1) The document discusses internal financial controls as required by the Companies Act 2013 in India, including who is responsible for them according to the Act. It covers topics such as the definition of internal financial controls and internal controls over financial reporting, the global perspective on internal controls, and the expected response from various stakeholders.
2) The process for evaluating and reporting on a company's internal controls is discussed, including scoping the evaluation, assessing control design, identifying gaps, testing operating effectiveness, and reporting material weaknesses.
3) Key considerations are provided for each step of the internal controls evaluation process.
Internal controls maturity and SME corporate governananceBrowne & Mohan
Good Corporate governance is a key factor in ensuring sound financial reporting and deterring misappropriations of capital and resources. Internal control and corporate governance go hand in hand. Many SME
have an ambitious goal of reaching a
reliable, continuous and integrated internal
control state. However, many SME’s are
still grappling to build a comprehensive
control process. In this paper, we present an
internal maturity framework that SME can use to benchmark and know how they can discourage frauds, improve compliance and adoption of standards.
Chapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docxmccormicknadine86
Chapter 9
Audit Risk Assessment
Prepared by Dr Phil Saj
1
Learning objectives
Appreciate the importance of audit risk assessment and why it is linked to financial statement assertions.
Explain the importance of business risks in audit planning.
Describe the procedures performed by an auditor to assess risk.
Appreciate the importance of internal control to an entity and to its independent auditors.
2
Learning objectives
Indicate the procedures for obtaining and documenting an understanding of the entity’s internal control.
Explain why and how a preliminary assessment of control risk is made.
Explain the importance of the concept of audit risk and its three components.
3
Management’s financial statement assertions
Existence or occurrence
Assets or liabilities of the entity exist at a given date and whether recorded transactions or events have occurred during the period.
Completeness
Transactions, events and accounts that should be presented in the financial statement are included.
Cut-off
All transactions, events and accounts have been recorded in the correct period.
4
Management’s financial statement assertions
Rights and obligations
Assets represent rights of the entity and liabilities
are the obligations of the entity at a given date.
Valuation and allocation
Asset, liability, components have been included in the
financial statements at the appropriate amounts.
Accuracy
Transactions have been appropriately recorded
in the proper accounts.
5
Management’s financial statement assertions
Presentation and disclosure
Particular components of the financial statements are
properly classified, described and disclosed.
Refer to the textbook Table 9.1, page 363, for illustrations of each of these assertions.
6
Business risk assessment
A business risk approach allows the auditor to:
Identify threats faced by the organisation.
Recognises that most business risks will eventually
have an effect on the financial statements.
Increase the chances of identifying risks of material
misstatements in the financial reports
Categories of business risk:
Financial risk
Operational risk
Compliance risk
7
Risk assessment procedures
Enquiries
Management, staff, internal auditors, company bankers,
legal advisors.
Analytical procedures
Provide a broad indication of the likelihood of possible
errors.
Observations and inspections
Inspection of manuals, visiting business premises,
observing procedures taking place.
8
Importance of internal control
The Committee of Sponsoring Organisations (COSO) of
the Treadway Commission defines internal control as:
a process, effected by an entity’s board of directors,
management and other personnel, designed to
provide reasonable assurance regarding the
achievement of objectives in the following categories:
Effectiveness and efficiency of ...
Ranska. Karkea käännös. Small entity audit standard NP 2010 Lasse Åkerblad
France: New small entity audit standard from July 2017. Based on the ISAs.
Ranska: Pienen yrityksen tilintarkastusstandardi alkaen 7/2017 ja korvaa aikaisemman version. Perustuu ISA:aan.
This plan is uploaded to be use as a sample to help people to get an idea. This internal audit plan is prepared for an automotive business activity. I hope it will be useful.
Internal controls maturity and SME corporate governananceBrowne & Mohan
Good Corporate governance is a key factor in ensuring sound financial reporting and deterring misappropriations of capital and resources. Internal control and corporate governance go hand in hand. Many SME
have an ambitious goal of reaching a
reliable, continuous and integrated internal
control state. However, many SME’s are
still grappling to build a comprehensive
control process. In this paper, we present an
internal maturity framework that SME can use to benchmark and know how they can discourage frauds, improve compliance and adoption of standards.
Chapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docxmccormicknadine86
Chapter 9
Audit Risk Assessment
Prepared by Dr Phil Saj
1
Learning objectives
Appreciate the importance of audit risk assessment and why it is linked to financial statement assertions.
