenue item are contributions from Members and Observers
amounting to CHF 196.3 million (CHF 195.6 + 0.7 million).
Expenses
Total
expenses amount to CHF 251.9 million.
72. Total
expenses as at 31 December 2014 totalled CHF 251.9 million (2013: CHF 260.8 million).
Staff
expenditures of CHF 174.7 million represent more than two thirds.
73. More
than two thirds of the expenses (69.4%) are chiefly due to staff expenditures
with a total of CHF 174.7 million (2013: CHF 184.6 million).
Following
my recommendation, the Secretariat implemented a detailed table on staff
expenditures.
74. For
improving transparency I recommended that more explanations and more details on
expenses be given in Note 19, especially on staff expenditures, e.g. a table
with details to the different types of staff expenditures. The Secretariat
accepted the recommendation and implemented Table 62 in the report with details concerning staff
expenditures.
Expenditure
for temporary assistance amounts to CHF 20.6 million.
75. Another
important item within expenses is temporary assistance with an amount of
CHF 20.6 million.
The
Secretariat accepted my further proposal concerning the introduction of a table
showing expenditures details.
76. As I
did for staff expenditures, I also recommended giving more details concerning
expenses for temporary assistance in Note 19. The Secretariat accepted the
proposal and introduced Table 63 accordingly.
WTO's
contribution to the ITC: CHF 18.5 million.
77. The
WTO's contribution to the International Trade Centre (ITC) is another
significant expense and as at 31 December 2014 amounts to CHF
18.5 million.
ITC
is a jointly operated and controlled entity.
78. The
ITC is a joint technical cooperation agency of the UN and WTO. Originally
established in 1964 by the General Agreement on Tariffs and Trade (GATT), ITC
has operated since 1968 under the joint aegis of GATT and the UN. It is
operated jointly (as outlined in the financial statements of WTO) and therefore
‑ based on IPSAS 8 ‑ a jointly controlled entity.
WTO
has to consolidate the ITC according to IPSAS 8.
79. WTO
is documenting the above mentioned payment to ITC among expenses within the
statement of financial performance and is not consolidating ITC. According to
IPSAS 8 ITC is legally a jointly controlled entity; important is just the
ability, not the de facto control; therefore WTO has to consolidate ITC.
I
have to give my Audit opinion with a reservation.
80. Concerning
this issue the WTO financial statements are not completely IPSAS‑compliant. Therefore
I have to give an audit opinion with a reservation.
I
recommend negotiating with ITC and clarifying the legal situation.
81. Even
if WTO might actually have only limited or no control, the legal situation
still defines ITC as a jointly controlled entity, there is no proof or document
stating any other fact. I recommend that WTO negotiate with ITC/UN and clarify
the legal situation, especially concerning control. If there might be a new
contract documenting that ITC is just a grant recipient without any control
from WTO, this reservation could be removed and WTO's financial statements
would be completely in line with IPSAS.
The Secretariat will study
the legal framework with ITC in order to clarify the legal nature of the
partnership.
Net result/surplus (deficit) for the Period
Net
result (deficit) for the period amounts to CHF (10.2) million.
82. The net result (deficit) for the period 2014 is
CHF (10.2) million compared to CHF (5.1) million in 2013
and after CHF (19.9) million in 2012.
Focus and procedure of the audit
Audit focus: rules, regulations, organizational
prerequisites for procurement
83. The
audit focused on the WTO's rules and regulations for procurement and the
organizational prerequisites to implement them. Procurement is understood as
the whole process of acquisition of goods and services from third parties. It
covers goods and services. The procurement process includes the whole life
cycle from initial concept and definition of needs through to the end of the
useful life of an asset or the completion/termination of a service contract.
84. We
analysed the rules and regulations, conducted interviews with WTO staff in
several divisions and analysed files and records held by the WTO Secretariat. The
fieldwork was carried out in February and April 2015.
Rules and Guidance
Basis:
Financial Regulations, Financial Rules, Procurement Manual and Complimentary Guidance.
85. The
procurement activities of the WTO Secretariat are based on the Financial
Regulations, the Financial Rules (No. V, VII, X, XI, XII), the Procurement
Policy (Administrative Memorandum No. 965/Rev. 1), the Procurement Manual
(PM) and additional regulations on specific issues. The PM was adopted in 2009.
