SlideShare a Scribd company logo

internal control and control self assessment

Download as PPTX, PDF
Manoj Agarwal
Manoj Agarwal
1 of 25
Internal Control and Control Self Assessment Presented by CA Manoj Agarwal December 30, 2012, Thane CPE Study Circle of WIRC, ICAI
Disclaimer • All the contents of the presentation constitute the opinion of the speaker, and the speaker alone; they do not represent the views and opinions of the speaker’s employers, supervisors, nor do they represent the view of organizations, businesses or institutions the speaker is, or has been a part of. 2
Agenda • Internal Control • Control Self Assessment • Case Study • Q&A 3
Definitions Internal Auditing definition states the fundamental purpose, nature, and scope of internal auditing. Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes Internal control is defined by COSO (www.coso.org) as follows: Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. 4
Internal Control On paraphrasing definition of Internal control, we get: 1. Geared to the achievement of objectives in one or more separate but overlapping categories 2. A process consisting of ongoing tasks and activities—it is a means to an end, not an end in itself. 3. Effected by people - it is not merely about policy and procedure manuals, systems, and forms, but about people and the actions they take at every level of an organization to effect internal control. 4. Able to provide reasonable assurance, not absolute assurance, to an entity’s senior management and board of directors. 5. Adaptable to the entity structure - flexible in application for the entire entity or for a particular subsidiary, division, operating unit, or business process 5
COSO Internal Control Framework • Objectives of Internal Control – Operational Objectives - Effectiveness and efficiency of operations – Reporting Objective - Reliability of reporting – Compliance Objectives - Compliance with applicable laws and regulations • Process – Policies (Management Statement what should be done) – Procedures (Actions that implement policies) • Process is managed through Planning, Executing (doing), Checking, amending (Planning Do Check Act) PDCA 5 Components of Internal Control Plan Control Environment Risk Assessment Do Control Activities Check Information &Communication Act Monitoring Activities 6
Principles of Internal Controls 7
Principles of Internal Controls-1 Components Principles Control 1. The organization demonstrates a commitment to integrity and ethical environment values. 2. The board of directors demonstrates independence of management and exercises oversight for the development and performance of internal control 3. Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. 4. The Organization demonstrates a commitment to attract, develop, and retain competent individual in alignment with objectives. 5. The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. 8
Principles of Internal Controls-2 Components Principles Risk 6. The organization specifies objectives with sufficient clarity to enable Assessment identification and assessment of risks relating to objectives 7. The organization identifies risks to achievement of its objectives across the entity and analyses risks as a basis for determining how the risks should be managed. 8. The organization considers the potential of fraud in assessing risks to achievement of objectives. 9. The organization identifies and assesses changes that could significantly impact the system of internal control. Control 10.Select and develops control activities that contribute to the mitigation Activities of risks to the achievement of objectives to acceptable levels. 11.Select and develops general control activities over technology to support the achievement of objectives. 12.Deploy control activities as manifested in policies that establish what is expected and in relevant procedures to effect the policies. 9
Principles of Internal Controls-3 Components Principles Information and 13.The organization obtains or generates and uses relevant, quality Communication information to support the functioning of other components of internal control 14.The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of other component of internal control. 15.The organization communicates to external parties regarding matters affecting the functioning of other components of internal control Monitoring 16.The organization selects, develops and performs ongoing and/or Activities separate evaluations to ascertain whether the components of internal controls are present and functioning. 17.The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate. 10
Principle Evaluation Template..1 Principle Evaluation Template — Control Environnent Control Environment Principles Summary of Deficiencies/Notes/Other Controls Considerations (also record deficiencies in log below) 1. Demonstrates Commitment to Integrity and Ethical Values—The organization demonstrates a commitment to integrity and ethical values. Sets the Tone at the Top—How do the board of directors and management at all levels of the entity demonstrate through their directives, actions, and behavior the importance of integrity and ethical values to support the functioning of the system of internal control? Establishes Standards of Conduct—How are the expectations of the board of directors and senior management concerning integrity and ethical values defined in the entity’s standards of conduct and understood at all levels of the organization and by outsourced service providers and business partners? Evaluates Adherence to Standards of Conduct— What processes are in place to evaluate the performance of individuals and teams against the entity’s expected standards of conduct? Addresses Deviations in a Timely Manner—How are deviations of the entity’s expected standards of conduct identified and remedied in a timely and consistent manner? (Other entity specific points of focus, if any) 11
Principle Evaluation Template..2 Principle Evaluation Template — Control Environnent Deficiencies Applicable to the Principle Identificat Internal control deficiency Possible Impact on Evaluate preliminary deficiency List internal control ion No. description Principle severity: deficiencies related to (Consider whether other controls to another principle that effect this principle compensate for the may impact this internal control deficiency.) internal control deficiency Present? Functionin Preliminary Comments/ (Y/N) g? Severity— Compensating (Y/N) Is internal control Controls deficiency a major deficiency? (Y/N) Evaluate deficiencies within the principle:* <Explanation> Evaluate if any internal control deficiencies or combination of internal control deficiencies, when considered within the principle, represent a major deficiency.** <Update Summary of Deficiencies Template as required> Evaluate the principle using judgment.** Y/N Explanation/Conclusion Is the principle present? Is the principle functioning? * Note: Record deficiencies in Summary of Deficiencies Template. ** If it is determined that there is a major deficiency, then management must conclude that the component is not present and functioning and the overall system of internal control is not effective. 12
