SlideShare a Scribd company logo

Introduction to Internal Controls and Control Self-Assessments (CSA)

Abdullah Mohammed
Abdullah Mohammed

A Brief Introduction to Internal Controls and Control Self-Assesment exercises.

Business
1 of 49
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. A Brief Introduction to Control Self Assessments Abdullah Mohammed, MSc, BSc, CISA October, 2017
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 2 2 Auditors “Sea” of Risk Trying to find Controls
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Internal Controls (ACCA Definition) ‘The policies, processes, tasks, behaviours and other aspects of an organisation that taken together: • Facilitate effective operation by enabling it to respond in an appropriate manner to significant business, operational, financial, compliance and other risks to achieve its objectives. This includes safeguarding of assets and ensuring that liabilities are identified and managed. • Ensure the quality of internal and external reporting, which in turn requires the maintenance of proper records and processes that generate a flow of timely, relevant and reliable information from both internal and external sources. • Ensure compliance with applicable laws and regulations and also with internal policies.’ 3 Note: There is no such thing as a perfect internal control system, as all organisations operate in a dynamic environment: just as some risks recede into insignificance, new risks will emerge, some of which will be difficult or impossible to anticipate. The purpose of any control system should therefore be to provide reasonable assurance that the organisation can meet its objectives.
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Internal Controls (ISACA Definition) • Internal controls are normally composed of policies, procedures, practices and organizational structures that are implemented to reduce risk to the organization. • 3 types: 1. Preventative 2. Detective 3. Corrective 4 Preventative / Detective / Corrective
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 5
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 6 Preventative / Detective / Corrective
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 7
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 8 Preventative / Detective / Corrective
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 9 Preventative / Detective / Corrective
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 10 Preventative / Detective / Corrective
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 11 2 Auditors “Sea” of Risk Trying to find Controls
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Responsibility for Internal Controls • Lies with the owners themselves • In a limited company, the board of directors is responsible for ensuring that appropriate internal controls are in place. • The directors must pay due attention to the control environment 12
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 13 COSO ERM Framework 2017
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 14
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 15
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 16
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 17
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 18 Outline 1. What are Control Self-Assessments? 2. How do they differ from other types of Assurance and Risk Mgt 3. Approaches to conducting CSAs 4. Four (4) Workshop Formats 5. Benefits and CSF’s of a CSA Programme
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. What are Control Self Assessments (CSA’s) Sometimes called: – Control Risk Self-Assessment (CRSA) or – Risk Control Self-Assessment (RCSA), especially if risk-based (discussed later). IIA Definition: “CSA is a methodology used to – (i) review key business objectives, – (ii) risks involved in achieving the objectives, and – (iii) internal controls designed to manage those risks.” 19
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. What are Control Self Assessments (CSA’s) continued • As opposed to a formal Audit Review, with a CSA the internal audit team works with the operational team in an effort to evaluate their current internal control procedures, and then to use the results of the review to improve internal controls. (adapted from Moeller, 2015) • Important: Facilitation exercise, which allows management participation in risk identification and examination of their own controls for effectiveness. 20
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Objectives of a CSA Programme • Leverage the internal audit function by shifting some of the control monitoring responsibilities to the functional areas. Audit Clients, such as line managers, are responsible for controls in their environment; the managers also should be responsible for monitoring the controls. • CSA programs also must educate management about control design and monitoring, particularly concentration on areas of high risk. These programs are not just policies requiring clients to comply with control standards. instead, they offer a variety of support ranging from written suggestions outlining acceptable control environments to in-depth workshops. • When workshops are included in the program, an additional objective-the empowerment of workers to assess or even design the control environment- may be included in the program. 21
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Objectives of a CSA Programme (continued) Communication • To ensure better communication of CEO’s objectives and strategies to all business lines • To ensure business line managers communicate their risks and controls more effectively Education • To ensure business line managers have a better comprehension of effective risk control • To ensure business line managers have a better comprehension of risk management Proactive Management • To ensure business line managers align their objectives and strategies with the • CEO's objectives and strategies • To ensure business line managers assume greater responsibility and accountability for their risks and controls • To ensure business line managers monitor their risk effectively and timely • To ensure business line managers utilize and allocate their resources effectively 22
