Upload
dinhtu
View
218
Download
0
Embed Size (px)
Citation preview
An exclusive publication for Members of The Institute of Internal Auditors Malaysiawww.iiam.com.my
progress through sharing
Career Talks At Universiti Kebangsaan Malaysia And Universiti Teknologi Mara, Johor 2
Swinburne Careers Fair 2013 4
18th Annual General Meeting 5
Plantations Audit Forum 13
2013 Corporate Fraud - Fraud Risk Management: Make it Count 1 5
COSO - 2013 Internal Control – Integrated Framework 1 7
At a
IN TOUCH
Glance
NewsletterNewsletter
ISSUE 02/2013APR – JUN 2013
KDN PP 7705/04/2013(032230)
2013
President Ranjit SinghMBA (UK), CRMA, CMIIA, CA (M), CPA (M)
Vice Presidents Philip Satish RaoCMIIA, CPA (AUST), CPA (M), CA (M)
Shabaruddin IbrahimMIA, MICPA, FCA, CFIIA
Hon. Secretary Lucy Wong Kam YangMBA (AUST), CIA, CMIIA, CRMA, FCMA, CGMA, CA(M)
Hon. Treasurer Mohamed Farook NasarMBA(USM), CIA, CRMA, CMIIA, ICSA (UK)
Immediate Past President Datin Josephine Low Suet MoiBCM, MBA (UK), CIA, CRMA CMIIA, CFE, CISA
Governors Christine Ong May Ee,B.ACC (HONS) (SG), CIA, CRMA, CMIIA, FCA (AUST), CA (M)
Nickson Choo Wei SinB.ACC (HONS), CMIIA, CISA, CFE, CA (M)
Devanesan EvansonLLB (HONS) (UK), CFIIA, CA (M), FCCA (UK)
Mohd Khaidzir Bin ShahariBACC (HONS), CIA, CMIIA, CA (M)
Dr Nurmazilah Dato’ MahzanPHD (UK), CIA, CRMA, CMIIA, CA (M), CPA (M)
Zahran Bin TaslimanB.ACC (HONS), CIA, CCSA, CMIIA
Alan Chang Kong ChongB.ECONOMICS (AUST), CIA, CFSA, CPA (AUST), CCP (IBBM)
Nik Hasnan Nik Abd KadirBSC (HON), CIA, CMIIA
CHAIRMAN Sabah District Society Sarawak District Society Maria Lee Siao Ling AIIA Auditor Baker Tilly Monteiro HengSolicitor KC Lim & Co
STAFFActing Executive Director / Nur Hayati BaharuddinTechnical Director MBA, CIA, CCSA, CFSA, CGAP, CRMA, CMIIA,
FCPA, CA (M) Senior Membership Manager Tey Tai Sin BA(Hons) Senior Certification Manager Zaimah Ismail BBA(Hons) Senior Technical Manager Sivamalar Thuraisingam
BA(Hons)(UK), CIA, CCSA,CMIIA Senior Finance Manager Lee Fook Sun MAcc(Aust), CMIIA, CA(M), CRMA Technical Manager Tengku Idreena Tuan Ismail BA(Hons) Assistant Manager Corporate Services Jess Liu Shiak Peng B.Com(Aust) Assistant Manager Membership Siti Rohani Umar BA(Hons) Assistant Manager Professional Development Irwan Noor Hadi Bin Dahili B.Comn(Hons) Accounts Executive Jessie Liew Siau Yan BA(Hons) Certification Executive Siti Arafah Abdul Aziz BSc(Hons) Training Executive Veronica Justin B.COMP.SC Training Executive Josie R. Omilda Membership Executive Nor Shazwani Bt Mohamad Shafiee
BMgt(Hons) Membership Executive Noor Adiha Abu Bakar BBA(Hons) Administrative Executive Raja Nur Aina Raja Mohammad Noordin
B.Econ(Hons) Admin Officer Nur Zuhairah Binti Zamberi BSc(Hons) Admin Officer Yusliza Binti Md Yusof Admin Officer Syazana Binti Dzulkefli BBA(Hons) Training Officer Ahmad Farouk Rosman Despatch Cum Office Assistant Hamdani Mohd Sahit Mashud
EDITORIAL BOARDPSC Chairman Christine Ong May Ee
B.Acc(Hons)(SG),CMIIA,FCA(AUST), CA(M)Deputy Chairman Affeiz Abdul Razak BBA (Hons) Finance, CFSA(US), CMIIA Zahran Bin Tasliman B.Acc(Hons), CIA,CCSA, CMIIA
Chief Editor Dr Suresh Kannan PHD, MBA, BA (Hons) Acc, CMIIACommittee Members P. Shanthi Palaniappan CIA, CMIIA Wendy Low B.ACC (RMIT, AUST), CMIIA Sky Chan Kin Kwan B.ACC (Hons), AIIA
Production & Circulation Tey Tai Sin BA (Hons) Siti Rohani Umar BA (Hons) Nor Shazwani Mohamad Shafiee BMGT (Hons) Noor Adiha Binti Abu Bakar BBA (Hons)
BOARD OF GOVERNORSAND STAFF2013/14
THE INSTITUTE OF INTERNAL AUDITORS MALAYSIA160-3-3 Kompleks Maluri, Jalan Jejaka,Taman Maluri, 55100 Kuala Lumpur, Malaysia.Tel: (603) 9282 1148 Fax: (603) 9282 1241E-mail: [email protected] Website: www.iiam.com.my
1 KEEPING IN TOUCH • Issue 2 Apr – Jun 2013
VISIONTo be the national voice of the internal audit profession: Advocating its value, promoting best practices, and providing exceptional service to its members.
MISSIONTo provide dynamic leadership for the global profession of internal auditing. Activities in support of this mission will include: • Advocating and promoting the value that internal audit professionals add to their organisations; • Providing comprehensive professional educational and development opportunities; standards and
other professional practice guidance; and certification programmes; • Researching, disseminating, and promoting to practitioners and stakeholders knowledge concerning
internal auditing and its appropriate role in control, risk management, and governance; • Educating practitioners and other relevant audiences on best practices in internal auditing; and • Bringing together internal auditors to share information and experiences.
OBJECTIVES1. To be the recognised voice for the internal audit profession;2. To develop and sustain the internal audit profession in Malaysia through appropriate infrastructure,
coordination, support and communication; and3. To provide exceptional service to IIA Malaysia’s members.
MOTTO : “PROGRESS THROUGH SHARING”The Institute maintains its motto “Progress Through Sharing” and share with our members information on new trends, latest internal audit techniques, regulatory and statutory requirements and the emerging issues affecting the profession.
contentsAcademic Relations 2Membership 3New Release 9Events 11Technical 17
editor says
Editor says
First and foremost, congratulations and welcome on-board to all the newly
appointed Board of Governors. A thank you note is also extended to the
retiring Board of Governors, for the untiring efforts in managing the affairs of
the Institute.
Featured in this newsletter are the 2013 Corporate Fraud Conference and
many of the other regular activities such as Member’s networking sessions,
career talks and seminars.
The technical column is worth noting as it is close to the heart and mind of
any internal auditor; the COSO Internal Control Framework. The 2013 update
of the internal control framework is featured in the technical column. Do spare
the time to read this section for the update on the framework.
Dr Suresh Kannan
Chief Editor
Issue 2 Apr – June 2013 • KEEPING IN TOUCH 2
academic relations
IIA Malaysia was invited by Universiti Kebangsaan Malaysia (UKM) to present a talk on “Career as an Internal Auditor” to its students who are pursuing the Bachelor in Accounting. The talk was held on 9 May 2013 for students from the second and third year.
Zahran Tasliman, General Manager/Chief Audit Executive of QSR Brands (M) Holdings Sdn Bhd, who is also a member of the Board of Governors of IIA Malaysia delivered the talk with the objective of creating awareness on the profession of internal auditing. The students were briefed on the roles and responsibilities of internal auditors in control, risk and governance; differences between internal and external auditing; skills required of an internal auditor at different level of positions and challenges of the profession.
Students were also briefed on membership benefits, special discount for CIA programme and internship opportunities.
