Statement on Internal Control
Responsibility for System of Internal Control
On behalf of the Board of Directors of the Irish Museum of Modern Art, I acknowledge our responsibility for ensuring that an effective system of internal control is maintained and operated. This responsibility takes account of the requirements of the Code of Practice for the Governance of State Bodies (2016).
Purpose of the System of Internal Control
A system of internal control cannot eliminate risk, rather it is designed to make assessments of the risk environment and to manage risk at levels it deems appropriate. The system can only provide reasonable and not absolute assurance that assets are safeguarded, transactions authorised and properly recorded, and that material errors or irregularities are either prevented or would be detected in a timely period.
The system of internal control, which accords with guidance issued by the Department of Public Expenditure and Reform has been in place in IMMA for the year ended 31 December 2022 and up to the date of approval of the financial statements.
Capacity to Handle Risk
IMMA has a Finance, Audit & Risk Committee (FARC) comprising four members at year end with financial and audit expertise. Three of the four members are also board members. The FARC met five times in 2022.
IMMA has established an internal audit function which conducts a programme of work agreed with the FARC. The Internal Auditor is an external consultancy with expertise in Risk Management and Business Process. The programme of work is set by the FARC and the Internal Auditor reports to the Chair of the Committee.
The FARC has developed a risk policy that sets out its risk appetite, the risk management processes in place and details the roles and responsibilities of staff in relation to risk. The policy has been issued to all staff who are expected to work within IMMA’s risk management framework, to alert management on emerging risks and control weaknesses and assume responsibility for risks and controls within their own area of work.
Risk and Control Environment
IMMA has implemented a risk management system which identifies and reports key risks and the management action being taken to address and, to the extent possible to mitigate those risks.
A risk register is in place that identifies the key risks facing IMMA and these have been identified, evaluated and graded according to their significance. The register is reviewed by the FARC at every meeting. The outcome of risk assessments is used to plan and allocate resources to ensure risks are managed to an acceptable level.
The Finance, Audit and Risk Committee undertakes an Annual Review of the Risk Environment including an appraisal of reports from the Internal Auditor, Risk Statements from functional units and the Risk Register.
The risk register details the controls and actions needed to mitigate risks and responsibility for the operation of controls assigned to specific staff. I confirm that a control environment containing the following elements is in place:
- procedures for all key business processes have been documented;
- financial responsibilities have been assigned at management level with corresponding accountability;
- there is an appropriate budgeting system with an annual budget that is kept under review by senior management;
- there are systems aimed at ensuring the security of the information and communication technology systems; and
- there are systems in place to safeguard the assets of IMMA.
On-going Monitoring and Review
Formal procedures have been established for monitoring control processes and control deficiencies are communicated to those responsible for taking corrective action and to management and the Board, where relevant, in a timely way. I confirm that the following ongoing monitoring systems are in place:
- key risks and related controls have been identified and processes have been put in place to monitor the operation of those key controls and report any identified deficiencies,
- reporting arrangements have been established at all levels where responsibility for financial management has been assigned, and
- there are regular reviews by senior management of periodic and annual performance and financial reports that indicate performance against budgets/forecasts.
Procurement
I confirm that IMMA has procedures in place to ensure compliance with current procurement rules and guidelines and that during 2022 IMMA complied with those procedures.
Annual Review of Controls
I confirm that IMMA has procedures to monitor the effectiveness of its risk management and control procedures. IMMA’s monitoring and review of the effectiveness of the system of internal control is informed by the work of the internal and external auditors, the Finance, Audit and Risk Committee which oversees their work, and senior management within IMMA responsible for the development and maintenance of the internal control framework.
I confirm that the Board conducted an annual review of the effectiveness of the internal controls for 2022 on 14th February 2023.
Internal Control Issues
Energy Costs and Inflation – Energy costs rose significantly during 2022 with projections from the OGP, who source electricity and gas for IMMA, that costs could more than double from mid-2022 through 2023. An additional grant was received from the Department in December to cover those increases and general inflationary costs. This grant covers a period up to June 2023 but there is no indication of future support after that date. The inflationary environment presents a general risk to IMMA’s ability to finance its ongoing programme. The situation is being monitored closely and forecasts are reviewed on a rolling basis. The outlook remains unclear and IMMA continues to update the Department on future projections.
David Harvey
Director
30tu May 2023