Skip to main content


Quality and Risk Management System

Created : 25.09.2017. Updated: 21.08.2023.

The Treasury’s Quality Management System and Information Security Management Systems Complies with Internationally Recognised Standards


After the successful recertification audit of the Treasury’s integrated management system, the Treasury’s Quality Management Systems and Information Security Management System have been assessed and recognised as compliant with the requirements of the international standards ISO 9001:2015 and  ISO 27001:2013.


The Quality and Information Security Management Systems were audited within an integrated management system and commended for their integrity and good management in particular.

The Treasury’s Quality Management System has been certified since 2006. Over these years, the Treasury has introduced and efficiently maintained process management and monitoring, planning and reaching of goals, monitoring of external and internal factor influences, risk management, organised communication processes, identification of stakeholders and inclusion of their requirements in the institution’s processes of operation, as well as employee professionalism, engagement and awareness of management decisions.

The auditors highlighted the professional project management, transparent process approach based on risk control, and clear and efficient organisation of information technology management as good practice. The methods used in improving client satisfaction and evaluating results were also viewed positively.

When certifying the compliance of the integrated management system with the requirements of both standards, the auditors concluded that the Treasury monitors the impact of external and internal factors, manages risks and conducts internal audits, and employees have a good understanding of the requirements and their contribution to quality and information security. The auditors found that processes such as strategic planning, user rights management and the development of new services were in line with best practice. The auditors especially emphasized that the internal working environment of the Treasury is motivating and engaging for employees, as well as praising the organizational culture of the Treasury.

The audits were performed on 15 and 16 February 2021 by BM Certification, an accredited certification body.

The Treasury’s operational strategy defines the following basic principles of quality and risk management system:

  1. Client-oriented organisation – learning and evaluating client needs and satisfaction to improve the Treasury’s services, as well as maintain and increase the quality thereof in the interests of the State and its residents.
  2. Managerial role – managers of all levels create and maintain an internal working environment that clearly reflects the institution’s future development vision and ensures that goals are met.
  3. Employee engagement – promoting employee engagement in reaching set goals to ensure the use of their knowledge and skills for the benefit of the Treasury and to increase employee awareness and level of responsibility.
  4. Process approach in system management – managing the institution’s resources and operation as a unified process within the Treasury’s management system to ensure that strategic goals and tasks are implemented more efficiently.
  5. Fact-based decision-making – ensuring efficient decision-making process based on data and information analysis, thus identifying and eliminating potential problems and risks, and taking advantage of the provided opportunities.
  6. Continuous improvement – improving the Treasury’s processes by finding and acting on development opportunities to increase work efficiency and quality, as well as introduce the best practice of resource management.
  7. Risk management integration in all processes – ensuring timely risk identification, analysis and necessary measures to reduce the probability and effects of risks to an acceptable level by utilising potential opportunities, as well as ensure that the Treasury’s goals are met.
  8. Risk management integration in all projects – identifying and eliminating or restricting the principal risks in the early stages of projects, monitoring them and reacting to opportunities throughout the course of projects to ensure that projects are managed efficiently and set goals are met.
  9. Daily monitoring and analysis – performing daily risk identification and monitoring by centrally collecting, compiling and analysing data on identified risks.