On Public Internal Financial Control

LAW OF GEORGIA

ON PUBLIC INTERNAL FINANCIAL CONTROL

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Chapter I − General Provisions

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Article 1 − Purpose and Scope of the Law

1. This Law regulates the procedure and principles for the introduction of public internal financial control systems in the institutions envisaged under this Law and other issues relevant to the development, formation and implementation of public internal financial control systems.

2. This Law defines the methodology and standards required for the functioning of public internal financial control systems and the relations between the Ministry of Finance of Georgia and other entities in the process of the establishment of these systeme, as well as their rights and duties.

3. The Ministry of Finance of Georgia is an authorised body which, through the Central Harmonisation Unit, promotes the establishment and development of public internal financial control systems and carries out coordination and harmonisation of related issues.

4. Public internal financial control systems cover:

a) financial management and control;

b) internal audit;

c) central harmonisation unit.

5. This Law shall apply to entities referred to in Article 4(1) and (2) of this Law, also to those budget agencies in which an internal audit unit is or will be set up, from the moment of the establishment of such unit.

6. Chapter II of this Law shall apply to all budget agencies irrespective of their obligation to have an internal audit unit in place.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Article 2 − Definition of terms used in the Law

The terms used in this Law have the following meaning:

a) internal audit unit − a structural division (unit) of an institution, or a unit subordinate to the institution, that is authorised to conduct internal audits in accordance with this Law;

b) internal auditor − an employee of an internal audit unit who conducts internal audits in accordance with this Law;

c) auditee − an institution and/or a system of institutions and/or structural division/divisions (unit/units) and/or unit/units subordinate to an institution in which internal audits are conducted;

d) institution − institutions/legal persons/organisations as defined in Article 4(1) and (2) of this Law, also budget agencies covered by Chapter II of this Law;

e) internal control system − the whole system of managerial, financial and other controls of an institution, including the organisational structure, methods, procedures and internal audit, which is established by management to assist the institution in achieving its goals and in conducting its business in a regular, transparent, economical, efficient and effective manner;

f) financial management and control − part of an internal control system, established and implemented by management to ensure that funds are used in a regular, transparent, economical, efficient and effective manner in pursuit of the goals of the institution.

g) internal audit − an independent, objective assurance and consulting activity designed to help an organisation improve its operations, achieve its goals and accomplish its objectives by bringing a systematic, disciplined and organised approach to evaluate and improve the effectiveness of risk management, control and governance process;

h) internal audit engagement − an audit that is recommendatory in nature and comprises a set of activities, tasks and processes to be carried out in the auditee;

i) the Central Harmonisation Unit ('CHU') − a structural unit attached to the Ministry of Finance of Georgia that promotes and ensures the establishment, development and upgrading of public internal financial control systems in institutions and coordinates relevant issues;

j) systems based audit − assessment of the adequacy and efficiency of financial management and control systems;

k) compliance audit − verification and assessment of the compliance of the activities of an institution with the relevant policy, plans, procedures, law and regulations;

l) performance audit − an objective and reliable assessment of the activities, transactions, programmes, and of the organisational structure and systems of an auditee with a view to verifying their compliance with the principles of economy, efficiency and effectiveness and to identifying potential for development;

m) financial audit − examination of accounting and financial statements of an auditee with a view to verifying their compliance with the legislation of Georgia and relevant standards;

n) IT systems audit − examination of the sufficiency and adequacy of the protection of the security of the systems of IT applications in order to guarantee the confidentiality, integrity and availability of information and IT systems;

o) internal audit report − a report prepared by an internal auditor after an internal audit that reflects internal audit results, process and findings, their analysis and recommendations made on their basis, as well as the arguments presented by the auditee (if any);

p) the Code of Ethics for Internal Auditors − principles applying to internal auditors and containing basic rules of conduct;

q) internal audit standards − the criteria or indicators corresponding to the standards of the Institution of Internal Auditors (IIA) that define basic requirements for professional practice and represent main guidelines for internal auditors in conducting internal audits;

r) international internal control standards − Guidelines for Internal Control Standards for the Public Sector issued by the INTOSAI;

s) risk − the probability of an event occurring and resulting in a negative impact on the accomplishment of an institution's goals and objectives;

t) economy − minimising the cost of resources having due regard to the appropriate quality, which means acquisition at the right time and at the lowest cost of necessary resources in terms of both quality and quantity;

u) effectiveness − the assessment of the extent to which the stated outcomes and objectives are achieved, which means the relationship between the achieved objectives and outcomes with the activities performed;

v) efficiency − the use of available resources in such a way as to maximise output, which means the relationship between the resources used and the outputs produced, having due regard to the relevant quality, quantity and timeliness.

