The document discusses internal control, including its meaning, elements, and evaluation. It defines internal control as a process that provides assurance around an organization's objectives related to operations, financial reporting, and compliance. The key elements of internal control are the control environment, risk assessment, control activities, information and communication, and monitoring. An internal control review evaluates how effective the internal control system is at addressing risks.

1. INTERNAL CONTROL
Dr. A. HELDA MARY
Assistant Professor
Department of B Com PA
Sri Ramakrishna College of Arts and Science
Coimbatore - 641 006
Tamil Nadu, India
1

2. *Meaning
*Elements of Internal control
*Evaluation of Internal Control
*Review of Internal Control

3. Internal control:
Internal control, as defined by accounting and auditing, is a
process for assuring of an organization's objectives in operational
effectiveness and efficiency, reliable financial reporting, and
compliance with laws, regulations and policies.

4. Internal control systems operate at different levels of effectiveness.
Determining whether a particular internal control system is effective is a
judgement resulting from an assessment of whether the five components
- Control Environment, Risk Assessment, Control Activities,
Information and Communication, and Monitoring - are present and
functioning. Effective controls provide reasonable assurance regarding
the accomplishment of established objectives.

5. Elements of internal control:
Control Environment
The control environment, as established by the organization's administration, sets
the tone of an institution and influences the control consciousness of its people.
Leaders of each department, area or activity establish a local control environment.
This is the foundation for all other components of internal control, providing
discipline and structure.

6. Elements of internal control:
Control Environment
1.The control environment, as established by the organization's administration, sets the tone of an
institution and influences the control consciousness of its people.
2.Leaders of each department, area or activity establish a local control environment. This is the
foundation for all other components of internal control, providing discipline and structure.
3.The way management assigns authority and responsibility, and organizes and develops its people;
Policies and procedures.

7. . Risk Assessment
Every entity faces a variety of risks from external and internal sources that must be assessed. A precondition to
risk assessment is establishment of objectives, linked at different levels and internally consistent. Risk
assessment is the identification and analysis of relevant risks to achievement of the objectives, forming a basis
for determining how the risks should be managed. Because economics, regulatory and operating conditions will
continue to change, mechanisms are needed to identify and deal with the special risks associated with change

8. Objectives must be established before administrators can identify and take
necessary steps to manage risks. Operations objectives relate to effectiveness
and efficiency of the operations, including performance and financial goals and
safeguarding resources against loss. Financial reporting objectives pertain to the
preparation of reliable published financial statements, including prevention of
fraudulent financial reporting. Compliance objectives pertain to laws and
regulations which establish minimum standards of behavior.

9. The process of identifying and analyzing risk is an ongoing process and is a critical component of an
effective internal control system. Attention must be focused on risks at all levels and necessary
actions must be taken to manage. Risks can pertain to internal and external factors. After risks have
been identified they must be evaluated.
Managing change requires a constant assessment of risk and the impact on internal controls.
Economic, industry and regulatory environments change and entities' activities evolve. Mechanisms
are needed to identify and react to changing conditions.

10. Control Activities
Control activities are the policies and procedures that help ensure management
directives are carried out. They help ensure that necessary actions are taken to
address risks to achievement of the entity's objectives. Control activities occur
throughout the organization, at all levels, and in all functions. They include a range
of activities as diverse as approvals, authorizations, verifications, reconciliations,
reviews of operating performance, security of assets and segregation of duties.

11. Control activities usually involve two elements: a policy establishing
what should be done and procedures to effect the policy. All policies
must be implemented thoughtfully, conscientiously and consistently.

12. Information and Communication
Pertinent information must be identified, captured and communicated in a form and time frame that
enables people to carry out their responsibilities. Effective communication must occur in a broad
sense, flowing down, across and up the organization. All personnel must receive a clear message
from top management that control responsibilities must be taken seriously. They must understand
their own role in the internal control system, as well as how individual activities relate to the work of
others. They must have a means of communicating significant information upstream.

13. Monitoring
Internal control systems need to be monitored - a process that assesses the quality of
the system's performance over time. Ongoing monitoring occurs in the ordinary
course of operations, and includes regular management and supervisory activities,
and other actions personnel take in performing their duties that assess the quality of
internal control system performance.