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 23 The CSA Model for Continuous Improvement • Identify business objectives, which can be defined either in terms of business targets or process delivery goals; • Identify risks that could threaten the achievement of those objectives and the activities and processes affected by the different risks identified; • Identify controls in place intended to prevent the risks from crystallizing; Determine where responsibility for performing those controls lies; and assess the effectiveness of the controls in operation and the level of residual risk remaining after control. • Continue to monitor performance and controls.
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 24 Where do CSAs fit in, as an Assurance Technique?
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 25
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Three Approaches to CSAs 26
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Three CSA Approaches 1. Facilitated team meetings (workshops) Gather internal control information from work teams that may represent multiple levels within the organization. Facilitators are trained in controls examination and assessment, as well as facilitation techniques. 2. Questionnaires (Surveys) Questionnaire approach uses a survey instrument that offers opportunities for yes/no or have/have-not responses. Process owners use the survey results to assess their control structure. 3. Management-produced analysis Any other approach. Management produces a staff study of the business process. Should be validated by the CSA specialist. 27
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 28
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Workshop Formats 29
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Workshop Formats (CSA‐facilitated sessions) 1. Objective‐based 2. Risk‐based 3. Control‐based 4. Process‐based 30
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Workshops: Objective Based 31
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Workshops: Risk Based 32
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Workshops: Controls Based 33
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Workshops: Process Based 34
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Questionnaires (Survey) 35
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Survey Approach to CSAs 1. Develop using control framework (e.g. COSO) and/or management objectives 2. Distribute online surveys / questionnaires 3. Summarize & analyze results 4. Deliver results to management 36
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Questionnaire Examples Planning & Budgeting Accruals 37
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Management produced self-analysis • As an alternative to a survey or a facilitated workshop, a management•]produced analysis is very similar to the type of operational review that an internal auditor would perform. This is one of the three CSA analysis approaches suggested by the IIA, where management produces a staff study of the business process. almost a research study. • The CSA specialist, who may be an internal auditor, combines the results of the study with information gathered from sources, such as other managers and key personnel. By synthesizing this material, the CSA specialist develops an analysis that process owners can use in their CSA efforts. • The management•-produced analysis approach, although endorsed by the IIA as one of three suggested CSA approaches, is difficult to perform for the typical enterprise. It suggests an almost •academic•review by someone in the enterprise, followed by some comparative research for subsequent analysis. 38
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Implementing a CSA Programme 39
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. CSA Framework 1. Identification of CSA Projects 2. Preliminary Activities 3. Workshop 4. Reporting 5. Validating 40
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Benefits of a CSA Programme • Early detection of risk • More effective and improved internal controls • Creation of cohesive teams through employee involvement • Developing a sense of ownership of the controls in the employees and process owners and reducing their resistance to control improvement initiatives • Increased employee awareness of organizational objectives, and knowledge of risk and internal controls • Increased communication between operational and top management; • A common language and common set of values across the organisation; • Highly motivated employees • Improved audit rating process • Reduction in control cost • Assurance provided to stakeholders and customers 41
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Model CSA Policy Template (KnowledgeLeader) 42
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Planning Workshops 43
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Nb, Basic Facilitator Skills A facilitator does not have to be an expert in a certain process or subject matter; however, the facilitator should have basic skills such as: • Active listening skills and the ability to ask good questions, including questions that probe the topics and move the discussions forward • Good verbal communication skills, including the ability to pose questions in a nonthreatening manner and the ability to summarize material • The ability to manage the dynamics of the group, including managing various personalities so that a few members do not dominate the discussions and managing processes so that goals are met • The ability to resolve conflicts • The ability to manage time and keep the proceedings on schedule 44
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Some downsides of CSAs • It could be mistaken as an audit function replacement • It may be regarded as an additional workload (e.g., one more report to be submitted to management) • Failure to act on improvement suggestions could damage employee morale • Lack of motivation may limit effectiveness in the detection of weak controls 45
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Critical Success Factors • Involving the right people in the organisation to support, foster and own the CSA process. • Allocating sufficient time and resources to properly prepare for and carry out workshops and subsequent follow-up. • Having adequately trained and experienced facilitators to conduct CSA workshops. • Proper design of a structured but flexible CSA methodology that avoids the creation of overly simple or confusing checklists. 46
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Further Reading 47
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Review Questions 48
ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. A Brief Introduction to Control Self Assessments Abdullah Mohammed, MSc, BSc, CISA Thank you.

