SlideShare a Scribd company logo
1 of 198
Download to read offline
effective
 internal
controls
Presented by Eric Roring Pesik at
Corruption and Compliance
South & South East Asia Summit
        September 2012
    Hilton Hotel, Singapore
“These slides cannot replace the
full live presentation, so I have
added quotes and narration from
my live presentation to
supplement the visuals.”
effective internal controls
“I am here to talk about instilling
good governance and ensuring
full compliance with an effective
internal controls program.”
“There are two main topics:
First, what are internal controls?
And second, how do you ensure
they are effective?”
internal controls
finance & accounting procedures
“When we envision internal controls in
  modern organizations, the typical
  things one thinks about are finance
  and accounting procedures, such as
  revenue recognition rules, balance
  sheets, and cash flow statements.”




finance & accounting procedures
corporate IT systems
“Or you might also think about your
corporate IT systems , such as
ORACLE, SAP, and the databases and
programs that keep track corporate
transactions.”




             corporate IT systems
company policies & procedures
“Or you might think about general
company policies & procedures, such
as the rules we all follow to get our
expense reports approved.”




company policies & procedures
humanize internal controls
“These are typical examples of
internal controls. But they can be as
obscure or esoteric. Internal controls
should make sense to the people
that have to comply with them.”




       humanize internal controls
simplify internal controls
“Instead of the typical corporate
internal controls, I offer you a simple
internal control...”
restaurant guest check
“Everyone has seen a restaurant
guest check. You knows what it is and
how it works. But how many people
this of this as an internal control?”




          restaurant guest check
restaurant procedures
“We recognize restaurant
procedures, and we participate
without question or thought.”




           restaurant procedures
take your order
“When the waitress takes your order,
the first internal control comes into
play when you tell the waitress what
you want. She writes it down. This
simple data entry drives restaurant
operations.”




                       take your order
“The waitress repeats your order as
additional an control to verify the
data, and correct it if it is incorrect.”




                         take your order
prepare your order
“The segregation of duties is another
internal control because the kitchen
must translate the written data into an
allowed order on the menu.”




                  prepare your order
“The kitchen uses the order to
manage production , preparing the
meal as described in the guest check,
and pulling raw materials from
inventory.”




                 prepare your order
“The segregation of duties is also a
fraud prevention control. The kitchen
operates to the written order,
preventing the waitress from
recording an inexpensive item but
delivering an expensive item.”




                  prepare your order
serve your order
“When your order is ready the waitress
uses the order to verify customer
requirements against kitchen
production output.




                     serve your order
“There is a final verification when
your meal arrives. If you dispute the
order, the wait staff can compare your
dispute against the written order.”




                     serve your order
pay for your order
“After you eat, you must pay. The
cashier reviews the guest check to
calculate sales price and record the
sales revenue from your meal.”




                    pay for your order
receipt for order
“The restaurant keeps the order for
records retention. The manager can
audit these records to monitor the
business operations.”




                    receipt for order
“Total sales as shown in the guest
checks should match the revenue in
the cash register.”




                    receipt for order
“Production orders as shown in the
guest checks should match the
changes in inventory.”




                    receipt for order
“The guest check allows top level
review of restaurant operations. If
there are discrepancies,
management can investigate.”




                      receipt for order
restaurant guest check
“It doesn’t feel like an internal control.
It’s not bureaucratic. It helps
restaurant employees do their job
more effectively, so they use it
effectively.”




            restaurant guest check
human scale controls
“The restaurant guest check is a
human scale control. It is easy to
understand and requires no special
skill or technical knowledge.”
1. simple
2. effective
3. efficient
“It is simple because it only requires
a small piece of paper passed from
user to user without special tools or
equipment.”
“It is effective because one item
drives nearly every aspect of the
business: sales, customer services,
operations, production, inventory,
revenue, accounting, planning,
management oversight...”
“It is an efficient control because it
does not interfere with how each
employee does his or her job. This
internal control helps employee their
job more efficiently.”
organic controls
“This internal control was developed
organically. It wasn’t implemented by
legal or finance or compliance. It was
developed over time by the users
themselves to make their job easier.”
“There are probably similar internal
controls in your company developed
by the users themselves.”
internal control
integrated framework
“Let’s look at the opposite end of the
spectrum. The Internal Control -
Integrated Framework was
commissioned the Committee of
Sponsoring Organizations of the
Treadway Commission.”
“This is a formal framework for
internal control systems that is
employed by a majority of
multinational companies.”
“There are four key concepts in the
Internal Controls - Integrated
Framework.”
internal control is a process
“Internal control is a means to an
end, not an end in itself.”




     internal control is a process
affected by people
“Internal controls are not just things,
they are people at every level of an
organization. Internal controls rely on
people for their effectiveness and are
affected by the inherent faults of
people.”




                   affected by people
reasonable assurance
“Internal controls cannot provide
absolute assurances. There are no
fool-proof internal controls.”




           reasonable assurance
achieve objectives
“Internal control should be directed at
achieving company objectives. An
internal control that is not tied to a
corporate objective is not an effective
internal control.”




                  achieve objectives
1.   process
2.   people
3.   assurances
4.   objectives
“Internal controls are processes
effected by people that provide
reasonable assurances that you are
meeting or achieving your corporate
objectives.”
integrated framework
human framework
human laziness
“Internal controls protect against the
human desire to skip steps and take
shortcuts.”




                      human laziness
human carelessness
“Internal controls need to protect
against mistakes and human
carelessness.”




              human carelessness
human dishonesty
“Human controls need to protect
against human dishonesty.”




                human dishonesty
1. laziness
2. carelessness
3. dishonesty
human framework
“Internal controls protect against the
inherent risk of having humans
participate in your business.”
internal controls methods
“The integrated framework describes
methods we put in place to protect
against the human framework.”
segregation of duties
“Separating authorization, custody,
and record keeping roles helps
prevent fraud or error by one person.”




             segregation of duties
retention of records
“Maintaining documentation allows us
to document and substantiate
transactions.”




               retention of records
supervision or monitoring
“Supervision or monitoring allows us
to observe and review ongoing
operational activity.”




        supervision or monitoring
information processing
“Information processing allows us to
verify data entry, comparing file totals
with control accounts, and control
access to data, files, and programs.”




            information processing
authorization of transactions
“Authorization of transactions ensure
that transactions are reviewed and
approved by an appropriate person.”




   authorization of transactions
top-level reviews
“Top level reviews allow reporting and
analysis of actual results versus
organizational goals and key
performance indicators.”




                    top-level reviews
electronic security
“Electronic security provides
passwords and access logs to protect
data and programs from
unauthorized access.”




                 electronic security
physical security
“Physical security provides cameras,
locks, and physical barriers to protect
cash, property, and inventory.”




                     physical security
1.   segregation of duties
2.   retention of records
3.   super vision or monitoring
4.   information processing
5.   authorization of transactions
6.   top-level reviews
7.   electronic security
8.   physical security
internal controls methods
“The eight categories of internal
control methods are overlapping and
nonexclusive.”
“How to you make them effective?”
effective internal controls
risk focused
“Internal controls must be risk
focused. They must be tailored to
actual risks your company faces.”
risk assessment
“To implement risk-focused internal
controls, you have to do a formal risk
assessment. This is something
everyone talks about, but rarely does.”




                     risk assessment
“Everyone has seen a typical risk
matrix. It is a tool to compare two
dimensions of data, the probability of
risk and the magnitude of harm, to
help you measure threats.”
High Magnitude                 High Magnitude
                    Low Probability                High Probability
Magnitude of Loss




                    Low Magnitude                  Low Magnitude
                    Low Probability                High Probability



                                  Probability of Risk



                                                         risk matrix
“How many people have actually
plotted out risks their company
faces? This should not be merely a
thought experiment, but a formal risk
assessment.”
who determines risk?
“Most companies’ risk profiles are
determined by the personal opinions
of a small number of individuals.”




             who determines risk?
risk experts
“Lawyers, accountants, risk officers,
experienced business professionals
are all risk experts. Their job is to
understand the risks our companies
face based on their professional
experience, training, and individual
expertise.”