On 6 June 2013 IIA Malaysia was invited by Universiti Teknologi MARA (UITM) Johor to present a similar talk to its third and final year students. The talk took place in UITM Johor Campus in Segamat. More than 100 students attended the talk which was presented by Nur Hayati Baharuddin, Acting Executive Director of IIA Malaysia. During her presentation, Nur Hayati posed some questions to the students to encourage them to participate actively. Students who answered the questions as well as those who asked questions were given prizes.
IIA Malaysia has begun accepting registrations for the new 3-part CIA exam and CRMA exam. Candidates who have yet to enrol their examination parts may do so by filling up the Part Registration Form. Please do drop an email to [email protected] to request for the form.
Candidates who are interested to sit for the CRMA exam can email [email protected] to request for the Application Form. The CRMA comprises two papers, i.e. CIA part 1 and the CRMA core paper. Candidates who have passed Part 1 of the CIA exam may advance directly to the CRMA core exam.
The CRMA exam core content covers four domains: Domain I : Organizational governance related to risk
management (25-30%) Domain II : Principles of risk management processes (25-30%) Domain III : Assurance role of the Internal Auditor (20-25%) Domain IV : Consulting role of the Internal Auditor (20-25%)
There are 100 multiple-choice questions to be completed in two hours.
Registration OpenWith effect from 1 July 2013, the fee structure for all
certification programmes is changed as follows:
Notes:
1. The Registration Fee is inclusive of processing, administration, study materials and graduation ceremony.
2. The total cost for CRMA is excluding the exam fee for CIA Part 1
3. All fees are subject to change without notice
New Certification Fees
Career Talks At Universiti Kebangsaan Malaysia And Universiti Teknologi Mara, Johor
Universiti Kebangsaan Malaysia (UKM) Universiti Teknologi MARA (UITM) Johor
Type of fee CIA Specialty Programme
(CCSA/CFSA/CGAP/CRMA)
(RM)
Registration 3,000 850
Exam 600 per part 1,120
Total cost 4,800 1,970
3 KEEPING IN TOUCH • Issue 2 Apr – Jun 2013
membership
Professional MembersNgoi Soon Hong 209773 Cheok Chin Beng 209774 Yusri Suhaimi Mohd 209775 Belinda Quek Hui Cheng 209808 Ng Pit Ying 209809 Anthony Wong Chiew Wu 209827 Associate MembersYap Anak Anding 209776 Nur Ashikin Radzali 209777 Tang Yunn Ru 209778 Yee Yoke Seng 209779 Lim Meng Yah 209780 Tiong Yien Ngo 209781 Mohamed Mazri Mohamed 209782
Azrizul Mizlan 209783Kamalunizam Mohd Maamor 209784Mohd Fadirul Hisyam Abdul Hamed 209785Jasvinder Kaur A/P Teja Singh 209786Leong Miew Mun 209787Shasha Idayu Saharom 209788 Shawn Mckenzie 209789 Razanif Rizuwan 209790 Kubendran A/L Sukumaran 209791 Lee Chee Ming 209792 Norfarahdina Haezah Abdul Rahim 209793 Fan Kok Hong 209794 Noorazlinda Zainul 209795 Fadly Ismail 209796Mohd Taufik Zainal 209797 Zainudin Selamat 209798 Mah Wei Leng 209799 Aniza Zakaria 209800 Loon Peng Wai 209801 Hasna' Haji Mohamad Taib 209802 Othman Sabu 209803 Teh Sek Hong 209804 Au Mei Chen 209805 Wong Xiuxuan 209806 Muhammad Luqman Hashim 209807 Nik Nornissa Nadia Nordin 209810 Foong Hew Mei 209811 Kwong Fung Len 209812 Mohd Aidil Shah Mohd Rashid 209813
Fakhrul Faiz Zaidi 209814Shukri Zamridin 209815Amir Hamzah Omar 209816Shirley Biujin 209817Mohd Firdaus Md Sakri 209818Immanuel Vikram Raj 209819Dewi Kasomah Abidin 209820Nik Haslina Nik Man 209821Tuan Hasnah Tuan Yusoff 209822Loo Chan Foong 209823Mohd Sazali Mohd Salleh 209824Mohd Azmir Abu Bakar 209825Najlah Sulaiman 209826 Student Member Ummul Masakin Md Arif 209772
Upgraded Members Tan Hwei Peng 207813Adrina Lim Sien Im 208134Nor Amalina Shafiee 208241Ong Poh Soon 208439Desmond Chang Kuok Lim 208476Ong Lay Peng 208804Ekhwan Nazli Ibrahim 209109Neoh Mii Tze 209530Yeo Pang Sheen 209591Ishak Sahar 209723
Welcome
Members’ Corner – CONTRIBUTIONS WELCOMED!
New Membersfrom April –May 2013
Have you renewed your membership for 2013?
4 easy ways to renew your membership:
• Cheque or bank draft made payable to:THE INSTITUTE OF INTERNAL AUDITORS MALAYSIA
• Direct bank-in / Online transfer to the Malayan Banking account no: 5144 0450 1825(please fax the bank-in slip to 603 9282 1241 with your name and telephone number written on it or scan and email to [email protected] / [email protected] / [email protected] )
• Credit card (please download the authorisation form from the website or request from the Secretariat)
• Online banking: http://www.maybank2u.com.my(please fax a copy of your online transaction with your name and telephone number written on it or scan and email to [email protected] / [email protected] / [email protected] )
Renew Your Membership!Renew Your Membership!
Members with writing talent, here’s the
opportunity to share your thoughts with
your friends in the internal audit fraternity.
The Editorial Board welcomes contributions
from members. We accept articles, short
stories, jokes, tips, etc.
We encourage submission of fraud findings
and audit stories that reflect the new age of
internal auditing – those that emphasise
best practices, use of technology and
value-added results. If your article is
published, you will be awarded a token
from IIA Malaysia.
For enquiry, kindly contact Cik Adiha or Pn Shazwani or Pn Siti at (603) 9282 1148 Ext 110 or e-mail to [email protected] / [email protected] / [email protected]
Rejoining fee of RM100 will be charged to members who failed to renew their membership in 2013
Issue 2 Apr – Jun 2013 • KEEPING IN TOUCH 4
membership
Members’ Networking Session In PenangIIA Malaysia organised a members’ networking session for
members in the Northern Region at the Vistana Hotel,
Penang on 4 April 2013. The networking session saw 31
participants attending the event. The highlight of this
networking was the informative and interesting talk on
“An Introduction To The Statement On Risk Management
& Internal Control: Guidelines For Directors Of Listed
Issuers” by Lee Min On, Partner of KPMG Malaysia &
Executive Director of KPMG Management & Risk
Consulting Sdn Bhd. After the talk and the question and
answer session, the session
continued with an ice-breaking
game. Members enjoyed
themselves and won prizes in game
which tested on their observation
and memory skills. While members
enjoyed the refreshment, they also
had an opportune time to mingle
and catch up with one another.
The Swinburne Careers Fair 2013 was held on 24 April 2013 at their Sarawak Campus, Kuching with the theme, “A dazzling
personality wins a dazzling career”. The Institute of Internal Auditors Malaysia was honoured to be invited as one of the
participants of such event. Members of IIA Sarawak District Society and IIA Malaysia’s KL representatives jointly set up a booth
to promote Internal Audit as a profession. This career fair attracted participants who were largely final year students and fresh
graduates. The Institute’s booth was also visited by many who wanted more information on the Certified Internal Auditor
(CIA) examination and clarifying the role of Internal Auditors.
Article Contributed By: Sarawak District Society
Lee Min On elaborating on the Statement on Risk Management & Internal Control
Participants listening to the presentation with interest
A lot of enquiries on the CIA certification
Chancellor visiting our booth Visitors finding out more information about IIA Malaysia
Teamwork counts a lot during the ice-breaking session
Swinburne Careers Fair 2013
5 KEEPING IN TOUCH • Issue 2 Apr – Jun 2013
membership
The Institute’s 18th Annual General Meeting (AGM) was held on 4 May 2013 at the Concorde Hotel Kuala Lumpur. A total of 102 members of IIA Malaysia attended the AGM.