Recommended

Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management FrameworkTreasury Consulting LLP
 
Risk and Control Self Assessment - IRM India Affiliate
Risk and Control Self Assessment - IRM India AffiliateRisk and Control Self Assessment - IRM India Affiliate
Risk and Control Self Assessment - IRM India AffiliateIRM India Affiliate
 
Internal Audit Report Writing Best Practice
Internal Audit Report Writing Best PracticeInternal Audit Report Writing Best Practice
Internal Audit Report Writing Best PracticeDJones68
 
Ppt on risk based internal audit
Ppt on risk based internal auditPpt on risk based internal audit
Ppt on risk based internal auditAmitaMistry2
 
Internal Control Over Financing
Internal Control Over FinancingInternal Control Over Financing
Internal Control Over FinancingToharudin Toharudin
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
internal control and control self assessment
internal control and control self assessmentinternal control and control self assessment
internal control and control self assessmentManoj Agarwal
 
Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyAndrew Smart
 

Recommended

Internal Control & Risk Management Framework
Internal Control & Risk Management FrameworkInternal Control & Risk Management Framework
Internal Control & Risk Management FrameworkTreasury Consulting LLP
 
Risk and Control Self Assessment - IRM India Affiliate
Risk and Control Self Assessment - IRM India AffiliateRisk and Control Self Assessment - IRM India Affiliate
Risk and Control Self Assessment - IRM India AffiliateIRM India Affiliate
 
Internal Audit Report Writing Best Practice
Internal Audit Report Writing Best PracticeInternal Audit Report Writing Best Practice
Internal Audit Report Writing Best PracticeDJones68
 
Ppt on risk based internal audit
Ppt on risk based internal auditPpt on risk based internal audit
Ppt on risk based internal auditAmitaMistry2
 
Internal Control Over Financing
Internal Control Over FinancingInternal Control Over Financing
Internal Control Over FinancingToharudin Toharudin
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
internal control and control self assessment
internal control and control self assessmentinternal control and control self assessment
internal control and control self assessmentManoj Agarwal
 
Embedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyEmbedding RCSA into Strategic Planning and Business Strategy
Embedding RCSA into Strategic Planning and Business StrategyAndrew Smart
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self AssessmentManoj Agarwal
 
Control Self Assessment
Control Self AssessmentControl Self Assessment
Control Self AssessmentManoj Agarwal
 
Risk Management Framework
Risk Management FrameworkRisk Management Framework
Risk Management FrameworkAnand Subramaniam
 
Risk based internal auditing
Risk based internal auditing Risk based internal auditing
Risk based internal auditingFrederick Altum Pokoo-Aikins
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Andrew Smart
 
Coso erm
Coso ermCoso erm
Coso ermluisrobles_cl
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated frameworkIrfan Ahmed - ACA, CICA
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit MethodologyManoj Agarwal
 
Audit ratings guide
Audit ratings guideAudit ratings guide
Audit ratings guideCenapSerdarolu
 
Ch 5. assurance 5 Introduction to Internal Control
Ch 5. assurance 5 Introduction to Internal ControlCh 5. assurance 5 Introduction to Internal Control
Ch 5. assurance 5 Introduction to Internal ControlSazzad Hossain, ITP, MBA, CSCA™
 
Coso framework
Coso frameworkCoso framework
Coso frameworkDarryl Woolley
 
Ch 1. introduction to assurance Concept & Need for Assurance
Ch 1. introduction to assurance Concept & Need for AssuranceCh 1. introduction to assurance Concept & Need for Assurance
Ch 1. introduction to assurance Concept & Need for AssuranceSazzad Hossain, ITP, MBA, CSCA™
 
IFRS 17 Insurance Contracts
IFRS 17 Insurance ContractsIFRS 17 Insurance Contracts
IFRS 17 Insurance ContractsSazzad Hossain, ITP, MBA, CSCA™
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit pptIbrahim Jimalle
 
Internal control system
Internal control systemInternal control system
Internal control systemMadiha Hassan
 
Governance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskGovernance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskAndrew Smart
 
Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Andrew Smart
 
Iso 31000 presentation
Iso 31000 presentationIso 31000 presentation
Iso 31000 presentationchristianaegerter1
 
Risk Based Audit Approach
Risk Based Audit ApproachRisk Based Audit Approach
Risk Based Audit ApproachSALIH AHMED ISLAM
 