                            risk experts
subjective opinions
“But individual opinions are too
subjective, especially when risk
assessments are made by limited
individuals insulated from day-to-day
operations.”




                 subjective opinions
objective data
“Relying on risk experts is not
enough. To develop effective internal
controls, you need to supplement
subjective individual opinions with
objective risk data.”




                        objective data
“Without objective risk data, you do
cannot have a risk-focused program.
And you cannot demonstrate to
regulatory authorities that you have
appropriate controls in place.”




                       objective data
sources of data
“The data in this presentation is
derived from reports from the
Association of Certified Fraud
Examiners. This presentation was
delivered in Asia, and uses Asia data.
But global data is similar.”
categories of risk
“Probability is the frequency of fraud
in each category. The percentages
exceed 100% because any event may
involve more than one risk category.”
Corruption                               51%
             Billing                      19%
          Non-Cash                       19%
   Expense Account                  14%
          Skimming                 13%
      Cash on Hand                11%
      Cash Larceny            9%
  Check Tampering            7%
Financial Statement          7%
             Payroll    4%
      Cash Register    2%



                                  probability of the risk
“Corruption is the most frequent
risk, occurring in more than half of all
events.”
“The magnitude of loss is the median
loss for each event, in thousands of
US dollars.”
Financial Statement                            $1,730
         Corruption          $175
  Check Tampering        $131
             Billing     $128
      Cash Larceny      $100
          Non-Cash      $90
             Payroll    $72
          Skimming     $60
   Expense Account     $33
      Cash on Hand     $23
      Cash Register    $23



                                magnitude of the loss
“Financial statement fraud is
infrequent, but it is the most costly
form of fraud when it occurs.”
“The adjusted risk profile combines
the probability and magnitude
together and then scales the result
from 1-10, lowest to the highest.”
Financial Statement                                          10.0
        Corruption                                     7.4
             Billing                     2.0
         Non-Cash                  1.3
  Check Tampering            0.7
      Cash Larceny           0.7
         Skimming            0.6
  Expense Account       0.4
            Payroll     0.2
     Cash on Hand      0.2
      Cash Register    0.0



                                               adjusted risk profile
“Financial statement risk and
corruption risks are both high risk
because of the high occurrence and
high cost. Corruption is a current hot
topic, but the data shows financial
statement fraud is a greater risk.”
perpetrators of risk
Sales                                        21.0%
             Operations                                 15.4%
             Accounting                                15.1%
      Exec/Upper Mgmt                                14.0%
             Purchasing                      10.7%
Warehousing/Inventory                 4.0%
                Finance               4.0%
       Customer Service             3.3%
Marketing/Pub Relations            2.9%
     Board of Directors            2.9%
    Mfg and Production           2.2%
      Human Resources            2.2%
Information Technology         1.5%
          Internal Audit    0.4%
      Research and Dev      0.4%
                   Legal   0.0%



                                  probability of the risk
“The sales department is the most
frequent source of risk, probably
because corruption is the most
frequent category of risk. But the top
5 overall departments are similar, all
with double digits risks.”
Exec/Upper Mgmt                                      $829
     Board of Directors                                   $800
                   Legal                           $566
             Purchasing                         $500
                Finance                       $450
Marketing/Pub Relations                $248
Warehousing/Inventory                  $239
      Human Resources                $200
             Accounting            $180
    Mfg and Production            $150
             Operations         $105
      Research and Dev         $100
                   Sales       $95
Information Technology        $71
       Customer Service     $46
          Internal Audit   $13



                              magnitude of the loss
“Upper management and the board
of directors are the source of the
greatest median loss per event,
probably because financial statement
fraud is the most costly form of
fraud.”
Exec/Upper Mgmt                                 10.0
             Accounting                         3.5
             Purchasing                   2.8
             Operations             1.7
                Finance             1.7
                   Sales         1.1
Warehousing/Inventory           1.0
     Board of Directors         1.0
Marketing/Pub Relations      0.4
       Customer Service     0.3
                   Legal    0.2
      Human Resources       0.2
    Mfg and Production      0.2
Information Technology      0.2
      Research and Dev     0.0
          Internal Audit   0.0



                                     adjusted risk profile
“The adjusted risk profile shows
upper and executive management is
the source of greatest source of risk
to the company.”
external data
“External data is not enough. It helps
you benchmark your risk analysis, but
the key to developing risk-focused
controls is collecting your own
internal data.”
internal data
company constituents
“When you need unfiltered data about
your company, you cannot rely on risk
experts, because they don’t know
what is happening with manager-level
and line-level employees.”




            company constituents
“You need to discover open secrets
that everyone knows on the shop floor
but that never reach management.”




            company constituents
human laziness
“Employees know who is lazy in their
organization. They might not turn in
their co-workers, but they will tell you
the steps people skip.”




                       human laziness
human carelessness
“Employees know who is careless in
their organization. They might not turn
in their co-workers, but they will tell
you the mistakes people make.”




              human carelessness
human dishonesty
“Employees know who is dishonest in
their organization. They might not turn
in their co-workers, but they will tell
you how people steal from the
company.”




                  human dishonesty
risk experts
ordinary employees
“Ordinary employees are the real risk
experts in your company.”




                ordinary employees
formal risk assessment
“A formal risk assessment is time
consuming. It requires putting all your
constituents in a room having each of
them teach you about the risks they
see every day.”




           formal risk assessment
risk inventory
“Your risk assessment will produce a
risk inventory - a list of every risk
your employees identify.”




                         risk inventory
“Analyze the probability and
magnitude of each item in your risk
inventory to develop your company’s
risk matrix.”




                        risk inventory
probability of occurrence
magnitude of loss
risk matrix
“Once you develop your company’s
matrix, you must select appropriate
internal control methods to mitigate
the risks.”
internal controls methods
1.   segregation of duties
2.   retention of records
3.   super vision or monitoring
4.   information processing
5.   authorization of transactions
6.   top-level reviews
7.   electronic security
8.   physical security
“But your work is not done. You also
have to assess the effectiveness of
your proposed controls.”
effectiveness of controls
cost of mitigating or avoiding
“Every internal control has a price. It
may be the financial cost to
implement, or the loss of operational
efficiencies due to burdensome
process steps or procedures.”




  cost of mitigating or avoiding
“Do not allow the cost of mitigation to
exceed the value of the risk. You
need to know the effectiveness of
each internal control.”




  cost of mitigating or avoiding
follow the money
“Effectiveness is measured by the
reduction in median losses of
organizations with an internal control
versus organizations without the
same internal control.”
Hotline                           59.2%
        Employee Support Programs                              59.0%
                      Surprise Audits                      51.5%
Fraud Training for Managers/Execs                         50.0%
       Fraud Training for Employees                       50.0%
 Job Rotation/Mandatory Vacation                        46.8%
                     Code of Conduct                    46.6%
                Management Review                   40.0%
                    Anti-Fraud Policy               40.0%
              External Audit of ICOFR            34.9%
          Internal Audit Department           30.6%
     Independent Audit Committee             30.0%
                 External Audit of F/S    25.0%
  Management Certification of F/S         25.0%
        Rewards for Whistleblowers       23.2%



                               effective loss reduction
“Hotlines were the most effective, but
the top 5 internal controls yielded
50% or greater median loss
reduction.”
Hotline    $100                     $245
        Employee Support Programs        $100                     $244
                      Surprise Audits     $97             $200
Fraud Training for Managers/Execs        $100             $200
       Fraud Training for Employees      $100             $200
 Job Rotation/Mandatory Vacation         $100            $188
                     Code of Conduct         $140                     $262
                Management Review          $120              $200
                    Anti-Fraud Policy      $120              $200
              External Audit of ICOFR        $140              $215
          Internal Audit Department           $145            $209
     Independent Audit Committee             $140            $200
                 External Audit of F/S         $150          $200
  Management Certification of F/S              $150          $200
        Rewards for Whistleblowers         $119       $155