The meeting commenced with an opening speech by Datin Josephine Low, President of IIA Malaysia. Datin Josephine presented the major achievements of IIA Malaysia in 2012 that included membership growth, increase in training revenue certification and quality assurance. She also shared with the members the future plans for IIA Malaysia. Datin Josephine thanked the Board of Governors and Secretariat for their commitment and support, and congratulated the various committees for their efforts in achieving the Institute’s objectives. Datin Josephine expressed her appreciation to members for their support and looked forward to members’ continued participation.
The next item on the meeting’s agenda was to receive the Annual Report and Financial Statements for the financial year ended 31 December 2012. This was followed by the election of the Board of Governors. Nickson Choo Wei Sin, Mohd Khaidzir Bin Shahari, Ranjit Singh, Shabaruddin Ibrahim and Nik Hasnan Nik Abd Kadir were elected to the Board.
The meeting moved to appoint Messrs Baker Tilly Monteiro Heng as the Institute’s auditors. The final item on the agenda was to transact any other business for which due notice has been given in accordance with the Companies Act 1965 and the Institute’s Articles of Association. After the final agenda the AGM concluded with a note of thanks to all members for their attendance and making the event a success.
List of Governors Who Retired and Were Eligible for Re-ElectionNickson Choo Wei SinWalter SandosamMohd Khaidzir Bin Shahari
List of New Elected Governors 2013/2014Nickson Choo Wei Sin Mohd Khaidzir Bin Shahari Ranjit SinghShabaruddin Ibrahim Nik Hasnan Nik Abd Kadir
IIA Malaysia participated in the exhibition at the SSM
National Conference 2013 on Corporate Governance:
The New Global Language for Business held in The
Royale Chulan Hotel, Kuala Lumpur on 20-21 May
2013. Participants of the seminar thronged the IIA
Malaysia booth with queries on membership, training
and also certification.
18th Annual General Meeting
SSM National Conference 2013 on Corporate Governance: The New Global Language for Business
AGM in progress
Professional members casting their votes
Board of Governors for 2013-2014
Counting ballots
One of the conference participants finding out more information about IIA Malaysia
Issue 2 Apr – Jun 2013 • KEEPING IN TOUCH 6
membership
Members’ Networking Session In Kota Kinabalu
IIA Malaysia hosted a members’ networking session
for members in Kota Kinabalu at Promenade Hotel on
25 June 2013. There were 14 participants attending
the event. The session was held primarily for
members to meet and share information regarding
the Internal Audit. Lee Min On, Partner of KPMG
Malaysia & Executive Director of KPMG Management
& Risk Consulting Sdn Bhd, gave a talk on “An
Introduction To The Statement On Risk Management
& Internal Control: Guidelines For Directors Of Listed
Issuers” to the audience. The talk was followed by a
question and answer session and continued with an
ice-breaking session. Teamwork was the main feature
in the ice breaking session games as participants
were split into groups to solve questions. The session
ended with refreshment and more networking
opportunities.
In appreciation of members’ continuous support, IIA Malaysia identifies and
recognises members who have been with the Institute for a long period. For
members who are affiliated with the Institute for 15, 25 and 35 years, the Institute
honours their loyalty with a certificate of appreciation and memento.
Did You Know…
Lee Min On delivering his talk
1st prize group winner of the ice-breaking sessionThe participants listening attentively to the speaker’s clarification
Each member in the group
working closely during the
ice-breaking session
List of Retiring Board of Governors and Working Committees for 2012/2013
7 KEEPING IN TOUCH • Issue 2 Apr – Jun 2013
membership
No. Name Working Committee Position
1 Walter Sandosam Board of Governor Governor
2 Affeiz Abdul Razak Board of Governor / Professional Services Committee Governor / Deputy Chairman
3 Nickson Choo Wei Sin Professional Development Committee Chairman
4 Alan Chang Kong Chong Professional Development Committee Deputy Chairman
5 Eddie Leng Siew Kheen Professional Development Committee Committee Member
6 Ryan Chong Chee Seng Professional Development Committee Committee Member
7 Frank Chin Suan Yong Professional Development Committee Committee Member
8 Christine Ong May Ee Professional Services Committee Chairman
9 Zahran Tasliman Professional Services Committee Deputy Chairman
10 Dr. Suresh N Kannan Professional Services Committee Committee Member
11 P. Shanthi Palaniappan Professional Services Committee Committee Member
12 Wendy Low Li Chet Professional Services Committee Committee Member
13 Sky Chan Kin Kwan Professional Services Committee Committee Member
14 Dr. Nurmazilah Dato' Mahzan Academic Relations Committee Chairman
15 Lucy Wong Kam Yang Academic Relations Committee Deputy Chairman
16 Mohd Khaidzir Bin Shahari Academic Relations Committee Committee Member
17 Lim Hooi Hoon Academic Relations Committee Committee Member
18 Dennis Mah Siew Hoong Academic Relations Committee Committee Member
19 Narayanan N. Annamalai Chettiar Academic Relations Committee Committee Member
20 Dr. Zakiah Muhammaddun Mohamed Academic Relations Committee Committee Member
21 Philip Satish Rao Research and Technical Advisory Committee Chairman
22 Mohamed Farook Nasar Research and Technical Advisory Committee Deputy Chairman
23 Nik Shahrizal Sulaiman Research and Technical Advisory Committee Committee Member
24 Renganathan Narasingham Research and Technical Advisory Committee Committee Member
25 Alina Osman Research and Technical Advisory Committee Committee Member
26 Amos Law Chih Chien Research and Technical Advisory Committee Committee Member
Members’ Networking Session in KuchingOn 20 June 2013, IIA Malaysia organised a members’
networking session for members in Kuching at the Riverside
Majestic Hotel with a turnout of 16 participants. The session
was held for members to meet and share information. Lee Min
On, Partner of KPMG Malaysia & Executive Director of KPMG
Management & Risk Consulting Sdn Bhd gave an informative
talk on “An Introduction To The Statement On Risk
Management & Internal Control: Guidelines For Directors Of
Listed Issuers”. After the talk and a Q & A
(questions and answers) session, the
participants were formed into groups for an
ice-breaking game. They enjoyed themselves
and won prizes in the game which tested on
general knowledge and team work. The
evening concluded with an opportunity for
the participants and speakers to network
while enjoying refreshments.
Lee Min On presenting his talk to participants in Kuching
Participants answering the ice-breaking questions
Interested individual please send your detailed resume with current and expected compensation package to [email protected] by quoting the position title and reference number on the subject line.
SWIFT, the financial messaging provider for more than 10,000 banking organisations, securities institutions and corporate customers in 212 countries and territories, opened this year its new Corporate Services Centre in Kuala Lumpur, Malaysia, accelerating its growth strategy for Asia Pacific.
The new centre is significantly strengthening SWIFT’s support to the growth of the Asia Pacific markets and ensuring that its global membership can benefit from the economic growth, innovation and resources emerging from this part of the world. Located in Bangsar South, in fantastic facilities, the SWIFT Kuala Lumpur Corporate Services Centre offers a wide range of services such as IT development, qualification testing, support, finance, human resources and operational and transactional functions.
It works closely with functional teams in the U.S. and Europe centres to serve SWIFT’s offices around the world and is part of a new corporate hub with SWIFT’s existing Singapore office. The centre currently employs more than 50 staff and is expected to grow to 100 positions over the next three years.
Come and Grow with us!
The SWIFT Internal Audit Department consists of a team of highly skilled, experienced, and dedicated professionals that provides Senior Management and Board of Directors with independent assessments of risks and control environment.
As a member of our international Audit Department spread among three different locations, you will be based in the Corporate Centre in Kuala Lumpur and reporting directly to the Chief Auditor based in the United States. You will be leading the local audit team of 2 people, combining financial and operational auditors as well as IT auditors.
This is a hands-on role where you will be in charge of the end-to-end coordination and delivery of audits. You will be strong in financial, operational and business oriented audits but also with knowledge of IT networks and technologies.
You will be following Internal Audit best practices and ensure compliance with our Internal Audit Methodology and quality standards as well as proposing and assessing appropriate solutions to control problems. You will also contribute to the Departments continuous improvement programme and enhance the risk based audit program, both annual and four year plans.
You will also have experience in managing and leading teams, as well as being a strong communicator to sufficiently interface with senior internal stakeholders with different business profiles. You will be ready to travel to remote locations within Asia, Europe and Americas.