Controls Objectives Objectives Input Process Output Authorization Is the source authorized? Are the procedures approved? What was approved? Recording Is it accurate and Who does it? Is it accurate and complete? complete? When? Is there an audit trail? Is it timely? Are procedures followed? Is management review adequate? Is it documented? Is it recoverable? Does it balance? Is management review adequate? Safeguarding/ Who should control? Who can access it? Is it confidential? Security Are duties separated? Are duties separated? Who should have it? Verification Are sources proper? Are procedures followed complete? Are differences properly Are investigation and review of resolved? differences adequate? Is management review adequate? Existence/ Do policies and Are there procedures to create a Is the residual risk acceptable Placement procedures define the control? according to the company's risk adequate level of Are controls adequate? tolerance? controls? Are controls placed in the most efficient part of the process? 13
Controls Objectives-Payroll - 1 Objectives Input Questions to be asked Authorization Is the source authorized? Is the persons sending the inputs for payroll are authorized Recording Is it accurate and Is person sends the correct and Complete Inputs? complete? Is it timely? Is inputs are send in a timely manner to ensure processing happens as per plan? Is it documented? Is there is evidence that inputs have been actually received from person specified? Safeguarding/ Who should control? Who should receive the inputs? Security Are duties separated? Is the person receiving the inputs is the person who process the payroll? Verification Are sources proper? How does we know that the person has actually taken information from correct source? Existence/ Do policies and Does all this is documented? Does the responsibility has been Placement procedures define the documented? adequate level of controls? 14
Controls Objectives – Payroll -2 Objectives Process Question to be asked Authorization Are the procedures approved? Is the process / method to process payroll is approved? Recording Who does it? Does it can be established who has actually performed which job? When? Is there any audit trail which can establish that procedures are actually followed? Are procedures followed? Is it repeatable? Is it recoverable? Is management review adequate? Does some one has review the processing and is there an evidence which can confirm that review has been actually been performed? Safeguarding/ Who can access it? Who can access the location/ system/ office processing the Security information? Are duties separated? Is there SOD in place? Verification Are procedures followed Who verify that the process has been actually been followed? complete? Are investigation and review of In case of any exception has been observed , then whether the same differences adequate? has been taken to its logical conclusion and the same is documented. Existence/ Are there procedures to create a Is someone is responsible to ensure that process has been actually Placement control? completed as specified? Are controls adequate? Is any controls have been put in place to ensure that process is happening as specified? Are these adequate? Are controls placed in the most Is control has been put in place to ensure optimum cost and benefit? efficient part of the process? 15
Controls Objectives – Payroll - 3 Objectives Output Question to be asked Authorization What was approved? Is there an evidence that output of the process is authorized and accountability of person authorizing can be established? Recording Is it accurate and How is it ensures that output is accurate and complete? complete? Is there an audit trail? Is there an audit trail of process of ensuring the completeness of output? Is management review Is there adequate management review? adequate? Does it balance? Does output matches with input to ensure that output is proper? Safeguarding/ Is it confidential? Is there any guideline defined regarding who should have access the Security Who should have it? output and to what extent? Verification Are differences properly In case of any differences observed in management review or a question resolved? raised in review, the same has been resolved properly with audit trail? Is management review adequate? Existence/ Is the residual risk What is the risk observed and not (insured/controlled) and is that Placement acceptable according to acceptable to company? Is there any document evidencing acceptance? the company's risk tolerance? 16
Control Types • Preventative Controls: are installed to stop • Segregation of duties to prevent undesirable outcomes before they can occur. These intentional wrongdoing, types of controls are typically the most cost-effective • Proper authorization to prevent controls because they avoid the cost of improper use of organizational correction. E.g. resources, • Adequate documentation and • Detective Controls: are necessary to measure the records to deter improper effectiveness of the preventive controls. While some transactions, errors cannot be effectively controlled through • Physical control over assets to preventative controls, they must be detected as they prevent their improper occur. E.g. conversion or use. • Corrective Controls: are necessary, for they correct • Reviews and comparisons of the identified deficiency and therefore deter it from records, occurring again. Documentation and reporting • Independent check on systems are developed to identify undesirable performance, • Bank reconciliations, outcomes and keep problems under management’s confirmation of bank purview until they can be solved or the defect can be balances, cash counts, corrected. • Computerized techniques Ref: Marks on Governance (http://normanmarks.wordpress.com/) such as transaction limits and http://www.theiia.org/blogs/marks/index.cfm?postid=396 passwords. 17
What is CSA? Control Self Assessment • A set of techniques used to assess risk, control strength, and control weaknesses utilizing a control framework. The 'self' refers to the involvement of management and staff in the assessment process often facilitated by internal auditors • to analyze, within a chosen control framework, the obstacles and strengths which affect their ability to achieve their key business objectives, and • to decide upon appropriate action. 18
CSA Rationale • Responsibility for controlling risk belongs to management and all employees • People are the most important control factor • Most employees are honest, competent, and want their organization to succeed • People are far more likely to embrace needed changes if they are involved in the assessment process • Helps employees understand control 19
When do you want to use CSA? • New work processes/projects • New organizations – to identify the risk exposures and required controls • Reorganizations • Management / Employee turnover – to identify where risks are – to create understanding for business objectives – to assess how risks are changing – to put emphasis on highest priority risks and controls • Processes that cross over into other work groups – to get to the root cause of problems – helps bring groups together – participants learn how their activities interrelate – collaborative problem solving 20
CSA - GOALS & OBJECTIVES • Provide a forum for participants (stakeholders) to: – Conduct an assessment of risks and controls. – Develop recommendations for improvement. – Enhance their ability to achieve objectives. – Increase communication with the Unit. – Improve the efficiency and effectiveness of operations. 21
Benefits of CSA • Honest feedback on control environment communication and monitoring • Ability to discuss and explore areas of concern to determine reasons and root causes of concern • Ability to obtain an understanding of the degree of concern among participants • Development of recommendations by employees in the Unit • Buy-in/Ownership of Recommendations 22
COSO Framework - Control Components CSA Traditional Auditing/Testing MONITORING CONTROL ACTIVITIES RISK ASSESSMENT CONTROL ENVIRONMENT 23
Case Study Case Study 24
Q&A Manoj Agarwal manojbagarwal@gmail.com 9820392252 25