                            benefit of loss reduction
“Companies without hotlines suffered
median losses of $245k per event.
Companies with hotlines suffered
only $100k median losses per
event.”
“Since hotlines have the greatest
effective loss reduction, let’s do a
quick case study to examine hotlines
further and compare them with other
sources of risk detection.”
risk detection
Tip                               42.3%
         Internal Audit                     14.3%
  Management Review                      11.3%
            By Accident              8.9%
         External Audit           5.8%
 Account Reconciliation           5.5%
Document Examination          4.4%
Surveillance/Monitoring     2.7%
            Confession      2.4%
      Notified by Police   1.7%
             IT Controls   0.7%



                                            detection method
“Tips are the source of 42.3% of risk
detection. They are the greatest
detection source.”
Employee                                   49.2%

   Customer                     17.8%

 Anonymous               13.4%

      Vendor            12.1%

Shareholder/
                 3.7%
   Owner

  Competitor    2.5%

Perpetrator's
                1.8%
Acquaintance



                                        source of tips
“Employees are the greatest source
of tips. But about half of all tips come
from sources other than
employees.”
With Hotline         47.1%


Tips Overall        42.3%


 No Hotline       33.8%


               companies with hotlines
With Hotline      47.1%


Tips Overall     42.3%


 No Hotline    33.8%      13.3%


         companies without hotlines
“Companies with hotlines receive
13% more tips than companies
without.”
importance of hotlines
“Hotlines are the most effective
internal control, reducing median
losses by almost 60%. Tips are the
number one source for detecting risk,
resulting in 13% more tips.”

“Why is this important?”




            importance of hotlines
whistleblower bounties
“Regulators are paying whistleblower
bounties to get tips. If you don’t have
a hotline, you are telling 13% of
people with tips to take them
somewhere else.”




           whistleblower bounties
“They will follow the money.”




           whistleblower bounties
follow the money
“Follow the money, follow the risk.”
recap
effective internal controls
1. simple
2. effective
3. efficient
1.   process
2.   people
3.   assurances
4.   objectives
1. laziness
2. carelessness
3. dishonesty
1.   segregation of duties
2.   retention of records
3.   super vision or monitoring
4.   information processing
5.   authorization of transactions
6.   top-level reviews
7.   electronic security
8.   physical security
risk focused
objective data
follow the money
“Follow the money, follow the risk.”
questions?
get more from
http://www.slideshare.net/ericpesik/
License and Credits
This presentation, excluding the images, is provided under creative commons attribution license.
http://creativecommons.org/licenses/by/3.0/
You are free to share, copy, distribute, and transmit this work; to remix, adapt this work; and to make commercial use of the work; under the condition that you attribute
this work to me by including the following attribution “Effective Internal Controls by Eric Pesik. Used with permission,” and URL Link:
http://www.slideshare.net/ericpesik/


Microsoft Office Online:
Except as noted below, all images in this presentation are from Microsoft Office Online. Used with permission from Microsoft:
http://office.microsoft.com/en-us/images/

Flickr Creative Commons:
The following images are from flickr creative commons and are licensed and used under creative commons attribution license:
http://creativecommons.org/licenses/by/2.0/deed.en

                    Art Coffee House Waitress by Wonderlane
                    http://www.flickr.com/photos/wonderlane/293137892/
                    Waitress by Adikos
                    http://www.flickr.com/photos/adikos/4319818916/
                    Rutherford Grill by Neeta Lind
                    http://www.flickr.com/photos/neeta_lind/2517034517/
                    Serving Food by Adrian Nier
                    http://www.flickr.com/photos/adriannier/4004167201/
                    Donut Shop Owner by Robert Couse-Baker
                    http://www.flickr.com/photos/29233640@N07/7104455917/
                    Two chorizo burritos with cheese and sour cream by Rick
                    http://www.flickr.com/photos/spine/1994814081/
                    Waiter by Hans Van Den Berg
                    http://www.flickr.com/photos/myimage/4353456304/
                    Blue Telephone by UggBoy♥UggGirl
                    http://www.flickr.com/photos/uggboy/5345135964/

Association of Certified Fraud Examiners:
All data is from the Association of Certified Fraud Examiners, Report to the Nations on Occupational Fraud and Abuse, 2010 Global Fraud Study based on 1,843 cases
of occupational fraud that were reported by the Certified Fraud Examiners who investigated them. http://www.acfe.com

Committee on Sponsoring Organizations of the Treadway Commission:
The Internal Control — Integrated Framework was commissioned by the Committee on Sponsoring Organizations of the Treadway Commission. It establishes a common
definition of internal control that services the needs of different parties for assessing and improving their control systems. http://www.coso.org

More Related Content

What's hot

Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditorsminkhollow
 
Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guideCenapSerdarolu
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO FrameworkJesús Gándara
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal AuditArmeniaFED
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management -  A Gateway to managing the risk profile of your...Operational Risk Management -  A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Eneni Oduwole
 
Internal audit department
Internal audit departmentInternal audit department
Internal audit departmentPopun
 
Improving effectiveness of internal auditing
Improving effectiveness of internal auditingImproving effectiveness of internal auditing
Improving effectiveness of internal auditingPECB
 
Audit report writing 5
Audit report writing 5Audit report writing 5
Audit report writing 5DJones68
 
Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid themSurajit Datta
 
Ppt on risk based internal audit
Ppt on risk based internal auditPpt on risk based internal audit
Ppt on risk based internal auditAmitaMistry2
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit departmentSalih Islam
 
audit planning and risk assessment new slides.ppt
audit planning and risk assessment new slides.pptaudit planning and risk assessment new slides.ppt
audit planning and risk assessment new slides.pptAdeelAhmad724104
 
Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Hisyam
 
Audit Planning - Considerations
Audit Planning - ConsiderationsAudit Planning - Considerations
Audit Planning - ConsiderationsRyan Vaz
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk pptNehaKamboj10
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesManoj Agarwal
 

What's hot (20)

Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditors
 
Internal audit ratings guide
Internal audit ratings guideInternal audit ratings guide
Internal audit ratings guide
 
Internal audit ppt
Internal audit  pptInternal audit  ppt
Internal audit ppt
 
Audit ratings guide
Audit ratings guideAudit ratings guide
Audit ratings guide
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO Framework
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal Audit
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management -  A Gateway to managing the risk profile of your...Operational Risk Management -  A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...
 
Internal audit department
Internal audit departmentInternal audit department
Internal audit department
 
Internal Auditor Roles
Internal Auditor RolesInternal Auditor Roles
Internal Auditor Roles
 
Improving effectiveness of internal auditing
Improving effectiveness of internal auditingImproving effectiveness of internal auditing
Improving effectiveness of internal auditing
 
Internal controls
Internal controlsInternal controls
Internal controls
 
Audit report writing 5
Audit report writing 5Audit report writing 5
Audit report writing 5
 
Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid them
 
Ppt on risk based internal audit
Ppt on risk based internal auditPpt on risk based internal audit
Ppt on risk based internal audit
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit department
 
audit planning and risk assessment new slides.ppt
audit planning and risk assessment new slides.pptaudit planning and risk assessment new slides.ppt
audit planning and risk assessment new slides.ppt
 
Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)Brief overview on Internal control (Audit)
Brief overview on Internal control (Audit)
 
Audit Planning - Considerations
Audit Planning - ConsiderationsAudit Planning - Considerations
Audit Planning - Considerations
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk ppt
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
 

Viewers also liked

Manual restaurant
Manual restaurantManual restaurant
Manual restaurantcharfine
 
Fundamental of nursing procedure mannual
Fundamental of nursing procedure mannualFundamental of nursing procedure mannual
Fundamental of nursing procedure mannualNursing Path
 
The restaurant from concept to operation 6th - walker
The restaurant  from concept to operation 6th - walkerThe restaurant  from concept to operation 6th - walker
The restaurant from concept to operation 6th - walkerLesterrs
 

Viewers also liked (8)

Restaurant
RestaurantRestaurant
Restaurant
 
American National Standards Institute Presentation
American National Standards Institute PresentationAmerican National Standards Institute Presentation
American National Standards Institute Presentation
 
Food and Beverage Management - Unit 1
Food and Beverage Management - Unit 1Food and Beverage Management - Unit 1
Food and Beverage Management - Unit 1
 