Your responsibilities will mainly be to: • Manage and coordinate the execution of assigned audits within pre-established budgets and scope statements, and ensuring
assigned team members remains productive throughout the audit by assigning and coaching work appropriate to their level• Develop a detailed test plan enabling adequate testing of the specified controls, as well as a time budget and allocation of tests to
assigned auditors• Perform audit fieldwork and validates findings while reviewing and taking responsibility for the timely execution and quality of
the work performed by team members during the audit• Clear audit exceptions raised during fieldwork and prepare audit reports with pragmatic and effective recommendations to
address control issues• Follow-up in a timely manner on assigned requests for recommendation closure• Contribute to establishing and/or maintaining professional, productive working relationships with line management and staff
Requirement:• Bachelor Degree in Accounting/Finance/Economics• Professional certifications such as CPA, CIA, CISA is a plus • A minimum of 8 years of 8 years of relevant professional experience in Internal and/or External Audit. Additional experience in the
area of marketing or consulting is a plus• Must have a good understanding of risks and controls with a good sense of sales and marketing business related processes• Maturity, resilience and excellent verbal and written communication skills in English are essential• Goal oriented, pro-active, team player, and adapting well to a diverse and multicultural environment• Must be willing travel to remote locations both within Asia and in other remote locations in Europe and Americas. (25% of time)
Society of Worldwide Interbank Financial Telecommunications
CAREER OPPORTUNITY : SENIOR FINANCIAL AUDITOR (RF#56427)
9 KEEPING IN TOUCH • Issue 2 Apr – Jun 2013
new releases
Internal Control over External Financial Reporting: A Compendium of Approaches and Examples
In 2013, the Committee of Sponsoring Organisations of the Treadway Commission (COSO) released an update to its Internal Control—Integrated Framework (Framework). The original framework, which was released in 1992, has gained broad acceptance and is widely used around the world. It is recognised as a leading framework for designing, implementing, and conducting internal control and for establishing requirements for an effective system of internal control. To help users apply the Framework to internal control over external financial reporting, COSO has released this companion publication, Internal Control over External Financial Reporting: A Compendium of Approaches and Examples (Compendium). More specifically, the Compendium provides approaches and examples to illustrate how entities may apply the principles set out in the Framework to a system of internal control over external financial reporting.
In the twenty years since the release of the original framework, business and operating environments have changed dramatically, becoming increasingly complex, technologically driven, and global. At the same time, stakeholders have become more engaged, seeking greater transparency and accountability for the integrity of systems of internal control that support business decisions and governance of the organisation. The Framework and the Compendium incorporate many of these changes including:• Expectations for Governance Oversight – Higher regulatory and stakeholder expectations require
the board of directors to oversee internal control over external financial reporting. Some jurisdictions require specific regulatory requirements for expertise and independence of board members of certain types of entities.
• Globalisation of Markets and Operations – Organisations expand beyond domestic markets in the pursuit of value, often entering into international markets and executing cross-border mergers and acquisitions.
• Changes and Greater Complexities in the Business – Organisations change business models and enter into complex transactions in pursuit of growth, greater quality, and productivity, and in response to changes in market and regulatory environments. These changes may include entering into strategic alliances, joint ventures, and other complex contractual arrangements with external parties, implementing shared services, and engaging outsourced service providers.
• Demands and Complexities in Laws, Rules, Regulations, and Standards – Regulators and policy makers promote greater investor protection and confidence in the financial reporting systems through changes in rules, regulations, and standards. Also, users of external financial reports seek greater amounts of information to better evaluate an entity's financial condition and operating results as businesses become more complex.
• Expectations for Competencies and Accountabilities – Demands for greater competence and accountability increase as organisations grow; acquire entities; introduce new products and services; comply with complex rules, regulations, and standards; and implement new processes and technologies. Organisations may flatten and shift management operating models and delegate greater authority or accountability to certain roles.
• Uses of, and Reliance on, Evolving Technologies – An increasingly mobile and interconnected world has made technology more essential for many organisations to improve performance, business processes, and decision making. Entities are investing in emerging technologies, such as cloud computing, mobile devices, and social media, and using enterprise resource planning (ERP) and other technologies to standardise, automate, and streamline business processes.
• Expectations Relating to Preventing or Detecting Material Omissions and Misstatements and Fraud – Stakeholders today have higher expectations for effective internal control over external financial reporting in preventing and detecting material omissions and misstatements due to error and fraud.
Each of these changes requires an organisation to periodically evaluate the implications on its system of internal control over external financial reporting and to design and implement appropriate responses so that the system of internal control adapts and remains effective over time.
The Compendium provides practical approaches and examples that illustrate how the components and principles set forth in the Framework can be applied in preparing external financial statements.
Get your copy of theInternational Professional Practices Framework (IPPF) 2013 Edition
Issue 2 Apr – Jun 2013 • KEEPING IN TOUCH 10
new releases
It neither replaces nor modifies the Framework; rather, it is a supplemental document that can be used in concert with the Framework when considering internal control over external financial reporting.
The Internal Control – Integrated Framework sets forth three categories of objectives: operations, reporting, and compliance. The focus of the Compendium is the external financial reporting category of objectives, a subset of the reporting category. External financial reporting objectives address the preparation of financial reports for external parties, including:
• Financial statements for external purposes, and • Other external financial reporting derived from an entity’s financial and accounting books and records.
Users will find relevant approaches and examples of how organisations may apply the principles set forth in the Framework in the design, implementation and conduct of internal control over external financial reporting. The approaches and examples are samples of activities for management to consider, rather than a complete or authoritative list.
International Professional Practices Framework (IPPF) 2013The Institute of Internal Auditors' (IIA's) International Professional Practices Framework (IPPF) is the authoritative guidance on the internal audit profession. The IPPF presents current, relevant, internationally consistent information that is required by internal audit professionals worldwide.
The IPPF includes mandatory and strongly recommended guidance:• The official Definition of Internal Auditing.• The IIA's Code of Ethics.• New and revised International Standards for the Professional Practice of Internal Auditing with
interpretations that enhance the understanding of current requirements.• Practice Advisories that address internal audit approach, methodologies, and consideration.• Position Papers that assist in understanding significant governance, risk, or control issues and in
delineating the related roles and responsibilities of the internal audit profession.• Practice Guides that provide practical tools and techniques and step-by-step approaches such as those
presented in The IIA's Global Technology Audit Guides and Guides to the Assessment of IT Risk.
The IPPF 2013 edition features The IIA’s Definition of Internal Auditing, Code of Ethics, Standards, and Practice Advisories in hard copy and all IPPF elements on CD-ROM.
How to Order:
International Professional Member Non-Member Quantity Total
Practices Framework (IPPF) Price Price
Normal Price RM75 RM100
Introductory Offer PriceValid until 31 July 2013 RM55 RM80
TOTAL
Do not require delivery; will collect Delivery charges: RM15.00 x copies (Klang Valley only)* from IIA Malaysia. * For delivery out of Klang Valley, please contact us for delivery rates.
Payment: Cash
Cheque of RM payable to THE INSTITUTE OF INTERNAL AUDITORS MALAYSIA
Credit Card:
Issuing Bank: Expiry Date: Card Type: Visa Mastercard
Name: Email :
Organisation: Tel. No. :
Address:
Signature Date
THE INSTITUTE OF INTERNAL AUDITORS MALAYSIA160-3-3 Kompleks Maluri, Jalan Jejaka, Taman Maluri, 55100 Kuala Lumpur, MalaysiaTel : 603-92821148 Fax : 603-92821241E-mail : [email protected], [email protected] Website : www.iiam.com.myFor further inquiries, please contact Syazana & Arafah
Participants listening attentively to the speaker’s explanation
11 KEEPING IN TOUCH • Issue 2 Apr – Jun 2013
events
IIA Malaysia in collaboration with ACCA Malaysia organised a two-day workshop
on “Internal Controls for Accountants and Auditors” on 27-28 May 2013. The
workshop was conducted by Frank Yam and attended by 36 participants.
Another workshop conducted by Frank Yam “Audit and
Control – From Theory to Practice” at Parkroyal, Kuala
Lumpur on 29-31 May 2013, and attended by 38
participants. The workshop was created to develop practical
skills for IT control, security and audit professionals.