After the revision of the Financial Regulations in February 2015, the WTO
also plans a revision of the Financial Rules. In consequence it considers a
revision of the Procurement Manual and complementary guidance.
Procurement Planning
Procurement
Manual: Requisitioning units have to identify procurement needs and define
requirements.
86. Procurement
expenditure amounts to about 10% of WTO's expenditure. The WTO Procurement
Manual states that optimal performance in procurement can only be achieved if
planning is improved. Thus, procurement planning is to involve the preparation
of projections of procurement needs for budgeting purposes at the divisional
level. The requisitioning units are responsible for identifying their
procurement needs (PM, Part 6). Each division defines the requirements and
prepares its Procurement Plan, in consultation with the Procurement Section. The
PM (Tool 1) provides a template for the Procurement Plan. The requisitioning
unit is requested to list the items, their type (goods/services), the quantity,
a price estimate and the requested delivery date or contract start/end dates; the
Procurement Section is asked to add specifics on the procurement method.
Procurement
Manual: Procurement Plans as part of budget request.
87. The
Procurement Plan should form an integral part of the Biannual Divisional Budget
Request. The Procurement Plan should comprise all the projected requisitions of
goods and services for the coming two years. At the end of the first year, the
Procurement Plan of the Division should be compared to the actual acquisitions
made. Accordingly, the Procurement Plan for the coming year should be reviewed
and updated (PM, Part 5).
In
practice: variety of approaches to needs assessment and procurement planning.
88. In practice, there is a variety of divisional approaches to the
identification of needs and the definition of requirements. Whereas some
divisions report to a specific steering committee that supports these steps and
makes decisions (e.g. ITSD), in other divisions (e.g. LDMID) the
decisions on needs and requirements are taken by the director alone. The procurement
plans for 2013 and 2014 differed significantly. The spectrum ranged from
comprehensive lists with all required information (ITSD) to very general
overviews or no procurement plan at all: The HR Division did not prepare a
Procurement Plan for 2014. Its 2013 Procurement Plan stated that training,
training materials, video conferencing, venues would be required "all year
long" "on as needed basis" without any indication of quantities
or estimated price.
Procurement
Plans were prepared after the divisional budgets had been approved.
89. The
divisional Procurement Plans were prepared annually after the divisional
budgets had already been approved. According to our interlocutors the
procurement plans serve as a "forecast" for the Procurement Section
and they are not understood as a planning tool. In 2015, the Division Directors
were for the first time asked to present their Procurement Plans to the
Contracts Committee (CC) to enforce planning and strengthen the commitment.
Practice
is not in line with rules. This implies risk of poor needs‑assessment and
potential waste of time, effort and resources.
90. The
current practice at the WTO Secretariat is not in line with its rules. Poor
identification of needs may lead to assets being procured that do not fully
meet the needs of WTO, potentially causing waste of time, effort and cost or
inefficiencies and sub‑optimal assets being procured. Defining the requirements
of procurement and priority setting are thus cornerstones of reliable budget
planning and of a successful procurement process. In addition, it contributes
to minimizing the need for later changes. It helps to identify common and
recurring acquisitions across divisions and is a reference for keeping track of
acquisitions with a view to achieving the objectives within budget.
Recommendations:
‑ Define needs before
allocating divisional budgets.
‑ Specify rules and
procedures.
‑ Define clear
responsibilities.
‑ Establish high level
managerial approval of procurement plans.
91. The
WTO Secretariat has to ensure that the divisions define their needs on a
reliable basis before divisional budgets are allocated. I recommend that the
WTO specify the procedures for needs assessment and the requirements of
procurement planning. To enforce the compliance with the regulations and to
ensure coherence between all divisional practices I recommend that WTO define
clear responsibilities and establish high level managerial approval of the
Procurement Plans.
The
Secretariat, as of January 2015, has requested that all Procurement Plans
(PP) be briefly presented by the Directors to the Contracts Committee (CC)
Members during the CC session. A notion of risk and impact in the PP has
been included to help the Procurement Section to better understand the
dimensions of the various procurement projects to be implement. The Secretariat
will continue to pursue efforts in having the PP presented earlier in the year
to enhance acquisition planning in a more timely and efficient manner.
Requisition of consulting services
External
collaboration contracts with individuals handled by HR, contracts with
consulting firms by Procurement Section.