CMMi & IT Governance
CMMi & IT GovernanceCMMi & IT Governance
CMMi & IT GovernanceRaveesh Goswami
 
Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Servicesmcloete
 

More Related Content

What's hot

Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self AssessmentManoj Agarwal
 
Control Self Assessment
Control Self AssessmentControl Self Assessment
Control Self AssessmentManoj Agarwal
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Andrew Smart
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated frameworkIrfan Ahmed - ACA, CICA
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit MethodologyManoj Agarwal
 
Ch 1. introduction to assurance Concept & Need for Assurance
Ch 1. introduction to assurance Concept & Need for AssuranceCh 1. introduction to assurance Concept & Need for Assurance
Ch 1. introduction to assurance Concept & Need for AssuranceSazzad Hossain, ITP, MBA, CSCA™
 
Internal control system
Internal control systemInternal control system
Internal control systemMadiha Hassan
 
Governance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskGovernance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskAndrew Smart
 
Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Andrew Smart
 

What's hot (20)

Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self Assessment
 
Control Self Assessment
Control Self AssessmentControl Self Assessment
Control Self Assessment
 
Risk Management Framework
Risk Management FrameworkRisk Management Framework
Risk Management Framework
 
Risk based internal auditing
Risk based internal auditing Risk based internal auditing
Risk based internal auditing
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
 
Coso erm
Coso ermCoso erm
Coso erm
 
Coso internal control integrated framework
Coso internal control integrated frameworkCoso internal control integrated framework
Coso internal control integrated framework
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit Methodology
 
Audit ratings guide
Audit ratings guideAudit ratings guide
Audit ratings guide
 
Ch 5. assurance 5 Introduction to Internal Control
Ch 5. assurance 5 Introduction to Internal ControlCh 5. assurance 5 Introduction to Internal Control
Ch 5. assurance 5 Introduction to Internal Control
 
Coso framework
Coso frameworkCoso framework
Coso framework
 
Ch 1. introduction to assurance Concept & Need for Assurance
Ch 1. introduction to assurance Concept & Need for AssuranceCh 1. introduction to assurance Concept & Need for Assurance
Ch 1. introduction to assurance Concept & Need for Assurance
 
IFRS 17 Insurance Contracts
IFRS 17 Insurance ContractsIFRS 17 Insurance Contracts
IFRS 17 Insurance Contracts
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
 
Internal control system
Internal control systemInternal control system
Internal control system
 
Governance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskGovernance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational Risk
 
Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard
 
Iso 31000 presentation
Iso 31000 presentationIso 31000 presentation
Iso 31000 presentation
 
Risk Based Audit Approach
Risk Based Audit ApproachRisk Based Audit Approach
Risk Based Audit Approach
 

Similar to Introduction to Internal Controls and Control Self-Assessments (CSA)

Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Servicesmcloete
 
An Analysis OF Recruitment Process OF Nasir Ahmad Jalili Logistic Services Co...
An Analysis OF Recruitment Process OF Nasir Ahmad Jalili Logistic Services Co...An Analysis OF Recruitment Process OF Nasir Ahmad Jalili Logistic Services Co...
An Analysis OF Recruitment Process OF Nasir Ahmad Jalili Logistic Services Co...MOHAMMAD ASIF NASSERI
 
ISO27k ISMS implementation and certification process overview v2.pptx
ISO27k ISMS implementation and certification process overview v2.pptxISO27k ISMS implementation and certification process overview v2.pptx
ISO27k ISMS implementation and certification process overview v2.pptxNapoleon NV
 
Six Sigma Black Belt Course outline and main components
Six Sigma Black Belt Course outline and main components Six Sigma Black Belt Course outline and main components
Six Sigma Black Belt Course outline and main components MohamedElSantty1
 
Implementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkImplementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkIJCSIS Research Publications
 
The Challenge Facing By The Consultant
The Challenge Facing By The ConsultantThe Challenge Facing By The Consultant
The Challenge Facing By The ConsultantChristina Valadez
 
The effect of implementation of iso 9001 2008 qms organizational
The effect of implementation of iso 9001 2008 qms organizationalThe effect of implementation of iso 9001 2008 qms organizational
The effect of implementation of iso 9001 2008 qms organizationalIAEME Publication
 
The effect of implementation of iso 9001 2008 qms organizational
The effect of implementation of iso 9001 2008 qms organizationalThe effect of implementation of iso 9001 2008 qms organizational
The effect of implementation of iso 9001 2008 qms organizationalIAEME Publication
 