Workshop on Internal Controls for Accountants and Auditors
Workshop on Audit and Control – From Theory to Practice
Donald Espersen touching on effective external assesment
IIA Malaysia organised a two-day workshop on “Performing an Effective Quality
Assessment” on 10-11 June to 35 participants at Prince Hotel & Residence,
Kuala Lumpur. The workshop was conducted by Donald Espersen and was
designed to help the participants to learn how to perform an effective external
assessment and/or periodic internal assessment of an internal audit activity.
Workshop on Performing an Effective Quality Assessment (Previously known as Performing an Internal Audit Quality Assessment)
IIA Malaysia organised a two-day workshop on “Essential Skills for Experienced
Internal Auditors” on 12-13 June to 34 participants at Prince Hotel & Residence,
Kuala Lumpur. The workshop was conducted by Donald Espersen and was
designed to help the participants to explore the essential skills that Internal
Auditors need to have in order to effectively carry out their responsibilities.
Workshop on Essential Skills for Experienced Internal Auditors
Participants listening to the presentation with interest
Donald outlining the key points on the topic
Issue 2 Apr – Jun 2013 • KEEPING IN TOUCH 12
events
Workshop on Corporate Governance Review – Roadmap to Boardroom Presence
IIA Malaysia organised a workshop on “International Professional Practices
Framework (IPPF) Awareness/ Application” on 14 June to 19 participants at
Prince Hotel & Residence, Kuala Lumpur. The workshop was conducted by
Donald Espersen and was tailored to provide the participants with an
opportunity to develop, or reinforce, their awareness and application of the
essential guidance in IPPF. It included a discussion on new standards and
how to apply them to a variety of everyday internal audit activities.
On 19-20 June, IIA Malaysia organised a workshop on “Corporate
Governance Review – Roadmap to Boardroom Presence” to 26
participants at Prince Hotel & Residence, Kuala Lumpur. Presented by
Wee Hock Kee, the workshop was tailored to provide internal auditors,
middle managers and senior managers, with a set of practical tools
and techniques for conducting a corporate governance review within
their organisation.
Standards are explored in an interesting approach
Wee Hock Kee giving pointers on corporate governance review
Workshop on Internal Audit Report Writing: Improving Mindset, Clarity, Focus, and Brevity for Greater Impact to Clients
One of IIA Malaysia Speakers Steven Yee, presented a new two-day workshop on “Internal
Audit Report Writing: Improving Mindset, Clarity, Focus, and Brevity for Greater Impact to
Clients” (Previously known as Effective Audit Report Writing) to 34 participants. The
workshop which was held on 19-20 June at Seri Pacific Hotel, Kuala Lumpur aimed to
encourage participants to realise that it is vital to appreciate the larger picture of the audit
findings in relation to the business risk and governance practices before putting their
thoughts in systematic writings to convince their client to adopt changes to better the
business processes and risk management countermeasures.
Workshop on International Professional Practices Framework (IPPF) Awareness/ Application
A newly revived topic by Steven Yee
(Previously known as Performing an Internal Audit Quality Assessment)
13 KEEPING IN TOUCH • Issue 2 Apr – Jun 2013
events
Issue 2 Apr – Jun 2013 • KEEPING IN TOUCH 14
SUGGESTION TO REALITY!The Plantation Audit Forum was definitely a challenge to the Organising Committee and was the first sector-specific audit forum organised by the Institute. The idea of the forum was mooted by a member during the Johor Working Group Meeting and meet-the-members session.
The forum was attended by participants of various organisations and from different levels ranging from Executive Directors to Internal auditors to Admin and Head Office Managers forming a good mix of crowd. The participation of non audit personnel in an internal audit forum is an interesting trend as it evidently shows the recognition of the importance of internal audit function. Organisations are indicating a keen interest to understand the work of the internal auditors.
The session started with the newly elected President of IIA Malaysia, Ranjit Singh’s welcome address. He stressed on the importance of internal auditors as the Third Line of Defence and on the importance of risk management in the plantations industry.
Session 1: Tang Men Kon, Head-In-Charge, Plantation Sustainability & Quality Management, Sime Darby Plantation Sdn Bhd Tang started the session by highlighting the major milestones achieved in Sime’s sustainability journey. He then shared some of their sustainability practices, achievements in certification and compliance and also on the carbon emission reduction strategy.
According to Tang, some of the sustainability practices by Sime are the industry’s best standards in plantation processes which are developed over the century and have been perfected through a combination of experience and, research and development.
He also shared that Sime, historically pioneered the good agricultural practices. Some of the good agricultural practices were zero burning replanting technique, soil and water management, adoption of no peatland new planting policy and adopted alternatives and stopped the use of paraquat in the early 2000s.
Session 2: Reports That Matter: Make A Difference Moderator: Tuan Hj Abd Razak bin Haron, Vice President, Special Administration Division, Johor Corporation
Panelists:John Edward Arkosi, Group Head, Group Corporate Assurance and Group Compliance Office, Sime Darby BerhadZalily Mohd Zaman Khan, Vice President & Head of Group Internal Audit, Felda Global Ventures Holdings BerhadFrank Chin Suan Yong, Head of Group Internal Audit, IOI Corporation Berhad
The distinguished panel comprised Chief Audit Executives from three big plantation companies. The panelists discussed on the importance of delivery, handling repetitive and recurring issues, effective summarisation of reports and power packaging the report.
Some of the tips given by the speakers on addressing repetitive and recurring issues were to determine the causes and categorising them, getting management involved in establishing action plans, analysing the statistics and trending of the issues, assist management in implementing CSA to improve management’s control awareness and accountability and also setting KPI’s on recurring issues for accountable staff.
Session 3: Governance in The Plantation Industry – Mohd Khaidzir bin Shahari, Executive Director, KPMG Management and Risk Consulting Sdn BhdMohd Khaidzir opened the session with the question on whether governance matter to estate workers. He also gave practical examples of governance audits which can be carried out in the plantation sector. The participants had many questions on this topic and gained a lot of insight on how to audit the governance process in plantations.
Master Class 1: Plantation Audit – A Value Proposition, Dr Muhammad Mohan, Managing Director, Oasis Revenue Sdn Bhd and Shanmugam M, Director, Fiscal Consultants Sdn BhdDr Muhammad Mohan started off the session by providing a general overview of the competitive environment faced by the palm oil industries currently and in the future. Shanmugam provided an in-sight of auditing in the plantation sector. The matters discussed in depth were issues and challenges faced from a management’s perspective of plantation audits were particularly valuable. Proposed means of narrowing the expectation gaps were suggested and how internal auditors should be working and thinking towards the higher scale of the value proposition.
The Master Class 2: Risk Based Internal Audit For Plantation Companies, Tan Yu Ming, Director, Ernst & Young Advisory Services Sdn BhdThe speaker covered the objectives and discussed the challenges and opportunities in enhancing the effectiveness and efficiency of internal audit for plantation companies. The participants gained understanding on the need to formulate risk based IA plans to achieve business objectives and optimise IA resources to focus areas with greater risks and understand that the IA report uses risk for effective communication of audit findings.
Most participants found the forum very interesting but would like the duration of the forum to be lengthened. There were even feedback on suggested venues and post forum events for future similar forums. Be sure to catch any of these forums in the future.
Contributed by: Subhash Chandran, Chairperson, Johor Working Group, The Institute of Internal Auditors Malaysia
Loh Yit Wei, Fiona Chin and Mohd Azwan Bin Adnan, Sharikat Kim Loong Sdn Bhd
Master Class 1 – Q & A session
Some questions from the floor
PLANTATIONS AUDIT FORUMSUSTAINABILITY IN BUSINESS17 JUNE 2013, MUTIARA HOTEL, JOHOR BAHRU
PLANTATIONS AUDIT FORUM
Welcome Address by IIA Malaysia President, Ranjit Singh
Plenary Session 1 by Tang Men Kon the Head-In-Charge, Plantation Sustainability & Quality
Management of Sime Darby Plantation Sdn Bhd
Plenary Session 2 (Panel Discussion)
Session by Mohd Khaidzir bin Shahari, Executive Director of KPMG Management and Risk
Consulting Sdn Bhd
Master Class 2 by Tan Yu Min the Director of Ernst & Young Advisory Services Sdn Bhd
Group activity and discussion
15 KEEPING IN TOUCH • Issue 2 Apr – Jun 2013
events
Issue 2 Apr – Jun 2013 • KEEPING IN TOUCH 16
The Institute of Internal Auditors Malaysia was
proud to host its third conference on corporate
fraud, the 2013 Corporate Fraud Conference in
East Malaysia, on 22-23 April 2013 at Hilton
Kuching, Sarawak. The 2-day conference, themed
“Fraud Risk Management: Make it Count”, was
attended by approximately 70 delegates from
both the public and private sectors from
throughout the country.