Recommended

Control Self Assessment
Control Self AssessmentControl Self Assessment
Control Self Assessment
Manoj Agarwal
 
Coso framework
Coso frameworkCoso framework
Coso frameworkDarryl Woolley
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal Audit
ArmeniaFED
 
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Resolver Inc.
 
Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditorsminkhollow
 
Internal Audit Plan 2015
Internal Audit Plan 2015Internal Audit Plan 2015
Internal Audit Plan 2015
Mohammad Kashif
 
COSO 2013 and The Auditor
COSO 2013 and The AuditorCOSO 2013 and The Auditor
COSO 2013 and The Auditor
Corporate Compliance Seminars
 
Ch 5. assurance 5 Introduction to Internal Control
Ch 5. assurance 5 Introduction to Internal ControlCh 5. assurance 5 Introduction to Internal Control
Ch 5. assurance 5 Introduction to Internal Control
Sazzad Hossain, ITP, MBA, CSCA™
 

Recommended

Control Self Assessment
Control Self AssessmentControl Self Assessment
Control Self Assessment
Manoj Agarwal
 
Coso framework
Coso frameworkCoso framework
Coso frameworkDarryl Woolley
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal Audit
ArmeniaFED
 
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Resolver Inc.
 
Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditorsminkhollow
 
Internal Audit Plan 2015
Internal Audit Plan 2015Internal Audit Plan 2015
Internal Audit Plan 2015
Mohammad Kashif
 
COSO 2013 and The Auditor
COSO 2013 and The AuditorCOSO 2013 and The Auditor
COSO 2013 and The Auditor
Corporate Compliance Seminars
 
Ch 5. assurance 5 Introduction to Internal Control
Ch 5. assurance 5 Introduction to Internal ControlCh 5. assurance 5 Introduction to Internal Control
Ch 5. assurance 5 Introduction to Internal Control
Sazzad Hossain, ITP, MBA, CSCA™
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
Max Neira Schliemann
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
Manoj Agarwal
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
Letzconsult.com
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
Ros Dina
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self Assessment
Manoj Agarwal
 
Introduction to internal auditing
Introduction to internal auditingIntroduction to internal auditing
Introduction to internal auditing
David Griffiths
 
COSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkCOSO Internal Control - Integrated Framework
COSO Internal Control - Integrated Framework
Aziz Fataliyev, Internal Audit Practitioner
 
Audit Evidence
Audit EvidenceAudit Evidence
Audit Evidencemsameha
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's
Andrew Smart
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
Andrew Smart
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit department
Salih Islam
 
COSO ERM
COSO ERMCOSO ERM
COSO ERM
Sophia Abigayle
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit Methodology
Manoj Agarwal
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
Haresh Lalwani
 
Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid them
Surajit Datta
 
Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9
Sazzad Hossain, ITP, MBA, CSCA™
 
Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal Audit
Karan Puri
 
The ippf in 2017
The ippf in 2017The ippf in 2017
The ippf in 2017
Dr. Zar Rdj
 
Evolving role of internal auditing function
Evolving role of internal auditing functionEvolving role of internal auditing function
Evolving role of internal auditing function
Debashis Gupta
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
Ahmad Tariq Bhatti
 
Internal controls
Internal controlsInternal controls
Internal controlsappan_k
 
P762 web
P762 webP762 web
P762 webperformanceweb
 

More Related Content

What's hot

KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
Max Neira Schliemann
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
Manoj Agarwal
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
Letzconsult.com
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
Ros Dina
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self Assessment
Manoj Agarwal
 
Introduction to internal auditing
Introduction to internal auditingIntroduction to internal auditing
Introduction to internal auditing
David Griffiths
 
COSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkCOSO Internal Control - Integrated Framework
COSO Internal Control - Integrated Framework
Aziz Fataliyev, Internal Audit Practitioner
 
Audit Evidence
Audit EvidenceAudit Evidence
Audit Evidencemsameha
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's
Andrew Smart
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
Andrew Smart
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit department
Salih Islam
 
COSO ERM
COSO ERMCOSO ERM
COSO ERM
Sophia Abigayle
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit Methodology
Manoj Agarwal
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
Haresh Lalwani
 
Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid them
Surajit Datta
 
Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9
Sazzad Hossain, ITP, MBA, CSCA™
 
Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal Audit
Karan Puri
 
The ippf in 2017
The ippf in 2017The ippf in 2017
The ippf in 2017
Dr. Zar Rdj
 
Evolving role of internal auditing function
Evolving role of internal auditing functionEvolving role of internal auditing function
Evolving role of internal auditing function
Debashis Gupta
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
Ahmad Tariq Bhatti
 

What's hot (20)

KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self Assessment
 
Introduction to internal auditing
Introduction to internal auditingIntroduction to internal auditing
Introduction to internal auditing
 
COSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkCOSO Internal Control - Integrated Framework
COSO Internal Control - Integrated Framework
 
Audit Evidence
Audit EvidenceAudit Evidence
Audit Evidence
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit department
 
COSO ERM
COSO ERMCOSO ERM
COSO ERM
 
Internal Audit Methodology
Internal Audit MethodologyInternal Audit Methodology
Internal Audit Methodology
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
 
Common internal audit findings & how to avoid them
Common internal audit findings & how to avoid themCommon internal audit findings & how to avoid them
Common internal audit findings & how to avoid them
 
Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9
 
Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal Audit
 
The ippf in 2017
The ippf in 2017The ippf in 2017
The ippf in 2017
 
Evolving role of internal auditing function
Evolving role of internal auditing functionEvolving role of internal auditing function
Evolving role of internal auditing function
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 

Similar to internal control and control self assessment

Internal controls
Internal controlsInternal controls
Internal controlsappan_k
 
Illustrative Tools for Assessing Effectiveness of a System of Internal Control
Illustrative Tools for Assessing Effectiveness of a System of Internal Control Illustrative Tools for Assessing Effectiveness of a System of Internal Control
Illustrative Tools for Assessing Effectiveness of a System of Internal Control
Tahir Abbas
 
Normas para Control interno en el Gobierno Federal – Libro Verde la Oficina d...
Normas para Control interno en el Gobierno Federal – Libro Verde la Oficina d...Normas para Control interno en el Gobierno Federal – Libro Verde la Oficina d...
Normas para Control interno en el Gobierno Federal – Libro Verde la Oficina d...
miguelserrano5851127
 
COSO_2013_Framework_on_Internal_Control.pdf
COSO_2013_Framework_on_Internal_Control.pdfCOSO_2013_Framework_on_Internal_Control.pdf
COSO_2013_Framework_on_Internal_Control.pdf
AliehaDhea
 
principles-of-Management-control chapter5.pptx
principles-of-Management-control chapter5.pptxprinciples-of-Management-control chapter5.pptx
principles-of-Management-control chapter5.pptx
NaniUdtoNakaGaw
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
Ahmad Tariq Bhatti
 
COSO.pptx
COSO.pptxCOSO.pptx
COSO.pptx
ThnhLTin6
 
Guide to Corporate Governance for Subvented Organisations - Executive Summary
Guide to Corporate Governance for Subvented Organisations - Executive SummaryGuide to Corporate Governance for Subvented Organisations - Executive Summary
Guide to Corporate Governance for Subvented Organisations - Executive Summaryeuweben01
 
受 資 助 機 構 企 業 管 治 指 引 ─ 摘 要 ( 二 零 一 零 年 五 月 )
受 資 助 機 構 企 業 管 治 指 引 ─ 摘 要 ( 二 零 一 零 年 五 月 )受 資 助 機 構 企 業 管 治 指 引 ─ 摘 要 ( 二 零 一 零 年 五 月 )
受 資 助 機 構 企 業 管 治 指 引 ─ 摘 要 ( 二 零 一 零 年 五 月 )euwebtc01
 
Guide to Corporate Governance for Subvented Organisations - Executive Summary
Guide to Corporate Governance for Subvented Organisations - Executive SummaryGuide to Corporate Governance for Subvented Organisations - Executive Summary
Guide to Corporate Governance for Subvented Organisations - Executive Summaryeuweben01
 
受 資 助 機 構 企 業 管 治 指 引 ─ 摘 要 ( 二 零 一 零 年 五 月 )
受 資 助 機 構 企 業 管 治 指 引 ─ 摘 要 ( 二 零 一 零 年 五 月 )受 資 助 機 構 企 業 管 治 指 引 ─ 摘 要 ( 二 零 一 零 年 五 月 )
受 資 助 機 構 企 業 管 治 指 引 ─ 摘 要 ( 二 零 一 零 年 五 月 )euwebtc01
 