14. The scope and frequency of separate evaluations depend primarily on an assessment of risks and the
effectiveness of ongoing monitoring procedures. Internal control deficiencies should be reported
upstream, with serious matters reported immediately to top administration and governing boards.
Internal control systems change over time. The way controls are applied may evolve. Once effective
procedures can become less effective due to the arrival of new personnel, varying effectiveness of
training and supervision, time and resources constraints, or additional pressures. Furthermore,
circumstances for which the internal control system was originally designed also may change.
Because of changing conditions, management needs to determine whether the internal control system
continues to be relevant and able to address new risks

15. Evaluation of Internal Controls?
An evaluation of internal control involves an examination of the effectiveness of an
organization's system of internal controls. By engaging in this evaluation, an auditor can
determine the extent of other tests that must be performed in order to arrive at an opinion
regarding the fairness of the entity's financial statements. A robust system of internal
controls reduces the risk of fraudulent activity, which moderates the need for additional
audit procedures. The examination concentrates on such issues as the separation of
duties, checks and balances, safeguarding of records, the training level and competence
of employees, and the effectiveness of the entity's internal audit function.

16. The steps involved in this evaluation process include the following:
Determine the extent and types of controls being used by the client.
Determine which of these controls the auditor intends to rely upon.
Based on the first two steps, determine which audit procedures should be
expanded or reduced.
Make recommendations to the client regarding how to improve its system of
internal controls.
The last of the preceding steps is useful for improving the control environment for
the auditor in the following year's audit.

17. Internal Control Review
Internal control review assumes greater importance in the light of current economic
downturn. Monitoring and assessment of internal controls across various functions
is performed through continuous evaluations to ensure whether the implemented
internal control system is effective as intended by the Board of Directors. The
assessment facilitates identification of internal control deficiencies for further
corrective actions.

18. Internal Control Review – ICR and how different it is to Internal Audit:
ICR is an overall assessment of the internal control system and its adequacy of each
business area in an organization to address the relevant risks. Through control review, an
organization's resources are directed, monitored, and measured in an effective manner. It
plays an important role in protecting the organization's tangible and intangible resources.
Whereas, Internal audit as defined by the Institute of Internal Auditors is "an activity that
provides independent, objective assurance and consulting activity designed to add value
and improve an organization’s operations. It helps an organization accomplish its objectives
by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of
risk management, control, and governance processes".

19. Internal control:
The framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO)
defines internal control as "a process effected by an entity's Board of Directors, management and
other personnel, designed to provide reasonable assurance regarding the achievement of objectives
in the following categories":
Effectiveness and efficiency of operations;
Reliability of financial reporting;
Compliance with applicable laws and regulations.

20. Establishing effective internal control system :
To create an effective internal control system, an organization should establish the
following:
Policies and procedures including, among others, organizational structure, job descriptions,
authorization matrix;
Segregation of duties and responsibilities;
Authorization and approval process;
Performance monitoring and control procedures;
Safeguarding assets, completeness and accuracy;
Manpower management;
Independent internal audit function;
Regulatory compliance and risk management.

21. components of the internal control system:
As per the COSO model, the components of the internal control system are:
Control Environment: This sets the tone for the organization, influencing the control consciousness of
its people. It is the foundation for all other components of internal control.
Risk Assessment: The identification and analysis of relevant risks to the achievement of objectives,
forming a basis for how the risks should be managed.
Control Activities: The policies and procedures that help ensure management directives are carried
out.
Information & Communication: Systems or processes that support the identification, capture, and
exchange of information in a form and time frame that enables people to carry out their
responsibilities.
Reporting & Monitoring: Processes used to identify, monitor and report the quality of internal control
performance or deficiencies to appropriate levels.

22. Appropriation of controls in your organization :
Controls over the business activities in an organization is said to be appropriate by
establishing the following:
Adequacy & compliance of policy and procedures;
Proper governance structure;
Monitoring the manpower management;
Proper periodical review of business activities;

23. Is Internal Control Review mandatory?
As per the various circulars issued by Central Bank of Kuwait (CBK) from time to time, banking and
investment companies are mandated to comply with ICR regulations. The ICR auditors are to provide
their opinions and remarks on whether the regulations and internal control systems are sufficient
enough in quality and quantity to manage the risks that the company faces in its day-to-day business.
As has been the practice, all banks have to submit ICR reports by June 30 every year to CBK.
However, this is notified year on year.

24. THANK YOU

25. 6. Benefits of Internal Control Review:
Encourage adherence to prescribed policies and procedures;
Effectiveness and efficiency of operations;
Reliability of financial reporting;
Compliance with applicable laws and regulations;
Detection and prevention errors and irregularities in a timely
manner;