Law of Georgia No 3756 of 26 October 2010 − LHG I, No 62, 05.11.2010, Art. 395

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Article 3 − Independence of internal audit units and of internal auditors

1. An internal audit unit shall be accountable to the head of the institution and act in coordination with the Central Harmonisation Unit in cases specified in this Law.

2. An internal audit unit shall be functionally independent from other units of the institution.

3. An independent audit unit shall be functionally independent in planning, performing and reporting on the findings of an internal audit.

4. Internal auditors shall be independent in their activities and be guided by the legislation of Georgia, internal audit standards, internal audit methodology, the Code of Ethics for Internal Auditors and other guidelines and legal acts. Internal auditors shall act without any outside interference or influence of any kind.

5. The head of the institution shall ensure the functional independence of internal auditors in the process of planning, performing and reporting on the findings of the audit, as well as in the monitoring of the implementation of the recommendations made.

6. The head of the institution shall ensure the follow-up of the recommendations made in the final audit report.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Article 4 − Establishing internal audit units in certain institutions

1. Internal audit units shall be established in:

a) the Ministries of Georgia;

b) the Ministries of the Autonomous Republics of Abkhazia and Ajara;

c) legal entities under public law, the list of which and the Strategy for the implementation and development of internal audit system in such entities, is approved by the Government of Georgia upon the recommendation of the Ministry of Finance of Georgia;

d) the City Halls of municipalities – on the basis of a decision of a respective Sakrebulo.

2. An internal audit unit may also be established in a legal entity under private law (in which the State holds more than 50% of shares or ownership interest) and other budget agencies, at their request.

3. The draft statutes of the internal audit units of the institutions specified in paragraph 1(a-c) of this article shall be prepared in consultation with the Central Harmonisation Unit. In addition, the institutions specified in paragraphs 1 and 2 of this article shall notify the Central Harmonisation Unit of the establishment of internal audit units.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Law of Georgia No 1266 of 26 July 2017 − website, 29.07.2017

Chapter II − Financial Management and Control

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Article 5 − Development of financial management and control systems

1. Each institution shall design its own financial management and control system in accordance with this Law, other legislative and subordinate acts and the Instructions on the Rules and Procedures for the Establishment of Financial Management and Control Systems developed by the Central Harmonisation Unit and approved by the Government of Georgia,

2. Each manager at every hierarchical level of an institution shall, within the scope of his/her authority, be responsible to notify his/her superior manager about activities conducted in relation to financial management and control.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Article 6 − Purpose of financial management and control

1. A financial management and control system shall be established in order to improve financial management and decision-making processes and to accomplish the goals and objectives of the institution, and shall be carried out by ensuring:

a) conformity of transactions performed by an institution with the legislation of Georgia, regulations, internal policy and international agreements and treaties to which Georgia is a party;

b) complete, comprehensive and reliable financial and operational reporting;

c) economical, effective and efficient use of funds and resources;

d) protection of assets, information and other resources from loss, or from improper use or mismanagement and damage.

2. Financial management and control shall be exercised by the management of an institution in all structural divisions (units) and subordinated units of the institution.

3. Financial management and control covers both financial and non-financial processes, operations and activities related to the operation of the institution.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Article 7 − Concept of managerial accountability

1. Managers at all hierarchical levels of an institution shall be accountable to their superior managers for their activities and for the accomplishment of the goals and objectives of the institution by lawful, economical, effective and efficient management of funds.

2. Where more than one institution and/or division (unit) of an institution or unit subordinate to the institution are working on the same programme or project, the respective managers shall agree in writing on the scope of their managerial accountability.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Article 8 − Scope of managerial accountability and responsibility

1. Within the scope of his/her authority, the manager of an institution shall:

a) identify, assess and manage risks;

b) define the goals and objectives of the institution; develop strategic and action plans and programmes for achieving the set goals and objectives;

c) in accordance with the legislation of Georgia determine and manage the resources necessary for the accomplishment of the goals and objectives of the institution;

d) promote effective management and professional development of human resources;

e) facilitate the establishment of an effective system of data protection and management;

f) develop and establish an optimal organisational structure for effective performance of assigned duties;

g) delegate authority in the process of decision-making, implementation and control;

h) ensure the establishment of procedures for keeping complete, accurate, timely and regular records of all operations performed by the institution;

i) facilitate the operation of an internal audit unit in accordance with the legislation of Georgia;

j) ensure the monitoring of the financial management and control system, take appropriate measures to improve the system based on recommendations made by internal auditors and other assessments;

k) implement and promote the introduction of anti-corruption procedures;

l) perform an assessment of the condition of the financial management and control system outcomes;

m) exercise other powers granted under the legislation of Georgia.