92. According
to Section II Paragraph 5 of the Procurement Policy of the WTO external
collaboration contracts with individuals are outside the scope of the procurement
policy. Requests for individual consultants are handled by the Human Resources
Division, contracts with consulting firms by the Procurement Section.
No
internal control mechanism, no automated comparison of data.
93. There
is no internal control mechanism in place to prevent the simultaneous existence
of two contracts with the same consultant – one via the Procurement Section
with a consulting firm and one individual contract via HRD. There is no
automated comparison of data. In the past, a case of two contracts with the
same consultant was discovered only by chance.
Recommendation:
Strengthen internal coordination and control.
94. To
minimise risks of waste, impropriety and fraud in connection with the
requisitioning of consulting services, I recommend that the WTO Secretariat
strengthen its internal coordination and control. The Secretariat should
explore ways to support the control mechanisms by an automated comparison of
data.
The Secretariat will assess
the feasibility of the suggested indications.
Amendments to Contracts
Procurement
Section is exclusively in charge of placing orders, signing or changing
contracts. Changes must be documented and can only be authorized if funds are
available.
95. Placing
orders or issuing a (formal) tender (i.e. for an estimated amount above CHF
20,000) is the exclusive responsibility of the Procurement Section (PM, Part 6).
For each acquisition, the requisitioning units have to submit a request in the
form of a requisition via the ERP system. The requisition shall contain all information
necessary to enable the Procurement Section to issue a tender or place a
purchase order. The requisition has to be checked by the Budget and Finance
Section to ensure fund availability. In this case, the funds are encumbered. Once
the requisition is approved by the Budget and Finance Section it is
electronically forwarded to the Procurement Section.
96. The
PM (Part 16) stipulates that all modifications/amendments to the contract e.g.
the increase of work must be documented. Changes cannot be authorized unless
funds are available. According to the PM, only authorized procurement staff can
officially change a contract.
Example:
Compliance with rules is not ensured. Changes to contracts without prior
budgetary approval and without involvement of Procurement Section.
97. There
is no procedure in place to ensure that these rules are observed. Example: Purchase
Order No. 119230 (13 October 2014): The amount approved was
CHF 17,800 for the development of an "app" for the World Trade
Report 2014. The Purchase Order was based on an offer of the company. The
requisitioning unit had asked four companies for their offers, two had replied;
the company chosen had offered the lower price. The invoice (31 December 2014)
was CHF 21,040. If the amount of an invoice is higher than the amount
approved in the purchase order, the Budget and Finance Section is automatically
notified by the ERP system. In this case, the Finance and Budget Section
contacted the requisitioning unit to clarify the difference of CHF 3,240
(plus 18.2%). The unit explained that additional costs were due to
additional work of 8.5 working days that had to be done by the
contractor. On this basis, the Budget and Finance Section initiated the payment
of the amount requested. The Procurement Section was not involved.
Recommendation:
Enforce compliance with rules to guarantee sound management of the WTO budget.
98. I
recommend to the Secretariat implementing procedures to ensure that requesting
units always have to involve the Procurement Section in advance before they
accept modifications to the Purchase Order, even more so if these modifications
result in price adjustments. To guarantee sound management of the WTO budget,
such modifications have to be subject to prior identification and availability
of sufficient funds. I also recommend establishing an automated notification to
the Procurement Section if the amount of the purchase order deviates from the
amount requested in the invoice.
The Secretariat accepts the
recommendation and will follow the suggested indications.
Contract Management
The
PM requires the requesting units to keep a comprehensive Contract
Administration File for each contract.
99. Responsibility
for contract management is primarily assigned to the requesting units. The
secondary responsibility rests with the Procurement Section (Procurement Policy
Annex A). The PM (Part 16) requires the requesting units to appoint a Contract
Administrator and for each procurement to create and maintain a Contract
Administration File as "the central repository of all actions related to
contract performance throughout the life of the contract" for each
procurement. The PM lists all documents the file should contain – e.g.
telephone logs, internal and external correspondence, meeting minutes, lessons
learned reports and contractor performance reports. When the contract expires,
the Contract Administration File has to be completed. In procurement of a value
equal or exceeding CHF 20,000, the file has to be sent to and archived by
the Procurement Section (PM, Part 17).
Little
awareness of the requirements. There is no systematic and structured approach
to keeping Procurement Administration Files.
