ORIGINAL ARTICLE
RIBEIRO, Renor Antonio Antunes [1]
RIBEIRO, Renor Antonio Antunes. The independence of government internal audit units from the federal executive branch. Revista Científica Multidisciplinar Núcleo do Conhecimento. Year. 06, Ed. 09, Vol. 07, pp. 17-42. September 2021. ISSN: 2448-0959, Access Link: https://www.nucleodoconhecimento.com.br/business-administration/internal-governmental
ABSTRACT
The need to account for public resources, as established in the Brazilian Federal Constitution of 1988, requires the existence and independent functioning of bodies aimed at evaluating the application of public resources. In indirect administration entities, this role is exercised, concurrently, by the internal government audits, which must act independently, despite being part of the internal structure of these entities. Thus, the guiding question is to know to what extent federal legislation ensures the autonomy of the Governmental Internal Audit Units – UAIG from the indirect administration of the Union to carry out, independently and objectively, the Government Internal Auditing Activity – AAIG. Thus, this study aims to know if the Brazilian federal legislation ensures the independence of the single internal audit units of the federal public administration, in relation to the AAIG. Therefore, a descriptive research was carried out based on secondary sources and a qualitative approach to the analysis of themes related to the internal control system, the three-line model and the governmental internal audit. The study allowed us to say that the internal audits that make up the governance structure of each indirect administration entity are independent from AAIG, by virtue of the normative framework and the IIA’s position statements. In addition, if necessary, the Federal Comptroller General may coordinate and guide individual internal audits for the correct exercise of its independence.
Keywords: government, audit, internal, control, independence.
1. INTRODUCTION
This is the analysis of the legislation of the Brazilian Federal Executive Branch – PEF, considering the statements of positioning of the IIA and the national and international literature on the subject, to know to what extent federal legislation ensures the autonomy of the Internal Audit Units Government – UAIG of the indirect administration of the Union to exercise, with independence and objectivity, a Government Internal Audit Activity – AAIG.
The relevance of the theme is related to the materiality of the resources spent by indirect administration entities and the amount of UAIG responsible for supervising these resources. It should be highlighted that these internal audits should act independently, even integrating the internal structure of the respective entities, having a central importance in the supervision of the application of money, goods and public values. In this sense, the UAIG must carry out their activities without the undue interference of other sectors of the organization, including operational management. As provided for in the Brazilian Federal Constitution of 1988 and positive in Decree Law No. 200/1967, the Internal Government Audit Units – UAIG, in line with the model of the three lines of the Institute of Internal Auditors – IIA, make up the structure of the Internal Control System – SCI in the PEF as third-line bodies. Therefore, in each entity of indirect administration, like regulatory agencies, municipalities, public foundations, universities and federal institutes, we will have a UAIG carrying out internal audit activities for the good and regular application of public resources, to achieve organizational objectives, and should guide its performance independently and objectively.
The analysis is justified because of the need to know whether the UAIG have the legal and regulatory guarantees to carry out the evaluation and consulting activities with due autonomy, recounting the appropriate independence and objectivity. The objective is to know whether the current federal legislation ensures the autonomy of the Internal Government Audit Units – UAIG to exercise, independently, the Government Internal Audit Activity – AAIG in the context of indirect administration of the Union, in relation to the other management and governance bodies of the respective organizations.
Based on secondary sources and a qualitative approach, we will conduct a descriptive research to analyze the legal and regulatory provisions on the autonomy and independence of the UAIG. Therefore, we will address the concepts adopted by the standards, standards and literature on the function of internal audit, management, as well as the model of the three lines of the Institute of Internal Auditors – IIA, and some definitions of the Committee of Sponsoring Organizations of the Treadway Commission – COSO (2007; 2013) will also be addressed in this topic. Next, we will address the government’s internal audit activity and management, according to the precepts of Brazilian federal legislation.
Because it is necessary to establish the position of the UAIG in the structure of the Federal Executive Power and AAIG before management, we will address the definitions, similarities and differences between internal control, the internal control system, the three-line model and the internal governmental audit in the light of the relevant legislation. We will also talk about the dictates of the legislation on the autonomy of the UAIG. Finally, we will present the results, discussions and conclusions, in which the Brazilian federal legislation ensures the autonomy of the UAIG for the exercise of the AAIG with independence and objectivity.
2. THEORETICAL DEVELOPMENT/FOUNDATION
At this moment, we will talk about the main concepts adopted by the literature and international standards in relation to the three-line model, the role of internal audit and management, and the internal control system and internal controls. In a second moment, we analyze the Brazilian federal legislation on this theme.
2.1 INTERNAL AUDIT, MANAGEMENT AND THE MODEL OF THE THREE LINES OF THE IIA
The role of internal auditing is to evaluate the functioning and effectiveness of an organization’s internal controls, controls that are actions or means to verify that activities are taking place as planned. De Oliveira (2016) defines internal controls as actions or procedures to ensure that activities are taking place as originally planned. In turn, the internal control system would be the set of these internal controls, which are put into practice by an organization (OLIVEIRA, 2016). For Maia (2005), the internal control system aims to facilitate organizational excellence.
Within an internal control system, it is up to the internal audit to evaluate the proper functioning of these controls, to verify that what is being executed by management is in accordance with the plan. Filho (2008) highlights the role that should be played by the internal audit to check the efficiency of internal controls:
A diferença conceitual entre Sistema de Controle Interno, Controle Interno e Auditoria Interna resume-se no seguinte: Sistema é o funcionamento integrado dos Controles Internos; Controle Interno é o conjunto de meios de que se utiliza uma entidade pública para verificar se suas atividades estão se desencadeando como foram planejadas; e Auditoria Interna é uma técnica utilizada para checar a eficiência do Controle Interno (FILHO, 2008).
In relation to the regulations of the Institute of Internal Auditors – IIA (2009, p. 1) was published the positioning statement called “O papel da auditoria interna no gerenciamento de riscos corporativo”, defining both the activities that can be assumed by the internal audit and those that can only be performed by management, in the context of risk management.
According to The IIA’s Position Statement (2018) entitled “The Role of Internal Audit in Corporate Governance”, internal audit’s role is to provide “assessment by examining and reporting on the effectiveness of governance, risk management and control processes. developed to help the organization achieve its strategic, operational, financial and compliance objectives” (IIA, 2018).
In addition, according to the IIA positioning statement (2013, p.1) called “As três linhas de defesa no gerenciamento eficaz de riscos e controles”, updated in 2020, for the “Modelo das três linhas do IIA 2020” (IIA, 2020, p.1), the role of internal audit consists in “independent and objective assessment and advice on the adequacy and effectiveness of governance and risk management” (IIA, 2020, p. 3).
According to this model of the IIA (2020), one of the management roles is to establish and maintain the processes for the management of operations, and the role of auditing is the communication of independent evaluation and consulting work. According to the IIA (2020), it is up to the first line management “to establish and maintain appropriate structures and processes for the management of operations and risks (including internal control)”. In turn, the internal audit “communicates independent and objective evaluation and advice to management and the governance body on the adequacy and effectiveness of governance and risk management (including internal control)” our griffins (IIA, 2020).