2. The head of an institution shall, within the scope of this Law, be responsible for providing appropriate resources to the internal audit unit and ensuring its continuous operation.

3. (Deleted − 18.12.2015, No 4675).

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Article 9 − Delegation of powers

1. The head of an institution may delegate the powers provided for in this Chapter to an authorised person subordinate to him/her.

2. The delegation of powers shall not release the head of an institution from responsibility in the exercise of powers delegated by him/her.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Article 10 − Components of financial management and control

1. Financial management and control shall be based on international internal control standards and shall be exercised by means of the following interrelated components:

a) control environment;

b) risk management;

c) control activities;

d) information and communication;

e) monitoring and evaluation.

2. The head of an institution shall, with due regard to the specific situation of the institution, ensure the design, development and functioning of financial management and control components.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Article 11 − Control environment

For the proper functioning of financial management and control systems, heads of institutions shall ensure the development and improvement of the control environment, which includes:

a) personal and professional integrity, as well as ethical values of the management and the staff;

b) management processes and methods;

c) determination of the goals and objectives of the activities of a structural division (unit) of the institution;

d) organisational structure, which includes the assignment of responsibilities and authority, as well as appropriate lines of reporting;

e) human resources polices and practices;

f) competency of the staff of the institution.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Article 12 − Risk management

The head of an institution shall be in charge of establishing a risk management system. He/she shall determine the identification, assessment, control and monitoring processes of those likely events and situations that affect the achievement of the goals and objectives of the institution and/or of a structural division (unit) of the institution, and/or of a unit subordinate to the institution; and also measures necessary to mitigate risks.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Article 13 − Control activities

1. Control activities shall be established to reduce risks to an optimal level, to achieve the institution's goals and objectives and shall be based on relevant instructions and procedures.

2. Control activities shall correspond to the activities of the relevant structural division (unit) of an institution and the cost shall not exceed the expected benefits.

3. Control activities shall include:

a) procedures for assigning authority;

b) such distribution of duties as to ensure that the same person is not responsible for assigning authority, performing an action and exercising control;

c) the introduction of a double signature system, which will make it impossible to assume any obligation or to make any payments without the concurrent signatures of the head of the institution and the head of its structural division (unit) or another authorised person;

d) rules controlling access to assets and to financial and non-financial information;

e) the exercise of ex ante and ex post control;

f) the establishment of procedures for keeping complete, accurate, timely and regular records of all operations performed by the institution;

g) the assessment of the effectiveness and efficiency of operations performed by an institution, as well as conformity of the institution's processes and activities with the legislation of Georgia;

h) supervision;

i) the establishment of effective procedures for managing human resources;

j) recording of all transactions performed by the institution, etc.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Article 14 − Information and communication

The head of an institution shall introduce and develop reliable, comprehensive and accessible information and communication systems that:

a) ensure access, at all hierarchical levels of the institution, to the current and reliable information on activities of the institution;

b) give opportunity to all members of the staff to receive complete and accurate information, directions and instructions about their duties and responsibilities.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Article 15 − Monitoring and evaluation

1. The head of an institution shall be responsible for the monitoring and evaluation of the financial management and control system, as well as for its proper operation and timely upgrade. Monitoring shall also ensure timely and proper implementation of recommendations made in internal audit reports.

2. The monitoring and evaluation referred to in paragraph 1 of this article shall be accomplished through ongoing monitoring and self-assessment along with an internal audit.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Article 16 − Annual reporting on the establishment and development of financial management and control system

The heads of institutions referred to in Article 4(1)(a-c) of this Law shall submit an annual report on the establishment and development of financial management and control systems to the Ministry of Finance of Georgia by the end of January of the following year.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Chapter III − Internal Audit

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Article 17 − Basic principles of activities of internal audit units

Internal audit units shall perform their activities in compliance with this Law, other legislative and subordinate acts of Georgia, internal audit standards, the Code for Internal Auditors, the statutes of internal audit units and the following basic principles:

a) independence;

b) integrity;

c) objectivity;

d) professionalism;

e) confidentiality;

f) legality;

g) transparency.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Article 18 − Authority and goals of internal audit units