Explain the importance of business risks in audit planning.
Describe the procedures performed by an auditor to assess risk.
Appreciate the importance of internal control to an entity and to its independent auditors.
2
Learning objectives
Indicate the procedures for obtaining and documenting an understanding of the entity’s internal control.
Explain why and how a preliminary assessment of control risk is made.
Explain the importance of the concept of audit risk and its three components.
3
Management’s financial statement assertions
Existence or occurrence
Assets or liabilities of the entity exist at a given date and whether recorded transactions or events have occurred during the period.
Completeness
Transactions, events and accounts that should be presented in the financial statement are included.
Cut-off
All transactions, events and accounts have been recorded in the correct period.
4
Management’s financial statement assertions
Rights and obligations
Assets represent rights of the entity and liabilities
are the obligations of the entity at a given date.
Valuation and allocation
Asset, liability, components have been included in the
financial statements at the appropriate amounts.
Accuracy
Transactions have been appropriately recorded
in the proper accounts.
5
Management’s financial statement assertions
Presentation and disclosure
Particular components of the financial statements are
properly classified, described and disclosed.
Refer to the textbook Table 9.1, page 363, for illustrations of each of these assertions.
6
Business risk assessment
A business risk approach allows the auditor to:
Identify threats faced by the organisation.
Recognises that most business risks will eventually
have an effect on the financial statements.
Increase the chances of identifying risks of material
misstatements in the financial reports
Categories of business risk:
Financial risk
Operational risk
Compliance risk
7
Risk assessment procedures
Enquiries
Management, staff, internal auditors, company bankers,
legal advisors.
Analytical procedures
Provide a broad indication of the likelihood of possible
errors.
Observations and inspections
Inspection of manuals, visiting business premises,
observing procedures taking place.
8
Importance of internal control
The Committee of Sponsoring Organisations (COSO) of
the Treadway Commission defines internal control as:
a process, effected by an entity’s board of directors,
management and other personnel, designed to
provide reasonable assurance regarding the
achievement of objectives in the following categories:
Effectiveness and efficiency of ...
Ranska. Karkea käännös. Small entity audit standard NP 2010 Lasse Åkerblad
France: New small entity audit standard from July 2017. Based on the ISAs.
Ranska: Pienen yrityksen tilintarkastusstandardi alkaen 7/2017 ja korvaa aikaisemman version. Perustuu ISA:aan.
This plan is uploaded to be use as a sample to help people to get an idea. This internal audit plan is prepared for an automotive business activity. I hope it will be useful.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
2. Who All Are Responsible? 3
What is Internal Financial Control (IFC) ? 5
What is Internal financial controls over financial
reporting (ICFR) ?
6
Internal Controls – Global Perspective 7
Expected response of stakeholders 8
Expressing an opinion on internal control – how will
you do it
10
3. Page 3
The Companies Act 2013 – Who All Are Responsible?
► In the case of a listed company, the Directors’ Responsibility states that
directors, have laid down IFC to be followed by the company and that
such controls are adequate and operating effectively.
► The auditor’s report should also state whether the company has adequate
IFC system in place and the operating effectiveness of such controls
► Audit committee may call for comments of auditors about internal
control systems before their submission to the Board and may also
discuss any related issues with the internal and statutory auditors and the
management of the company
► The independent directors should satisfy themselves on the integrity of
financial information and ensure that financial controls and systems of
risk management are robust and defensible.
Section
134
Section
143
Section
177
Sch IV
Director’s
Responsibility
Statement
Auditor Report
Audit Committee
Independent
Directors
4. Page 4
The Companies Act 2013 – Who All Are Responsible? (contd.)
Director’s Responsibility
Statement (134)
1
2 Auditor Report (143)
Requirement
(as per previous slide)
3 Audit Committee (177)
4 Independent Directors
(Schedule IV)
5 Rule 8(5)(viii) of the Companies
(Accounts) Rules, 2014 – BOD
report – Financial Statements
only (ICFR only)
Public Listed Public un-listed
Pvt Cos pd up
share capital >=
INR 20 Cr
Paid-up share
capital>= INR 10
Cr
Turnover >= INR
100 Cr
Loans,
Borrowing in
aggregate >=
INR 50 Cr
ICFR
IFC
ICFR
ICFR
ICFR
5. Page 5
What is Internal Financial Control (IFC) ? (Sec 134)
As per Section 134 of the Companies Act 2013, the term ‘Internal Financial Controls’ means the policies
and procedures adopted by the company for ensuring:
► orderly and efficient conduct of its business, including adherence to company’s policies,
► safeguarding of its assets,
► prevention and detection of frauds and errors,
► accuracy and completeness of the accounting records, and
► timely preparation of reliable financial information.