The effect of implementation of iso 9001 2008 qms on the organizational perfo...
The effect of implementation of iso 9001 2008 qms on the organizational perfo...The effect of implementation of iso 9001 2008 qms on the organizational perfo...
The effect of implementation of iso 9001 2008 qms on the organizational perfo...IAEME Publication
 
The effect of implementation of iso 9001 2008 qms organizational performance
The effect of implementation of iso 9001 2008 qms organizational performanceThe effect of implementation of iso 9001 2008 qms organizational performance
The effect of implementation of iso 9001 2008 qms organizational performanceIAEME Publication
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
 
How Business Process Management ( Bpm )
How Business Process Management ( Bpm )How Business Process Management ( Bpm )
How Business Process Management ( Bpm )Sheri Elliott
 
Qm0025 quality standards and models
Qm0025 quality standards and modelsQm0025 quality standards and models
Qm0025 quality standards and modelssmumbahelp
 
Qm0025 quality standards and models
Qm0025 quality standards and modelsQm0025 quality standards and models
Qm0025 quality standards and modelssmumbahelp
 
New trends in the revised iso 9001:2015
New trends in the revised iso 9001:2015New trends in the revised iso 9001:2015
New trends in the revised iso 9001:2015PMILebanonChapter
 

Similar to Introduction to Internal Controls and Control Self-Assessments (CSA) (20)

CMMi & IT Governance
CMMi & IT GovernanceCMMi & IT Governance
CMMi & IT Governance
 
Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Services
 
An Analysis OF Recruitment Process OF Nasir Ahmad Jalili Logistic Services Co...
An Analysis OF Recruitment Process OF Nasir Ahmad Jalili Logistic Services Co...An Analysis OF Recruitment Process OF Nasir Ahmad Jalili Logistic Services Co...
An Analysis OF Recruitment Process OF Nasir Ahmad Jalili Logistic Services Co...
 
ISO27k ISMS implementation and certification process overview v2.pptx
ISO27k ISMS implementation and certification process overview v2.pptxISO27k ISMS implementation and certification process overview v2.pptx
ISO27k ISMS implementation and certification process overview v2.pptx
 
Six Sigma Black Belt Course outline and main components
Six Sigma Black Belt Course outline and main components Six Sigma Black Belt Course outline and main components
Six Sigma Black Belt Course outline and main components
 
Implementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkImplementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance Framework
 
The Challenge Facing By The Consultant
The Challenge Facing By The ConsultantThe Challenge Facing By The Consultant
The Challenge Facing By The Consultant
 
The effect of implementation of iso 9001 2008 qms organizational
The effect of implementation of iso 9001 2008 qms organizationalThe effect of implementation of iso 9001 2008 qms organizational
The effect of implementation of iso 9001 2008 qms organizational
 
The effect of implementation of iso 9001 2008 qms organizational
The effect of implementation of iso 9001 2008 qms organizationalThe effect of implementation of iso 9001 2008 qms organizational
The effect of implementation of iso 9001 2008 qms organizational
 
The effect of implementation of iso 9001 2008 qms on the organizational perfo...
The effect of implementation of iso 9001 2008 qms on the organizational perfo...The effect of implementation of iso 9001 2008 qms on the organizational perfo...
The effect of implementation of iso 9001 2008 qms on the organizational perfo...
 
The effect of implementation of iso 9001 2008 qms organizational performance
The effect of implementation of iso 9001 2008 qms organizational performanceThe effect of implementation of iso 9001 2008 qms organizational performance
The effect of implementation of iso 9001 2008 qms organizational performance
 
Qsys Profile
Qsys ProfileQsys Profile
Qsys Profile
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
 
How Business Process Management ( Bpm )
How Business Process Management ( Bpm )How Business Process Management ( Bpm )
How Business Process Management ( Bpm )
 
Qm0025 quality standards and models
Qm0025 quality standards and modelsQm0025 quality standards and models
Qm0025 quality standards and models
 
Hr six sigma
Hr six sigmaHr six sigma
Hr six sigma
 
Qm0025 quality standards and models
Qm0025 quality standards and modelsQm0025 quality standards and models
Qm0025 quality standards and models
 
Asiaric . the committes
Asiaric . the committesAsiaric . the committes
Asiaric . the committes
 