1. The authority of an internal audit unit shall cover the system of the institution in which it is established.

2. Internal audit shall help the institution to achieve its goals by means of the following activities:

a) assessment of the quality of management of risks faced by the institution;

b) assessment of the adequacy and efficiency of the financial management and control system;

c) assessment of the compliance of the activities of the institution with the legislation of Georgia, applicable rules and regulation;

d) making recommendations to improve the economy, effectiveness and efficiency of the institution's activities;

e) assessment of the reliability, accuracy and completeness of financial and other information;

f) assessment of whether there are proper safeguards in place to protect the assets, other resources and information of the institution;

g) other activities that follow from the specific nature of the institution and comply with the legislation of Georgia, the purpose of this Law and the principles of independence of internal auditors.

3. The object of assessment and analysis of an internal audit unit, within the scope of its authority, may be any processes and areas of activity of the institution.

4. The staff of an internal audit unit shall, in the course of performing their duties, cooperate with internal auditors and ensure the availability of the databases and documents of any information related to the issues falling within their competence and/or the performance of relevant activities.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Article 19 − Rights and duties of internal auditors

1. Internal auditors may, in the process of an internal audit, receive all necessary information, documents and have access to databases, irrespective of their form (electronic, etc.). Internal auditors may also request the auditee to present relevant documents in the official language, make copies of documents, etc., except as provided for in the legislation of Georgia.

2. The head of an institution and the staff shall, within the scope of their authority, provide appropriate assistance to an internal auditor during an internal audit.

3. Internal auditors shall:

a) comply with the statute of the auditee, internal audit standards, the Code of Ethics for Internal Auditors, internal audit methodology and other legal acts governing internal audit activities;

b) before conducting an internal audit, present to the auditee an individual audit plan;

c) ensure the protection of the personal data, state, official and commercial secrets of the auditee in accordance with the legislation of Georgia and not disclose information that became known to them in the course of performing their duties, except where the disclosure of information is required for the purpose of the internal audit and/or under relevant legislation;

d) be prohibited from making public internal audit findings without the consent of the head of the institution, except as provided for by the legislation of Georgia.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Law of Georgia No 6328 of 25 May 2012 − website, 12.6.2012

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Article 20 − Head of an internal audit unit

1. The head of an internal audit unit may, in accordance with the legislation of Georgia, define the type, scope and frequency of internal audits and the number of internal auditors.

2. The head of an internal audit unit shall direct the activities of the internal audit unit in accordance with this Law and the legislative and subordinate acts of Georgia.

3. The head of an internal audit unit shall:

a) develop internal audit strategic and annual plans and submit them for approval to the head of the institution;

b) coordinate auditors activities and assign to them functions based on their knowledge and qualification;

c) monitor the implementation of internal audit annual plans and the application of internal audit methodology by the internal audit unit;

d) ensure the assessment of the financial management and control system, as well as the organisational structure and functions of the institution;

e) ensure the development of the professional qualifications of internal auditors;

f) cooperate with the Central Harmonisation Unit and, if requested, provide it with the relevant documents and information;

g) take into account the relevant recommendations and directions issued in accordance with the legislation of Georgia, by the Central Harmonisation Unit;

h) monitor the implementation of recommendations issued to an internal audit unit;

i) develop and implement programmes for the improvement and assurance of the quality of internal audits.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Article 21 − Planning internal audits

1. The types of internal audit plans shall be as follows:

a) internal audit strategic plan;

b) internal audit annual plan;

c) individual audit plan.

2. Internal audits shall be planned on the basis of risk analysis. Their results shall be reflected in the internal audit strategic plan, which shall be the basis for developing an internal audit annual plan.

3. An internal audit strategic plan shall be developed by the head of the relevant internal audit unit and approved by the head of the institution. An internal audit strategic plan shall be based on the long-term goals of the institution; it shall cover a three-year period and define the directions of strategic development in the area of the internal audit.

4. An internal audit annual plan shall be developed by the head of the relevant internal audit unit and approved by the head of the institution. An internal audit annual plan shall be based on the internal audit strategic plan and reflect the findings of specific internal audits.

5. For the purpose of assessing the adequacy, effectiveness and timeliness of the implementation of recommendations, an internal audit annual plan shall contain provisions envisaging the monitoring of the implementation of recommendations.

6. Any amendments to an internal audit strategic plan or to an internal audit annual plan shall be made upon the proposal of the head of the internal audit unit and based on risk assessment.