Internal Financial
controls overs
financial reporting
(ICFR)
Operational
controls
Fraud prevention
+ + = IFC
Components
Example
Definition
Sales realization is
correctly recorded in
the Financials
Discount on sale is
offered as per DOA and
adherence to DOA is
monitored
Unauthorised change
in price master
(access controls)
6. Page 6
What is Internal financial controls over financial reporting
(ICFR) ? (Sec 143 - as per ICAI Nov 2014 guidelines)
“A process designed to provide reasonable assurance regarding the reliability of financial reporting and the
preparation of financial statements for external purposes in accordance with generally accepted accounting
principles”. A company's internal financial control over financial reporting includes those policies and procedures :
1. Pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions
and dispositions of the assets of the company;
2. Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial
statements in accordance with generally accepted accounting principles, and that receipts and expenditures of
the company are being made only in accordance with authorisations of management and directors of the
company; and
3. Provide reasonable assurance regarding prevention or timely detection of unauthorised acquisition, use, or
disposition of the company's assets that could have a material effect on the financial statements.”
Maintenance of
financial records
(Detail/ Accuracy)
Authorizations of
transactions
(in accordance
with GAAP)
Safeguarding of
the assets of the
company
+ + = ICFR
Components
Definition
7. Page 7
Internal Controls – Global Perspective
Scope
Scope
Framework
Framework
Guidance
Guidance
Control
assessment
Control
assessment
Auditor attestation
Auditor attestation
Rigour of
implementation
Rigour of
implementation
UK
All material controls,
including financial,
operational and
compliance controls
The UK Corporate
Governance Code
UK Combined
Code/Turnbull guidance
Yes
Yes
High
India
ICFR + Policies/Procedures
+ Fraud + Safeguarding
Assets
Components of Internal
Controls as per SA 315
ICAI Guidance Issued in
November 2014
Yes – CEO/CFO, Board
Yes – ICFR
Past precedent – low
Now - expected to be high
USA
Internal Control over
Financial Reporting (ICFR)
COSO
AS-6
Yes
Yes – ICFR
High
8. Page 8
Expected response of stakeholders
u Would like to see a
robust framework that
is aligned to acceptable
standards
u Review & question the
basis of your controls
design and ongoing
assessments
Focus on internal controls,
to the extent these relate to
the financial reporting
(ICFR)
Auditors responsibility
limited to evaluation of
‘Financial reporting controls’
Company
Management
Auditors
Audit Committee/
Independent Director
Create & test the
framework of internal
controls
u IFC (including
operational &
Compliance)
u Controls documentation
u Would rely on the
assessment and view
of the Audit Committee
u They may ask for
additional information
Board of Directors
9. Page 9
How will IFC help beyond compliance ?
