Geetali Tare, profile picture
Uploaded byGeetali Tare
PPSX, PPTX18,270 views

Internal controls

This document outlines the framework and importance of internal controls within an organization, emphasizing the processes designed to ensure operational efficiency, reliable financial reporting, and compliance with legal standards. It details five components of the internal control process: control environment, risk assessment, control activities, information and communication, and monitoring, while highlighting the collective responsibility of all employees. Internal controls aim to provide reasonable assurance toward achieving organizational objectives, although they cannot guarantee absolute success due to factors like collusion and external events.

Embed presentation

Download as PPSX, PPTX
INTERNAL CONTROLS GEETALI TARE IAAS
Internal Control Defined Internal control is a process designed to provide reasonable assurance regarding the achievement of objectives in the following categories: • Effectiveness and efficiency of operations • Reliability of financial reporting • Compliance with applicable laws and regulations
Some key points • People at every level of an organization affect internal control. • Internal control is, to some degree, everyone's responsibility.
Effective internal control helps an organization achieve its objectives. • It is a built-in part of the management process (i.e., plan, organize, direct and control). • It keeps an organization on course toward its objectives and the achievement of its mission, and minimizes surprises along the way.
• Internal control promotes effectiveness and efficiency of operations, reduces the risk of asset loss, and helps to ensure compliance with laws and regulations. • It also ensures the reliability of financial reporting (i.e., all transactions are recorded and that all recorded transactions are real, properly valued, recorded on a timely basis, properly classified, and correctly summarized and posted).
Internal control can provide only reasonable assurance • Effective internal control helps an organization achieve its objectives; it does not ensure success. • There are several reasons why internal control cannot provide absolute assurance that objectives will be achieved: – Cost/benefit realities, – Collusion among employees, and – External events beyond an organization's control.
Internal Control Process This process consists of 5 interrelated components: • Control (or Operating) environment • Risk assessment • Control activities • Information and communication • Monitoring All internal control components must be present to conclude that internal control is effective.
Control Environment • The control environment is the control consciousness of an organization; • It is the atmosphere in which people conduct their activities and carry out their control responsibilities.
• An effective control environment is an environment where competent people: – understand their responsibilities, – the limits to their authority, and – are knowledgeable, mindful, and committed to doing what is right and doing it the right way. • The control environment is greatly influenced by the extent to which individuals recognize that they will be held accountable.
Components of control environment
1. Integrity and Ethical Values 2. Commitment to competence 3. Management‘s Philosophy and Operating Style 4. Organisational structure 5. Assignment of Authority and Responsibility 6. Oversight groups
Integrity and Ethical Values • Formal codes of conduct & policies communicating appropriate ethical and moral behavioral standards and addressing acceptable operational practices and conflicts of interest. • Management appropriately addresses intervention or overriding internal control.
Commitment to competence • Management has identified and defined the tasks required to accomplish particular jobs and fill the various positions. • Formal job descriptions & training needs’ analysis.
Management’s Philosophy and Operating Style • Has an appropriate attitude toward risk- taking. • Endorses the use of performance-based management. • There has not been excessive personnel turnover in key functions, such as operations and program management, accounting, or internal audit.
Organisational structure • The agency’s organizational structure is appropriate for its size and the nature of its operations. • Balancing the degree of centralization versus decentralization. • Key areas of authority and responsibility are defined & communicated throughout the organization. • Clear reporting relationships.
Human Resource Policies and Practices • Policies and procedures are in place for hiring, orienting, training, evaluating, counseling, promoting, compensating, disciplining, and terminating employees.
Oversight Groups • Within the organisation, there are mechanisms in place to monitor and review operations and programs. • The agency has an audit committee or senior management council consisting of high-level line and staff executives that review the internal audit work and coordinate closely with the external auditors. • The internal audit operation it reports to the entity’s head. • Internal audit reviews that unit’s activities and systems and provides information, analyses, appraisals, recommendations, and counsel to management.