OPENING CEREMONYThe conference commenced with the welcome
address by YBhg Datin Josephine Low, President
of IIA Malaysia, touching on the importance of
establishing a professional internal audit activity
for all organisations, large and small, as they may
face equally complex environments and
ever-changing business needs. A good internal
audit function not only provides assurance but
also helps the organisation improve business
performance.
Datin Josephine pointed out that in a press statement released on 5
December 2012, Transparency International Malaysia ranked Malaysia in
the mid-range average at number 54 on the International Corruption
Perceptions Index out of 176 countries included in the study. Corruption
is nothing new and laws and regulations have been on the books for
decades. However, as more organisations have expanded globally, the
risks have also increased. In view of this, internal auditors should assess
opportunities for corruption at all levels, and consider corruption risks
when developing risk assessments for audit planning purposes.
YBhg Datuk IG Chandran FCA, Special Advisor to the Chief
Commissioner and Head of Forensic, Malaysian Anti-Corruption
Commission (MACC), delivered the keynote address. He stated that
according to the ACFE’s Report to the Nations on Occupational Fraud &
Abuse, 2012, the typical organisation loses 5% of its revenues to fraud
each year, translating to a potential projected global fraud loss including
corruption of more than $3.5 trillion.
Results of surveys have indicated that even in the largest of
multinationals, fraud is perpetrated in many forms and not the least is
corruption. Hence, there is no doubt that organisations need to put in
place a robust Fraud Risk Management framework, in full commitment
and in true spirit. The corporate/public sector culture, the tone from the
top and the perceived tolerance on fraud all play a pivotal role in the
management of fraud risks.
PLENARY SESSIONS AND MASTER CLASSESThere were a total of 5 plenary and concurrent sessions featuring 8 prominent speakers, panelists and moderators from Malaysia and abroad.
The three plenary sessions held on the first day encompassed the following topics:• Fraud Risk Management: Make it Count• Building a Corporate Ethical Culture• Dealing with Cybercrime
The second day of the conference featured two concurrent master classes focusing on the following topics:• Fraud within Supply Chain Management: Prevention is Cheaper than Cure• Preventing and Detecting Fraud
The wide array of topics led by the distinguished speakers was well received by the delegates.
In addition, delegates visited the IIA Malaysia book counter to view the latest IIA publications and enjoyed discounted prices for on-site purchases. The Institute also promoted the upcoming 2013 National Conference on Internal Auditing, which will be held on 23-24 September 2013 in Kuala Lumpur.
By: Lim Wei Hong, CIA, CCSA, CFSA, CRMA, CMIIA
Fraud Risk Management: Make it Count
2013 CORPORATE FRAUDCONFERENCE IN EAST MALAYSIA
FRAUD
Datuk IG
Chandran
delivering
his speech
Registration on Day 1
Opening speech by Datin Josephine Low, President of IIA Malaysia
Participants giving full attention to the conference session
Panel Session by Gladys Leong, Datin Josephine Low, Woo Yoke Meng (Moderator) and David Renny Gnanadass
Some questions from the floor
Shuhairoz binti Mohamed Shukeri
Stevie Heong
Wayne Soo Deon van der Westhuizen
17 KEEPING IN TOUCH • Issue 2 Apr – June 2013
technical
COSO - 2013 Internal Control – Integrated Framework
Issued by the Committee of Sponsoring Organisations of the Treadway Commission (COSO), the 2013 Internal Control – Integrated Framework (Framework) is expected to help organisations design and implement internal control in light of many changes in business and operating environments since the issuance of the original Framework in 1992. The new Framework retains the core definition of internal control and the five components of internal control, and it continues to emphasise the importance of management judgment in designing, implementing, and conducting a system of internal control, and in assessing its effectiveness. It broadens the application of internal control in addressing operations and reporting objectives, and clarifies the requirements for determining what constitutes effective internal control.
The Framework includes enhancements and clarifications that are intended to ease use and application. One of the more significant enhancements is the formalisation of fundamental concepts that were introduced in the original framework. In the updated Framework, these concepts are now principles, which are associated with the five components, and which provide clarity for the user in designing and implementing systems of internal control and for understanding requirements for effective internal control.
The Framework has been enhanced by expanding the financial reporting category of objectives to include other important forms of reporting, such as non-financial and internal reporting. Also, the Framework reflects considerations of many changes in the business and operating environments over the past several decades, including:• Expectations for governance oversight• Globalisation of markets and operations• Changes and greater complexities of business• Demands and complexities in laws, rules, regulations, and
standards • Expectations for competencies and accountabilities • Use of, and reliance on, evolving technologies• Expectations relating to preventing and detecting fraud
The Framework comprises three volumes and includes the following: Executive Summary – This provides a high-level overview intended for the board of directors, chief executive officer, and other senior management.
The Executive Summary: • Lays out the definition, and limitations, of internal control,
and the requirements for an effective system of internal control, including a description of the roles of components and principles.
• Highlights several important enhancements and clarifications that are intended to ease use and application of the Framework.
The Framework assists management, boards of directors, external stakeholders, and others interacting with the entity in their respective duties regarding internal control without being overly prescriptive. It does so by provided both understanding of what constitutes a system of internal control and insight into when internal control is being applied effectively.
For management and boards of directors, the Framework provides:• A means to apply internal control to any type of entity,
regardless of industry or legal structure, at the levels of entity, operating unit, or function
• A principles-based approach that provides flexibility and allows for judgment in designing, implementing, and conducting internal control – principles that can be applied at the entity, operating, and functional levels
• Requirements for an effective system of internal control by considering how components and principles are present and functioning and how components operate together
• A means to identify and analyse risks, and to develop and manage appropriate responses to risks within acceptable levels and with a greater focus on anti-fraud measures
• An opportunity to expand the application of internal control beyond financial reporting to other forms of reporting, operations, and compliance objectives
• An opportunity to eliminate ineffective, redundant, or inefficient controls that provide minimal value in reducing risks to the achievement of the entity's objectives
For external stakeholders of an entity and others that interact with the entity, application of this Framework provides:• Greater confidence in the board of directors' oversight of
internal control systems• Greater confidence regarding the achievement of entity
objectives• Greater confidence in the organisation's ability to identify,
Issue 2 Apr – June 2013 • KEEPING IN TOUCH 18
technical
analyse, and respond to risk and changes in the business and operating environments
• Greater understanding of the requirement of an effective system of internal control
• Greater understanding that through the use of judgment, management may be able to eliminate ineffective, redundant, or inefficient controls
Internal control is not a serial process but a dynamic and integrated process. The Framework applies to all entities: large, mid-size, small, for-profit and not-for-profit, and government bodies. However, each organisation may choose to implement internal control differently. For instance, a smaller entity's system of internal control may be less formal and less structured, yet still have effective internal control.
Framework and Appendices – The Framework and Appendices sets forth the five components and seventeen principles of an effective system of internal control, illustrates many approaches and examples relating to entity objectives, and provides direction for all levels of management to use in designing, implementing and conducting a system of internal control, and in assessing its effectiveness.
The Framework includes:1. Definition of Internal Control
Internal control is defined as follows: Internal control is a process, effected by an entity's board of
directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.