u Helps in business process re-designing to
plug revenue leakages & cost containment
opportunities
u Helps in rationalizing the number of
controls across organization –
moving to smart and automated controls
u Helps in standardizing policies and procedures for multi-location/ multi-business Companies
u Fosters a control conscious work culture for people behind controls
u Provides assurance to the CEO/ CFO as well as improves business performance
u In some instances, also serves as a base for blue print of optimal procedures while thinking about ERP
Aimed at strengthening the processes to further improve business, identify cost
containment opportunities as well as drive growth
10. Page 10
Expressing an opinion on internal control – how will you do it
Scoping
Design
assessment
Design Gap
remediation
Operating
effectiveness
(OE)
Overall
assessment
and
reporting
One
time
Ongoing
Detailed scope
Update for
changes
Validate &
document
design
Seek
confirmation on
changes
Corrective
action
Prepare test
strategy & plan
Reporting
approach
Test controls Report
Leverage ‘Technology’ for effective enablement of controls
11. Page 11
Key worksteps/ considerations for Scoping:
u Map/ Identify significant accounts, processes and key locations
u Segregate scope between Business Process and IT
u Discuss/ align the scope with External Auditors
u Define materiality – Key/ non-key Risks
u Finalize scope exclusion and validate with auditors
u Define scope of processes/ activities performed by third parties
u Nominate IFC Champion across processes/ locations
u Set up a Steering Committee to review progress/ remediation plans
u Align Audit Committee and Board
u Finalize templates, documentation standards, reporting packs
u Conduct Training/ workshops with process owners
Key Highlights (ICAI note)
• Significantly larger than CARO
• IFC (Sec 134) Vs. ICFR (143)
• IFC includes Operational while ICFR
is only reporting
• Does not apply to consolidated
financial statements
• SOCR reporting from third parties
Scoping Design assessment Gap remediation
Operating
effectiveness
Assessment and
reporting
12. Page 12
1. Control Environment
2. Risk Assessment
3. Control Activities
4. Information &
Communication
5. Monitoring
1. Demonstrates commitment to integrity and ethical values
2. Board of directors demonstrates independence from management and exercises
oversight responsibility
3. Management, with board oversight, establishes structure, authority and
responsibility
4. The organization demonstrates commitment to competence
5. The organization establishes accountability
6. Specifies relevant objectives with sufficient clarity to enable identification of risks
7. Identifies and assesses risk
8. Considers the potential for fraud in assessing risk
9. Identifies and assesses significant change that could impact system of internal
control
10.Selects and develops control activities
11. Selects and develops general controls over technology
12.Deploys through policies and procedures
13.Obtains or generates relevant, quality information
14.Communicates internally
15.Communicates externally
16.Selects, develops and performs ongoing and separate evaluations
17.Evaluates and communicates deficiencies
COSO 2013 Framework
COSO 2013 framework
Codification of 17 principles embedded in the original framework
Scoping Design assessment Gap remediation
Operating
effectiveness
Assessment and
reporting
13. Page 13
Key work-steps/ considerations for Design assessment:
u Finalize Process Owners across each process/ location
u Perform & document walkthroughs (recommended)
u Document process maps with input, output, risk/ controls, IPE
u Segregate controls into Entity/ Process/ IT
u Identity controls into Manual, Automated, IT dependent, Preventive/ Detective
u Segregate controls into Document Risk & Control matrix with control description, owner,
frequency, control evidence etc
u Document IT General Controls (GITCs)
u Perform Segregation of Duties analysis
u Identify design gaps based on walkthroughs, interviews, discussion etc
u Benchmarking of IFC controls – consolidate, remove redundancy,
Key Highlights (ICAI note)
• Perform Walkthroughs
• Document Process Flows
• Entity/ Transaction level
• GITC
• Segregation of Duties
• IT System overview Diagram
• IPE documentation
• Controls Benchmarking
Scoping Design assessment Gap remediation
Operating
effectiveness
Assessment and
reporting
14. Page 14
Key work-steps/ considerations for Gap remediation:
u Prioritize financial gaps into Material/ non-material
u Prioritize operational/ reputational gaps (if any) into H/M/L impact
u Co-develop remediation plan with owners & implementation timelines
u Periodic monitoring of remediation plans
u Enhance/ optimize IT Controls
u Standardized/ centralize processes (wherever possible)
u Enhance SOP/ MIS/ DOA etc
u Interim testing to confirm remediated gaps
Key Highlights (ICAI note)
• Material weakness
• Test of Design (TOD)
• Remediation plans
Scoping Design assessment Gap remediation
Operating
effectiveness
Assessment and
reporting
15. Page 15
Key work-steps/ considerations for Operating Effectiveness:
u Align sampling strategy with auditors
u Prepare testing plan & templates
u Timing of testing – Mid year and roll forward testing
u Finalize resources – competency & independence/ objectivity
u Document testing results
u Prioritize testing gaps into Material/ non-material
u Identify mitigation/ compensating controls for material gaps
u Co-develop remediation plans for testing gaps including owners
and implementation timelines
Key Highlights (ICAI note)
• Sampling methodology
• JE CAATs
• Linkage with ELCs
• Timing of testing
• Extending sample size
• Analysis of error in the sample -
Tolerable error etc
Operating
effectiveness
Testing
Scoping
Design
assessment
Gap remediation Assessment and
reporting
16. Page 16
Key work-steps/ considerations for Gap remediation:
u Finalize material weakness and update Executive management
u Report to Audit Committee (AC) and Board
Key Highlights (ICAI note)
• Opinion on IFC
• Material weakness
Assessment and
reporting
Scoping
Design
assessment
Gap remediation
Operating
effectiveness