International Professional Practices Framework (IPPF)pdf
International Professional Practices Framework (IPPF)pdfInternational Professional Practices Framework (IPPF)pdf
International Professional Practices Framework (IPPF)pdf
AavyaSidhu
 
Internal control system
Internal control systemInternal control system
Internal control system
Madiha Hassan
 
Internal control system
Internal control systemInternal control system
Internal control systemMadiha Hassan
 
El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007Danial Khan
 

Similar to internal control and control self assessment (20)

Internal controls
Internal controlsInternal controls
Internal controls
 
P762 web
P762 webP762 web
P762 web
 
Illustrative Tools for Assessing Effectiveness of a System of Internal Control
Illustrative Tools for Assessing Effectiveness of a System of Internal Control Illustrative Tools for Assessing Effectiveness of a System of Internal Control
Illustrative Tools for Assessing Effectiveness of a System of Internal Control
 
COSO Update DTF
COSO Update DTFCOSO Update DTF
COSO Update DTF
 
Normas para Control interno en el Gobierno Federal – Libro Verde la Oficina d...
Normas para Control interno en el Gobierno Federal – Libro Verde la Oficina d...Normas para Control interno en el Gobierno Federal – Libro Verde la Oficina d...
Normas para Control interno en el Gobierno Federal – Libro Verde la Oficina d...
 
P762
P762P762
P762
 
COSO_2013_Framework_on_Internal_Control.pdf
COSO_2013_Framework_on_Internal_Control.pdfCOSO_2013_Framework_on_Internal_Control.pdf
COSO_2013_Framework_on_Internal_Control.pdf
 
principles-of-Management-control chapter5.pptx
principles-of-Management-control chapter5.pptxprinciples-of-Management-control chapter5.pptx
principles-of-Management-control chapter5.pptx
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
 
Presentation 5, System based audit approach - what is it about?, Workshop on ...
Presentation 5, System based audit approach - what is it about?, Workshop on ...Presentation 5, System based audit approach - what is it about?, Workshop on ...
Presentation 5, System based audit approach - what is it about?, Workshop on ...
 
COSO.pptx
COSO.pptxCOSO.pptx
COSO.pptx
 
Guide to Corporate Governance for Subvented Organisations - Executive Summary
Guide to Corporate Governance for Subvented Organisations - Executive SummaryGuide to Corporate Governance for Subvented Organisations - Executive Summary
Guide to Corporate Governance for Subvented Organisations - Executive Summary
 
受 資 助 機 構 企 業 管 治 指 引 ─ 摘 要 ( 二 零 一 零 年 五 月 )
受 資 助 機 構 企 業 管 治 指 引 ─ 摘 要 ( 二 零 一 零 年 五 月 )受 資 助 機 構 企 業 管 治 指 引 ─ 摘 要 ( 二 零 一 零 年 五 月 )
受 資 助 機 構 企 業 管 治 指 引 ─ 摘 要 ( 二 零 一 零 年 五 月 )
 
Guide to Corporate Governance for Subvented Organisations - Executive Summary
Guide to Corporate Governance for Subvented Organisations - Executive SummaryGuide to Corporate Governance for Subvented Organisations - Executive Summary
Guide to Corporate Governance for Subvented Organisations - Executive Summary
 
受 資 助 機 構 企 業 管 治 指 引 ─ 摘 要 ( 二 零 一 零 年 五 月 )
受 資 助 機 構 企 業 管 治 指 引 ─ 摘 要 ( 二 零 一 零 年 五 月 )受 資 助 機 構 企 業 管 治 指 引 ─ 摘 要 ( 二 零 一 零 年 五 月 )
受 資 助 機 構 企 業 管 治 指 引 ─ 摘 要 ( 二 零 一 零 年 五 月 )
 
International Professional Practices Framework (IPPF)pdf
International Professional Practices Framework (IPPF)pdfInternational Professional Practices Framework (IPPF)pdf
International Professional Practices Framework (IPPF)pdf
 
Internal control system
Internal control systemInternal control system
Internal control system
 
Internal control system
Internal control systemInternal control system
Internal control system
 
El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007
 
Control
ControlControl
Control
 

More from Manoj Agarwal

Reporting to Management and Audit Committee
Reporting to Management and Audit CommitteeReporting to Management and Audit Committee
Reporting to Management and Audit Committee
Manoj Agarwal
 
Turning risk into opportunities
Turning risk into opportunitiesTurning risk into opportunities
Turning risk into opportunities
Manoj Agarwal
 
The state of ia pandemic plan
The state of ia pandemic planThe state of ia pandemic plan
The state of ia pandemic plan
Manoj Agarwal
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
Manoj Agarwal
 
Role and responsibility of Internal Audit under new Companies Act 2013
Role and responsibility of Internal Audit under new Companies Act 2013Role and responsibility of Internal Audit under new Companies Act 2013
Role and responsibility of Internal Audit under new Companies Act 2013
Manoj Agarwal
 
Functional Audit
Functional AuditFunctional Audit
Functional Audit
Manoj Agarwal
 
Compliance framework
Compliance frameworkCompliance framework
Compliance framework
Manoj Agarwal
 