Powerful Restaurant Forms
Powerful Restaurant FormsPowerful Restaurant Forms
Powerful Restaurant Forms
 
Food and beverage standard procedures
Food and beverage standard proceduresFood and beverage standard procedures
Food and beverage standard procedures
 
Manual restaurant
Manual restaurantManual restaurant
Manual restaurant
 
Fundamental of nursing procedure mannual
Fundamental of nursing procedure mannualFundamental of nursing procedure mannual
Fundamental of nursing procedure mannual
 
The restaurant from concept to operation 6th - walker
The restaurant  from concept to operation 6th - walkerThe restaurant  from concept to operation 6th - walker
The restaurant from concept to operation 6th - walker
 

Similar to Effective Internal Controls (Annotated) by @EricPesik

Managerial control
Managerial controlManagerial control
Managerial controlParul Tandan
 
Assessing risks and internal controls training
Assessing  risks and internal controls   trainingAssessing  risks and internal controls   training
Assessing risks and internal controls trainingshifataraislam
 
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.pptDECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt1111964
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditingHardik Shah
 
Literature review
Literature review Literature review
Literature review daviddela2
 
Internal control system
Internal control systemInternal control system
Internal control systemHina Varshney
 
Unit 3 internal control
Unit 3 internal controlUnit 3 internal control
Unit 3 internal controlRadhika Gohel
 
SAS 104-111 for Nonprofit Execs
SAS 104-111 for Nonprofit ExecsSAS 104-111 for Nonprofit Execs
SAS 104-111 for Nonprofit Execshimetro
 
Information system control and audit
Information system control and auditInformation system control and audit
Information system control and auditAstri Stiawaty
 
Internal Control Internal Checking Internal Auditing - Auditing By LATiFHRW
Internal Control  Internal Checking Internal Auditing - Auditing By LATiFHRWInternal Control  Internal Checking Internal Auditing - Auditing By LATiFHRW
Internal Control Internal Checking Internal Auditing - Auditing By LATiFHRWLatif Hyder Wadho
 
Sarbanes oxley internal controls
Sarbanes oxley internal controlsSarbanes oxley internal controls
Sarbanes oxley internal controlsIllumeo
 
Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Mohammad Wahid Abdullah Khan
 
Internal controls
Internal controlsInternal controls
Internal controlsappan_k
 
topic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptxtopic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptxvailethmwaisanila
 
FIN-Internal_Controls_Primer_Presentation.ppt
FIN-Internal_Controls_Primer_Presentation.pptFIN-Internal_Controls_Primer_Presentation.ppt
FIN-Internal_Controls_Primer_Presentation.pptssusere1a0f0
 
FIN-Internal_Controls_Primer_Presentation.ppt
FIN-Internal_Controls_Primer_Presentation.pptFIN-Internal_Controls_Primer_Presentation.ppt
FIN-Internal_Controls_Primer_Presentation.pptbm6tkbry4q
 

Similar to Effective Internal Controls (Annotated) by @EricPesik (20)

Managerial control
Managerial controlManagerial control
Managerial control
 
Assessing risks and internal controls training
Assessing  risks and internal controls   trainingAssessing  risks and internal controls   training
Assessing risks and internal controls training
 
COSO 2013 and The Auditor
COSO 2013 and The AuditorCOSO 2013 and The Auditor
COSO 2013 and The Auditor
 
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.pptDECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditing
 
Literature review
Literature review Literature review
Literature review
 
Internal control system
Internal control systemInternal control system
Internal control system
 
Unit 3 internal control
Unit 3 internal controlUnit 3 internal control
Unit 3 internal control
 
Internal check audit (ppt)
Internal check audit (ppt)Internal check audit (ppt)
Internal check audit (ppt)
 
SAS 104-111 for Nonprofit Execs
SAS 104-111 for Nonprofit ExecsSAS 104-111 for Nonprofit Execs
SAS 104-111 for Nonprofit Execs
 
Information system control and audit
Information system control and auditInformation system control and audit
Information system control and audit
 
Internal Control Internal Checking Internal Auditing - Auditing By LATiFHRW
Internal Control  Internal Checking Internal Auditing - Auditing By LATiFHRWInternal Control  Internal Checking Internal Auditing - Auditing By LATiFHRW
Internal Control Internal Checking Internal Auditing - Auditing By LATiFHRW
 
Sarbanes oxley internal controls
Sarbanes oxley internal controlsSarbanes oxley internal controls
Sarbanes oxley internal controls
 
Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)
 
Internal controls
Internal controlsInternal controls
Internal controls
 
Internal control
Internal controlInternal control
Internal control
 
Case ware monitor product profile
Case ware monitor product profileCase ware monitor product profile
Case ware monitor product profile
 
topic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptxtopic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptx
 
FIN-Internal_Controls_Primer_Presentation.ppt
FIN-Internal_Controls_Primer_Presentation.pptFIN-Internal_Controls_Primer_Presentation.ppt
FIN-Internal_Controls_Primer_Presentation.ppt
 
FIN-Internal_Controls_Primer_Presentation.ppt
FIN-Internal_Controls_Primer_Presentation.pptFIN-Internal_Controls_Primer_Presentation.ppt
FIN-Internal_Controls_Primer_Presentation.ppt
 

More from Eric Pesik

Reviewing Contract Key Terms and Conditions
Reviewing Contract Key Terms and ConditionsReviewing Contract Key Terms and Conditions
Reviewing Contract Key Terms and ConditionsEric Pesik
 
Why fonts matter in 2 slides by @EricPesik
Why fonts matter in 2 slides by @EricPesikWhy fonts matter in 2 slides by @EricPesik
Why fonts matter in 2 slides by @EricPesikEric Pesik
 
The Truth about Tone from the Top by @EricPesik
The Truth about Tone from the Top by @EricPesikThe Truth about Tone from the Top by @EricPesik
The Truth about Tone from the Top by @EricPesikEric Pesik
 
Zombie PowerPoint by @ericpesik
Zombie PowerPoint by @ericpesikZombie PowerPoint by @ericpesik
Zombie PowerPoint by @ericpesikEric Pesik
 
J.P. Morgan and the Princelings of China by @ericpesik
J.P. Morgan and the Princelings of China by @ericpesikJ.P. Morgan and the Princelings of China by @ericpesik
J.P. Morgan and the Princelings of China by @ericpesikEric Pesik
 
Managing risk from top to bottom by @ericpesik
Managing risk from top to bottom by @ericpesikManaging risk from top to bottom by @ericpesik
Managing risk from top to bottom by @ericpesikEric Pesik
 
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesik
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesikUS Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesik
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesikEric Pesik
 
Do you want to be a billionaire by @EricPesik
Do you want to be a billionaire by @EricPesikDo you want to be a billionaire by @EricPesik
Do you want to be a billionaire by @EricPesikEric Pesik
 
Top 10 Things People Admit Doing on Conference Calls by @EricPesik
Top 10 Things People Admit Doing on Conference Calls by @EricPesikTop 10 Things People Admit Doing on Conference Calls by @EricPesik
Top 10 Things People Admit Doing on Conference Calls by @EricPesikEric Pesik
 
25 things NOT to do during Hungry Ghost Festival by @EricPesik
25 things NOT to do during Hungry Ghost Festival by @EricPesik25 things NOT to do during Hungry Ghost Festival by @EricPesik
25 things NOT to do during Hungry Ghost Festival by @EricPesikEric Pesik
 
Asia’s Increased Competitive Landscape - HR Implications on Talent Attraction...
Asia’s Increased Competitive Landscape - HR Implications on Talent Attraction...Asia’s Increased Competitive Landscape - HR Implications on Talent Attraction...
Asia’s Increased Competitive Landscape - HR Implications on Talent Attraction...Eric Pesik
 
Economics of Bribery by @EricPesik
Economics of Bribery by @EricPesikEconomics of Bribery by @EricPesik
Economics of Bribery by @EricPesikEric Pesik
 
Economics of Bribery
Economics of BriberyEconomics of Bribery
Economics of BriberyEric Pesik
 