Therefore, according to the IIA (2020), it is up to management to create and maintain internal processes and controls, with internal audit ing a role more focused on information and communication of its evaluations and advice. Regarding the scope of the work to be carried out by the internal audit, the International Standards for The Professional Practice of Internal Audit (IIA, 2012), in item 1000, provides that the evaluation and consulting services must be defined in the statute of the internal audit.
According to the IIA (2013),
No modelo de Três Linhas de Defesa, o controle da gerência é a primeira linha de defesa no gerenciamento de riscos, as diversas funções de controle de riscos e supervisão de conformidade estabelecida pela gerência são a segunda linha de defesa e a avaliação independente é a terceira. Cada uma dessas três “linhas” desempenha um papel distinto dentro da estrutura mais ampla de governança da organização (IIA: 2013, p.2).
Thus, there are three lines or layers (of defense), and the internal controls of management are the first line (or layer) of public or private organizations, whose purpose is to provide the achievement of their institutional objectives. These internal controls should be made by all public agents responsible for conducting activities and tasks, from top to hierarchical basis, within public sector agencies and entities, within the scope of the first and second lines (RIBEIRO, 2019).
In relation to the second line of defense, agencies and entities can establish bodies for supervision and monitoring of internal controls of the first line of defense, thus constituting a second line, through specific committees, boards or advisories to address risks, internal controls, integrity and compliance, for example.Thus, these second-line instances can constitute instances of supervision of internal controls of the first line (RIBEIRO, 2020a).
As the third line of defense in the field of public administration, we have internal audits that are the bodies responsible for the evaluation of internal controls of the management of the first and second lines or layers of defense, which are the responsibility of all levels of management (RIBEIRO, 2020b).
Thus, the three lines of defense can be described as shown below:
Figure 01. Model of the three lines (defense) of the IIA (2020).
It should be emphasized that the IIA model is universal and applicable to all sectors and branches of activity. In the figure above, the up arrow represents accountability, report. The down arrow represent delegation, guidance, resources, and supervision. The two-pointed arrow represents collaboration, coordination, alignment and communication (RIBEIRO, 2020a).
According to COSO (2007), internal control is:
um processo conduzido pelo conselho de administração, pela administração e pelo corpo de empregados de uma organização, com a finalidade de possibilitar uma garantia razoável quanto à realização dos objetivos nas seguintes categorias: Eficácia e eficiência das operações; Confiabilidade das demonstrações financeiras; Conformidade com leis e regulamentos cabíveis.
For COSO (2013), the built-in controls framework maintains the definition of the previous version. In addition, the internal control system requires strict compliance with policies and procedures, the judgment of the administration and internal auditors, as well as the governance structure of the organization (COSO, 2013). For the effective functioning of an internal control system, it is necessary to present and operate each of the five components in an integrated manner, which are: control environment; risk assessment; control activities; information and communication; and monitoring (COSO, 2013). These components have a direct relationship between the organizational structure, in all areas of the organization and the operational, disclosure and compliance objectives (COSO, 2013).
Figure 02: relationship between objectives and components
Since we approach the concepts related to the role of the internal auditor, the internal control system and the three-line model according to international standards and standards, we will see below how these concepts are treated in the legislation applicable to the Brazilian Federal Executive Power.
2.2 The INTERNAL GOVERNMENT AUDIT AND THE MANAGEMENT IN BRAZILIAN FEDERAL LEGISLATION
Once the concepts of the literature about internal control, the internal control system, the role of internal audits, the role of management and the model of the three lines are presented, we will conceptualize the internal control system and the role of the internal governmental audit in the public administration of the Brazilian Federal Executive Power – PEF with regard to the relevant legislation. In this sense, we will see that the provisions on the performance of the internal audit used internationally were incorporated by national legislation, including the model of the three lines of defense and international standards and standards on internal audit activity.
On the other hand, the concepts of internal control and internal control system used in Brazilian legislation at the turn of the millennium do not have strict similarity with those used internationally. The result of this is that the expressions “internal control” and “internal control system” may have, depending on the context, distinct meanings, because now they can refer to the internal controls of the management themselves (actions, procedures, control of management responsibility), or to the organs of the second or third lines of the PEF. Therefore, we will consolidate these concepts in line with the understanding of the Federal Court of Auditors – TCU, which aligns internal control and the internal control system according to the literature, standards and international standards.
In that tuning, the organization of the “internal control system” in the PEF was regulated by Provisional Measure No. 480 of April 27, 1994[2], which was reissued several times until it was converted, in 2001, into Law No. 10,180/2001. This law organized and disciplined the “Federal Planning and Budget Systems, Federal Financial Administration, Federal Accounting and Internal Control of the Federal Executive Power” (BRASIL, 2001).
Therefore, Law No. 10,180/2001, in Article 22, the Secretariat of Internal Control – SFC of the Comptant General of the Union – CGU was defined as the central organ of the “internal control system”[3] for the exercise of audit and inspection activity (BRASIL, 2001). In fact, the internal governmental audit of the CGU is carried out by both the SFC, in Brasilia, and by the Regional Units of the CGU based in the capitals of all states of the country, including the activities of evaluating the achievement of the goals set out in the multiannual plan, the implementation of government programs and budgets of the Union, as well as the evaluation of the management of federal public administrators (BRASIL, 2001).
In addition to the SFC (which carries out the internal audit activity of the central body) and the Regional Units of the CGU, the sectoral bodies are part of the “internal control system”, such as the internal control bodies of the structure of the Ministry of Foreign Affairs, of the Ministry of Defense, Federal Attorney General and Civil House, which are called Internal Control Secretariats – CISET, like the Internal Control Secretariat of the Presidency of the Republic (CISET/Presidency)[4].
In turn, the Government Internal Audit Units – UAIG[5] were only included in article 15 of Decree No. 3.591/2000, with the CGU and the Sectoral Internal Control Secretariats – CISET being responsible for exercising the technical supervision and normative guidance of the audits internal indirect administration (BRASIL, 2000):
Art. 15. As unidades de auditoria interna das entidades da Administração Pública Federal indireta vinculadas aos Ministérios e aos órgãos da Presidência da República ficam sujeitas à orientação normativa e supervisão técnica do Órgão Central e dos órgãos setoriais do Sistema de Controle Interno do Poder Executivo Federal, em suas respectivas áreas de jurisdição (BRASIL, 2000).
Nevertheless, the lack of mention of the unique internal audit units in Law No. 10,180/2001 does not weaken or compromise the existence of these UAIG, considering that Decree No. 3,591/2000 established the existence and binding of these third-line bodies within the structure of the PEF, in line with the provisions of Article 84 of the Brazilian Magna Charter. Furthermore, to include the UAIG in the third line without disobeying the letter of Law No. 10,180/2001, IN CGU No. 03/2017 classifies the UAIG as “auxiliary units to the system”, since this law called the “system” only the CGU and CISET as “internal control” bodies (BRASIL, 2017a, p.35).