Risk Assessment The central theme of internal control is (1) to identify risks to the achievement of an organization's objectives and (2) to do what is necessary to manage those risks. Thus, setting goals and objectives is a precondition to internal controls.
Setting organisational objectives • Operational objectives: achievement of the basic mission(s) of a department and the effectiveness and efficiency of its operations, including performance standards and safeguarding resources against loss. • Financial reporting objectives: preparation of reliable financial reports, including the prevention of fraudulent public financial reporting. • Compliance objectives: adherence to applicable laws and regulations.
• Risk assessment is the identification and analysis of risks associated with the achievement of operations, financial reporting, and compliance goals and objectives. • This, in turn, forms a basis for determining how those risks should be managed.
Identify Risks after Determining Goals • A risk is anything that could jeopardize the achievement of an objective. – What could go wrong? – How could we fail? – What must go right for us to succeed? – Where are we vulnerable? – What assets do we need to protect? – Do we have liquid assets or assets with alternative uses? – How could someone steal from the department?
– How could someone disrupt our operations? – How do we know whether we are achieving our objectives? – On what information do we most rely? – On what do we spend the most money? – How do we bill and collect our revenue? – What decisions require the most judgment? – What activities are most complex? – What activities are regulated? – What is our greatest legal exposure?
The costs of risks • When evaluating the potential impact of risk, both quantitative and qualitative & qualitative costs need to be addressed. • Quantitative costs: cost of property, equipment, or inventory, cash dollar loss, damage and repair costs, cost of defending a lawsuit, etc. • Qualitative costs: Loss of public trust, violation of laws, default on a project, bad publicity.
Risk analysis • Management has established a formal process to analyze risks, and that process may include informal analysis based on day-to-day management activities. • Criteria have been established for determining low, • medium, and high risks. • Appropriate levels of management and employees are • involved in the risk analysis. • The risks identified and analyzed are relevant to the corresponding activity objective.
Managing Risk During Change • Management must give special attention to risks presented by changes: – the hiring of new personnel to occupy key positions – introduction of new or changed information systems – rapid growth and expansion or rapid downsizing. – the production or provision of new outputs or services. – establishment of operations in a new geographical area.
Control Activities Control activities are actions, supported by policies and procedures that, when carried out properly and in a timely manner, manage or reduce risks.
Preventive Controls • Preventive controls attempt to deter or prevent undesirable events from occurring. • They are proactive controls that help to prevent a loss. • Examples: separation of duties, proper authorization, adequate documentation, and physical control over assets.
Detective Controls • Detective controls attempt to detect undesirable acts. • They provide evidence that a loss has occurred but do not prevent a loss from occurring. • Examples: reviews, analyses, variance analyses, reconciliations, physical inventories, and audits.
Some Control Activities • Approvals, Authorizations, and Verifications (Preventive). • Reconciliations (Detective). • Reviews of Performance (Detective). • Security of Assets (Preventive and Detective). • Segregation of Duties (Preventive). • Controls over Information Systems (Preventive and Detective).
Approvals • Written policies and procedures • Limits to authority • Supporting documentation • Question unusual items • No “rubber stamps” • No blank signed forms
Reconciliation • A reconciliation is a comparison of different sets of data to one another, identifying and investigating differences, AND taking corrective action, when necessary. • A critical element of the reconciliation process is to resolve differences. • It does no good to note differences and do nothing about it. Differences should be identified, investigated, and explained -- corrective action must be taken.
Reviews • Budget to actual comparison • Current to prior period comparison • Performance indicators • Follow-up on unexpected results or unusual items
Asset security • Security of physical and intellectual assets • Physical safeguards • Perpetual records are maintained • Periodic counts/physical inventories • Compare counts to perpetual records • Investigate/correct differences