100. The
Procurement Section keeps the contracts and all information concerning the
tenders on file. The Contract Administrators of the requesting units the audit
team talked to were not aware of the requirement to keep a Contract
Administration File containing all the information listed in the PM. There was
no systematic and structured approach to maintain the Files. In most cases,
only the contract itself was filed on paper; other information was stored in
shared and/or individual electronic folders and/or personal email‑accounts. Performance
Reports on the contracts were completed only "on request" by the
Procurement Section. The Procurement Section had no knowledge of whether and
how the units proceeded. It did not receive the completed Contract
Administration Files. Neither did it actively request them. Only in cases of
contract amendments it asked the requesting units to submit a performance
report.
Due
to the lack of documentation the WTO Secretariat is not able to evaluate the
quality and integrity of the contract management.
101. Compliance
of the contractors with the contract has to be assessed on an ongoing basis to
minimize risks and to prevent shortcomings. Thus, it is vital to ensure
comprehensive, reliable and transparent contract management over the whole life
cycle of contracts. This has not been ensured by the WTO Secretariat. Its
practice is not compliant with the rules. Due to the lack of documentation the
WTO Secretariat is not able to evaluate the quality and integrity of the
contract management.
Recommendations:
‑ Ensure appropriate
documentation.
‑ Strengthen consistency of
approach.
‑ Evaluate organizational
links.
‑ Promote sound contract
management.
102. I
recommend developing a procedure to ensure appropriate documentation and
safeguard availability, reliability and integrity of information and records on
all procurements. I also recommend evaluating the organizational links between
the procurement section and the requesting divisions. In addition, it might
prove appropriate to highlight the importance of sound contract management and
transparent documentation to the staff members of the Secretariat.
The Secretariat takes note of
the recommendation and will follow the suggested indications.
Conclusion
I
recommend accelerating the development and implementation of clear rules,
procedures and structures for its procurement and contracting activities.
103. It
is of great importance that the Secretariat continues with developing and
implementing clear rules, procedures and structures for its procurement and
contracting activities. Without adequate governance, the WTO Secretariat might
risk that its practice is noncompliant with the relevant policies. There might
also be the risk that needs are not clearly defined, could be met by
alternative goods or services, or do not adequately support the WTO to meet its
strategic objectives. It is important that appropriate controls are in place to
ensure that procurement complies with the internal rules. Non‑compliance has
the effect that optimum and transparent procurement is not achieved and value
for money cannot be ensured.
Focus and procedure of the audit
Audit
Scope and Audit Methodology
104. My
staff and I audited the Information Technology (IT) of the WTO's Secretariat as
part of my performance audit. The main scope of the IT audit was the
Secretariat's IT governance. My staff analysed the existing policies,
guidelines and additional documentation concerning IT and also current efforts
for optimizing IT. We also took note of current results of investigations made
by or on behalf of the Office of Internal Audit.
Set
of criteria
105. In
order to find "best practices" taking into account the WTO's role as
an independent international institution and the importance of IT for its
business, I applied relevant internationally‑accepted management standards such
as:
‑ "ISO/IEC 38500",
an international standard for corporate governance of information technology;
‑ "Control Objectives
for Information and Related Technology (COBIT)", a framework that combines
international standards dealing with quality, security and fiduciary aspects of
IT, created by the Information Systems Audit and Control Association (ISACA);
‑ "International
Information Technology Guidelines", created by the International
Federation of Accountants (IFAC);
‑ "IT Infrastructure
Library (ITIL)", an international de facto standard in the area of
IT service management;
‑ "A Guide to the
Project Management Body of Knowledge (PMBoK® Guide)", created by the
Project Management Institute (PMI);
‑ "ISO
21500:2012", an international standard for project management
‑ "ISO/IEC 27000
series", international standards for information security management.
In essence, the criteria specified above incorporate the commonly
accepted and documented approach to manage IT in a proper way ("best
practices").
Audit
Objectives
106. The
main objectives of the audit were to evaluate appropriateness of the WTO's
Secretariat's IT governance approach and the use of internationally accepted
procedures, standards and best practices for IT.
IT in the Secretariat
Importance
of IT for the WTO
107. The
essential objective of the Secretariat is to support the activities of the WTO.
These activities and the performance of tasks within the Secretariat depend on
an efficient and secure IT environment to run applications.