This definition emphasises that internal control is: • Geared to the achievement of objectives in one or more
separate but overlapping categories – operations, reporting, and compliance
• A process consisting of ongoing tasks and activities – a means to an end, not an end in itself
• Effected by people – not merely about policy and procedure manuals, systems, and forms, but about people and the actions they take at every level of an organisation to effect internal control
• Able to provide reasonable assurance – but not absolute assurance, to an entity's senior management and board of directors
• Adaptable to the entity structure – flexible in application for the entire entity or for a particular subsidiary, division, operating unit, or business process
This definition of internal control is intentionally broad for two reasons. First, it captures important concepts that are fundamental to how organisations design, implement, and conduct internal control and assess effectiveness of their system of internal control, providing a basis for application across various types of organisations, industries, and geographic regions. Second, the definition accommodates subsets of internal control.
2. Objectives, Components, and Principles
An organisation adopts a mission and vision, sets strategies, establishes objectives it wants to achieve, and formulates plans for achieving them. Objectives may be set for an entity as a whole or be targeted to specific activities within the entity. Though many objectives are specific to a particular entity, some are widely shared. For example, objectives common to most entities are sustaining organisational success, reporting to stakeholders, recruiting and retaining motivated and competent employees, achieving and maintaining a positive reputation, and complying with laws and regulations.
Supporting the organisation in its efforts to achieve objectives are five components of internal control:
• Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring Activities
The Framework sets out seventeen principles representing the fundamental concepts associated with each component. Because these principles are drawn directly from the components, an entity can achieve effective internal control by applying all principles. All principles apply to operations, reporting, and compliance objectives.
The principles supporting the components of internal control are listed below.
Control Environment 1. The organisation demonstrates a commitment to
integrity and ethical values. 2. The board of directors demonstrates independence
from management and exercises oversight of the development and performance of internal control.
3. Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.
4. The organisation demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.
5. The organisation holds individuals accountable for their internal control responsibilities in the pursuit of objectives.
Risk Assessment 6. The organisation specifies objectives with sufficient
clarity to enable the identification and assessment of risks relating to objectives.
7. The organisation identifies risks to the achievement of its objectives across the entity and analyses risks as a basis for determining how the risks should be managed.
8. The organisation considers the potential for fraud in assessing risks to the achievement of objectives.
9. The organisation identifies and assesses changes that could significantly impact the system of internal control.
19 KEEPING IN TOUCH • Issue 2 Apr – June 2013
technical
Control Activities 10. The organisation selects and develops control
activities that contribute to the mitigation of risks to
the achievement of objectives to acceptable levels.
11. The organisation selects and develops general control
activities over technology to support the achievement
of objectives.
12. The organisation deploys control activities through
policies that establish what is expected and
procedures that put policies into action.
Information and Communication 13. The organisation obtains or generates and uses
relevant, quality information to support the
functioning of internal control.
14. The organisation internally communicates information,
including objectives and responsibilities for internal
control, necessary to support the functioning of
internal control.
15. The organisation communicates with external parties
regarding matters affecting the functioning of internal
control.
Monitoring Activities 16. The organisation selects, develops, and performs
ongoing and/or separate evaluations to ascertain
whether the components of internal control are
present and functioning.
17. The organisation evaluates and communicates internal
control deficiencies in a timely manner to those parties
responsible for taking corrective action, including
senior management and the board of directors, as
appropriate.
3. Effective Internal Control
An effective system of internal control provides
reasonable assurance of achievement of an entity's
objectives. Because internal control is relevant both to
the entity and its subunits, an effective system of
internal control may relate to a specific part of the
organisational structure. An effective system of internal
control reduces, to an acceptable level, the risk of not
achieving an objective relating to one, two, or all three
categories. It requires that:
• Each of the five components of internal control and
relevant principles is present and functioning
• The five components are operating together in an
integrated manner
In determining whether a system of internal control is effective,
management exercises judgment in assessing whether each of
the components and relevant principles is present and
functioning and components are operating together.
When internal control is determined to be effective, senior
management and the board of directors have reasonable
assurance of the following categories of objectives:
• Operations — the organisation:
- achieves effective and efficient operations when
external events are considered unlikely to have a
significant impact on the achievement of objectives
or when the organisation can reasonably predict the
nature and timing of external events and mitigate
the impact to an acceptable level
- understands the extent to which operations are
managed effectively and efficiently when external
events may have a significant impact on the
achievement of objectives and the impact cannot
be mitigated to an acceptable level
• Reporting — the organisation prepares reports in
conformity with applicable laws, rules, regulations, and
standards established by legislators, regulators, and
standard setters, or with the entity's specified objectives
and related policies
• Compliance — the organisation complies with applicable
laws, rules, and regulations
The Framework sets forth that components and relevant
principles are requisite to an effective system of internal
control. It does not prescribe the process for how
management assesses its effectiveness.
4. Additional Considerations
• Judgment – the Framework requires judgment in
designing, implementing, and conducting internal
control and assessing its effectiveness.
• Points of Focus – the Framework describes points of
focus that are important characteristics of principles.
• Controls to Effect Principles – the Framework allows
judgment in assessing the potential impact of a control
deficiency on the presence and functioning of a
relevant principle.
• Organisational Boundaries – the Framework can be
applied to the entire entity regardless of what choices
management makes about how it will execute business
activities that support its objectives, either directly or
through external relationships.
• Technology – the principles presented in the Framework
do not change with the application of technology. As
this is a principles-based framework and technology is
continually evolving, the Framework does not address
specific technologies, such as cloud computing and
social media.
• Larger versus Smaller Entities – the principles
underlying components of internal control are just as
applicable for smaller entities as for larger ones.
However, implementation approaches may vary for
smaller entities.
• Benefits and Costs of Internal Control – Overall,
management considers a variety of cost factors in
relation to expected benefits when selecting and
developing internal controls.
Issue 2 Apr – June 2013 • KEEPING IN TOUCH 20
technical
• Documentation – the extent of documentation supporting the presence and functioning of each of the components and relevant principles of internal control and components operating together is a matter of judgment, and should be done with cost-effectiveness in mind.
5. Control Environment
The control environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organisation. The board of directors and senior management establish the tone at the top regarding the importance of internal control including expected standards of conduct. Management reinforces expectations at the various levels of the organisation. The control environment comprises the integrity and ethical values of the organisation; the parameters enabling the board of directors to carry out its governance oversight responsibilities; the organisational structure and assignment of authority and responsibility; the process for attracting, developing, and retaining competent individuals; and the rigor around performance measures, incentives, and rewards to drive accountability for performance. The resulting control environment has a pervasive impact on the overall system of internal control.
6. Risk Assessment
Every entity faces a variety of risks from external and internal sources. Risk is defined as the possibility that an event will occur and adversely affect the achievement of objectives. Risk assessment involves a dynamic and iterative process for identifying and assessing risks to the achievement of objectives. Risks to the achievement of these objectives from across the entity are considered relative to established risk tolerances. Thus, risk assessment forms the basis for determining how risks will be managed.
A precondition to risk assessment is the establishment of objectives, linked at different levels of the entity. Management specifies objectives within categories relating to operations, reporting, and compliance with sufficient clarity to be able to identify and analyse risks to those objectives. Management also considers the suitability of the objectives for the entity. Risk assessment also requires management to consider the impact of possible changes in the external environment and within its own business model that may render internal control ineffective.
7. Control Activities
Control activities are the actions established through policies and procedures that help ensure that management's directives to mitigate risks to the achievement of objectives are carried out. Control activities are performed at all levels of the entity, at various stages within business processes, and over the technology environment. They may be preventive or detective in nature and may encompass a range of manual and automated activities such as authorisations and approvals, verifications, reconciliations, and business performance reviews. Segregation of duties is typically built into the selection and development of control activities. Where segregation of duties is not practical, management selects and develops alternative control activities.
8. Information and Communication
Information is necessary for the entity to carry out internal control responsibilities to support the achievement of its objectives. Management obtains or generates and uses relevant and quality information from both internal and external sources to support the functioning of other components of internal control. Communication is the continual, iterative process of providing, sharing, and obtaining necessary information. Internal communication is the means by which information is disseminated
21 KEEPING IN TOUCH • Issue 2 Apr – June 2013
technical
throughout the organisation, flowing up, down, and across the entity. It enables personnel to receive a clear message from senior management that control responsibilities must be taken seriously. External communication is twofold: it enables inbound communication of relevant external information, and it provides information to external parties in response to requirements and expectations.