New trends in the revised iso 9001:2015
New trends in the revised iso 9001:2015New trends in the revised iso 9001:2015
New trends in the revised iso 9001:2015
 
Strategic Performance Plan
Strategic Performance PlanStrategic Performance Plan
Strategic Performance Plan
 

More from Abdullah Mohammed

Robotic Process Automation (RPA): A Brief Introduction for Auditors
Robotic Process Automation (RPA): A Brief Introduction for AuditorsRobotic Process Automation (RPA): A Brief Introduction for Auditors
Robotic Process Automation (RPA): A Brief Introduction for AuditorsAbdullah Mohammed
 
Emerging Technologies, Ecosystems, and the Great Caribbean Leapfrog?
Emerging Technologies, Ecosystems, and the Great Caribbean Leapfrog?Emerging Technologies, Ecosystems, and the Great Caribbean Leapfrog?
Emerging Technologies, Ecosystems, and the Great Caribbean Leapfrog?Abdullah Mohammed
 
Exploring Factors Relating to the Use of E-Government Services, as Perceived ...
Exploring Factors Relating to the Use of E-Government Services, as Perceived ...Exploring Factors Relating to the Use of E-Government Services, as Perceived ...
Exploring Factors Relating to the Use of E-Government Services, as Perceived ...Abdullah Mohammed
 
Towards Zero Hunger in Trinidad and Tobago
Towards Zero Hunger in Trinidad and TobagoTowards Zero Hunger in Trinidad and Tobago
Towards Zero Hunger in Trinidad and TobagoAbdullah Mohammed
 
Discussing Digital Government
Discussing Digital GovernmentDiscussing Digital Government
Discussing Digital GovernmentAbdullah Mohammed
 
Thinking about Modern Capitalism
Thinking about Modern CapitalismThinking about Modern Capitalism
Thinking about Modern CapitalismAbdullah Mohammed
 

More from Abdullah Mohammed (6)

Robotic Process Automation (RPA): A Brief Introduction for Auditors
Robotic Process Automation (RPA): A Brief Introduction for AuditorsRobotic Process Automation (RPA): A Brief Introduction for Auditors
Robotic Process Automation (RPA): A Brief Introduction for Auditors
 
Emerging Technologies, Ecosystems, and the Great Caribbean Leapfrog?
Emerging Technologies, Ecosystems, and the Great Caribbean Leapfrog?Emerging Technologies, Ecosystems, and the Great Caribbean Leapfrog?
Emerging Technologies, Ecosystems, and the Great Caribbean Leapfrog?
 
Exploring Factors Relating to the Use of E-Government Services, as Perceived ...
Exploring Factors Relating to the Use of E-Government Services, as Perceived ...Exploring Factors Relating to the Use of E-Government Services, as Perceived ...
Exploring Factors Relating to the Use of E-Government Services, as Perceived ...
 
Towards Zero Hunger in Trinidad and Tobago
Towards Zero Hunger in Trinidad and TobagoTowards Zero Hunger in Trinidad and Tobago
Towards Zero Hunger in Trinidad and Tobago
 
Discussing Digital Government
Discussing Digital GovernmentDiscussing Digital Government
Discussing Digital Government
 
Thinking about Modern Capitalism
Thinking about Modern CapitalismThinking about Modern Capitalism
Thinking about Modern Capitalism
 

Recently uploaded

👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...rajveerescorts2022
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangaloreamitlee9823
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 

Recently uploaded (20)

👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 

Introduction to Internal Controls and Control Self-Assessments (CSA)