Use Of Techniques And Technology In Internal Audit
Use Of Techniques And Technology In Internal AuditUse Of Techniques And Technology In Internal Audit
Use Of Techniques And Technology In Internal Audit
Manoj Agarwal
 
Professional opportunities in Internal Audit
Professional opportunities in Internal AuditProfessional opportunities in Internal Audit
Professional opportunities in Internal Audit
Manoj Agarwal
 
Audit Audit Commite And Risk Management
Audit Audit Commite And Risk ManagementAudit Audit Commite And Risk Management
Audit Audit Commite And Risk Management
Manoj Agarwal
 
Application Security Review 5 Dec 09 Final
Application Security Review 5 Dec 09 FinalApplication Security Review 5 Dec 09 Final
Application Security Review 5 Dec 09 Final
Manoj Agarwal
 
IIA Report Writing 10 Oct 09
IIA Report Writing 10 Oct 09IIA Report Writing 10 Oct 09
IIA Report Writing 10 Oct 09
Manoj Agarwal
 

More from Manoj Agarwal (12)

Reporting to Management and Audit Committee
Reporting to Management and Audit CommitteeReporting to Management and Audit Committee
Reporting to Management and Audit Committee
 
Turning risk into opportunities
Turning risk into opportunitiesTurning risk into opportunities
Turning risk into opportunities
 
The state of ia pandemic plan
The state of ia pandemic planThe state of ia pandemic plan
The state of ia pandemic plan
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
 
Role and responsibility of Internal Audit under new Companies Act 2013
Role and responsibility of Internal Audit under new Companies Act 2013Role and responsibility of Internal Audit under new Companies Act 2013
Role and responsibility of Internal Audit under new Companies Act 2013
 
Functional Audit
Functional AuditFunctional Audit
Functional Audit
 
Compliance framework
Compliance frameworkCompliance framework
Compliance framework
 
Use Of Techniques And Technology In Internal Audit
Use Of Techniques And Technology In Internal AuditUse Of Techniques And Technology In Internal Audit
Use Of Techniques And Technology In Internal Audit
 
Professional opportunities in Internal Audit
Professional opportunities in Internal AuditProfessional opportunities in Internal Audit
Professional opportunities in Internal Audit
 
Audit Audit Commite And Risk Management
Audit Audit Commite And Risk ManagementAudit Audit Commite And Risk Management
Audit Audit Commite And Risk Management
 
Application Security Review 5 Dec 09 Final
Application Security Review 5 Dec 09 FinalApplication Security Review 5 Dec 09 Final
Application Security Review 5 Dec 09 Final
 
IIA Report Writing 10 Oct 09
IIA Report Writing 10 Oct 09IIA Report Writing 10 Oct 09
IIA Report Writing 10 Oct 09
 

Recently uploaded

"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
Anna Sz.
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
Peter Windle
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
MIRIAMSALINAS13
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Tamralipta Mahavidyalaya
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
Vikramjit Singh
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
GeoBlogs
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
DhatriParmar
 
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th SemesterGuidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Atul Kumar Singh
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
EduSkills OECD
 

Recently uploaded (20)

"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
 
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th SemesterGuidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th Semester
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
 