9. Monitoring Activities
Ongoing evaluations, separate evaluations, or some combination of the two are used to ascertain whether each of the five components of internal control, including controls to effect the principles within each component, is present and functioning. Ongoing evaluations, built into business processes at different levels of the entity, provide timely information. Separate evaluations, conducted periodically, will vary in scope and frequency depending on assessment of risks, effectiveness of ongoing evaluations, and other management considerations. Findings are evaluated against criteria established by regulators, recognised standard-setting bodies or management and the board of directors, and deficiencies are communicated to management and the board of directors as appropriate.
10. Limitations of Internal Control
The Framework recognises that while internal control provides reasonable assurance of achieving the entity's objectives, limitations do exist. Internal control cannot prevent bad judgment or decisions, or external events that can cause an organisation to fail to achieve its operational goals. In other words, even an effective system of internal control can experience a failure. Limitations may result from the:
• Suitability of objectives established as a precondition to internal control
• Reality that human judgment in decision making can be faulty and subject to bias
• Breakdowns that can occur because of human failures such as simple errors
• Ability of management to override internal control • Ability of management, other personnel, and/or third
parties to circumvent controls through collusion • External events beyond the organisation's control
These limitations preclude the board and management from having absolute assurance of the achievement of the entity's objectives – that is, internal control provides reasonable but not absolute assurance. Notwithstanding these inherent limitations, management should be aware of them when selecting, developing, and deploying controls that minimise, to the extent practical, these limitations.
The Appendices provide additional reference material, including:
• A glossary of key terminology, a discussion of roles and responsibilities of both responsible and external parties,
• A discussion of the methodology used for revising the Framework,
• A discussion of comment letters received during the public exposures of the proposed drafts of the Framework,
• A summary of changes to the COSO Internal Control-Integrated Framework (1992), and
• A comparison with the COSO Enterprise Risk Management-Integrated Framework.
Illustrative Tools for Assessing a System of Internal Control (Tools) – The Tools provide illustrative templates and scenarios that may be useful in applying the Framework. It can help management in assessing whether a system of internal control meets the requirements for effective internal control.
This publication is organised into two fundamental
sections: Templates and Scenarios. • The templates can support an assessment of the
effectiveness of a system of internal control and help to document such an assessment.
• The scenarios illustrate several practical examples of how the templates can be used to support an assessment of effectiveness of a system of internal control.
The templates and scenarios focus on evaluating components and relevant principles, not the underlying controls (e.g., transaction-level control activities) that affect the relevant principles. These tools are not designed to satisfy any criteria established through laws, rules, regulations, or external standards for evaluating the severity of internal control deficiencies associated with a particular entity objective, such as external financial reporting. As noted in the Framework, when regulators, standard-setting bodies, and other relevant third parties establish criteria for defining the severity of, evaluating, and reporting internal control deficiencies, management should use only those criteria.
The templates are designed to present only a summary of assessment results. They are not an integral part of the Framework, and they may not address all matters that need to be considered when assessing a system of internal control. Further, they do not represent a preferred method of conducting and documenting an assessment. Their purpose is limited to illustrating one possible assessment process based on the requirements for effective internal control, as set forth in the Framework.
The templates do not illustrate management's selection and deployment of controls to effect principles or its determination of scope, nature, timing, and extent of evaluating such controls embedded within the components. The facts and circumstances relevant to an assessment vary among different categories of objectives and among different entities and industries; therefore, the practical use of these tools also varies.
The scenarios present several practical examples of how the templates can be used to support an assessment of effectiveness of a system of internal control based on the requirements set forth in the Framework. Each scenario is designed to illustrate a particular aspect, or set of related aspects, of the assessment process, and consists of two parts:
• Background material to provide context for the scenario (e.g. company background, relevant paragraphs of the Framework, summary of key points)
• Completed templates Related links: http://www.coso.org/
https://na.theiia.org/standards-guidance/topics/Pages/COSO-Resource-Center.aspx
To order a copy of the COSO - 2013 Internal Control – Integrated Framework, submit your order to [email protected] or call 03-9282 1148 ext. 115 Syazana/Arafah
2013TRAINING CALENDAR
August
September
13 - 16 Audit Manager Tools and Techniques Kuala Lumpur19 - 20 Value-Added Business Controls : The Right Way to Manage Risks Kuala Lumpur19 - 22 Beginning Auditor Tools and Techniques Kuala Lumpur21 - 22 Changing Needs for Compliance Auditing : Improving Techniques, Skills and Reporting Style for Better Results and Assurance (COURSE ONLY FOR AUDITORS IN THE PUBLIC SECTOR / SEMI-GOVERNMENT / STATE OWNED / STATUTORY BODY ENTITIES) Kuala Lumpur21 - 22 Forensics for Investigators Kuala Lumpur26 - 27 Practical Operational Audit of Supply Chain Management Kuala Lumpur28 - 29 Consulting : Activities, Skills & Attitudes Kuala Lumpur28 - 29 Auditing Purchasing for Contemporary Businesses Kuala Lumpur29 Financial Statement Fraud* Johor Bharu
2 - 5 Beginning Auditor Tools and Techniques Kuching2 - 3 COSO-Based Internal Auditing Kuala Lumpur4 - 5 Fundamental Skills in Information Systems Auditing Kuala Lumpur9 – 12 Beginning Auditor Tools and Techniques Kuala Lumpur16 - 17 Technology Governance for the Auditor ** Kuala Lumpur18 - 19 Outsourcing Contract Management by the Client – Post-signature Kuala Lumpur20 IT Governance for Executive Directors & Board Members Kuala Lumpur23 - 24 National Conference Kuala Lumpur25 Dealing with Difficult People Kuala Lumpur25 - 26 Changing Needs for Compliance Auditing : Improving Techniques, Skills and Reporting Style for Better Results and Assurance (COURSE ONLY FOR AUDITORS IN THE PUBLIC SECTOR / SEMI-GOVERNMENT / STATE OWNED / STATUTORY BODY ENTITIES) Kuala Lumpur26 - 27 Process Mapping for Business Improvement and Profitability Kuala Lumpur
* This seminar/workshop is in collaboration with ACCA Malaysia. ** This workshop is in collaboration with ISACA Chapter Malaysia.
NEW
NEW
NEW
NEW
NEW
NEW
NEW
NEW
For further information on our training programmes, please visit our website: www.iiam.com.my
IIA MALAYSIA PROUDLY PRESENTS OUR ANNUAL PREMIER EVENT 2013 NATIONAL CONFERENCE ON INTERNAL AUDITING
NETWORKING DINNER
Don’t miss out on the Plenary Sessions with the Industry Leaders
Unwind the day with “A night with Jason Lo, Chief Executive Officer of Tune Talk Sdn Bhd”
SCALING GREATER HEIGHTS THROUGH LEADERSHIP• Why are some people more successful than others?• Why are some people more trusted than others?• Where does leadership credibility come from?The session will answer the above and other questions about how leadership drives superior performance both at the individual and organisational level.
By: RAJEEV PESHAWARIAChief Executive Officer, The Iclif
ADDING VALUE: OUR CUSTOMER’S PERSPECTIVE• The challenges our customers face, and their
expectations of internal audit.• What “adding value” means for our customers, and
tactics to achieve.• The impact that high customer expectations will
have on the profession, our teams, and on you
By: LAWRENCE (LARRY) HARRINGTON Vice Chairman, IIA Global, USAVice President Internal Audit, Raytheon Company, USA
When Jason Lo first helmed the controls of Tune Talk as CEO, it was his first foray into the telecommunications industry. He went through a steep learning curve in order to quickly understand how the Telco business worked.
Despite all the challenges, the company persevered and under his direction, went on to become the country’s fastest growing mobile prepaid service provider. Lo is instrumental in ensuring the Tune Talk brand stays fresh and relevant, making it attractive to the youth segment, the company’s core target market.
In 2011, the company won the Frost & Sullivan’s Malaysia Excellence Award as the ‘Most Promising Service Provider of the Year’. In the same year, Lo garnered his personal decoration, ‘The Most Promising Entrepreneurship’ award for ‘Outstanding & Exemplary Achievements in Entrepreneurship’ at the Asia Pacific Entrepreneurship Awards (APEA) 2011.