Risks
to the WTO
108. Malfunctioning
IT does not only bear the risk of delays and increasing workload but can also
lead to material and non‑material damages such as the loss of reputation of the
affected organization. For example data manipulation in or unavailability of
the used IT based applications may cause such damages. Particularly in times of
increasing risks of external and internal attacks to the IT of governmental and
non‑governmental organizations management should be aware of its responsibility
for ensuring an efficient and secure IT environment.
Need
for IT governance
109. An IT governance framework is needed to identify and establish
processes to increase and oversee the use of IT in fulfilling the tasks of the
organization and to manage risks in connection with the use of IT. The ISACA
defined IT governance as "… leadership, organizational structures and processes
to ensure that the organization's IT sustains and extends the organization's
strategies and objectives." To run an IT environment properly and
effectively, it is essential to adopt suitable standards, to build appropriate
structures, to develop and implement an overall IT strategy as well as clear
specific policies and to provide appropriate human and material resources. Management
should ensure that the IT issues are adequately assessed and aligned with the
organization's strategy and plans which fulfil the organization's mission and
general goals.
Management
efforts on IT governance
110. In
recent years the Secretariat implemented a number of enhancements of its IT
structures. In this regard I want to point out the establishment of the
Information Technology Solutions Division (ITSD), the release of the
ITSD 2015 Strategy and the appointment of the IT Steering Committee (ITSC).
I recognize these efforts as important steps towards an optimised IT governance
structure.
Adoption of IT standards
Internationally
accepted Standards ensure efficiency and security of IT
111. The
use of determined standards and approved methodologies ensures that IT is
planned, implemented and operated in a well‑defined way, which is also a
precondition for its efficiency and security. Although there is a plurality of
IT standards for various functions, some of these have been broadly accepted
and applied directly or in a customized way by the international community of
professional Information Officers. We therefore specified suitable standards and
methodologies in the areas of IT governance, IT service management, IT project
management and IT security management.
Standards
applied in the Secretariat;Efforts of the Secretariat to increase maturity.
112. The
Secretariat stated that it applied ITIL as a framework for its IT service
management. My team noted that the Secretariat did not apply those standards in
IT governance, IT project management and IT security management. The
Secretariat expressed that WTO was "… not aiming at compliance with any
standards such as ISO/IEC 38500 or COBIT." The Secretariat was
"… progressively building WTO's maturity to build the elements that
will increase this maturity". As "elements of increasing
maturity" the Secretariat listed, amongst others:
‑ construction of the ITSC
as decision making committee;
‑ description of the process
of IT Project portfolio management, the criteria to decide on projects and a
spreadsheet to track the overall portfolio as elements to manage IT projects;
‑ references in job profiles
of the business relationships and solutions managers to make e.g. long‑term
plans, yearly plans and service levels agreements available to the supported
division as an element of business and IT alignment;
‑ a map of the WTO IT
Services and the description of a project to define the WTO Enterprise
Strategy for Trade and Market‑access related information systems as an element
of enterprise architecture.
I
recognize some of the named elements to increase the Secretariat's maturity; these
elements covered only parts of IT governance and were not always consistent
with best practices.
113. I understand that the Secretariat is looking for an approach
concerning IT governance that takes into account the individual characteristics
of the WTO, like its size and its tasks, under account. In this regard I
recognize the efforts which were made in the area of IT project management and
the reflections in terms of a strategy for trade and market‑access related
information systems. The appointment of the ITSC was an important step to upgrade
IT governance in the Secretariat. Regarding business and IT alignment the job
profile references were not in a status for building maturity in the intended
way. Also, those elements only took up some parts of the overarching and
integrated approach of IT governance. In addition, the "progressive"
approaches mentioned were not always consistent with IT governance standards
and best practices. It is questionable if current efforts taken by the
Secretariat serve to an appropriate maturity for WTO's IT governance.
I
recommend applying international best practices concerning IT governance. Hereby
the Secretariat should customize the standards according to its requirements.
114. I
recommend to the Secretariat applying international standards and best
practices for the IT environment together with the establishment of its IT
policy framework (see above). In doing so, the Secretariat should give due
regard to its individual characteristics like its size and its tasks and
customize the suitable standards according to its requirements. Only in cases
the Secretariat's special requirements justify an exception or extension, it
may define and document these special guidelines for itself. Depending on their
importance and character, different standards can be defined for compulsory or
voluntary use. However, some substantial elements should be implemented as a
minimum standard to ensure an appropriate level of IT governance maturity. These
standards should cover the areas mentioned above (IT governance, IT service
management, IT project management and information security management) and may
also be extended to cover efficiency issues and the compatibility requirements
of applications and databases. Adherence to these standards should be monitored
in an appropriate manner.