Segregation of duties • No one person should... > Initiate the transaction > Approve the transaction > Record the transaction > Reconcile balances > Handle assets > Review reports • At least two sets of “eyes”.
Information systems (1) General Controls and (2) Application Controls.
General Controls • General controls apply to entire information systems and to all the applications that reside on the systems. Examples: • Access Security, Data & Program Security, Physical Security • Software Development & Program Change Controls • Data Center Operations • Disaster Recovery.
Application Controls • Input Controls (Data Entry) complete and accurate recording of authorized transactions -Authorization -Validation -Error Notification and Correction • Processing Controls: complete and accurate processing of authorized transactions. • Output Controls: complete and accurate audit trail of the results of processing.
Information & Communications
• For an organisation to run and control its operations, it must have relevant, reliable information, both financial and non- financial, relating to external as well as internal events. • That information should be recorded and communicated to management and others within the agency who need it and in a form and within a time frame that enables them to carry out their internal control and operational responsibilities.
• Internally generated information critical to achieving the organisation’s objectives, including information relative to critical success factors, is identified and regularly reported to management. • Pertinent information is identified, captured, and distributed to the right people in sufficient detail, in the right form, and at the appropriate time to enable them to carry out their duties and responsibilities efficiently and effectively.
Forms & means of communication • policy and procedures manuals, • management directives, • memoranda, • bulletin board notices, • internet and intranet web pages, • Videotaped messages, • e-mail, and • speeches.
Monitoring Assessing the quality of performance over time and ensure that the findings of audits and other reviews are promptly resolved.
Ongoing monitoring • Management’s strategy provides for routine feedback and monitoring of performance and control objectives. • Operating reports are integrated or reconciled with financial and budgetary reporting system data and used to manage operations on an ongoing basis.
• Communications from external parties corroborates internally generated data or indicate problems with internal control. • Data recorded by information and financial systems are periodically compared with physical assets and discrepancies are examined.
Separate Evaluations • Consideration is given to the risk assessment results and the effectiveness of ongoing monitoring when determining the scope and frequency of separate evaluations. • Separate evaluations are often prompted by events such as major changes in management plans or strategies, major expansion or downsizing of the agency, or significant changes in operations or processing of financial or budgetary information. • Separate evaluations are conducted by personnel with the required skills that may include the agency’s external auditor.
Audit resolution • The organisation should have a mechanism to ensure the prompt resolution of findings from audits and other reviews. • The organisation should take appropriate follow-up actions with regard to findings and recommendations of audits and other reviews.
Internal Control Structures & Policies Relevant To Audit Control Environment Accounting System Control Procedures
1. CONTROL ENVIRONMENT: 1. Management philosophy & operating style: supportive attitude towards control 2. Organisational structure: clear lines of accountability 3. Audit committees: monitor control structure 4. Personnel policies & procedures: people properly matched with tasks 5. Communication of authority & responsibility: performance reporting, meetings, conferences as effective communication devices. 6. Internal audit: effective control by identifying problems & suggesting solutions.
2. ACCOUNTING SYSTEM 1. Chart of accounts, accounting manuals & other records: complete & accurate recording of transactions & events. 2. Transaction documentation: effective “audit trail” for recording of transactions & events. 3. Transaction review: prevention of unauthorised transactions & detection of errors in transaction processing & recording. 4. EDP controls: input editing & other programmed controls to compensate for lack of traditional controls.
3. CONTROL PROCEDURES 1. Job descriptions, training programmes, hiring policies: competence of personnel. 2. Policy & procedure manuals: adherence to policy. 3. Planning, budgeting & performance reporting: to establish long-range goals & plans to achieve them; to monitor & correct performance. 4. Asset safeguards: asset management, limited access & accountability controls. 5. Periodic inventories, cash counts & securities counts: monitor access & accountability controls.