Therefore, it was also up to IN CGU no. 03/2017 to include the UIAG in the third line of the federal executive power as auxiliary agencies, members of the SCI under the paradigm of the three-line model. Thus, according to item 26 of this IN, “the singular internal audits (Audin) of the organs and entities of the Direct and Indirect Federal Public Administration act as auxiliary organs to SCI” (BRASIL, 2017a, p.8).
In fact, Article 84 of the CFb/88 ensures that the issue of law is not necessary, in a formal sense, to ensure the existence of the UAIG, with the end of the decree of private initiative of the President of the Republic.
Art. 84. Compete privativamente ao Presidente da República:
VI – Dispor, mediante decreto, sobre: (…)
a) organização e funcionamento da administração federal, quando não implicar aumento de despesa nem criação ou extinção de órgãos públicos (BRASIL, 1988)
Therefore, the existence and functioning of the UAIG within the structure of the PEF are duly ensured by Decree No. 3,591/2000 by constitutional provision.
The themes of governance, risk management, internal controls and internal government audit were only established in the federal regulatory database in 2016, through IN MP/CGU No. 01/2016, which, in article 2, item III, also positivethe model of the three lines of defense and the role of internal audit in this model, which consists of the evaluation of the internal controls executed by the first line (management), as well as the supervision of internal controls performed by the second line.
Art. 2o Para fins desta Instrução Normativa, considera-se:
(…)
III – auditoria interna: atividade independente e objetiva de avaliação e de consultoria, desenhada para adicionar valor e melhorar as operações de uma organização. Ela auxilia a organização a realizar seus objetivos, a partir da aplicação de uma abordagem sistemática e disciplinada para avaliar e melhorar a eficácia dos processos de gerenciamento de riscos, de controles internos, de integridade e de governança. As auditorias internas no âmbito da Administração Públicas e constituem na terceira linha ou camada de defesa das organizações, uma vez que são responsáveis por proceder à avaliação da operacionalização dos controles internos da gestão (primeira linha ou camada de defesa, executada por todos os níveis de gestão dentro da organização) e da supervisão dos controles internos (segunda linha ou camada de defesa, executada por instâncias específicas, como comitês de risco e controles internos). Compete às auditorias internas oferecer avaliações e assessoramento às organizações públicas, destinadas ao aprimoramento dos controles internos, de forma que controles mais eficientes e eficazes mitiguem os principais riscos de que os órgãos e entidades não alcancem seus objetivos; (…) (BRASIL, 2016, grifos nossos)
Thus, while the internal controls of the management must be operationalized, in an integrated manner, by the management and servers of the organization, it will be up to the internal audit to evaluate the operationalization of these same controls (CGU, 2016). Therefore, operationalization, supervision and evaluation are distinct activities, the first two being responsible for the first and second lines, with the third line being the evaluation and advisory activity.
In Article 3 of IN MP/CGU No. 01/2016, it is up to the organs and entities of the Federal Executive Power, which constitute the first and second lines of defense “implement, maintain, monitor and review the internal controls of management”, and the “internal controls of management constitute the first line (or layer) of defense of public organizations to provide the achievement of their objectives” (CGU, 2016). Therefore, it is not up to the government’s internal audit bodies, which are third-line, to implement, maintain, monitor and review the internal controls of management, considering that this is the first-line role.
IN CGU No. 03/2017 highlights, in its introduction, that the activities of planning, financial management and accounting systems related to Law No. 10,180/2001 are strongly related to the roles and responsibilities of management, first and second lines. In turn, SCI’s activities are related to accounting, financial and budgetary supervision (CGU, 2017). IN CGU no. 03/2017 itself clarifies that the internal government audit activity is carried out by the agencies that make up the SCI (CGU, 2017).
The document of the Federal Court of Auditors called “Referencial Básico de Governança Aplicável a Órgãos e Entidades da Administração Pública” (TCU, 2014) provides that the purpose, responsibility and authority of the internal audit must be defined in its statutes, in order to evaluate control processes, risk management and governance. The internal audit activity is independent and objective, composed of evaluation and consulting, and management is responsible for the day-to-day operation of the organization, concerned with the efficiency and effectiveness of operations (TCU, 2014).
Therefore, the performance of the internal governmental audit is part of the internal control system in the model of the three lines of defense of the IIA (2020), but it is not confused with the management activities of the first and second lines. Normative Instruction CGU No. 03/2017, recognizing that the model of the three lines was already foreseen since Decree Law No. 200/1967, highlights that internal control is applied at all levels and in all organs and entities, in the following terms:
As diretrizes para o exercício do controle no âmbito do Poder Executivo Federal (PEF) remontam à edição do Decreto-Lei nº 200, de 25 de fevereiro de 1967, que, ao defini-lo como princípio fundamental para o exercício de todas as atividades da Administração Federal, aplicado em todos os níveis e em todos os órgãos e entidades, segmentou-o em três linhas (ou camadas) básicas de atuação na busca pela aplicação eficiente, eficaz e efetiva dos recursos. Como consequência, verifica-se que o controle é exercido em diversos ambientes normativos e culturais, quais sejam: a gestão operacional; a supervisão e o monitoramento; e a auditoria interna (CGU, 2017a)[6]
Therefore, according to Decree Law No. 200/1967, the internal audit is different from operational management, since each is positioned in a different line (defense). However, the internal audit can assist management through consulting and advisory services. The Manual of Technical Guidelines of the internal government audit activity of the Federal Executive Power, published through the Normative Instruction CGU No. 08/2017, established the consulting activity as the possibility of UAIG to “assist the organs and entities of the Federal Executive Power in structuring and strengthening the first and second lines of defense of management” (CGU, 2017b, p. 18). It should be emphasized that the consulting activity consists of “advice, advice and other related services provided to senior management in order to support the operations of the unit” (CGU, 2017b, p. 17).
Given the definitions on the model of the three lines (defense) and the activities of the internal government audit constituted of evaluation and consulting, we can understand that the expression “internal control system” of Law No. 10,180/2001 and Decree No. 3,591/2000 refers, in fact, to the set of internal audit units, since it lists the SFC/CGU as the central organ of the system, including the CGU’s regional units, sectoral bodies and individual internal audits. This understanding is highlighted in a study on the internal control standards made by the TCU (2009) and the survey report (TC 011.759/2016-0) of the TCU (2017), which will be treated in the next item.
2.2.1 SIMILARITIES AND DIFFERENCES BETWEEN THE INTERNAL CONTROL SYSTEM AND THE INTERNAL GOVERNMENT AUDIT IN FEDERAL LEGISLATION
As we have seen, Article 22 of Law 10.180/2001 treats as the “Internal Control System”, the SFC/CGU as the central body and the CISET as sectoral bodies. In relation to these definitions, the TCU, in 2009, through the publication entitled “Critérios Gerais de Controle Interno na Administração Pública: um estudo dos modelos e das normas disciplinadoras em diversos países” defines the internal control system as a set of activities, a process of responsibility of management, to give reasonable assurance that the objectives will be achieved (TCU, 2009).