WTO agreed that Standards
need to be applied. To support ITSD Management the company "Info‑Tech"
was hired (in Jan 2015…) as IT Advisor. ITSD already started running a survey
within the IT‑Management team. This survey collects both the maturity level and
the criticality of the process for WTO Secretariat.
Business
strategy, IT strategy and IT policy framework
General Requirements
115. To
run an IT environment properly, it is essential to develop clear policies, a
long‑term IT strategy and short‑term plans on IT. The IT strategy and the short‑term
plans should also be developed to help ensure that the use of IT is aligned
with the mission and business strategy of the organization. The overall IT
plan, which should be documented, e.g. in an "IT Policy Framework",
should contain among other things:
‑ organizational structures, applied norms, existing procedures and
systems, also the required personnel,
‑ description of the assignments that have to be supported or
executed by IT (Requirements analysis),
‑ interfaces between this range of tasks and other assignments,
‑ goals of IT utilization,
‑ running and planning IT projects, including timelines,
‑ implementation strategies,
‑ plans for service management and training,
‑ planning and procedures for IT security,
‑ statements concerning efficiency.
Senior management should ensure that the IT issues and opportunities
described in these plans are adequately assessed and reflected in the
organization's business strategy and short‑term plans which fulfil the
organization's mission and general goals.
Status in the Secretariat;
attempts to improve IT policy
116. The
analysis of the IT‑related policies and directives available in the Secretariat
and the study of documentations of activities concerning IT showed that in
recent years there had been some attempts to improve the Secretariat's IT
policy, particularly initiated by ITSD and the ITSC. Examples of an increasing
awareness of a future strategic approach of these two responsible entities I
want to point out are some of their considerations and activities: The ITSC
found that the WTO needed an "overall IT strategy related to trade and
market access information systems". The committee noted also that
divisional‑demand driven projects had the risk to perpetrate the so called
"silo" approach "that plagued the previous IT (lack) of
strategy". ITSD planned to compose a group of stakeholders to aim at a
common information system. The ITSC discussed how an organization architecture
effort would help, in particular the need of a corporate program of
improvements and the development of a "Master plan" of how the
architecture needs to evolve and make sure projects fit into it. As a strategic
document ITSD released the "ITSD 2015 strategy" covering planning and
work priorities of the division for the years 2012 to 2015.
Current applicable policies and guidelines of
the Secretariat were:
‑ "IT Policies", containing the chapters:
·
Acceptable Use Policy (also
available as OFFICE(06)/15);
·
Security Policy;
·
Pass Phrase Policy;
·
Policy On Conference Room Laptops;
·
WTO Mobile Service Guidelines;
·
WTO Mobile Service Provision
Policy.
‑ Information Technology
Security Policy (OFFICE (00)/52); and
‑ Policy on the Security
Classification of Electronic Documents and Data (OFFICE (08)/15).
The Secretariat did not possess
an adequate, transparent IT policy, documented in a well‑structured IT policy
framework.
117. I
noted weaknesses such as lacking specifications e.g. concerning:
‑ the description of the existing structures,
procedures and systems;
‑ the listing of applied norms (see above);
‑ long‑range IT strategy;
‑ requirement analyses for IT Systems and IT
Projects;
‑ economic feasibility studies;
‑ coordinated implementation strategies; and
‑ IT security.
The Secretariat did not possess an adequate, transparent IT policy,
documented in a well‑structured IT policy framework. The existing strategy document
is not in line with IT governance best practices or relevant standards. Together
with the lack of documented business requirements, IT in the Secretariat was
managed neither with an adequate long‑term strategy nor an overarching approach.
There was also no documented business oriented short‑term planning ‑ ITSD
provided its services and solutions based on the demands of requesting units,
coordinated as far as possible by the ITSC. In this regard I welcome the
approaches and activities of ITSD and the ITSC to enhance the Secretariat's IT
policy, particularly regarding the IT project management, as a step in the
right direction. But I see still room for improvement. The current applicable
policies on IT were covering only some parts of IT operational issues and were
partly outdated.