internal control and control self assessment

  • 1. Internal Control and Control Self Assessment Presented by CA Manoj Agarwal December 30, 2012, Thane CPE Study Circle of WIRC, ICAI
  • 2. Disclaimer • All the contents of the presentation constitute the opinion of the speaker, and the speaker alone; they do not represent the views and opinions of the speaker’s employers, supervisors, nor do they represent the view of organizations, businesses or institutions the speaker is, or has been a part of. 2
  • 3. Agenda • Internal Control • Control Self Assessment • Case Study • Q&A 3
  • 4. Definitions Internal Auditing definition states the fundamental purpose, nature, and scope of internal auditing. Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes Internal control is defined by COSO (www.coso.org) as follows: Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. 4
  • 5. Internal Control On paraphrasing definition of Internal control, we get: 1. Geared to the achievement of objectives in one or more separate but overlapping categories 2. A process consisting of ongoing tasks and activities—it is a means to an end, not an end in itself. 3. Effected by people - it is not merely about policy and procedure manuals, systems, and forms, but about people and the actions they take at every level of an organization to effect internal control. 4. Able to provide reasonable assurance, not absolute assurance, to an entity’s senior management and board of directors. 5. Adaptable to the entity structure - flexible in application for the entire entity or for a particular subsidiary, division, operating unit, or business process 5
  • 6. COSO Internal Control Framework • Objectives of Internal Control – Operational Objectives - Effectiveness and efficiency of operations – Reporting Objective - Reliability of reporting – Compliance Objectives - Compliance with applicable laws and regulations • Process – Policies (Management Statement what should be done) – Procedures (Actions that implement policies) • Process is managed through Planning, Executing (doing), Checking, amending (Planning Do Check Act) PDCA 5 Components of Internal Control Plan Control Environment Risk Assessment Do Control Activities Check Information &Communication Act Monitoring Activities 6
  • 8. Principles of Internal Controls-1 Components Principles Control 1. The organization demonstrates a commitment to integrity and ethical environment values. 2. The board of directors demonstrates independence of management and exercises oversight for the development and performance of internal control 3. Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. 4. The Organization demonstrates a commitment to attract, develop, and retain competent individual in alignment with objectives. 5. The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. 8
  • 9. Principles of Internal Controls-2 Components Principles Risk 6. The organization specifies objectives with sufficient clarity to enable Assessment identification and assessment of risks relating to objectives 7. The organization identifies risks to achievement of its objectives across the entity and analyses risks as a basis for determining how the risks should be managed. 8. The organization considers the potential of fraud in assessing risks to achievement of objectives. 9. The organization identifies and assesses changes that could significantly impact the system of internal control. Control 10.Select and develops control activities that contribute to the mitigation Activities of risks to the achievement of objectives to acceptable levels. 11.Select and develops general control activities over technology to support the achievement of objectives. 12.Deploy control activities as manifested in policies that establish what is expected and in relevant procedures to effect the policies. 9
  • 10. Principles of Internal Controls-3 Components Principles Information and 13.The organization obtains or generates and uses relevant, quality Communication information to support the functioning of other components of internal control 14.The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of other component of internal control. 15.The organization communicates to external parties regarding matters affecting the functioning of other components of internal control Monitoring 16.The organization selects, develops and performs ongoing and/or Activities separate evaluations to ascertain whether the components of internal controls are present and functioning. 17.The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate. 10
  • 11. Principle Evaluation Template..1 Principle Evaluation Template — Control Environnent Control Environment Principles Summary of Deficiencies/Notes/Other Controls Considerations (also record deficiencies in log below) 1. Demonstrates Commitment to Integrity and Ethical Values—The organization demonstrates a commitment to integrity and ethical values. Sets the Tone at the Top—How do the board of directors and management at all levels of the entity demonstrate through their directives, actions, and behavior the importance of integrity and ethical values to support the functioning of the system of internal control? Establishes Standards of Conduct—How are the expectations of the board of directors and senior management concerning integrity and ethical values defined in the entity’s standards of conduct and understood at all levels of the organization and by outsourced service providers and business partners? Evaluates Adherence to Standards of Conduct— What processes are in place to evaluate the performance of individuals and teams against the entity’s expected standards of conduct? Addresses Deviations in a Timely Manner—How are deviations of the entity’s expected standards of conduct identified and remedied in a timely and consistent manner? (Other entity specific points of focus, if any) 11
  • 12. Principle Evaluation Template..2 Principle Evaluation Template — Control Environnent Deficiencies Applicable to the Principle Identificat Internal control deficiency Possible Impact on Evaluate preliminary deficiency List internal control ion No. description Principle severity: deficiencies related to (Consider whether other controls to another principle that effect this principle compensate for the may impact this internal control deficiency.) internal control deficiency Present? Functionin Preliminary Comments/ (Y/N) g? Severity— Compensating (Y/N) Is internal control Controls deficiency a major deficiency? (Y/N) Evaluate deficiencies within the principle:* <Explanation> Evaluate if any internal control deficiencies or combination of internal control deficiencies, when considered within the principle, represent a major deficiency.** <Update Summary of Deficiencies Template as required> Evaluate the principle using judgment.** Y/N Explanation/Conclusion Is the principle present? Is the principle functioning? * Note: Record deficiencies in Summary of Deficiencies Template. ** If it is determined that there is a major deficiency, then management must conclude that the component is not present and functioning and the overall system of internal control is not effective. 12
  • 13. Controls Objectives Objectives Input Process Output Authorization Is the source authorized? Are the procedures approved? What was approved? Recording Is it accurate and Who does it? Is it accurate and complete? complete? When? Is there an audit trail? Is it timely? Are procedures followed? Is management review adequate? Is it documented? Is it recoverable? Does it balance? Is management review adequate? Safeguarding/ Who should control? Who can access it? Is it confidential? Security Are duties separated? Are duties separated? Who should have it? Verification Are sources proper? Are procedures followed complete? Are differences properly Are investigation and review of resolved? differences adequate? Is management review adequate? Existence/ Do policies and Are there procedures to create a Is the residual risk acceptable Placement procedures define the control? according to the company's risk adequate level of Are controls adequate? tolerance? controls? Are controls placed in the most efficient part of the process? 13