In fact, the TCU defined the internal control, system or internal control structure as:
expressões sinônimas, utilizadas para referir-se ao processo composto pelas regras de estrutura organizacional e pelo conjunto de políticas e procedimentos adotados por uma organização para a vigilância, fiscalização e verificação, que permite prever, observar, dirigir ou governar os eventos que possam impactar na consecução de seus objetivos (TCU, 2009, p. 4).
In addition, the “internal control unit, when existing in the organization, is part of the management and the internal control system or structure of the entity itself” (TCU, 2009, p. 6), while the “internal audit, which should not be confused with internal control or with internal control unit, (…) its task is to measure and evaluate the efficiency and effectiveness of other controls” (TCU, 2009, p.7).
According to the TCU Survey Report, published in 2017 (TC 011.759/2016-0) internal control is “an action, an activity, a procedure” and responsibility of management (TCU, 2017, p. 7). In addition, according to the TCU (2017, p.8), “The internal control system of an organization is formed by the three lines of defense”, with the internal audit as the third line (TCU, 2017). Later, citing Decree 3.591/2000, the TCU points out that “in Brazil there is no clear use of these concepts and the legislation itself is confusing” (TCU, 2017, p. 11). Following the line of reasoning, the TCU (2017, p. 16) highlights, among some problems of the confusion between the concepts, that “it does not make sense to use the expression ‘internal control body'” and that this expression “may cause the manager not to feel responsible for the establishment of internal controls, because, in his view, there is an internal control body just to do this”.
Therefore, these conceptual inaccuracies in Law No. 10.180/2001 and Decree No. 3.591/2000 are reproduced in other legal instruments, in which the SFC/CGU, CISETs and singular internal audits are treated simply as “internal control bodies” or as “partner bodies of the internal control system”, as in Decree 7,768/2011, art. 7, Decree 2.451/1998, art. 22, Decree 7689/2012, art. 8, Decree 6.932/2009, Art. 17, among others (TCU, 2009, p. 17).
2.2.2 THE ADOPTION OF THE THREE-LINE MODEL IN FEDERAL LEGISLATION
The model of the three lines of the IIA (2020) is present in the Brazilian legal system through provisions of Decree Law 200/1967, of Normative Instruction MP/CGU No. 01/2016, IN CGU No. 03/2017, IN CGU No. 08/2017 and Law 14.133/2021.
For Decree-Law No. 200/67, the control function must be exercised in a decentralized manner, in accordance with Articles 10 and 13. The internal control system is exercised in three layers, starting with federal agencies, which are responsible for the execution itself, thus regulating the first line of defense. In the second line of defense, we have the specialized bodies and in the third line, the audit. As we can understand, this model was edited long before the advent of the IIA’s three-line defense model in 2013.
This model is highlighted in Article 13 of Decree Law No. 200/67, in the following terms:
Art. 13 O controle das atividades da Administração Federal deverá exercer-se em todos os níveis e em todos os órgãos, compreendendo, particularmente:
O controle, pela chefia competente, da execução dos programas e da observância das normas que governam a atividade específica do órgão controlado;
O controle, pelos órgãos próprios de cada sistema, da observância das normas gerais que regulam o exercício das atividades auxiliares;
O controle da aplicação dos dinheiros públicos e da guarda dos bens da União pelos órgãos próprios do sistema de contabilidade e auditoria (BRASIL, 1967).
Thus, it was already defined in Decree Law No. 200/67, through items “a”, “b” and “c”, which would later be called the model of the three lines of defense, also dealing with the cost-benefit ratio between internal controls and inherent and residual risks, according to Article 14: “Administrative work will be rationalized by simplifying processes and suppressing controls that are evidenced as purely formal or whose cost is evidently higher than the risk” (BRASIL, 1967) [7] .
Normative Instruction MP/CGU No. 01/2016 adopted the model of the three lines of the IIA with the internal audit occupying the third line. In Article 2, item III, it is stated that the internal audit is an independent and objective activity of evaluation and consulting, so that they (internal audits within the scope of public administration) constitute the third line of organizations (BRASIL, 2016).
IN CGU No. 03/2017 has made it available that the internal controls structure follows the model of the three lines of defense, with internal audit activity occupying the third line and that “within the framework of the third line of defense, SFC and CISET perform the function of internal government audit in a concurrent and integrated manner with the individual internal audits, where they exist” (CGU, 2017).
In the Manual of technical guidance of the internal governmental audit activity of the Federal Executive Power (IN CGU No. 08/2017), all UAIG, including the SFC/CGU, CISET and individual audits, are organs of the third line of defense. For example, in item 1.2, item “b”, it is foreseen that any UAIG may “assist the organs and entities of the Federal Executive Power in structuring and strengthening the first and second lines of defense of management” (CGU, 2017).
In turn, the new Bidding Law, Law 14.133/2021, defined the three lines as follows:
Art. 169. As contratações públicas deverão submeter-se a práticas contínuas e permanentes de gestão de riscos e de controle preventivo, inclusive mediante adoção de recursos de tecnologia da informação, e, além de estar subordinadas ao controle social, sujeitar-se-ão às seguintes linhas de defesa:
I – Primeira linha de defesa, integrada por servidores e empregados públicos, agentes de licitação e autoridades que atuam na estrutura de governança do órgão ou entidade;
II – Segunda linha de defesa, integrada pelas unidades de assessoramento jurídico e de controle interno do próprio órgão ou entidade;
III – Terceira linha de defesa, integrada pelo órgão central de controle interno da Administração e pelo tribunal de contas (BRASIL, 2021).
In this law, the audit function was not limited to the internal government audit, but covered the external control exercised by the courts of accounts of all spheres. It is worth noting that placing external control in the third line of defense is not foreseen in the three-line model, which considers only internal audit as the third line.
In the context of Brazilian federal law, due to the conceptual error of article 169 item III in relation to the model of the three lines of the IIA, this item of the new bidding law is in line with Article 13 of Decree Law No. 200/67, Article 2 of IN MP/CGU No. 01/2016 and IN CGU No. 08/2017. However, because it does not deal exclusively with internal or external control, Article 169 does not conflict with CFb/88, which establishes, in Article 74, that the internal control system will provide support to internal control in the exercise of its institutional mission.
2.2.3 AUDIT AND INTERNAL CONTROL: SIMILARITIES AND DIFFERENCES
The internal governmental audit, according to Law 10.180/2001, is carried out through the SFC/CGU and CISET, and Decree No. 3,591/2000 includes the individual internal audits as auxiliary bodies of the Internal Control System of the Federal Executive Power (BRASIL, 2000). For IN MP/CGU No. 01/2016 (CGU, 2016), the government’s internal audit activity is carried out by the aforementioned agencies, in the role of third line of defense, understanding aligned with IN CGU No. 03/2017 (CGU, 2017a) and IN CGU no. 08/2017 (CGU, 2017b). Law 13.303/2016 deals with the activity of internal audit in Articles 9, item III and § 3, in addition to Article 24, item III and VI (BRASIL, 2016b).