7. Internal audit strategic and annual plans shall be approved prior to the commencement of the planned period.

8. Internal audit annual and strategic plans, as well as any amendments to such plans, shall be prepared by the head of the relevant internal audit unit and approved by the head of the institution. Internal audit strategic and annual plans of the internal audit units of institutions referred in Article 4(1)(a-c) of this Law shall be forwarded to the Central Harmonisation Unit.

9. For each internal audit engagement, the head of the internal audit unit shall develop and approve an individual audit plan, which defines the scope of the internal audit, its objectives, duration, resource allocation, implementation methods, limits, type, etc.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Article 22 − Internal auditing

1. Internal auditing shall be performed on the basis of information analysis, identification, collection, assessment and documentation.

2. Internal audit engagements shall consist of the following stages:

a) audit planning;

b) audit implementation;

c) reporting;

d) monitoring of implementation of recommendations made.

3. Internal audit engagement types:

a) system based audit;

b) compliance audit;

c) performance audit;

d) financial audit;

e) IT audit.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Article 23 − Internal audit reports

1. After an internal audit, an internal audit unit shall prepare a draft internal audit report that contains internal audit results, processes and findings, as well as their analysis and recommendations made on their basis.

2. A draft internal audit report shall be sent to the auditee and shall specify a reasonable time limit within which the auditee is to present its opinion on the issues contained in the audit report and is to submit an action plan on implementation of recommendations.

3. If the auditee fails to meet the reasonable time limit referred to in paragraph 2 of this article, the draft internal audit report shall be considered final and the findings and recommendations contained therein, agreed upon.

4. If the auditee does not agree with the findings and/or recommendations contained in the draft internal audit report, it shall present its arguments and/or opinions in support of its position in a reply letter.

5. The opinions presented by the auditee in respect of the draft internal audit report shall be incorporated in the final internal audit report.

6. The internal audit unit shall prepare the final version of the internal audit report and forward it, along with the auditee's action plan on implementation of recommendations, to the head of the institution.

7. If the auditee and the internal audit unit cannot agree on the recommendations contained in the internal audit report, the internal audit unit shall transmit to the head of the institution the recommendations at issue in order for the head of the institution to make a relevant decision; the head of the institution shall make the decision within a reasonable period of time.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Article 24 − Internal audit annual report

1. The head of an internal audit unit shall prepare an internal audit annual report that shall contain:

a) information on the internal audit engagements performed;

b) key conclusions and recommendations concerning the financial management control system of the institution;

c) reasons (if any) for the failure of the internal audit unit to complete the annual plan;

d) relevant activities carried out by the auditee for the implementation of recommendations made by the internal audit unit and information on unimplemented recommendations;

e) information on any restriction of an internal auditor's activities in the course of an internal audit;

f) proposals for the development of the internal audit.

2. An internal audit annual report shall be presented to the head of the institution by the end of January of the following year, while the internal audit units of institutions referred to in Article 4(1)(a-c) of this Law shall also present internal audit annual reports to the Central Harmonisation Unit by the end of January of the following year.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Article 25 − Cooperation of internal audit units with other agencies

1. Internal audit units shall cooperate with the State Audit Office, and, if requested, provide it with relevant information and/or documents; in their relations with the State Audit Office internal audit units shall observe international internal control standards.

2. Internal audit units, except for an internal audit unit of the Ministry of Defence of Georgia, shall, when performing an IT audit, cooperate with the Data Exchange Agency − a legal entity under public law operating under the Ministry of Justice of Georgia, and provide it with the IT audit report within one month after its preparation.

3. The cooperation of internal audit units with the State Audit Office and with other agencies shall be carried out in accordance with the legislation of Georgia.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Law of Georgia No 6550 of 22 June 2012 − website, 29.6.2012

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Article 26 − Conflicts of interest

1. Internal auditors may not perform other functions in the institution other than those defined under this Law and relevant legal acts.

2. Internal auditors shall not participate in an internal audit engagement if one of the following cases of conflicts of interest exists:

a) the internal auditor was the employee or the auditee during the time of the audit period;

b) the heirs of the first and second degree of the internal auditor have, for the last year, or during the audit period, occupied management positions in the auditee;

c) other cases of conflicts of interest, which shall be assessed by the head of the internal audit unit.

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Chapter IV − Coordination and Harmonisation of Internal Control

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Article 27 − Central Harmonisation Unit

1. The CHU shall ensure the assessment, coordination and harmonisation of both internal audit and financial management and control systems. The CHU shall be accountable to the Ministry of Finance of Georgia.