More Related Content

PDF
Internal Control
bySalih Islam
 
PPTX
INTERNAL CONTROL-PPT.pptx
byHeldaMaryA
 
PPTX
COSO Internal Control - Integrated Framework
byAziz Fataliyev, Internal Audit Practitioner
 
PPTX
Chapter 2 internal control
byDr Manu H Natesh
 
PPTX
Risk based auditing
byTunde Elijah Kelani
 
PPTX
Internal control system
byHina Varshney
 
PPTX
Internal controls in auditing
byHardik Shah
 
PPTX
8. internal control new
bySyed Osama Rizvi
 
Internal Control
bySalih Islam
 
INTERNAL CONTROL-PPT.pptx
byHeldaMaryA
 
COSO Internal Control - Integrated Framework
byAziz Fataliyev, Internal Audit Practitioner
 
Chapter 2 internal control
byDr Manu H Natesh
 
Risk based auditing
byTunde Elijah Kelani
 
Internal control system
byHina Varshney
 
Internal controls in auditing
byHardik Shah
 
8. internal control new
bySyed Osama Rizvi
 

What's hot

PDF
Internal audit ppt
byLetzconsult.com
 
PPTX
The role of internal audit department
bySalih Islam
 
PDF
Auditing activities of microfinance institutions
byFrank Kabuye, CPA
 
PPTX
The Internal Audit Framework
byAhmad Tariq Bhatti
 
PPTX
Internal Audit
byAhmad Tariq Bhatti
 
PPTX
Internal control
byiPleaders - Re-engineering Legal education, New Delhi
 
PPTX
The Role of Internal Audit
byArmeniaFED
 
PPT
Internal Control & Risk Management Framework
byTreasury Consulting LLP
 
PPTX
Audit process
byNext Generation Security Agency
 
PPTX
Internal audit ppt
byIbrahim Jimalle
 
PDF
Basic Internal Auditing Presentation
byVernon Benjamin
 
PPTX
Planning of audit
byFoluwa Amisu
 
PPT
Unit 3 internal control
byRadhika Gohel
 
PPTX
Chapter 1 -introduction to auditing
bySaidiBuyera
 
PPTX
Auditing-definition & objective of auditing
byRavi kumar
 
PPTX
6. audit techniques
bySyed Osama Rizvi
 
PPTX
Materiality
byDarryl Woolley
 
PPTX
Auditing (Introduction to Auditing)
byNoorulhadi Qureshi
 
PPTX
The nature and purpose of auditing
bySyed Ali Gohar Shah Shah
 
PPTX
Budgeting and forecasting
byRina Asmara
 
Internal audit ppt
byLetzconsult.com
 
The role of internal audit department
bySalih Islam
 
Auditing activities of microfinance institutions
byFrank Kabuye, CPA
 
The Internal Audit Framework
byAhmad Tariq Bhatti
 
Internal Audit
byAhmad Tariq Bhatti
 
Internal control
byiPleaders - Re-engineering Legal education, New Delhi
 
The Role of Internal Audit
byArmeniaFED
 
Internal Control & Risk Management Framework
byTreasury Consulting LLP
 
Audit process
byNext Generation Security Agency
 
Internal audit ppt
byIbrahim Jimalle
 
Basic Internal Auditing Presentation
byVernon Benjamin
 
Planning of audit
byFoluwa Amisu
 
Unit 3 internal control
byRadhika Gohel
 
Chapter 1 -introduction to auditing
bySaidiBuyera
 
Auditing-definition & objective of auditing
byRavi kumar
 
6. audit techniques
bySyed Osama Rizvi
 
Materiality
byDarryl Woolley
 
Auditing (Introduction to Auditing)
byNoorulhadi Qureshi
 
The nature and purpose of auditing
bySyed Ali Gohar Shah Shah
 
Budgeting and forecasting
byRina Asmara
 

Similar to Internal controls

PPTX
3. financial controllership
byJudy Ricamara
 
PPTX
Final presentation internal controls
byRishab Nahata
 
PPTX
The Importance of Internal Controls in Fraud Prevention
byRea
 
PPTX
2010 training English.for Agribusiness and value pptx
bybojasenbeta28
 
PDF
Chapter 7
byEasyStudy3
 
PPT
internal-controls akuntansi sistem informasi(1).ppt
byDoddychandraDoddy
 
PDF
Internal control
bySALIH AHMED ISLAM
 
PPT
Assessing risks and internal controls training
byshifataraislam
 
PPT
Internal Controls Topic 2.ppt
byyahyamuthamia
 
PPT
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
by1111964
 
PDF
Chapter 7
byEasyStudy3
 
PPT
Finance Internal_Controls presentation ppt
bybm6tkbry4q
 
PPT
FIN-Internal_Controls_Primer_Presentation.ppt
bybm6tkbry4q
 
PPT
Financial Management for Business Associations
byHammad Siddiqui
 
PPTX
Advanced auditing Chapter Five.Internal control pptx
byseidIbrahim2
 
PPT