Law No. 14,129/2021, which provides for principles, rules and instruments for the Digital Government and for increasing public efficiency, defined the internal audit activity in article 49, namely:
Art. 49. A auditoria interna governamental deverá adicionar valor e melhorar as operações das organizações para o alcance de seus objetivos, mediante a abordagem sistemática e disciplinada para avaliar e melhorar a eficácia dos processos de governança, de gestão de riscos e de controle, por meio da:
I – realização de trabalhos de avaliação e consultoria de forma independente, conforme os padrões de auditoria e de ética profissional reconhecidos internacionalmente;
II – adoção de abordagem baseada em risco para o planejamento de suas atividades e para a definição do escopo, da natureza, da época e da extensão dos procedimentos de auditoria;
III – promoção da prevenção, da detecção e da investigação de fraudes praticadas por agentes públicos ou privados na utilização de recursos públicos federais (BRASIL, 2021a)[8].
In turn, Decree No. 9,203/2017, which provides for public governance, addressed the government’s internal audit activity, which is intended for the evaluation and improvement of organizational processes, and should occur independently, in the following terms:
Art. 18 A auditoria interna governamental deverá adicionar valor e melhorar as operações das organizações para o alcance de seus objetivos, mediante a abordagem sistemática e disciplinada para avaliar e melhorar a eficácia dos processos de gerenciamento de riscos, dos controles e da governança, por meio da:
I – realização de trabalhos de avaliação e consultoria de forma independente, segundo os padrões de auditoria e ética profissional reconhecidos internacionalmente;
II – adoção de abordagem baseada em risco para o planejamento de suas atividades e para a definição do escopo, da natureza, da época e da extensão dos procedimentos de auditoria; e
III – promoção à prevenção, à detecção e à investigação de fraudes praticadas por agentes públicos ou privados na utilização de recursos públicos federais (BRASIL, 2017).
As we saw earlier, the SCI, as with articles 70 and 74 of the CFb/88 (BRASIL, 1988) and Decree Law 200/1964 (BRASIL, 1964), it is an integrated system, within each Power and adherent to the model of the three lines of defense, as we saw in IN MP/CGU no. 01/2016, IN CGU n° 03/2017 and IN CGU n° 08/2017.
The external audit is carried out in the Federal Government, through the Federal Court of Auditors, within the scope of external control, a control provided for in Article 71 of the CFb/88 (BRASIL, 1988). These audits of the TCU are provided for in Law No. 8,443/1992, in various provisions (BRASIL, 1992). Within the other federative entities, external control and auditing are exercised by the respective courts of accounts, through their own regulations.
2.3 AUTONOMY OF GOVERNMENT INTERNAL AUDIT UNITS
The definition of the activities to be carried out by the UAIG should be defined in the Annual Audit Plan – PAINT, the preparation of which is the responsibility of the UAIG itself, in accordance with Article 3 of IN CGU No. 09/2018. Article 4 of this legal provision provides that PAINT should consider the strategic planning of the unit to be examined, the expectations of management, significant risks, as well as governance processes, risk management and internal controls (CGU, 2018).
In turn, IN CGU No. 13/2020 defines the statute as the document that governs the rules of organization and functioning of the UAIG, determining, in its article 5, that the board of directors or equivalent body promotes the revision of the statute UAIG at least once a year. According to art. 2 of this Normative Instruction, these statutes must be in line with the provisions of IN SFC/CGU No. 03/2017 and IN CGU No. 08/2017. Furthermore, according to article 8, the UAIG must also carry out its activities in compliance with international internal auditing standards and norms, such as the IIA norms and the three-line model (CGU, 2020).
Regarding the independence and technical autonomy of the UAIG, IN SFC/CGU No. 03/2017 provides that the UAIG must develop its work impartially and without interference in the definition of which activities should be done and in the way of performing these activities, which consists of the scope. Therefore, according to this normative instruction:
47. A autonomia técnica refere-se à capacidade da UAIG de desenvolver trabalhos de maneira imparcial. Nesse sentido, a atividade de auditoria interna governamental deve ser realizada livre de interferências na determinação do escopo, na execução dos procedimentos, no julgamento profissional e na comunicação dos resultados (CGU, 2017, p. 11).
In relation to the work to be carried out each year by the UAIG, IN CGU No. 09/2018 provides, in article 3, that the Annual Internal Audit Plan – PAINT “must be prepared by UAIG in order to define the priority work to be carried out in the period under the plan” (CGU, 2018).
In addition, when identifying situations that may jeopardize the objectivity and performance of their duties, uaig’s internal auditors should seek guidance from the SFC/CGU or its CISET, as the case may be, as highlighted in item 51 of IN SFC/CGU No. 03/2017:
51. Os auditores devem declarar impedimento nas situações que possam afetar o desempenho das suas atribuições e, em caso de dúvidas sobre potencial risco para a objetividade, devem buscar orientação junto aos responsáveis pela supervisão do trabalho ou à comissão de ética ou instância similar, conforme apropriado na organização (CGU, 2017, p. 11)
Finally, IN SFC/CGU No. 03/2017 dems not the exercise of concomitant government and management internal audit activities, establishing a quarantine period of twenty-four months so that internal auditors can audit the same processes in which they acted, as executors, at the operational level.
52. Os auditores internos governamentais devem se abster de auditar operações específicas com as quais estiveram envolvidos nos últimos 24 meses, quer na condição de gestores, quer em decorrência de vínculos profissionais, comerciais, pessoais, familiares ou de outra natureza, mesmo que tenham executado atividades em nível operacional (CGU, 2017, p. 12).
Due to the above, the internal audit activity falls into the third line, exercised with independence and objectivity, which is defined by the UAIG itself, considering what was established in its own statute. That activity must not be interfered with by management and should report to the SFC/CGU or its CISET any situation which compromises its independence and objectivity. Furthermore, if the internal auditor has acted in the operational management of a given process, it is necessary to wait a period of twenty-four months to audit, as internal auditor, the same process.
3. METHODOLOGY
In order to achieve the desired results, the present study used a descriptive research, understood as one that aims to identify the characteristics of a phenomenon to be analyzed and establish relationships between the variables (SILVA, 2003). In turn, a literature review was carried out as a method of data collection, highlighting the analysis of the best practices of the IIA, coso, in addition to the relevant federal legislation.
Federal legislation was selected through research on official sites, such as the CGU and the Civil House of the Presidency of the Republic. A content analysis of the selected norms and best practices was performed, covering the reading of the material in its entirety, followed by the selection of words and sets of words that make sense, according to the classification of these words or phrases, in certain categories or themes (BARDIN, 1977).
Moreover, the content was submitted to a qualitative analysis, used for experimental research, when “there are no predefined formulas or recipes to guide researchers” (GIL, 2008, p. 175). Therefore, the investigation allowed the discussion of the results and the conclusion about the autonomy and independence of the work of the UAIG of the PEF, within the internal control system and in the context of the model of the three lines of the IIA (2020).
