Common internal audit findings & how to avoid them
•Download as PPTX, PDF•
2 likes•1,319 views
Audit
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Common internal audit findings & how to avoid them
Similar to Common internal audit findings & how to avoid them (20)
Recently uploaded
Recently uploaded (20)
Common internal audit findings & how to avoid them
- 1. Common Internal Audit Findings & How to Avoid Them April 6, 2016, 10:00 am – 12:00 pm Workshop Conducted by: Surajit Datta
- 2. 1. Internal Audit 2. Internal Controls 3. Elements of Internal Controls 4. Audit Findings 5. Common Internal Audit Findings 6. Fraud Indicators 7. How to Avoid Audit Findings Topics IAD Workshop - 2016
- 3. Internal Audit The Institute of Internal Auditors defines Internal Auditing as… "An independent, objective assurance and consulting activity designed to add value and improve and organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes." IAD Workshop - 2016
- 4. • 2002 – Enron • Billions of dollars of market value erased. Thousands of jobs lost. Savings wiped out. The Enron failure failure demonstrated a failure of corporate governance, in which internal control mechanisms were short- were short-circuited by conflicts of interest that enriched certain managers at the expense of the the shareholders. • 2008 - $ 500 million loss by Merrill Lynch “several mitigating internal controls were not operating effectively and therefore failed to identify the the intercompany difference that resulted in the huge loss” - Deloitte. Effects of Internal Control Failures IAD Workshop - 2016
- 5. A process designed to provide reasonable assurance about the achievement of an entity’s objectives concerning: Financial reporting Effectiveness of operations Compliance with laws and regulations What are Internal Controls IAD Workshop - 2016
- 6. What are Internal Controls IAD Workshop - 2016 FINANCIAL 1. Promotes integrity of data used in making business decisions 2. Assists in fraud prevention and detection through the creation of an auditable trail of of evidence COMPLIANCE Helps maintain compliance with laws and and regulations through periodic monitoring OPERATIONAL 1. Promotes efficiency and effectiveness of operations through standardized processes 2. Ensures the safeguarding of assets through control activities Effective internal controls prevent fraud, waste, and abuse Develop internal controls to address the risks identified during your “risk assessment process” Review and adjust your control activities to ensure they are working
- 7. Control Environment Risk Assessment Control Activities Information and Communication Monitoring 5 Elements of Internal Controls IAD Workshop - 2016
- 8. Tone at the Top Commitment to Competence Management’s Philosophy/Integrity Management’s Direction/Assignment of Responsibility Human Resources Policies and Procedures Control Environment IAD Workshop - 2016
- 9. Identify the Risks to Achievement of aswaaq’s Objectives in relation to: Reporting Financial (Cash Management) Operational Compliance (with laws and regulations) Prioritize them (Probability X Impact) Develop a plan to manage them (Risk Response / Mitigation Action plans or BCPs) Risk Assessment IAD Workshop - 2016
- 10. Specific to the company’s operation and may include the following: Policies and procedures to protect against fraud, waste, and abuse Authorizations and approvals (DOA) Verifications (Internal Checks, Checklists, etc.) Reconciliations Segregation of duties Review operational performance Control Activities IAD Workshop - 2016
- 11. Financial Reporting Operational Reporting Accounting Manual Compliance Reporting Codes of Conduct Keep the communication lines open Information & Communication IAD Workshop - 2016
- 12. Budget to Actual Internal Audits Reconciliations to General Ledger Management review of controls Review of exception reports External Audit Audit Committee Monitoring IAD Workshop - 2016
- 13. Audit Findings Risk assessment Corrective action required Audit recommendation A management opportunity Risk response / risk mitigation action plans Result of Audits IAD Workshop - 2016
- 14. Financial misstatement Control weakness Policy or other rule violations Other issues identified during the audit Audit findings – What are they? IAD Workshop - 2016
- 15. Internal Control failure profile IAD Workshop - 2016 Error 4% Weak Monitoring & Control 25% Non- compliance 31% Others 27% Process design 10% SOD 3% weaknesses which may put some of the company objectives at risk that are primarily due to- compliance inconsistencies with established policies and procedures ineffective process design, and weak monitoring
- 16. 1. Non-compliance of established company policy or statutes 2. Process execution not following the established DOA 3. Segregation of Duties (SOD) Conflict Ensure tasks and process flows have a check and balance. For example: A person who is responsible for collecting payments should not be responsible for creating the deposit and reconciling to source documents. 4. Lack of sufficient supervision / monitoring 5. Lack of Awareness of Company Policies Common Internal Audit Findings IAD Workshop - 2016
- 17. 6. Lack of Written Policies and Procedures (Departmental) Major business transactions and related internal controls of a department's operations should be clearly documented, periodically reviewed and updated. 7. Lack of Formally Documented Approvals Evidence should be maintained to document independent approvals (e.g. reconciliations, departmental financial statements, etc.) 8. Unbudgeted expense 9. Absence of Supporting Documentation Transactions should be appropriately supported by documentation. For example: Journal Entries: Purpose, related source documents, approvals Purchases: Requisition, competitive bidding, purchase order, invoice, approvals Common Internal Audit Findings IAD Workshop - 2016
- 18. 10. Lack of Proper Safeguarding of Assets 11. Inappropriate Information Security Access Critical or sensitive information should be appropriately restricted based on job duties. 12. Inaccurate Financial Reporting Examples include: Expenses: Invoices Not recorded as a liability upon commitment Overtime Not approved timely Revenues: Receivables Not recorded in books (booked when cash is received) Income Recorded as an offset to an expense account rather than to an income account Common Internal Audit Findings IAD Workshop - 2016
- 19. 1. One person in control 2. No separation of duties 3. High turnover of personnel 4. Unexplained entries in records 5. Unusually large amounts of payments for cash 6. Inadequate or missing documentation 7. Altered records (white-out, copies of documents, etc.) 8. Non-serial number transactions 9. Inventories and financial records not reconciled Fraud Indicators IAD Workshop - 2016
- 20. Fraud Indicators IAD Workshop - 2016 10.Lack of internal controls/ignoring controls 11.Repeat audit findings 12.Unauthorized transactions 13.Ability to get around internal controls that prevent or detect fraud 14.Inability to judge quality of performance 15.Lack of an audit trail 16.Failure to discipline prior fraud perpetrators
- 21. Internal Audit Report Read it and discuss with IAD Understand the problem Understand the recommended corrective action Plan the corrective action steps Develop the overall corrective action plan Assign overall responsibility Assign specific action step responsibilities Establish a time line Follow up – sustained attention Verify completion and effectiveness Report to management How to Avoid Audit Findings IAD Workshop - 2016
- 22. Establish Policies and Procedures • Write them • Follow them • Review and up-date them as needed Establish Internal Controls • Financial • Operational • Compliance • Cash Management How to Avoid Audit Findings IAD Workshop - 2016