Economics of Corruption
Economics of CorruptionEconomics of Corruption
Economics of CorruptionEric Pesik
 
Globalization of Ethics and Compliance by @EricPesik
Globalization of Ethics and Compliance by @EricPesikGlobalization of Ethics and Compliance by @EricPesik
Globalization of Ethics and Compliance by @EricPesikEric Pesik
 
Drafting Game Rules to Minimize Litigation
Drafting Game Rules to Minimize LitigationDrafting Game Rules to Minimize Litigation
Drafting Game Rules to Minimize LitigationEric Pesik
 
Effective Internal Controls by @EricPesik
Effective Internal Controls by @EricPesikEffective Internal Controls by @EricPesik
Effective Internal Controls by @EricPesikEric Pesik
 
Fighting Global Corruption by @EricPesik
Fighting Global Corruption by @EricPesikFighting Global Corruption by @EricPesik
Fighting Global Corruption by @EricPesikEric Pesik
 
Meeting in the Middle: Embracing Negotiation to Protect Business Interests an...
Meeting in the Middle: Embracing Negotiation to Protect Business Interests an...Meeting in the Middle: Embracing Negotiation to Protect Business Interests an...
Meeting in the Middle: Embracing Negotiation to Protect Business Interests an...Eric Pesik
 

More from Eric Pesik (19)

Reviewing Contract Key Terms and Conditions
Reviewing Contract Key Terms and ConditionsReviewing Contract Key Terms and Conditions
Reviewing Contract Key Terms and Conditions
 
Why fonts matter in 2 slides by @EricPesik
Why fonts matter in 2 slides by @EricPesikWhy fonts matter in 2 slides by @EricPesik
Why fonts matter in 2 slides by @EricPesik
 
The Truth about Tone from the Top by @EricPesik
The Truth about Tone from the Top by @EricPesikThe Truth about Tone from the Top by @EricPesik
The Truth about Tone from the Top by @EricPesik
 
Zombie PowerPoint by @ericpesik
Zombie PowerPoint by @ericpesikZombie PowerPoint by @ericpesik
Zombie PowerPoint by @ericpesik
 
J.P. Morgan and the Princelings of China by @ericpesik
J.P. Morgan and the Princelings of China by @ericpesikJ.P. Morgan and the Princelings of China by @ericpesik
J.P. Morgan and the Princelings of China by @ericpesik
 
Managing risk from top to bottom by @ericpesik
Managing risk from top to bottom by @ericpesikManaging risk from top to bottom by @ericpesik
Managing risk from top to bottom by @ericpesik
 
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesik
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesikUS Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesik
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesik
 
Do you want to be a billionaire by @EricPesik
Do you want to be a billionaire by @EricPesikDo you want to be a billionaire by @EricPesik
Do you want to be a billionaire by @EricPesik
 
Top 10 Things People Admit Doing on Conference Calls by @EricPesik
Top 10 Things People Admit Doing on Conference Calls by @EricPesikTop 10 Things People Admit Doing on Conference Calls by @EricPesik
Top 10 Things People Admit Doing on Conference Calls by @EricPesik
 
25 things NOT to do during Hungry Ghost Festival by @EricPesik
25 things NOT to do during Hungry Ghost Festival by @EricPesik25 things NOT to do during Hungry Ghost Festival by @EricPesik
25 things NOT to do during Hungry Ghost Festival by @EricPesik
 
Asia’s Increased Competitive Landscape - HR Implications on Talent Attraction...
Asia’s Increased Competitive Landscape - HR Implications on Talent Attraction...Asia’s Increased Competitive Landscape - HR Implications on Talent Attraction...
Asia’s Increased Competitive Landscape - HR Implications on Talent Attraction...
 
Economics of Bribery by @EricPesik
Economics of Bribery by @EricPesikEconomics of Bribery by @EricPesik
Economics of Bribery by @EricPesik
 
Economics of Bribery
Economics of BriberyEconomics of Bribery
Economics of Bribery
 
Economics of Corruption
Economics of CorruptionEconomics of Corruption
Economics of Corruption
 
Globalization of Ethics and Compliance by @EricPesik
Globalization of Ethics and Compliance by @EricPesikGlobalization of Ethics and Compliance by @EricPesik
Globalization of Ethics and Compliance by @EricPesik
 
Drafting Game Rules to Minimize Litigation
Drafting Game Rules to Minimize LitigationDrafting Game Rules to Minimize Litigation
Drafting Game Rules to Minimize Litigation
 
Effective Internal Controls by @EricPesik
Effective Internal Controls by @EricPesikEffective Internal Controls by @EricPesik
Effective Internal Controls by @EricPesik
 
Fighting Global Corruption by @EricPesik
Fighting Global Corruption by @EricPesikFighting Global Corruption by @EricPesik
Fighting Global Corruption by @EricPesik
 
Meeting in the Middle: Embracing Negotiation to Protect Business Interests an...
Meeting in the Middle: Embracing Negotiation to Protect Business Interests an...Meeting in the Middle: Embracing Negotiation to Protect Business Interests an...
Meeting in the Middle: Embracing Negotiation to Protect Business Interests an...
 

Recently uploaded

00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![©  ر00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![©  ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© رnafizanafzal
 
What is paper chromatography, principal, procedure,types, diagram, advantages...
What is paper chromatography, principal, procedure,types, diagram, advantages...What is paper chromatography, principal, procedure,types, diagram, advantages...
What is paper chromatography, principal, procedure,types, diagram, advantages...srcw2322l101
 
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase   17 May  2024  Energy News issue - 1725 by Khaled Al Awadi_compresse...NewBase   17 May  2024  Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...Khaled Al Awadi
 
A DAY IN THE LIFE OF A SALESPERSON .pptx
A DAY IN THE LIFE OF A SALESPERSON .pptxA DAY IN THE LIFE OF A SALESPERSON .pptx
A DAY IN THE LIFE OF A SALESPERSON .pptxseemajojo02
 
First Time Home Buyer's Guide - KM Realty Group LLC
First Time Home Buyer's Guide - KM Realty Group LLCFirst Time Home Buyer's Guide - KM Realty Group LLC
First Time Home Buyer's Guide - KM Realty Group LLCTammy Jackson
 
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdf
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdfProgress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdf
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdfHolger Mueller
 
Elevate Your Online Presence with SEO Services
Elevate Your Online Presence with SEO ServicesElevate Your Online Presence with SEO Services
Elevate Your Online Presence with SEO ServicesHaseebBashir5
 
Understanding Financial Accounting 3rd Canadian Edition by Christopher D. Bur...
Understanding Financial Accounting 3rd Canadian Edition by Christopher D. Bur...Understanding Financial Accounting 3rd Canadian Edition by Christopher D. Bur...
Understanding Financial Accounting 3rd Canadian Edition by Christopher D. Bur...ssuserf63bd7
 
Unlocking Growth The Power of Outsourcing for CPA Firms
Unlocking Growth The Power of Outsourcing for CPA FirmsUnlocking Growth The Power of Outsourcing for CPA Firms
Unlocking Growth The Power of Outsourcing for CPA FirmsYourLegal Accounting
 
Presentation4 (2) survey responses clearly labelled
Presentation4 (2) survey responses clearly labelledPresentation4 (2) survey responses clearly labelled
Presentation4 (2) survey responses clearly labelledCaitlinCummins3
 
Moradia Isolada com Logradouro; Detached house with patio in Penacova
Moradia Isolada com Logradouro; Detached house with patio in PenacovaMoradia Isolada com Logradouro; Detached house with patio in Penacova
Moradia Isolada com Logradouro; Detached house with patio in Penacovaimostorept
 
Navigating Tax Season with Confidence Streamlines CPA Firms
Navigating Tax Season with Confidence Streamlines CPA FirmsNavigating Tax Season with Confidence Streamlines CPA Firms
Navigating Tax Season with Confidence Streamlines CPA FirmsYourLegal Accounting
 
The Vietnam Believer Newsletter_May 13th, 2024_ENVol. 007.pdf
The Vietnam Believer Newsletter_May 13th, 2024_ENVol. 007.pdfThe Vietnam Believer Newsletter_May 13th, 2024_ENVol. 007.pdf
The Vietnam Believer Newsletter_May 13th, 2024_ENVol. 007.pdfbelieveminhh
 
Sex service available my WhatsApp number 7374088497
Sex service available my WhatsApp number 7374088497Sex service available my WhatsApp number 7374088497
Sex service available my WhatsApp number 7374088497dipikakk482
 
Mastering The Art Of 'Closing The Sale'.
Mastering The Art Of 'Closing The Sale'.Mastering The Art Of 'Closing The Sale'.
Mastering The Art Of 'Closing The Sale'.SNSW group8
 
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in PakistanChallenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistanvineshkumarsajnani12
 

Recently uploaded (20)

00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![©  ر00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![©  ر
00971508021841 حبوب الإجهاض في دبي | أبوظبي | الشارقة | السطوة |❇ ❈ ((![© ر
 
What is paper chromatography, principal, procedure,types, diagram, advantages...
What is paper chromatography, principal, procedure,types, diagram, advantages...What is paper chromatography, principal, procedure,types, diagram, advantages...
What is paper chromatography, principal, procedure,types, diagram, advantages...
 