4. RESULTS AND DISCUSSION
According to the IIA’s positioning statements regarding the three-line model and the role of internal auditing, the role of internal audit ing is within the entity’s internal control system, but differs from the role of management, as it is in the third line (IIA, 2020). For example, according to the IIA (2009), it is not the role of the internal audit to be responsible for the organization’s internal control system. According to COSO (2013), it is not up to the internal audit to decide on which internal controls should or should not be implemented, nor the definition of risk appetite.
Therefore, for the IIA, the internal audit is a subset of the internal control system, which consists of both the first and second lines (management) and the third line (internal audit) whose role is evaluation and consulting (IIA, 2020). COSO (2013) does not provide a definition of what the internal control system is, but uses this expression multiple times in a context of an entity as a whole, as the sum of all internal controls of an organization.
Although the IIA and COSO make it clear that the concepts of internal control system and internal audit refer to different meanings, Law 10.180/2001 and Decree 3.591/2000 use the term “Internal Control System” to designate a group of internal government audit bodies, such as the SFC/CGU and CISETs, referring to them as control bodies and not only as audit units. As if that were not enough, the new Bidding Law, in several points, refers to the term “internal control” both in relation to internal control of management and to internal control related to audit activity, such as Articles 8, § 3 and Article 19, item IV dealing with the second line and Article 141, §§ 1 and 2, dealing with the third line and the court of auditors. In Article 169, the term “control” refers to the internal audit body of the person, with both internal and external control in the same line of defense, by including the court of auditors in the third line (BRASIL, 2021b).
Therefore, responsibility for management is not the role of internal auditing, given that the positioning statement on the role of internal audit in risk management (IIA, 2009) indicates that decision-making and deployment of risk responses should not be an assignment that the internal audit should assume. Similarly, COSO (2013) establishes that management is responsible for the adoption of responses to risks and/or the implementation of internal controls. However, the internal audit, within the scope of the consultancy, can assist the other lines in the elaboration of these models, with the necessary safeguards related to the management’s own attributions.
With regard to the current federal legislation, when identifying the different actors that are part of the SCI, the analysis of the legislation allows us to say that the role of the government’s internal audit units of the direct and indirect federal public administration, including the CGU as the central body, CISET as sectoral bodies and the UAIG, in attention to the normative regulations treated, is the third line or layer, carrying out the activity of internal governmental audit, carried out through evaluation and consulting, acting in the legally established scope in their respective areas of competence. In the case of the singular internal audit units of indirect administration, the action of the third line of defense occurs independently and concurrent to the CGU or CISET, as the case may be.
In view of the above, it is perceived that the concepts of the current legislation applicable to the Brazilian Federal Executive Power, with regard to the role of the internal auditor, the model of the three lines and the internal controls (of management) are aligned with the concepts of literature and international standards, namely the standards of COSO (2007; 2013) and the IIA (2009; 2013; 2020).
With regard to the concept of “internal control system” adopted mainly in Law No. 10,180/2001 and Decree No. 3,591/2001, we can adopt the technique of legal hermeneutics (ÂMBITO JURÍDICO, 2019), for the interpretation of Law 14.133/2021, Law 10.180/2001 and Decree No. 3,591/2001 in a convergent way with the other legal provisions (LEITE, 2020), due to the vague or ambiguous meaning of the expressions “control”, “internal control” or “internal control system”. In fact, when interpreting the expression “internal control system” or “internal control”, we must also verify which activity is in question, whether it is management or internal government audit. Thus, for the analysis of the devices, we must take into account both the international standards and standards of internal audit, risk management and internal control and the normative basis related to the theme, nod. CFb/88, Decree Law No. 200/1967, IN MP/CGU no. 01/2016, IN CGU no. 03/2017 and IN CGU n° 08/2017.
On the other hand, we should not interpret, in Brazilian federal legislation, the expressions “internal control” or “internal control system” without considering the context of the activity framework in internal audit (third line) or management (first and second lines). For this framework, as we said, we should consult international standards and applicable regulatory basis.
Furthermore, considering the provisions of Article 15 of Decree 3.591/2000 and in order to make Law 10,180/2001 compatible with the Brazilian Federal Constitution, in the sense that internal audits also perform the function of government audit, in accordance with Articles 70 and 74 of the CFb/88, we must interpret Law 10.180/2001 and Decree No. 3,591/2000 in order to understand that the relationship of organs that are part of the internal control system is an example of and that the expression “internal control” corresponds to the audit activity, according to the caput of Article 21 of Law 10.180/2001. This interpretation is possible through the use of the word “integrate”, which can be understood as inclusion in a larger set and not as an exhaustive enumeration[9]. On the other hand, legal provisions should not be interpreted as an exhaustive enumeration, meaning that the internal control system as if they were the sole and exclusive competence of the internal governmental audit bodies.
Therefore, the role of the singular internal audit units (UAIG) of the federal public administration, such as Law No. 14,133/2021, Decree 3,591/2000 and Law 10,180/2001, is that of evaluation and consulting in their respective organizations, in a manner concurrent to the central body of the internal control system (CGU) and sectoral agencies (CISET), as the case may be.
5. CONCLUSION
The autonomy and independence of the internal governmental audit, especially the UAIG of the Federal Executive Power, is fundamental for the effective functioning of the internal control system, due to the number of organs of indirect administration and the materiality of the resources involved.
In order to understand whether Brazilian federal legislation provides legal guarantees for the work of The UAIG, we conceptualize internal control, management and internal control system, considering both international standards and standards as well as the Federal Constitution and other legal and regulatory standards at the federal level. This analysis was necessary so that we could understand the role of internal government audit within the internal control system of the PEF, emphasizing the similarities and differences between the audit, the internal control system and the control. Thus, we were able, in the light of the legislation, to understand the autonomy and role of the internal government audit in relation to management, in the context of the model of the three lines of the IIA.
Therefore, the analysis in international standards and legislation allowed us to say that federal legislation ensures the autonomy of The UAIG and the independence and objectivity of the AAIG performed by the individual internal audits. Therefore, the role of UAIG is third line or layer, through audit activity, subdivided into evaluation and consulting. This action occurs within the respective organizations of which the UAIG are part, so that the third-line role is exercised in a concurrent manner with the CGU or CISET, as the case may be.
If there are similar occurrences in other entities of the direct administration regarding the topics dealt with in this study, it is proposed that the SFC/CGU can consolidate the provisions of federal legislation and preventively guide the other UAIG and managers of the municipal and foundational entities, in order to strengthen the role of the UAIG and the agents responsible for each line (or layer) and that integrate the internal control structure of the organs and entities of the Federal Executive Power, avoiding conflicts of attributions, duplication of efforts or misunderstandings in the design and implementation of internal controls of responsibility of the managers of these entities.
REFERENCES
ÂMBITO JURÍDICO, 2019. Disponível em: https://ambitojuridico.com.br/cadernos/direito-civil/a-hermeneutica-juridica-parte-1-sistemas-e-meios-intrepretativos/#:~:text=O%20objeto%20da%20hermen%C3%AAutica%20%C3%A9,o%20sentido%20da%20norma%20jur%C3%ADdica. Acesso em: 04 ago. 2021.