Internal control 1_ricc_revised
byUniversity of St. La Salle-Bacolod BABA
 
PPT
internal-controls (1) Sistem Informasi akuntansi.ppt
byDoddychandraDoddy
 
PPTX
Red Flag Reporting - Organizational Level Controls
bySmith-Howard
 
PPT
FIN-Internal_Controls_Primer_Presentation.ppt
byssusere1a0f0
 
PPT
FIN-Internal_Controls_Primer_Presentation.ppt
byKinhDoanhKhoaKinhTe
 
3. financial controllership
byJudy Ricamara
 
Final presentation internal controls
byRishab Nahata
 
The Importance of Internal Controls in Fraud Prevention
byRea
 
2010 training English.for Agribusiness and value pptx
bybojasenbeta28
 
Chapter 7
byEasyStudy3
 
internal-controls akuntansi sistem informasi(1).ppt
byDoddychandraDoddy
 
Internal control
bySALIH AHMED ISLAM
 
Assessing risks and internal controls training
byshifataraislam
 
Internal Controls Topic 2.ppt
byyahyamuthamia
 
DECEMBER INTERNAL CONTROL FOR EFFICIENT AND EFFECTIVE SERVICE DELIVERY-1.ppt
by1111964
 
Chapter 7
byEasyStudy3
 
Finance Internal_Controls presentation ppt
bybm6tkbry4q
 
FIN-Internal_Controls_Primer_Presentation.ppt
bybm6tkbry4q
 
Financial Management for Business Associations
byHammad Siddiqui
 
Advanced auditing Chapter Five.Internal control pptx
byseidIbrahim2
 
Internal control 1_ricc_revised
byUniversity of St. La Salle-Bacolod BABA
 
internal-controls (1) Sistem Informasi akuntansi.ppt
byDoddychandraDoddy
 
Red Flag Reporting - Organizational Level Controls
bySmith-Howard
 
FIN-Internal_Controls_Primer_Presentation.ppt
byssusere1a0f0
 
FIN-Internal_Controls_Primer_Presentation.ppt
byKinhDoanhKhoaKinhTe
 

Recently uploaded

PPTX
Tracking Progress on Monitoring, Evaluation, and Learning for National Adapta...
byNAP Global Network
 
PPTX
Peace and Order and Public Safety-Planning-and-POPS-PCMS
byEphraimSaarenas1
 
PPTX
School improvement Plan Crafting workshop
bykhristinirishrontas4
 
PDF
Lista de ciudadanos bolivianos registrados como postulantes para vocales del ...
bygyapura1
 
PPTX
Did America’s GDP Improve After Trump Returned?
byKritika Chauhan
 
PPTX
Emergency care in the streets chapter 43
byJustinYarnell
 
PDF
PPT Item # 13 - Financial & Inv. Report 4th Qtr
byahcitycouncil
 
PDF
UNEP Global Environment Outlook : GEO7-Key-Messages
byEnergy for One World
 
PDF
PPT Item # 9 - Chpt. ED 380 Agmnt with Ridgemont Properties, Inc.
byahcitycouncil
 
PDF
Mind over matter: Attention’s capture, & retention as new battlespace
bySanjana Hattotuwa
 
PPTX
Granite State Independent Living How a Bill Becomes Law.pptx
bymbaxley1
 
PDF
UNEP Global Environment Outlook_7 - Full Report
byEnergy for One World
 
PDF
CREA China Climate Transition Outlook2025
byEnergy for One World
 
PDF
PPT Item # 10 - Coral Studio Public Park proposed design development
byahcitycouncil
 
PDF
PPT Item # 12 - Alamo Heights Bike Park and Bark Park
byahcitycouncil
 
PDF
PPT Item # 11 - Notice of Intent (NOI) 6900 Broadway
byahcitycouncil
 
PDF
Rapport sur la National Security Strategy de 2025
bySociété Tripalio
 
PDF
US Government 2025 National Security Strategy
byEnergy for One World
 
PDF
Item # 12 - Alamo Heights Bike Park and Bark Park
byahcitycouncil
 
PDF
Commentary by Dutch NewsPaper on the Trump administration National Security v...
byEnergy for One World
 
Tracking Progress on Monitoring, Evaluation, and Learning for National Adapta...
byNAP Global Network
 
Peace and Order and Public Safety-Planning-and-POPS-PCMS
byEphraimSaarenas1
 
School improvement Plan Crafting workshop
bykhristinirishrontas4
 
Lista de ciudadanos bolivianos registrados como postulantes para vocales del ...
bygyapura1
 
Did America’s GDP Improve After Trump Returned?
byKritika Chauhan
 
Emergency care in the streets chapter 43
byJustinYarnell
 
PPT Item # 13 - Financial & Inv. Report 4th Qtr
byahcitycouncil
 
UNEP Global Environment Outlook : GEO7-Key-Messages
byEnergy for One World
 
PPT Item # 9 - Chpt. ED 380 Agmnt with Ridgemont Properties, Inc.
byahcitycouncil
 