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase   17 May  2024  Energy News issue - 1725 by Khaled Al Awadi_compresse...NewBase   17 May  2024  Energy News issue - 1725 by Khaled Al Awadi_compresse...
NewBase 17 May 2024 Energy News issue - 1725 by Khaled Al Awadi_compresse...
 
A DAY IN THE LIFE OF A SALESPERSON .pptx
A DAY IN THE LIFE OF A SALESPERSON .pptxA DAY IN THE LIFE OF A SALESPERSON .pptx
A DAY IN THE LIFE OF A SALESPERSON .pptx
 
First Time Home Buyer's Guide - KM Realty Group LLC
First Time Home Buyer's Guide - KM Realty Group LLCFirst Time Home Buyer's Guide - KM Realty Group LLC
First Time Home Buyer's Guide - KM Realty Group LLC
 
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdf
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdfProgress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdf
Progress Report - UKG Analyst Summit 2024 - A lot to do - Good Progress1-1.pdf
 
Obat Aborsi Surabaya 0851\7696\3835 Jual Obat Cytotec Di Surabaya
Obat Aborsi Surabaya 0851\7696\3835 Jual Obat Cytotec Di SurabayaObat Aborsi Surabaya 0851\7696\3835 Jual Obat Cytotec Di Surabaya
Obat Aborsi Surabaya 0851\7696\3835 Jual Obat Cytotec Di Surabaya
 
Obat Aborsi Malang 0851\7696\3835 Jual Obat Cytotec Di Malang
Obat Aborsi Malang 0851\7696\3835 Jual Obat Cytotec Di MalangObat Aborsi Malang 0851\7696\3835 Jual Obat Cytotec Di Malang
Obat Aborsi Malang 0851\7696\3835 Jual Obat Cytotec Di Malang
 
Elevate Your Online Presence with SEO Services
Elevate Your Online Presence with SEO ServicesElevate Your Online Presence with SEO Services
Elevate Your Online Presence with SEO Services
 
Understanding Financial Accounting 3rd Canadian Edition by Christopher D. Bur...
Understanding Financial Accounting 3rd Canadian Edition by Christopher D. Bur...Understanding Financial Accounting 3rd Canadian Edition by Christopher D. Bur...
Understanding Financial Accounting 3rd Canadian Edition by Christopher D. Bur...
 
Unlocking Growth The Power of Outsourcing for CPA Firms
Unlocking Growth The Power of Outsourcing for CPA FirmsUnlocking Growth The Power of Outsourcing for CPA Firms
Unlocking Growth The Power of Outsourcing for CPA Firms
 
Presentation4 (2) survey responses clearly labelled
Presentation4 (2) survey responses clearly labelledPresentation4 (2) survey responses clearly labelled
Presentation4 (2) survey responses clearly labelled
 
WAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdfWAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdf
 
Obat Aborsi Depok 0851\7696\3835 Jual Obat Cytotec Di Depok
Obat Aborsi Depok 0851\7696\3835 Jual Obat Cytotec Di DepokObat Aborsi Depok 0851\7696\3835 Jual Obat Cytotec Di Depok
Obat Aborsi Depok 0851\7696\3835 Jual Obat Cytotec Di Depok
 
Moradia Isolada com Logradouro; Detached house with patio in Penacova
Moradia Isolada com Logradouro; Detached house with patio in PenacovaMoradia Isolada com Logradouro; Detached house with patio in Penacova
Moradia Isolada com Logradouro; Detached house with patio in Penacova
 
Navigating Tax Season with Confidence Streamlines CPA Firms
Navigating Tax Season with Confidence Streamlines CPA FirmsNavigating Tax Season with Confidence Streamlines CPA Firms
Navigating Tax Season with Confidence Streamlines CPA Firms
 
The Vietnam Believer Newsletter_May 13th, 2024_ENVol. 007.pdf
The Vietnam Believer Newsletter_May 13th, 2024_ENVol. 007.pdfThe Vietnam Believer Newsletter_May 13th, 2024_ENVol. 007.pdf
The Vietnam Believer Newsletter_May 13th, 2024_ENVol. 007.pdf
 
Sex service available my WhatsApp number 7374088497
Sex service available my WhatsApp number 7374088497Sex service available my WhatsApp number 7374088497
Sex service available my WhatsApp number 7374088497
 
Mastering The Art Of 'Closing The Sale'.
Mastering The Art Of 'Closing The Sale'.Mastering The Art Of 'Closing The Sale'.
Mastering The Art Of 'Closing The Sale'.
 
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in PakistanChallenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
 