  • 1. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. A Brief Introduction to Control Self Assessments Abdullah Mohammed, MSc, BSc, CISA October, 2017
  • 2. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 2 2 Auditors “Sea” of Risk Trying to find Controls
  • 3. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Internal Controls (ACCA Definition) ‘The policies, processes, tasks, behaviours and other aspects of an organisation that taken together: • Facilitate effective operation by enabling it to respond in an appropriate manner to significant business, operational, financial, compliance and other risks to achieve its objectives. This includes safeguarding of assets and ensuring that liabilities are identified and managed. • Ensure the quality of internal and external reporting, which in turn requires the maintenance of proper records and processes that generate a flow of timely, relevant and reliable information from both internal and external sources. • Ensure compliance with applicable laws and regulations and also with internal policies.’ 3 Note: There is no such thing as a perfect internal control system, as all organisations operate in a dynamic environment: just as some risks recede into insignificance, new risks will emerge, some of which will be difficult or impossible to anticipate. The purpose of any control system should therefore be to provide reasonable assurance that the organisation can meet its objectives.
  • 4. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Internal Controls (ISACA Definition) • Internal controls are normally composed of policies, procedures, practices and organizational structures that are implemented to reduce risk to the organization. • 3 types: 1. Preventative 2. Detective 3. Corrective 4 Preventative / Detective / Corrective
  • 5. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 5
  • 6. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 6 Preventative / Detective / Corrective
  • 7. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 7
  • 8. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 8 Preventative / Detective / Corrective
  • 9. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 9 Preventative / Detective / Corrective
  • 10. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 10 Preventative / Detective / Corrective
  • 11. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 11 2 Auditors “Sea” of Risk Trying to find Controls
  • 12. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Responsibility for Internal Controls • Lies with the owners themselves • In a limited company, the board of directors is responsible for ensuring that appropriate internal controls are in place. • The directors must pay due attention to the control environment 12
  • 13. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 13 COSO ERM Framework 2017
  • 14. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 14
  • 15. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 15
  • 16. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 16
  • 17. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 17
  • 18. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 18 Outline 1. What are Control Self-Assessments? 2. How do they differ from other types of Assurance and Risk Mgt 3. Approaches to conducting CSAs 4. Four (4) Workshop Formats 5. Benefits and CSF’s of a CSA Programme
  • 19. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. What are Control Self Assessments (CSA’s) Sometimes called: – Control Risk Self-Assessment (CRSA) or – Risk Control Self-Assessment (RCSA), especially if risk-based (discussed later). IIA Definition: “CSA is a methodology used to – (i) review key business objectives, – (ii) risks involved in achieving the objectives, and – (iii) internal controls designed to manage those risks.” 19
  • 20. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. What are Control Self Assessments (CSA’s) continued • As opposed to a formal Audit Review, with a CSA the internal audit team works with the operational team in an effort to evaluate their current internal control procedures, and then to use the results of the review to improve internal controls. (adapted from Moeller, 2015) • Important: Facilitation exercise, which allows management participation in risk identification and examination of their own controls for effectiveness. 20
  • 21. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Objectives of a CSA Programme • Leverage the internal audit function by shifting some of the control monitoring responsibilities to the functional areas. Audit Clients, such as line managers, are responsible for controls in their environment; the managers also should be responsible for monitoring the controls. • CSA programs also must educate management about control design and monitoring, particularly concentration on areas of high risk. These programs are not just policies requiring clients to comply with control standards. instead, they offer a variety of support ranging from written suggestions outlining acceptable control environments to in-depth workshops. • When workshops are included in the program, an additional objective-the empowerment of workers to assess or even design the control environment- may be included in the program. 21
  • 22. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Objectives of a CSA Programme (continued) Communication • To ensure better communication of CEO’s objectives and strategies to all business lines • To ensure business line managers communicate their risks and controls more effectively Education • To ensure business line managers have a better comprehension of effective risk control • To ensure business line managers have a better comprehension of risk management Proactive Management • To ensure business line managers align their objectives and strategies with the • CEO's objectives and strategies • To ensure business line managers assume greater responsibility and accountability for their risks and controls • To ensure business line managers monitor their risk effectively and timely • To ensure business line managers utilize and allocate their resources effectively 22
  • 23. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 23 The CSA Model for Continuous Improvement • Identify business objectives, which can be defined either in terms of business targets or process delivery goals; • Identify risks that could threaten the achievement of those objectives and the activities and processes affected by the different risks identified; • Identify controls in place intended to prevent the risks from crystallizing; Determine where responsibility for performing those controls lies; and assess the effectiveness of the controls in operation and the level of residual risk remaining after control. • Continue to monitor performance and controls.