  • 14. Controls Objectives-Payroll - 1 Objectives Input Questions to be asked Authorization Is the source authorized? Is the persons sending the inputs for payroll are authorized Recording Is it accurate and Is person sends the correct and Complete Inputs? complete? Is it timely? Is inputs are send in a timely manner to ensure processing happens as per plan? Is it documented? Is there is evidence that inputs have been actually received from person specified? Safeguarding/ Who should control? Who should receive the inputs? Security Are duties separated? Is the person receiving the inputs is the person who process the payroll? Verification Are sources proper? How does we know that the person has actually taken information from correct source? Existence/ Do policies and Does all this is documented? Does the responsibility has been Placement procedures define the documented? adequate level of controls? 14
  • 15. Controls Objectives – Payroll -2 Objectives Process Question to be asked Authorization Are the procedures approved? Is the process / method to process payroll is approved? Recording Who does it? Does it can be established who has actually performed which job? When? Is there any audit trail which can establish that procedures are actually followed? Are procedures followed? Is it repeatable? Is it recoverable? Is management review adequate? Does some one has review the processing and is there an evidence which can confirm that review has been actually been performed? Safeguarding/ Who can access it? Who can access the location/ system/ office processing the Security information? Are duties separated? Is there SOD in place? Verification Are procedures followed Who verify that the process has been actually been followed? complete? Are investigation and review of In case of any exception has been observed , then whether the same differences adequate? has been taken to its logical conclusion and the same is documented. Existence/ Are there procedures to create a Is someone is responsible to ensure that process has been actually Placement control? completed as specified? Are controls adequate? Is any controls have been put in place to ensure that process is happening as specified? Are these adequate? Are controls placed in the most Is control has been put in place to ensure optimum cost and benefit? efficient part of the process? 15
  • 16. Controls Objectives – Payroll - 3 Objectives Output Question to be asked Authorization What was approved? Is there an evidence that output of the process is authorized and accountability of person authorizing can be established? Recording Is it accurate and How is it ensures that output is accurate and complete? complete? Is there an audit trail? Is there an audit trail of process of ensuring the completeness of output? Is management review Is there adequate management review? adequate? Does it balance? Does output matches with input to ensure that output is proper? Safeguarding/ Is it confidential? Is there any guideline defined regarding who should have access the Security Who should have it? output and to what extent? Verification Are differences properly In case of any differences observed in management review or a question resolved? raised in review, the same has been resolved properly with audit trail? Is management review adequate? Existence/ Is the residual risk What is the risk observed and not (insured/controlled) and is that Placement acceptable according to acceptable to company? Is there any document evidencing acceptance? the company's risk tolerance? 16
  • 17. Control Types • Preventative Controls: are installed to stop • Segregation of duties to prevent undesirable outcomes before they can occur. These intentional wrongdoing, types of controls are typically the most cost-effective • Proper authorization to prevent controls because they avoid the cost of improper use of organizational correction. E.g. resources, • Adequate documentation and • Detective Controls: are necessary to measure the records to deter improper effectiveness of the preventive controls. While some transactions, errors cannot be effectively controlled through • Physical control over assets to preventative controls, they must be detected as they prevent their improper occur. E.g. conversion or use. • Corrective Controls: are necessary, for they correct • Reviews and comparisons of the identified deficiency and therefore deter it from records, occurring again. Documentation and reporting • Independent check on systems are developed to identify undesirable performance, • Bank reconciliations, outcomes and keep problems under management’s confirmation of bank purview until they can be solved or the defect can be balances, cash counts, corrected. • Computerized techniques Ref: Marks on Governance (http://normanmarks.wordpress.com/) such as transaction limits and http://www.theiia.org/blogs/marks/index.cfm?postid=396 passwords. 17
  • 18. What is CSA? Control Self Assessment • A set of techniques used to assess risk, control strength, and control weaknesses utilizing a control framework. The 'self' refers to the involvement of management and staff in the assessment process often facilitated by internal auditors • to analyze, within a chosen control framework, the obstacles and strengths which affect their ability to achieve their key business objectives, and • to decide upon appropriate action. 18
  • 19. CSA Rationale • Responsibility for controlling risk belongs to management and all employees • People are the most important control factor • Most employees are honest, competent, and want their organization to succeed • People are far more likely to embrace needed changes if they are involved in the assessment process • Helps employees understand control 19
  • 20. When do you want to use CSA? • New work processes/projects • New organizations – to identify the risk exposures and required controls • Reorganizations • Management / Employee turnover – to identify where risks are – to create understanding for business objectives – to assess how risks are changing – to put emphasis on highest priority risks and controls • Processes that cross over into other work groups – to get to the root cause of problems – helps bring groups together – participants learn how their activities interrelate – collaborative problem solving 20
  • 21. CSA - GOALS & OBJECTIVES • Provide a forum for participants (stakeholders) to: – Conduct an assessment of risks and controls. – Develop recommendations for improvement. – Enhance their ability to achieve objectives. – Increase communication with the Unit. – Improve the efficiency and effectiveness of operations. 21
  • 22. Benefits of CSA • Honest feedback on control environment communication and monitoring • Ability to discuss and explore areas of concern to determine reasons and root causes of concern • Ability to obtain an understanding of the degree of concern among participants • Development of recommendations by employees in the Unit • Buy-in/Ownership of Recommendations 22
  • 23. COSO Framework - Control Components CSA Traditional Auditing/Testing MONITORING CONTROL ACTIVITIES RISK ASSESSMENT CONTROL ENVIRONMENT 23
  • 24. Case Study Case Study 24

Editor's Notes

  1. The basic control objectives have been divided into the business cycle format for ease of implementation, reference, and subsequent evaluation. The control matrix shown below provides a general guideline for the processing of all transactions consistent with fundamental control criteria.
  2. These control questions are segmented by purpose of control. Some controls are installed to prevent undesirable outcomes before they can happen.  Others are created to identify undesirable events as they happen and still others make sure that action is taken to undo the undesirable outcome or to see that they do not recur.  The following text defines three classes of controls.