Mind over matter: Attention’s capture, & retention as new battlespace
bySanjana Hattotuwa
 
Granite State Independent Living How a Bill Becomes Law.pptx
bymbaxley1
 
UNEP Global Environment Outlook_7 - Full Report
byEnergy for One World
 
CREA China Climate Transition Outlook2025
byEnergy for One World
 
PPT Item # 10 - Coral Studio Public Park proposed design development
byahcitycouncil
 
PPT Item # 12 - Alamo Heights Bike Park and Bark Park
byahcitycouncil
 
PPT Item # 11 - Notice of Intent (NOI) 6900 Broadway
byahcitycouncil
 
Rapport sur la National Security Strategy de 2025
bySociété Tripalio
 
US Government 2025 National Security Strategy
byEnergy for One World
 
Item # 12 - Alamo Heights Bike Park and Bark Park
byahcitycouncil
 
Commentary by Dutch NewsPaper on the Trump administration National Security v...
byEnergy for One World
 

Internal controls

  • 1.
  • 2.
    Internal Control Defined Internalcontrol is a process designed to provide reasonable assurance regarding the achievement of objectives in the following categories: • Effectiveness and efficiency of operations • Reliability of financial reporting • Compliance with applicable laws and regulations
  • 3.
    Some key points •People at every level of an organization affect internal control. • Internal control is, to some degree, everyone's responsibility.
  • 4.
    Effective internal controlhelps an organization achieve its objectives. • It is a built-in part of the management process (i.e., plan, organize, direct and control). • It keeps an organization on course toward its objectives and the achievement of its mission, and minimizes surprises along the way.
  • 5.
    • Internal controlpromotes effectiveness and efficiency of operations, reduces the risk of asset loss, and helps to ensure compliance with laws and regulations. • It also ensures the reliability of financial reporting (i.e., all transactions are recorded and that all recorded transactions are real, properly valued, recorded on a timely basis, properly classified, and correctly summarized and posted).
  • 6.
    Internal control canprovide only reasonable assurance • Effective internal control helps an organization achieve its objectives; it does not ensure success. • There are several reasons why internal control cannot provide absolute assurance that objectives will be achieved: – Cost/benefit realities, – Collusion among employees, and – External events beyond an organization's control.
  • 7.
    Internal Control Process Thisprocess consists of 5 interrelated components: • Control (or Operating) environment • Risk assessment • Control activities • Information and communication • Monitoring All internal control components must be present to conclude that internal control is effective.
  • 8.
    Control Environment • Thecontrol environment is the control consciousness of an organization; • It is the atmosphere in which people conduct their activities and carry out their control responsibilities.
  • 9.
    • An effectivecontrol environment is an environment where competent people: – understand their responsibilities, – the limits to their authority, and – are knowledgeable, mindful, and committed to doing what is right and doing it the right way. • The control environment is greatly influenced by the extent to which individuals recognize that they will be held accountable.
  • 10.
  • 11.
    1. Integrity andEthical Values 2. Commitment to competence 3. Management‘s Philosophy and Operating Style 4. Organisational structure 5. Assignment of Authority and Responsibility 6. Oversight groups
  • 12.
    Integrity and EthicalValues • Formal codes of conduct & policies communicating appropriate ethical and moral behavioral standards and addressing acceptable operational practices and conflicts of interest. • Management appropriately addresses intervention or overriding internal control.
  • 13.
    Commitment to competence •Management has identified and defined the tasks required to accomplish particular jobs and fill the various positions. • Formal job descriptions & training needs’ analysis.
  • 14.
    Management’s Philosophy andOperating Style • Has an appropriate attitude toward risk- taking. • Endorses the use of performance-based management. • There has not been excessive personnel turnover in key functions, such as operations and program management, accounting, or internal audit.
  • 15.
    Organisational structure • Theagency’s organizational structure is appropriate for its size and the nature of its operations. • Balancing the degree of centralization versus decentralization. • Key areas of authority and responsibility are defined & communicated throughout the organization. • Clear reporting relationships.
  • 16.
    Human Resource Policiesand Practices • Policies and procedures are in place for hiring, orienting, training, evaluating, counseling, promoting, compensating, disciplining, and terminating employees.
  • 17.
    Oversight Groups • Withinthe organisation, there are mechanisms in place to monitor and review operations and programs. • The agency has an audit committee or senior management council consisting of high-level line and staff executives that review the internal audit work and coordinate closely with the external auditors. • The internal audit operation it reports to the entity’s head. • Internal audit reviews that unit’s activities and systems and provides information, analyses, appraisals, recommendations, and counsel to management.