  • 24. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 24 Where do CSAs fit in, as an Assurance Technique?
  • 25. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 25
  • 26. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Three Approaches to CSAs 26
  • 27. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Three CSA Approaches 1. Facilitated team meetings (workshops) Gather internal control information from work teams that may represent multiple levels within the organization. Facilitators are trained in controls examination and assessment, as well as facilitation techniques. 2. Questionnaires (Surveys) Questionnaire approach uses a survey instrument that offers opportunities for yes/no or have/have-not responses. Process owners use the survey results to assess their control structure. 3. Management-produced analysis Any other approach. Management produces a staff study of the business process. Should be validated by the CSA specialist. 27
  • 28. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. 28
  • 29. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Workshop Formats 29
  • 30. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Workshop Formats (CSA‐facilitated sessions) 1. Objective‐based 2. Risk‐based 3. Control‐based 4. Process‐based 30
  • 31. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Workshops: Objective Based 31
  • 32. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Workshops: Risk Based 32
  • 33. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Workshops: Controls Based 33
  • 34. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Workshops: Process Based 34
  • 35. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Questionnaires (Survey) 35
  • 36. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Survey Approach to CSAs 1. Develop using control framework (e.g. COSO) and/or management objectives 2. Distribute online surveys / questionnaires 3. Summarize & analyze results 4. Deliver results to management 36
  • 37. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Questionnaire Examples Planning & Budgeting Accruals 37
  • 38. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Management produced self-analysis • As an alternative to a survey or a facilitated workshop, a management•]produced analysis is very similar to the type of operational review that an internal auditor would perform. This is one of the three CSA analysis approaches suggested by the IIA, where management produces a staff study of the business process. almost a research study. • The CSA specialist, who may be an internal auditor, combines the results of the study with information gathered from sources, such as other managers and key personnel. By synthesizing this material, the CSA specialist develops an analysis that process owners can use in their CSA efforts. • The management•-produced analysis approach, although endorsed by the IIA as one of three suggested CSA approaches, is difficult to perform for the typical enterprise. It suggests an almost •academic•review by someone in the enterprise, followed by some comparative research for subsequent analysis. 38
  • 39. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Implementing a CSA Programme 39
  • 40. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. CSA Framework 1. Identification of CSA Projects 2. Preliminary Activities 3. Workshop 4. Reporting 5. Validating 40
  • 41. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Benefits of a CSA Programme • Early detection of risk • More effective and improved internal controls • Creation of cohesive teams through employee involvement • Developing a sense of ownership of the controls in the employees and process owners and reducing their resistance to control improvement initiatives • Increased employee awareness of organizational objectives, and knowledge of risk and internal controls • Increased communication between operational and top management; • A common language and common set of values across the organisation; • Highly motivated employees • Improved audit rating process • Reduction in control cost • Assurance provided to stakeholders and customers 41
  • 42. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Model CSA Policy Template (KnowledgeLeader) 42
  • 43. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Planning Workshops 43
  • 44. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Nb, Basic Facilitator Skills A facilitator does not have to be an expert in a certain process or subject matter; however, the facilitator should have basic skills such as: • Active listening skills and the ability to ask good questions, including questions that probe the topics and move the discussions forward • Good verbal communication skills, including the ability to pose questions in a nonthreatening manner and the ability to summarize material • The ability to manage the dynamics of the group, including managing various personalities so that a few members do not dominate the discussions and managing processes so that goals are met • The ability to resolve conflicts • The ability to manage time and keep the proceedings on schedule 44
  • 45. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Some downsides of CSAs • It could be mistaken as an audit function replacement • It may be regarded as an additional workload (e.g., one more report to be submitted to management) • Failure to act on improvement suggestions could damage employee morale • Lack of motivation may limit effectiveness in the detection of weak controls 45
  • 46. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Critical Success Factors • Involving the right people in the organisation to support, foster and own the CSA process. • Allocating sufficient time and resources to properly prepare for and carry out workshops and subsequent follow-up. • Having adequately trained and experienced facilitators to conduct CSA workshops. • Proper design of a structured but flexible CSA methodology that avoids the creation of overly simple or confusing checklists. 46
  • 47. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Further Reading 47
  • 48. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. Review Questions 48
  • 49. ISTM 6009: IT Governance. Mohammed, A. (2017)Introduction to CSAs | Abdullah Mohammed | October, 2017. A Brief Introduction to Control Self Assessments Abdullah Mohammed, MSc, BSc, CISA Thank you.

Editor's Notes

  1. http://www.accaglobal.com/lk/en/student/exam-support-resources/fundamentals-exams-study-resources/f1/technical-articles/internal-controls.html
  2. https://www.pwc.com/la/en/risk-assurance/control-self-assessments.html
  3. Institute of Operational Risk Operational Risk Sound Practice Guidance Risk Control Self Assessment
  4. https://www.pwc.com/la/en/risk-assurance/control-self-assessments.html