BARDIN, L. Análise de conteúdo. Lisboa: Edições 70, 1977.
BRASIL. Constituição da república federativa do Brasil, 1988. Brasília, 1988. Disponível em: http:// www.planalto.gov.br/ccivil_03/constituicao/constituicao.htm. Acesso em: 04 ago. 2021.
________. Controladoria-Geral da União. Instrução Normativa Conjunta nº 1, de 10 de maio de 2016. Dispõe sobre controles internos, gestão de riscos e governança no âmbito do Poder Executivo federal. Brasília, 2016. Disponível em: https://www.in.gov.br/materia/-/asset_publisher/Kujrw0TZC2Mb/content/id/21519355/do1-2016-05-11-instrucao-normativa-conjunta-n-1-de-10-de-maio-de-2016-21519197. Acesso em: 04 ago. 2021.
________. Controladoria-Geral da União. Instrução Normativa nº 3, de 9 de junho de 2017. Aprova o Referencial Técnico da Atividade de Auditoria Interna Governamental do Poder Executivo Federal. Brasília, 2017a. Disponível em: https://www.in.gov.br/materia/-/asset_publisher/Kujrw0TZC2Mb/content/id/19111706/do1-2017-06-12-instrucao-normativa-n-3-de-9-de-junho-de-2017-19111304. Acesso em: 04 ago. 2021.
________. Controladoria-Geral da União. Instrução Normativa nº 8, de 6 de dezembro de 2017. Manual de Orientações Técnicas da Atividade de Auditoria Interna Governamental do Poder Executivo Federal. Brasília, 2017b. Disponível em: https://www.in.gov.br/materia/-/asset_publisher/Kujrw0TZC2Mb/content/id/1096823/do1-2017-12-18-instrucao-normativa-n-8-de-6-de-dezembro-de-2017-1096819-1096819. Acesso em: 04 ago. 2021.
________. Controladoria-Geral da União. Instrução Normativa nº 9, de 9 de outubro de 2018. Dispõe sobre o Plano Anual de Auditoria Interna – PAINT e sobre o Relatório Anual de Atividades de Auditoria Interna – RAINT das Unidades de Auditoria Interna Governamental do Poder Executivo Federal e dá outras providências. Brasília, 2018. Disponível em: https://www.in.gov.br/materia/-/asset_publisher/Kujrw0TZC2Mb/content/id/44939745/do1-2018-10-11-instrucao-normativa-n-9-de-9-de-outubro-de-2018-44939518 Acesso em: 05 ago. 2021.
________. Controladoria-Geral da União. Instrução Normativa nº 13, de 6 de maio de 2020. Aprova os requisitos mínimos a serem observados nos estatutos das Unidades de Auditoria Interna Governamental (UAIG) do Poder Executivo Federal. Brasília, 2020. Disponível em: https://www.in.gov.br/web/dou/-/instrucao-normativa-n-13-de-6-de-maio-de-2020-255615399. Acesso em: 05 ago. 2021.
_______. Decreto-Lei nº 200, de 25 de fevereiro de 1967. Dispõe sobre a organização da Administração Federal, estabelece diretrizes para a Reforma Administrativa e dá outras providências. Brasília, 1967. Disponível em: http://www.planalto.gov.br/ccivil_03/decreto-lei/del0200.htm. Acesso em: 04 ago. 2021.
________. Decreto nº 3.591, de 6 de setembro de 2000. Dispõe sobre o Sistema de Controle Interno do Poder Executivo Federal e dá outras providências. Brasília, 2000. Disponível em: http://www.planalto.gov.br/ccivil_03/decreto/D3591.htm. Acesso em 19/05/2019.
________. Decreto nº 9.203, de 22 de novembro de 2017. Dispõe sobre a política de governança da administração pública federal direta, autárquica e fundacional. Brasília, 2017. Disponível em: http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2017/decreto/d9203.htm. Acesso em: 05 ago. 2021.
_______. Lei n° 4.320, de 17 de março de 1964. Estatui Normas Gerais de Direito Financeiro para elaboração e controle dos orçamentos e balanços da União, dos Estados, dos Municípios e do Distrito Federal. Brasília, 1964. Disponível em: http://www.planalto.gov.br/ccivil_03/leis/l4320.htm. Acesso em: 04 ago. 2021.
_______. Lei Nº 8.443, de 16 de julho de 1992. Dispõe sobre a Lei Orgânica do Tribunal de Contas da União e dá outras providências. Brasília, 2017. Disponível em: http://www.planalto.gov.br/ccivil_03/leis/l8443.htm. Acesso em: 05 ago. 2021.
_______. Lei n° 10.180, de 6 de fevereiro de 2001. Organiza e disciplina os Sistemas de Planejamento e de Orçamento Federal, de Administração Financeira Federal, de Contabilidade Federal e de Controle Interno do Poder Executivo Federal, e dá outras providências. Brasília, 2001. Disponível em: Disponível em: http://www.planalto.gov.br/ccivil_03/LEIS/LEIS_2001/L10180.htm. Acesso em: 04 ago. 2021.
________. Lei Nº 13.303, de 30 de junho de 2016. Dispõe sobre o estatuto jurídico da empresa pública, da sociedade de economia mista e de suas subsidiárias, no âmbito da União, dos Estados, do Distrito Federal e dos Municípios. Brasília, 2016. Disponível em: http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2016/lei/l13303.htm. Acesso em: 04 ago. 2021.
________. Lei nº 14.129, de 29 de março de 2021. Dispõe sobre princípios, regras e instrumentos para o Governo Digital e para o aumento da eficiência pública e altera a Lei nº 7.116, de 29 de agosto de 1983, a Lei nº 12.527, de 18 de novembro de 2011 (Lei de Acesso à Informação), a Lei nº 12.682, de 9 de julho de 2012, e a Lei nº 13.460, de 26 de junho de 2017. Brasília, 2021a. Disponível em: https://www.in.gov.br/en/web/dou/-/lei-n-14.129-de-29-de-marco-de-2021-311282132. Acesso em: 05 ago. 2021.
________. Lei n° 14.133, de 1° de abril de 2021. Lei de Licitações e Contratos Administrativos. Brasília, 2021b. Disponível em: https://www.in.gov.br/en/web/dou/-/lei-n-14.133-de-1-de-abril-de-2021-311876884. Brasília, 2021. Acesso em: 04 ago. 2021.
________. Tribunal de Contas da União. Acórdão nº 1171/2017 – TCU – Plenário: Relatório de Levantamento TC 011.759/2016-0. Brasília, 2017. Disponível em: https://portal.tcu.gov.br/lumis/portal/file/fileDownload.jsp?fileId=8A8182A25EABAA93015EBEA525695384. Acesso em: 04 ago. 2021.
________. Tribunal de Contas da União. Critérios Gerais de Controle Interno na Administração Pública: um estudo dos modelos e das normas disciplinadoras em diversos países. Brasília, 2009. Disponível em: https://portal.tcu.gov.br/lumis/portal/file/fileDownload.jsp?fileId=8A8182A15A4C80AD015A4D5CA9965C37. Acesso em: 04 ago. 2021.