  • 18.
    Risk Assessment The centraltheme of internal control is (1) to identify risks to the achievement of an organization's objectives and (2) to do what is necessary to manage those risks. Thus, setting goals and objectives is a precondition to internal controls.
  • 19.
    Setting organisational objectives •Operational objectives: achievement of the basic mission(s) of a department and the effectiveness and efficiency of its operations, including performance standards and safeguarding resources against loss. • Financial reporting objectives: preparation of reliable financial reports, including the prevention of fraudulent public financial reporting. • Compliance objectives: adherence to applicable laws and regulations.
  • 20.
    • Risk assessmentis the identification and analysis of risks associated with the achievement of operations, financial reporting, and compliance goals and objectives. • This, in turn, forms a basis for determining how those risks should be managed.
  • 21.
    Identify Risks afterDetermining Goals • A risk is anything that could jeopardize the achievement of an objective. – What could go wrong? – How could we fail? – What must go right for us to succeed? – Where are we vulnerable? – What assets do we need to protect? – Do we have liquid assets or assets with alternative uses? – How could someone steal from the department?
  • 22.
    – How couldsomeone disrupt our operations? – How do we know whether we are achieving our objectives? – On what information do we most rely? – On what do we spend the most money? – How do we bill and collect our revenue? – What decisions require the most judgment? – What activities are most complex? – What activities are regulated? – What is our greatest legal exposure?
  • 23.
    The costs ofrisks • When evaluating the potential impact of risk, both quantitative and qualitative & qualitative costs need to be addressed. • Quantitative costs: cost of property, equipment, or inventory, cash dollar loss, damage and repair costs, cost of defending a lawsuit, etc. • Qualitative costs: Loss of public trust, violation of laws, default on a project, bad publicity.
  • 24.
    Risk analysis • Managementhas established a formal process to analyze risks, and that process may include informal analysis based on day-to-day management activities. • Criteria have been established for determining low, • medium, and high risks. • Appropriate levels of management and employees are • involved in the risk analysis. • The risks identified and analyzed are relevant to the corresponding activity objective.
  • 25.
    Managing Risk DuringChange • Management must give special attention to risks presented by changes: – the hiring of new personnel to occupy key positions – introduction of new or changed information systems – rapid growth and expansion or rapid downsizing. – the production or provision of new outputs or services. – establishment of operations in a new geographical area.
  • 26.
    Control Activities Control activitiesare actions, supported by policies and procedures that, when carried out properly and in a timely manner, manage or reduce risks.
  • 27.
    Preventive Controls • Preventivecontrols attempt to deter or prevent undesirable events from occurring. • They are proactive controls that help to prevent a loss. • Examples: separation of duties, proper authorization, adequate documentation, and physical control over assets.
  • 28.
    Detective Controls • Detectivecontrols attempt to detect undesirable acts. • They provide evidence that a loss has occurred but do not prevent a loss from occurring. • Examples: reviews, analyses, variance analyses, reconciliations, physical inventories, and audits.
  • 29.
    Some Control Activities •Approvals, Authorizations, and Verifications (Preventive). • Reconciliations (Detective). • Reviews of Performance (Detective). • Security of Assets (Preventive and Detective). • Segregation of Duties (Preventive). • Controls over Information Systems (Preventive and Detective).
  • 30.
    Approvals • Written policiesand procedures • Limits to authority • Supporting documentation • Question unusual items • No “rubber stamps” • No blank signed forms
  • 31.
    Reconciliation • A reconciliationis a comparison of different sets of data to one another, identifying and investigating differences, AND taking corrective action, when necessary. • A critical element of the reconciliation process is to resolve differences. • It does no good to note differences and do nothing about it. Differences should be identified, investigated, and explained -- corrective action must be taken.
  • 32.
    Reviews • Budget toactual comparison • Current to prior period comparison • Performance indicators • Follow-up on unexpected results or unusual items
  • 33.
    Asset security • Securityof physical and intellectual assets • Physical safeguards • Perpetual records are maintained • Periodic counts/physical inventories • Compare counts to perpetual records • Investigate/correct differences