The Secretariat did not possess a document specifying WTO's mission
and business strategy as a basis for aligning of IT with general goals. In
connection with the deficient IT strategy and policies the task of ITSD, to
deliver "IT solutions in partnership with the other WTO Secretariat
divisions to fulfil the mandate of the Organization", appears difficult,
or even impossible.
I recommend setting up an
appropriate IT policy framework that should be aligned with a defined business
strategy.
118. I
encourage the Secretariat to define and document a general business strategy
with an adequate level of detail not only but also as a requirement description
in regard to a needs‑based IT environment. I recommend that the Secretariat
setting up an appropriate IT policy framework that should be aligned with the
business strategy.
The framework should fulfil the requirements mentioned before as a
minimum containing documentation of requirement analyses, assessment of
existing systems, current procedures, planning, strategies and also future
targets. The existing documents could be used as input when they have been
updated. The initiatives and activities already in place to improve elements of
the Secretariat's IT policy could be integrated in the preferably overarching
approach. Management should ensure that the components of this framework are
periodically updated and communicated to all relevant parties across the
Secretariat. It should also monitor their implementation and evaluate the
results.
WTO agreed with the need to describe the existing structure,
procedures and systems, the need to review and document business requirements
and evaluate various feasible solutions and the need to have a long term IT
Strategy.
These items are being worked upon with a defined approach, driving
two specific efforts: (1) Development of enterprise architecture; (2)
Development of the 2019 IT Strategy.
IT Security
Internationally
Accepted Standards
119. Internationally accepted standards on IT security management are the
ISO/IEC 27000 series. These standards can help organizations to secure their
information assets. ISO/IEC 27001 as part of this series provides
requirements for an Information Security Management System (ISMS). An ISMS is a
systematic approach designed to ensure that information of an organization
remains secure. The risk‑management based procedure of an ISMS covers thereby
IT structures, processes, IT systems and other relevant elements.
Set
of rules used by WTO is not consistent with relevant IT standards.
120. According
to the Secretariat no security standards had been adopted. The WTO's
Information Technology Security is formally based on the "Information
Technology Security Policy (ITSP)" the Director‑General issued in the year
2000. The Intention of the ITSP is to concern "… the protection of the
Local Area Network (LAN), hardware, software and data, as well as the policies,
procedures and associated information technology tools necessary to protect the
information used in support of WTO operations". Other rules, guidelines or
policies which partly cover information security issues are listed above. This
set of rules was not consistent with relevant standards and covered parts of IT
security matters only.
Standards
applied in the Secretariat; Lack of up to date proper specifications; Increase
of awareness concerning IT security.
121. Despite
lacking up‑to‑date specifications, my team noted increasing awareness of IT and
information security management in the Secretariat. At its meeting of
September 2014, the ITSC was briefed by responsible staff on key elements
of an "information security strategy". In this presentation, the
ISO/IEC 27000 series was introduced as suitable best practices for IT security
management in the WTO. Another very important step towards improving IT
security I want to point out is the IT security assessment concluded last year:
A
Consultant conducted an IT Security Assessment.
122. Mandated
by the Office of the Director‑General (DGO) and on behalf of the Office of
Internal Audit (OIA) a consultant conducted an IT security assessment in 2014.
The objective was to evaluate the security level of the WTO's IT environment. The
consultant performed tests including an IT Security Maturity Assessment based
on the ISO/IEC 27001 standard.
Main
findings: WTO activities in place do not comply with the requirements of
ISO/IEC 27001.
123. The
assessment identified gaps between the ISO/IEC 27001 standard requirements
and the activities implemented at the WTO: the absence of a comprehensive and
formal ISMS and the absence of an information security performance evaluation,
governance model and documented information. In detail the review of IT
security controls pointed out weaknesses of security configuration of the ERP
system with high priority. The review of IT security governance pointed out
major weaknesses in respect to the scope of IT security, the definition of the
overarching IT security policy, the IT security function's staffing
requirements and the risk management process. The assessment identified a
number of opportunities for improvements focused on achievable objectives to
significantly reduce WTO's IT environmental risk exposure.
OIA
forwarded the results to the DG.
124. The
OIA forwarded the results of the assessment to the Director‑General in
November 2014.
The
Secretariat is working on the implementation of the recommendations.
125. The
Secretariat informed my team that it had already implemented the recent
recommendations on IT security controls. The Secretariat stated that it had
started with the implementing of the recommendations on IT security governance.