________. Tribunal de Contas da União. Governança Pública: Referencial Básico de Governança Aplicável a Órgãos e Entidades da Administração Pública e Ações Indutoras de Melhoria. Brasília, 2014. Disponível em: https://portal.tcu.gov.br/biblioteca-digital/governanca-publica-referencial-basico-de-governanca-aplicavel-a-orgaos-e-entidades-da-administracao-publica-e-acoes-indutoras-de-melhoria.htm. Acesso em: 05 ago. 2021.
COSO – Committee of Sponsoring Organizations of the Treadway Commission. Controle Interno – estrutura integrada: sumário executivo. São Paulo: IIA Brasil, 2013.
COSO – Committee of Sponsoring Organizations of the Treadway Commission. Gerenciamento de riscos corporativos – estrutura integrada: sumário executivo. Jersey City, 2007. Disponível em: http:www.coso.org/documents/COSO_ERM_ExecutiveSummnary_Portuguese.pdf. Acesso em: 04 ago. 2021.
DE OLIVEIRA, Denise Fontenele. O controle interno e auditoria governamental: comparativo. Revista Controle-Doutrina e Artigos, v. 12, n. 1, p. 196-211, 2014. Disponível em: https://revistacontrole.tce.ce.gov.br/index.php/RCDA/article/download/211/213.
INSTITUTO DE AUDITORES INTERNOS. Declaração de posicionamento do IIA: o papel da auditoria interna no gerenciamento de riscos corporativo. Lake Mary, Fl: The Institute of Internal Auditors, 2009. Disponível em: https://iiabrasil.org.br/korbilload/upl/ippf/downloads/declarao-de-pos-ippf-00000001-21052018101250.pdf. Acesso em 04 ago. 2021.
INSTITUTO DE AUDITORES INTERNOS. Declaração de Posicionamento do IIA: O Papel da Auditoria Interna na Governança Corporativa. Lake Mary, FL: The Institute of Internal Auditors, 2018. Disponível em: https://iiabrasil.org.br/korbilload/upl/ippf/downloads/declarao-de-pos-ippf-00000006-14062018163019.pdf. Acesso em 04 ago. 2021.
INSTITUTO DE AUDITORES INTERNOS. Declaração de posicionamento do IIA: as três linhas de defesa no gerenciamento eficaz de riscos e controles. Lake Mary, FL: The Institute of Internal Auditors, 2013. Disponível em: https://repositorio.cgu.gov.br/handle/1/41842. Acesso em 04 ago. 2021.
INSTITUTO DE AUDITORES INTERNOS. Modelo das Três Linhas do IIA 2020: uma atualização das três linhas de defesa. Lake Mary, FL: The Institute of Internal Auditors, 2020. Disponível em: https://iiabrasil.org.br/korbilload/upl/editorHTML/uploadDireto/20200758glob-th-editorHTML-00000013-20072020131817.pdf. Acesso em 04 ago. 2021.
GIL, Antonio Carlos. Métodos e técnicas de pesquisa social. 6. ed. Ediitora Atlas SA, 2008.
JOSÉ FILHO, Antônio. A importância do controle interno na administração pública. Diversa, Ano I – nº 1, p. 85-99, jan./jun, 2008. Disponível em: http://capa.tre-rs.gov.br/arquivos/JOSE_controle_interno.PDF. Acesso em: 01 jul. 2021.
MAIA, Matheus Silva et al. Contribuição do sistema de controle interno para a excelência corporativa. Revista Universo Contábil, v. 1, n. 1, p. 54-70, 2005. Disponível em: http://www.rep.educacaofiscal.com.br/100913090539auditoria_interna_e_o_controle_interno.pdf. Acesso em: 01 jul. 2021.
LEITE, Gisele. Da Hermenêutica para a compreensão da lei e do Direito. Jornal Jurid, Bauru, ago. 2020. Disponível em: https://www.jornaljurid.com.br/colunas/gisele-leite/da-hermeneutica-para-a-compreensao-da-lei-e-do-direito. Acesso em: 01 jul. 2021.
RIBEIRO, Renor Antonio Antunes. O papel da auditoria interna na gestão de riscos em entidades do setor público de Portugal e do Brasil. 2019. Dissertação de Mestrado. Disponível em: https://repositorium.sdum.uminho.pt/bitstream/1822/64581/1/Renor+Antonio+Antunes+Ribeiro.pdf. Acesso em: 01 jul. 2021.
RIBEIRO, Renor. Gestão de Riscos no Setor Público: normas e padrões internacionais, análise das legislações nacionais de Portugal e do Brasil e aplicação na base normativa do setor público. 1ª ed. Brasília: Athenas Editora, 2020a.
RIBEIRO, Renor. Gestão de Riscos em Organizações Públicas: normas e padrões internacionais utilizados para a gestão de riscos, etapas do processo e análise da base normativa de Portugal e do Brasil. 1ª ed. Lisboa: Edições Exlibris, 2020b.
SILVA, E. L.; MENEZES, E. M. Metodologia da pesquisa e elaboração de dissertação. 4. ed. rev. atual. Florianópolis: UFSC, 2005.
APPENDIX – REFRENCE FOOTNOTE
2. Available in: https://legislacao.presidencia.gov.br/atos/?tipo=MPV&numero=480&ano=1994&ato=897ATWE10dJpWT268
3. The “internal control system” in Law No. 10,180/2001 can be understood as the set of internal governmental audit bodies, or the set of third-line bodies. See the item on the distinction between internal control and internal government audit.
4. Available in: https://www.gov.br/secretariageral/pt-br/estrutura/secretaria_de_controle_interno/institucional. Accessed: 04 Aug. 2021.
5. The acronym UAIG is established in IN CGU n° 03/2017.
6. Available in: https://www.in.gov.br/materia/-/asset_publisher/Kujrw0TZC2Mb/content/id/19111706/do1-2017-06-12-instrucao-normativa-n-3-de-9-de-junho-de-2017-19111304
7. Available in: http://www.planalto.gov.br/ccivil_03/decreto-lei/Del0200.htm. Accessed: 07/09/2020.
8. Available in: https://www.in.gov.br/en/web/dou/-/lei-n-14.129-de-29-de-marco-de-2021-311282132
9. According to the Michaelis Dictionary, integrating is: 1 Embedding an element into a set; include, integralize: “The young writer was winner of the Jabuti Prize […] and his books also integrate basic collections of the National Foundation of Children’s and Youth Book” ( TM1 ). Available in: https://michaelis.uol.com.br/busca?id=dNMl7#:~:text=1%20Incorporar(%2Dse)%20um,e%20Juvenil%E2%80%9D%20(%20TM1%20)%20.
[1] Master in Public Administration at Universidade do Minho – UMINHO, MBA in Strategic Management in Public Administration, Specialist in Public Administration at UMINHO, Specialist in Educational Planning, Graduated in Mechanical Engineering from UFC, Graduated in Physics from UECE, Graduated in Music Education from UnB.
Submitted: August, 2021.
Approved: September, 2021.