Effective Internal Controls (Annotated) by @EricPesik

  • 2. Presented by Eric Roring Pesik at Corruption and Compliance South & South East Asia Summit September 2012 Hilton Hotel, Singapore
  • 3. “These slides cannot replace the full live presentation, so I have added quotes and narration from my live presentation to supplement the visuals.”
  • 5. “I am here to talk about instilling good governance and ensuring full compliance with an effective internal controls program.”
  • 6. “There are two main topics: First, what are internal controls? And second, how do you ensure they are effective?”
  • 8. finance & accounting procedures
  • 9. “When we envision internal controls in modern organizations, the typical things one thinks about are finance and accounting procedures, such as revenue recognition rules, balance sheets, and cash flow statements.” finance & accounting procedures
  • 11. “Or you might also think about your corporate IT systems , such as ORACLE, SAP, and the databases and programs that keep track corporate transactions.” corporate IT systems
  • 12. company policies & procedures
  • 13. “Or you might think about general company policies & procedures, such as the rules we all follow to get our expense reports approved.” company policies & procedures
  • 15. “These are typical examples of internal controls. But they can be as obscure or esoteric. Internal controls should make sense to the people that have to comply with them.” humanize internal controls
  • 17. “Instead of the typical corporate internal controls, I offer you a simple internal control...”
  • 19. “Everyone has seen a restaurant guest check. You knows what it is and how it works. But how many people this of this as an internal control?” restaurant guest check
  • 21. “We recognize restaurant procedures, and we participate without question or thought.” restaurant procedures
  • 23. “When the waitress takes your order, the first internal control comes into play when you tell the waitress what you want. She writes it down. This simple data entry drives restaurant operations.” take your order
  • 24. “The waitress repeats your order as additional an control to verify the data, and correct it if it is incorrect.” take your order
  • 26. “The segregation of duties is another internal control because the kitchen must translate the written data into an allowed order on the menu.” prepare your order
  • 27. “The kitchen uses the order to manage production , preparing the meal as described in the guest check, and pulling raw materials from inventory.” prepare your order
  • 28. “The segregation of duties is also a fraud prevention control. The kitchen operates to the written order, preventing the waitress from recording an inexpensive item but delivering an expensive item.” prepare your order
  • 30. “When your order is ready the waitress uses the order to verify customer requirements against kitchen production output. serve your order
  • 31. “There is a final verification when your meal arrives. If you dispute the order, the wait staff can compare your dispute against the written order.” serve your order
  • 32. pay for your order
  • 33. “After you eat, you must pay. The cashier reviews the guest check to calculate sales price and record the sales revenue from your meal.” pay for your order
  • 35. “The restaurant keeps the order for records retention. The manager can audit these records to monitor the business operations.” receipt for order
  • 36. “Total sales as shown in the guest checks should match the revenue in the cash register.” receipt for order
  • 37. “Production orders as shown in the guest checks should match the changes in inventory.” receipt for order
  • 38. “The guest check allows top level review of restaurant operations. If there are discrepancies, management can investigate.” receipt for order
  • 40. “It doesn’t feel like an internal control. It’s not bureaucratic. It helps restaurant employees do their job more effectively, so they use it effectively.” restaurant guest check
  • 42. “The restaurant guest check is a human scale control. It is easy to understand and requires no special skill or technical knowledge.”
  • 44. “It is simple because it only requires a small piece of paper passed from user to user without special tools or equipment.”
  • 45. “It is effective because one item drives nearly every aspect of the business: sales, customer services, operations, production, inventory, revenue, accounting, planning, management oversight...”
  • 46. “It is an efficient control because it does not interfere with how each employee does his or her job. This internal control helps employee their job more efficiently.”
  • 48. “This internal control was developed organically. It wasn’t implemented by legal or finance or compliance. It was developed over time by the users themselves to make their job easier.”
  • 49. “There are probably similar internal controls in your company developed by the users themselves.”
  • 51. “Let’s look at the opposite end of the spectrum. The Internal Control - Integrated Framework was commissioned the Committee of Sponsoring Organizations of the Treadway Commission.”
  • 52. “This is a formal framework for internal control systems that is employed by a majority of multinational companies.”
  • 53. “There are four key concepts in the Internal Controls - Integrated Framework.”
  • 54. internal control is a process
  • 55. “Internal control is a means to an end, not an end in itself.” internal control is a process
  • 57. “Internal controls are not just things, they are people at every level of an organization. Internal controls rely on people for their effectiveness and are affected by the inherent faults of people.” affected by people
  • 59. “Internal controls cannot provide absolute assurances. There are no fool-proof internal controls.” reasonable assurance
  • 61. “Internal control should be directed at achieving company objectives. An internal control that is not tied to a corporate objective is not an effective internal control.” achieve objectives
  • 62. 1. process 2. people 3. assurances 4. objectives
  • 63. “Internal controls are processes effected by people that provide reasonable assurances that you are meeting or achieving your corporate objectives.”
  • 67. “Internal controls protect against the human desire to skip steps and take shortcuts.” human laziness
  • 69. “Internal controls need to protect against mistakes and human carelessness.” human carelessness
  • 71. “Human controls need to protect against human dishonesty.” human dishonesty
  • 74. “Internal controls protect against the inherent risk of having humans participate in your business.”
  • 76. “The integrated framework describes methods we put in place to protect against the human framework.”
  • 78. “Separating authorization, custody, and record keeping roles helps prevent fraud or error by one person.” segregation of duties
  • 80. “Maintaining documentation allows us to document and substantiate transactions.” retention of records
  • 82. “Supervision or monitoring allows us to observe and review ongoing operational activity.” supervision or monitoring
  • 84. “Information processing allows us to verify data entry, comparing file totals with control accounts, and control access to data, files, and programs.” information processing
  • 86. “Authorization of transactions ensure that transactions are reviewed and approved by an appropriate person.” authorization of transactions
  • 88. “Top level reviews allow reporting and analysis of actual results versus organizational goals and key performance indicators.” top-level reviews
  • 90. “Electronic security provides passwords and access logs to protect data and programs from unauthorized access.” electronic security
  • 92. “Physical security provides cameras, locks, and physical barriers to protect cash, property, and inventory.” physical security
  • 93. 1. segregation of duties 2. retention of records 3. super vision or monitoring 4. information processing 5. authorization of transactions 6. top-level reviews 7. electronic security 8. physical security
  • 95. “The eight categories of internal control methods are overlapping and nonexclusive.”
  • 96. “How to you make them effective?”
  • 99. “Internal controls must be risk focused. They must be tailored to actual risks your company faces.”
  • 101. “To implement risk-focused internal controls, you have to do a formal risk assessment. This is something everyone talks about, but rarely does.” risk assessment
  • 102. “Everyone has seen a typical risk matrix. It is a tool to compare two dimensions of data, the probability of risk and the magnitude of harm, to help you measure threats.”
  • 103. High Magnitude High Magnitude Low Probability High Probability Magnitude of Loss Low Magnitude Low Magnitude Low Probability High Probability Probability of Risk risk matrix
  • 104. “How many people have actually plotted out risks their company faces? This should not be merely a thought experiment, but a formal risk assessment.”
  • 106. “Most companies’ risk profiles are determined by the personal opinions of a small number of individuals.” who determines risk?
  • 108. “Lawyers, accountants, risk officers, experienced business professionals are all risk experts. Their job is to understand the risks our companies face based on their professional experience, training, and individual expertise.” risk experts
  • 110. “But individual opinions are too subjective, especially when risk assessments are made by limited individuals insulated from day-to-day operations.” subjective opinions
  • 112. “Relying on risk experts is not enough. To develop effective internal controls, you need to supplement subjective individual opinions with objective risk data.” objective data
  • 113. “Without objective risk data, you do cannot have a risk-focused program. And you cannot demonstrate to regulatory authorities that you have appropriate controls in place.” objective data
  • 115. “The data in this presentation is derived from reports from the Association of Certified Fraud Examiners. This presentation was delivered in Asia, and uses Asia data. But global data is similar.”
  • 117. “Probability is the frequency of fraud in each category. The percentages exceed 100% because any event may involve more than one risk category.”
  • 118. Corruption 51% Billing 19% Non-Cash 19% Expense Account 14% Skimming 13% Cash on Hand 11% Cash Larceny 9% Check Tampering 7% Financial Statement 7% Payroll 4% Cash Register 2% probability of the risk
  • 119. “Corruption is the most frequent risk, occurring in more than half of all events.”
