Download to read offline
More Related Content
Similar to Chapter 4 - Risk and Internal Control.ppt
Chapter 4 - Risk and Internal Control.ppt
- 1.
- 2. INTRODUCTION An auditorwould assess a client’s internal control to assert that the controls compiled by the management and if there is deviation from procedures. This is called test of control. An internal control system embraces the control environment and internal control procedures.
- 3. FUNDAMENTAL CONCEPTS Thesystem of internal control is defined as the actions taken by the board and management to manage risk and increase the likelihood that established goals will be achieved (Statement of Risk Management and Internal Control by Bursa Malaysia, 2012).
- 4. FUNDAMENTAL CONCEPTS TheCommittee of Sponsoring Organizations of the Treadway Commission (COSO) defines internal control as process, effected by the board of directors, management, and other personnel, designed to provide reasonable assurance regarding the organization’s objectives.
- 5. IMPORTANCE OF INTERNAL CONTROL Maintaining business operation. A system of internal control is an important mechanism for an organization to remain functional and operational. Easy to manage In a small entity such as small enterprise, the employees and process flow are still manageable by the manager.
- 6. IMPORTANCE OF INTERNAL CONTROL Create a boundaries in business A sound internal control system will actually help the organization to exert control over their business process to remain functional and operational. Safeguards the assets Preventing employees from stealing assets or committing fraud within the business.
- 7. IMPORTANCE OF INTERNAL CONTROL Law and regulations compliance with laws and regulations, such as to Bursa Malaysia or Securities Commission Malaysia Mitigate the business risk By reduce risk, it helps firm or business to operate their business as usual. Increase the efficiency of business standards and reputation. Achieving higher standards in business process among peers
- 8. TYPES OF CONTROL Internal controls are typically comprised of control activities such as authorization, documentation, reconciliation, security, and the separation of duties. They are broadly divided into preventative and detective control.
- 9. TYPES OF CONTROL Preventive controls are built to avoid errors or any irregularities from happening. These are also known as proactive controls because they help to ensure the organization’s objectives are achieved. Some examples of preventive controls are: – Segregation of duties: Duties and responsibilities are segregated to reduce risks and errors for certain events. – Safeguarding assets: Different departments may have different security level to access certain parts of the building in the organization, or different level of staff have different levels of access into the company’s information system.
- 10. TYPES OF CONTROL Detective controls are designed to find or allocate errors after they have occurred. For example, management analyses on identifying unexpected results or losses on productions, or reconciliations on actual outcome and forecasted results. All these require corrective action.
- 11. ELEMENTS OF INTERNAL CONTROL These components make up the minimum level of internal control a chapter needs to have in place and are the basis against which internal control is evaluated. There are five interrelated components of an internal control framework: a. control environment b. risk assessment c. control activities d. information and communication e. monitoring.
- 12. ELEMENTS OF INTERNAL CONTROL Control environment – The control environment sets the tone of an organization, influencing the control consciousness of its people. Risk assessment is the identification and analysis of relevant risks to achievement of the objectives Monitoring – Internal control systems need to be monitored, a process that assesses the quality of the system's performance over time.
- 13. ELEMENTS OF INTERNAL CONTROL Information and communication – Pertinent information must be identified, captured and communicated in a form and timeframe that enable people to carry out their responsibilities. Control activities - Policies and procedures that help ensure management directives are carried out. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties.
- 14.