2. The CHU shall ensure:

a) the designing and updating of the development strategy for public internal financial control systems, which includes a gap analysis of the elements of a public internal financial control system, the assessment of its development and action plan;

b) the development of practical guidelines and instructions for the purpose of preparing the statutes of internal audit units;

c) the development of a Code of Ethics for Internal Auditors, its further improvement and updating;

d) the creation of relevant standards and methodologies for establishing internal audit and financial management and control systems, as well as their further improvement and updating;

e) the establishment of relations and cooperation with international organisations and the CHUs of other States in the area of internal audit and financial management and control systems;

f) the planning of educational/hands-on workshops and training for the staff of internal audit units and for persons responsible for financial management and control; the provision of support and coordination of their activities;

g) the development of instructions for internal audit units, including the determination of the minimum human resources to be appointed to an internal audit unit and their qualification requirements, the rules concerning conflicts of interest of internal auditors and the requirements for internal audit reporting;

h) the monitoring and assessment of the implementation of laws governing internal audits, of methodological documents and other guidelines;

i) the organisation of regular meetings and discussions on issues related to an internal audit, to financial management and control strategy, methodology and their implementation in the public sector;

j) the preparation of an annual consolidated report on the development of public internal financial control systems and submission, before 31 March of each year, of this report to the Ministry of Finance of Georgia, which, in its turn, shall submit the report to the Government of Georgia;

k) the introduction of an internal auditors certification programme.

3. (Deleted − 18.12.2015, No 4675).

4. (Deleted − 18.12.2015, No 4675).

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Article 27¹ − Working groups discussing the development of internal audit and the financial management and control systems of institutions

The Minister of Finance of Georgia may, in order to ensure the involvement and communication, the performance of needs analysis and for other reasons, set up working groups for discussing the development of internal audits and the financial management and control systems of institutions. The composition of such groups and rules of operation shall be defined by the Minister of Finance of Georgia.

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Chapter V − (Deleted)

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Chapter VI − (Deleted)

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Article 28 − (Deleted)

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Article 29 − (Deleted)

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Chapter VII − (Deleted)

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Article 30 − (Deleted)

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Article 31 − (Deleted)

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Chapter VIII − Transitional and Final Provisions

Article 32 − Transitional provisions

1. The Government of Georgia shall, within 4 months after the entry of this Law into force, approve the Internal Audit Standards and Methodology, the Code of Ethics for Internal Auditors and Guidelines.

2. (Deleted).

3. (Deleted).

3¹. (Deleted − 18.12.2015, No 4675).

4. (Deleted − 18.12.2015, No 4675).

5. (Deleted − 18.12.2015, No 4675).

6. Legal entities under public law referred to in Article 4(1)(a-c) of this Law, before setting up an internal audit unit, may request the internal audit unit operating under the state controlling body to perform an internal audit; the said internal audit unit shall, in agreement with the head of the institution and the council, ensure the conduct of the internal audit in the given institution.

7. System-based, effectiveness and IT audits specified in Article 22(3)(a), (c) and (e) of this Law shall be conducted after 1 January 2013.

8. Legal acts that are to be issued/adopted on the basis of and in accordance with this Law shall be issued/adopted by the relevant persons/bodies provided for in this Law, and where such persons/bodies are not defined in this Law, shall be issued by the Minister of Finance of Georgia.

9. The establishment of the financial management and control systems provided for in Chapter II of this Law shall be ensured by the institutions specified in this Law after the CHU develops, and after the Government of Georgia approves, the instructions referred to in Article 5(1) of this Law.

10. In order to verify and identify cases of official misconduct and/or activities incompatible with the goals of the institution, a functional audit measure shall be conducted by the relevant division/unit of the institution. Its authority, rules of operation and objectives shall be defined by the statutes of the relevant institution and shall be separated from the internal audit function.

Law of Georgia No 3375 of 6 July 2010 − LGH I, No 40, 20.7.2010, Art. 252

Law of Georgia No 3756 of 26 October 2010 − LHG I, No 62 , 05.11.2010, Art. 395

Law of Georgia No 5447 of 9 December 2011 – website, 22.12.2011

Law of Georgia No 1446 of 4 October 2013 – website, 28.10.2013

Law of Georgia No 1795 of 13 December 2013 – website, 28.12.2013

Law of Georgia No 4675 of 18 December 2015 − website, 29.12.2015

Article 33 − Final provision

This Law shall enter into force upon its promulgation.

President of Georgia                                          M. Saakashvili

Tbilisi

26 March 2010

No2839–I ს