  • 120. “The magnitude of loss is the median loss for each event, in thousands of US dollars.”
  • 121. Financial Statement $1,730 Corruption $175 Check Tampering $131 Billing $128 Cash Larceny $100 Non-Cash $90 Payroll $72 Skimming $60 Expense Account $33 Cash on Hand $23 Cash Register $23 magnitude of the loss
  • 122. “Financial statement fraud is infrequent, but it is the most costly form of fraud when it occurs.”
  • 123. “The adjusted risk profile combines the probability and magnitude together and then scales the result from 1-10, lowest to the highest.”
  • 124. Financial Statement 10.0 Corruption 7.4 Billing 2.0 Non-Cash 1.3 Check Tampering 0.7 Cash Larceny 0.7 Skimming 0.6 Expense Account 0.4 Payroll 0.2 Cash on Hand 0.2 Cash Register 0.0 adjusted risk profile
  • 125. “Financial statement risk and corruption risks are both high risk because of the high occurrence and high cost. Corruption is a current hot topic, but the data shows financial statement fraud is a greater risk.”
  • 127. Sales 21.0% Operations 15.4% Accounting 15.1% Exec/Upper Mgmt 14.0% Purchasing 10.7% Warehousing/Inventory 4.0% Finance 4.0% Customer Service 3.3% Marketing/Pub Relations 2.9% Board of Directors 2.9% Mfg and Production 2.2% Human Resources 2.2% Information Technology 1.5% Internal Audit 0.4% Research and Dev 0.4% Legal 0.0% probability of the risk
  • 128. “The sales department is the most frequent source of risk, probably because corruption is the most frequent category of risk. But the top 5 overall departments are similar, all with double digits risks.”
  • 129. Exec/Upper Mgmt $829 Board of Directors $800 Legal $566 Purchasing $500 Finance $450 Marketing/Pub Relations $248 Warehousing/Inventory $239 Human Resources $200 Accounting $180 Mfg and Production $150 Operations $105 Research and Dev $100 Sales $95 Information Technology $71 Customer Service $46 Internal Audit $13 magnitude of the loss
  • 130. “Upper management and the board of directors are the source of the greatest median loss per event, probably because financial statement fraud is the most costly form of fraud.”
  • 131. Exec/Upper Mgmt 10.0 Accounting 3.5 Purchasing 2.8 Operations 1.7 Finance 1.7 Sales 1.1 Warehousing/Inventory 1.0 Board of Directors 1.0 Marketing/Pub Relations 0.4 Customer Service 0.3 Legal 0.2 Human Resources 0.2 Mfg and Production 0.2 Information Technology 0.2 Research and Dev 0.0 Internal Audit 0.0 adjusted risk profile
  • 132. “The adjusted risk profile shows upper and executive management is the source of greatest source of risk to the company.”
  • 134. “External data is not enough. It helps you benchmark your risk analysis, but the key to developing risk-focused controls is collecting your own internal data.”
  • 137. “When you need unfiltered data about your company, you cannot rely on risk experts, because they don’t know what is happening with manager-level and line-level employees.” company constituents
  • 138. “You need to discover open secrets that everyone knows on the shop floor but that never reach management.” company constituents
  • 140. “Employees know who is lazy in their organization. They might not turn in their co-workers, but they will tell you the steps people skip.” human laziness
  • 142. “Employees know who is careless in their organization. They might not turn in their co-workers, but they will tell you the mistakes people make.” human carelessness
  • 144. “Employees know who is dishonest in their organization. They might not turn in their co-workers, but they will tell you how people steal from the company.” human dishonesty
  • 147. “Ordinary employees are the real risk experts in your company.” ordinary employees
  • 149. “A formal risk assessment is time consuming. It requires putting all your constituents in a room having each of them teach you about the risks they see every day.” formal risk assessment
  • 151. “Your risk assessment will produce a risk inventory - a list of every risk your employees identify.” risk inventory
  • 152. “Analyze the probability and magnitude of each item in your risk inventory to develop your company’s risk matrix.” risk inventory
  • 156. “Once you develop your company’s matrix, you must select appropriate internal control methods to mitigate the risks.”
  • 158. 1. segregation of duties 2. retention of records 3. super vision or monitoring 4. information processing 5. authorization of transactions 6. top-level reviews 7. electronic security 8. physical security
  • 159. “But your work is not done. You also have to assess the effectiveness of your proposed controls.”
  • 161. cost of mitigating or avoiding
  • 162. “Every internal control has a price. It may be the financial cost to implement, or the loss of operational efficiencies due to burdensome process steps or procedures.” cost of mitigating or avoiding
  • 163. “Do not allow the cost of mitigation to exceed the value of the risk. You need to know the effectiveness of each internal control.” cost of mitigating or avoiding
  • 165. “Effectiveness is measured by the reduction in median losses of organizations with an internal control versus organizations without the same internal control.”
  • 166. Hotline 59.2% Employee Support Programs 59.0% Surprise Audits 51.5% Fraud Training for Managers/Execs 50.0% Fraud Training for Employees 50.0% Job Rotation/Mandatory Vacation 46.8% Code of Conduct 46.6% Management Review 40.0% Anti-Fraud Policy 40.0% External Audit of ICOFR 34.9% Internal Audit Department 30.6% Independent Audit Committee 30.0% External Audit of F/S 25.0% Management Certification of F/S 25.0% Rewards for Whistleblowers 23.2% effective loss reduction
  • 167. “Hotlines were the most effective, but the top 5 internal controls yielded 50% or greater median loss reduction.”
  • 168. Hotline $100 $245 Employee Support Programs $100 $244 Surprise Audits $97 $200 Fraud Training for Managers/Execs $100 $200 Fraud Training for Employees $100 $200 Job Rotation/Mandatory Vacation $100 $188 Code of Conduct $140 $262 Management Review $120 $200 Anti-Fraud Policy $120 $200 External Audit of ICOFR $140 $215 Internal Audit Department $145 $209 Independent Audit Committee $140 $200 External Audit of F/S $150 $200 Management Certification of F/S $150 $200 Rewards for Whistleblowers $119 $155 benefit of loss reduction
  • 169. “Companies without hotlines suffered median losses of $245k per event. Companies with hotlines suffered only $100k median losses per event.”
  • 170. “Since hotlines have the greatest effective loss reduction, let’s do a quick case study to examine hotlines further and compare them with other sources of risk detection.”
  • 172. Tip 42.3% Internal Audit 14.3% Management Review 11.3% By Accident 8.9% External Audit 5.8% Account Reconciliation 5.5% Document Examination 4.4% Surveillance/Monitoring 2.7% Confession 2.4% Notified by Police 1.7% IT Controls 0.7% detection method
  • 173. “Tips are the source of 42.3% of risk detection. They are the greatest detection source.”
  • 174. Employee 49.2% Customer 17.8% Anonymous 13.4% Vendor 12.1% Shareholder/ 3.7% Owner Competitor 2.5% Perpetrator's 1.8% Acquaintance source of tips
  • 175. “Employees are the greatest source of tips. But about half of all tips come from sources other than employees.”
  • 176. With Hotline 47.1% Tips Overall 42.3% No Hotline 33.8% companies with hotlines
  • 177. With Hotline 47.1% Tips Overall 42.3% No Hotline 33.8% 13.3% companies without hotlines
  • 178. “Companies with hotlines receive 13% more tips than companies without.”
  • 180. “Hotlines are the most effective internal control, reducing median losses by almost 60%. Tips are the number one source for detecting risk, resulting in 13% more tips.” “Why is this important?” importance of hotlines
  • 182. “Regulators are paying whistleblower bounties to get tips. If you don’t have a hotline, you are telling 13% of people with tips to take them somewhere else.” whistleblower bounties
  • 183. “They will follow the money.” whistleblower bounties
  • 185. “Follow the money, follow the risk.”
  • 186. recap
  • 189. 1. process 2. people 3. assurances 4. objectives
  • 191. 1. segregation of duties 2. retention of records 3. super vision or monitoring 4. information processing 5. authorization of transactions 6. top-level reviews 7. electronic security 8. physical security
  • 195. “Follow the money, follow the risk.”
  • 198. License and Credits This presentation, excluding the images, is provided under creative commons attribution license. http://creativecommons.org/licenses/by/3.0/ You are free to share, copy, distribute, and transmit this work; to remix, adapt this work; and to make commercial use of the work; under the condition that you attribute this work to me by including the following attribution “Effective Internal Controls by Eric Pesik. Used with permission,” and URL Link: http://www.slideshare.net/ericpesik/ Microsoft Office Online: Except as noted below, all images in this presentation are from Microsoft Office Online. Used with permission from Microsoft: http://office.microsoft.com/en-us/images/ Flickr Creative Commons: The following images are from flickr creative commons and are licensed and used under creative commons attribution license: http://creativecommons.org/licenses/by/2.0/deed.en Art Coffee House Waitress by Wonderlane http://www.flickr.com/photos/wonderlane/293137892/ Waitress by Adikos http://www.flickr.com/photos/adikos/4319818916/ Rutherford Grill by Neeta Lind http://www.flickr.com/photos/neeta_lind/2517034517/ Serving Food by Adrian Nier http://www.flickr.com/photos/adriannier/4004167201/ Donut Shop Owner by Robert Couse-Baker http://www.flickr.com/photos/29233640@N07/7104455917/ Two chorizo burritos with cheese and sour cream by Rick http://www.flickr.com/photos/spine/1994814081/ Waiter by Hans Van Den Berg http://www.flickr.com/photos/myimage/4353456304/ Blue Telephone by UggBoy♥UggGirl http://www.flickr.com/photos/uggboy/5345135964/ Association of Certified Fraud Examiners: All data is from the Association of Certified Fraud Examiners, Report to the Nations on Occupational Fraud and Abuse, 2010 Global Fraud Study based on 1,843 cases of occupational fraud that were reported by the Certified Fraud Examiners who investigated them. http://www.acfe.com Committee on Sponsoring Organizations of the Treadway Commission: The Internal Control — Integrated Framework was commissioned by the Committee on Sponsoring Organizations of the Treadway Commission. It establishes a common definition of internal control that services the needs of different parties for assessing and improving their control systems. http://www.coso.org