Additionally, the Secretariat stated that it did not intend to gain an
ISO/IEC 27001 certification, but aimed at adopting best practices as
defined in that standard.
I
recommend implementing the recommendations of the IT security assessment; I
will continue to monitor IT Security.
126. I
acknowledge the Secretariat's efforts to improve WTO's IT security in order to
reduce the IT environmental risk exposure. I strongly recommend to the
Secretariat following the recommendations of the IT security assessment as soon
as possible. Without interfering with the ongoing audit of the OIA on this
matter, I will continue to monitor the improvement of WTO's IT security.
No
cases of fraud or suspected fraud detected.
127. The
Secretariat reported that it did not have any information on cases of fraud or
suspected fraud. During our audit, my team did not detect any cases of fraud or
suspected fraud.
I
follow‑up on the last report of the External Auditor.
128. In
the last report of the External Auditor on the audit of the Financial
Statements 2013, my predecessor commented on a number of aspects. My team
reviewed the implementation of the recommendations made.
WTO
Financial Regulations should be updated.
129. Recommendation:
The WTO Financial Regulations should be updated in line with the IPSAS and the
senior‑level staff of the finance division should be reinforced. This
recommendation was still open on 31 December 2014.
New
Financial Regulations in place since 27 February 2015.
130. Financial
Regulations were revised and made IPSAS compliant. Financial Regulations were
released on the 27 February 2015 while the audit activities for the
financial statements 2014 were under way.
Conclusion
131. I
appreciate the implementation.
Accelerate US‑Tax reimbursement for WTO
staff.
132. Recommendation:
Pursue efforts to accelerate refund by the United States of the taxes of WTO
staff; and to obtain this refund according to the method advocated by the ILO
Administrative Tribunal.
Recommendation from my point of view
still open.
133. This
recommendation is still an open issue. In spite of activities undertaken by the
WTO Secretariat, the process of reimbursement is still far from satisfactory.
Conclusion
134. I
appreciate the actions taken. Due to the fact that implementation has not been
finished, I defined a recommendation in the report on the financial statements
2014 and I will monitor further activities and developments.
FS 2014 are not IPSAS‑compliant due to
not‑consolidating ITC.
135. Recommendation:
Adjust the financial statements of the ITC in order to bring them into line
with the WTO's accounting standards, use the equity method in reporting the ITC
and present all the information required under the standards.
The Secretariat analysed the situation.
136. This
recommendation is still an open issue. WTO Secretariat analysed the situation
and came to the result, that accounting treatment by WTO is correct and IPSAS‑compliant.
I disagree.
137. From
my point of view, the financial statements 2014 of WTO still are not IPSAS‑compliant
as regards the ITC issue. Therefore I placed a reservation in my Audit Opinion
2014 and defined some recommendations.
Conclusion
138. Recommendation
still open.
I am grateful for the support received
during the audit.
139. I wish to record my appreciation for the cooperation and assistance
extended by the Director‑General, the management and staff of the WTO. I am
very grateful for their assistance during the entire external audit process
LIST OF ABBREVIATIONS AND ACRONYMS
ASHI After Service Health Insurance (benefits)
CHF Swiss Francs
COBIT Control
Objectives for Information and Related Technology
DDG Deputy Director‑General
DGO Office of the Director‑General
EUR Euro
GATT General Agreement on Tariffs and Trade
GBP Great Britain Pound
HRD Human Resources Division
IAS International Accounting Standards
IFAC International Federation of Accountants
ILO International Labour Organization
INTOSAI International
Organization of Supreme Audit Institutions
IPSAS International Public Sector Accounting Standards
ISA International Standards on Auditing
ISACA Information
Systems Audit and Control Association
ISMS Information Security Management System
ISSAI International Standards for Supreme Audit Institutions
IT Information Technology
ITC International Trade Centre
ITIL IT Infrastructure Library
ITSC IT Steering Committee
ITSD Information Technology Solutions Division
ITSP Information Technology Security Policy
LAN Local Area Network
NBV Net Book Value
OIA Office of Internal Audit
PM Procurement Manual
PMBoK® Guide
Project
Management Body of Knowledge‑Guide
PMI Project Management Institute
UN United Nations
US United States
USD United States Dollar
VAT Value Added Tax
WCF Working Capital Fund
WiP Work in Progress
WTO World Trade Organization