  • 34.
    Segregation of duties •No one person should... > Initiate the transaction > Approve the transaction > Record the transaction > Reconcile balances > Handle assets > Review reports • At least two sets of “eyes”.
  • 35.
    Information systems (1) GeneralControls and (2) Application Controls.
  • 36.
    General Controls • Generalcontrols apply to entire information systems and to all the applications that reside on the systems. Examples: • Access Security, Data & Program Security, Physical Security • Software Development & Program Change Controls • Data Center Operations • Disaster Recovery.
  • 37.
    Application Controls • InputControls (Data Entry) complete and accurate recording of authorized transactions -Authorization -Validation -Error Notification and Correction • Processing Controls: complete and accurate processing of authorized transactions. • Output Controls: complete and accurate audit trail of the results of processing.
  • 38.
  • 39.
    • For anorganisation to run and control its operations, it must have relevant, reliable information, both financial and non- financial, relating to external as well as internal events. • That information should be recorded and communicated to management and others within the agency who need it and in a form and within a time frame that enables them to carry out their internal control and operational responsibilities.
  • 40.
    • Internally generatedinformation critical to achieving the organisation’s objectives, including information relative to critical success factors, is identified and regularly reported to management. • Pertinent information is identified, captured, and distributed to the right people in sufficient detail, in the right form, and at the appropriate time to enable them to carry out their duties and responsibilities efficiently and effectively.
  • 41.
    Forms & meansof communication • policy and procedures manuals, • management directives, • memoranda, • bulletin board notices, • internet and intranet web pages, • Videotaped messages, • e-mail, and • speeches.
  • 42.
    Monitoring Assessing the quality ofperformance over time and ensure that the findings of audits and other reviews are promptly resolved.
  • 43.
    Ongoing monitoring • Management’sstrategy provides for routine feedback and monitoring of performance and control objectives. • Operating reports are integrated or reconciled with financial and budgetary reporting system data and used to manage operations on an ongoing basis.
  • 44.
    • Communications fromexternal parties corroborates internally generated data or indicate problems with internal control. • Data recorded by information and financial systems are periodically compared with physical assets and discrepancies are examined.
  • 45.
    Separate Evaluations • Considerationis given to the risk assessment results and the effectiveness of ongoing monitoring when determining the scope and frequency of separate evaluations. • Separate evaluations are often prompted by events such as major changes in management plans or strategies, major expansion or downsizing of the agency, or significant changes in operations or processing of financial or budgetary information. • Separate evaluations are conducted by personnel with the required skills that may include the agency’s external auditor.
  • 46.
    Audit resolution • Theorganisation should have a mechanism to ensure the prompt resolution of findings from audits and other reviews. • The organisation should take appropriate follow-up actions with regard to findings and recommendations of audits and other reviews.
  • 47.
    Internal Control Structures& Policies Relevant To Audit Control Environment Accounting System Control Procedures
  • 48.
    1. CONTROL ENVIRONMENT: 1.Management philosophy & operating style: supportive attitude towards control 2. Organisational structure: clear lines of accountability 3. Audit committees: monitor control structure 4. Personnel policies & procedures: people properly matched with tasks 5. Communication of authority & responsibility: performance reporting, meetings, conferences as effective communication devices. 6. Internal audit: effective control by identifying problems & suggesting solutions.
  • 49.
    2. ACCOUNTING SYSTEM 1.Chart of accounts, accounting manuals & other records: complete & accurate recording of transactions & events. 2. Transaction documentation: effective “audit trail” for recording of transactions & events. 3. Transaction review: prevention of unauthorised transactions & detection of errors in transaction processing & recording. 4. EDP controls: input editing & other programmed controls to compensate for lack of traditional controls.
  • 50.
    3. CONTROL PROCEDURES 1.Job descriptions, training programmes, hiring policies: competence of personnel. 2. Policy & procedure manuals: adherence to policy. 3. Planning, budgeting & performance reporting: to establish long-range goals & plans to achieve them; to monitor & correct performance. 4. Asset safeguards: asset management, limited access & accountability controls. 5. Periodic inventories, cash counts & securities counts: monitor access & accountability controls.