Internal Control and Review

8/18/2019 Internal Control and Review

1/22

Internal Control and Revie

Management control systein corporate governance


2/22

Control

•Any action taken by management to enhanclikelihood that established goals objectives wachieved.

• May be preventive, directive or detective.

• System o control is the integrated collection

components and activities that are !sed by organi"ation to achieve its goals and objecti


3/22

Control

#!rnb!ll Report de$ned control as• %olicies, processes, tasks, behaviors and othe

aspects o the company taken together to

• &elp operate e'ectively and e(ciently by allowingcompany to respond in an appropriate way to signrisks in achieving the company)s objectives *+%RAC+-#R+S/

• &elp ens!re the 0!ality o e1ternal and internal $nreporting *2I-A-CIA C+-#R+S/

• &elp ens!re the compliance with applicable laws areg!lations, and also with internal policies or the c

b!siness *C+M%IA-C C+-#R+S/


4/22

Internal management cont

3 characteristics o internal management con• There has to be a set of objectives: #he

o all control systems is to try and g!ide theorgani"ation towards desired goals and obje

• There has to be a plan. In a typical acco!n

control system 4 a plan is prepared 4 the b!d• Have to be able to measure the results.

o!tp!t rom the process is compared againststandard.

• Have to take corrective action. Any devia

*variances/ m!st be corrected.


5/22

So!nd internal control syst

5 eat!res o so!nd internal control system• mbedded within operations and not treated

separate e1ercise

• Able to respond 0!ickly to risks as they evol

• Incl!des proced!res or reporting control ai

weaknesses to the appropriate level omanagement


6/22

imitations o internal controsystem

•

#he system can only provide reasonable asso achievement o objectives. #he system is o mistakes and error

• Internal control system can be by6passed bycoll!sion and management override

•

Controls only designed to cope with ro!tinetransactions and not or !ne1pected events

• #here are reso!rce constraints in provisions internal control and limit its e'ectiveness


7/22

Importance o internal controC7

• #o saeg!ard the shareholders) investment and the coassets: A company)s system o internal control has a k

the management o risks that are signi$cant to the !o its b!siness objectives.

• #o deal with potential o losses: +rgani"ations need torisk management strategies in order to deal with the por losses.

• #o acilitate the e'ectiveness and the e(ciency o ope

•

#o ens!re that the company is not !nnecessarily e1poavoidable $nancial risks and that $nancial inormationwithin the b!siness and or p!blication is reliable.

• #o prevent and detect ra!d

• #o help manage and control risk appropriately rather teliminate it. A so!nd system o internal control depenthoro!gh and reg!lar eval!ation o the nat!re and e1trisk to which the company is e1posed.


8/22

+bjectives o internal controlsystem

• 2acilitate its e'ective and e(cient operation byenabling it to respond appropriately to signi$ca

b!siness, operational, $nancial, compliance andrisks to achieve the companies) objectives. #hisincl!des the saeg!arding o assets rom inappr!se or loss and ra!d and ens!ring that liabilitieidenti$ed and managed.

• &elp ens!re o internal and e1ternal reporting. #

re0!ires the maintenance o proper records andprocesses that generate a 8ow o timely, relevareliable inormation rom both within and o!tsidorgani"ation.

• &elp ens!re compliance with applicable laws anreg!lations, and also internal policies and procewith respect to the cond!ct o b!siness.


9/22

Roles o board o directors in rmanagement

•&elps to determine risk management strateghas a monitoring !nction regarding risks.

• Set appropriate policies on internal controls seeks ass!rances that the internal control sy!nctioning e'ectively.

•-eeds to comm!nicate the organi"ation)s stto employees

*-S9R #&A# RIS MA-A7M-# S;S#MS %AC/


10/22

Roles o C+ in risk managem

•&as ownership o the risk management and control system.

• &as to consider the risk and control environmoc!sing on how to promote the right c!lt!re

• Sho!ld also monitor other directors and sen

partic!larly those whose actions can p!t thecompany at signi$cant risk.

*A%%ICA#I+- +2 RIS MA-A7M-# S;S#M%RAC#ICS I- #& +R7A-ISA#I+-/


11/22

Components o internal controsystem

•Control nvironment

• Risk Assessment

• Control Activities

• Inormation and Comm!nication

• Monitoring


12/22

Control nvironment

• %rovides the o!ndation or all the other componen

sets the tone or entire organi"ation.• Internal controls are more likely to !nction well i

management believes that the controls are importcomm!nicates that s!pport to employees at all lev

• #he control environment is in8!enced by the act tindivid!als in the organi"ation reali"e that they wilacco!ntable.

• +rgani"ations with e'ective control environments positive =tone at the top.>

• A company)s organi"ational str!ct!re is key to its aachieve its objectives beca!se the organi"ational s

provides the ramework or all its activities.


13/22

&ow to create a positive contrenvironment

•

#ransmit g!idance both verbally and by e1ample, the entity)s vstandards and code o cond!ct, and ollow !p on violations.

• #here m!st be mechanisms to enco!rage employee reporting oviolations, and disciplinary actions are taken when employees them.

• 2oster a =control conscio!sness> by setting ormal and clearlycomm!nicated policies and proced!res that are to be ollowed witho!t e1ception, and which res!lt in shared val!es and teamw

• Speciy the competence level needed or partic!lar jobs, hire ancompetent people, and assign a!thority and responsibility appr

• #he attention and direction provided by the board o directors iens!re that the company is operated in the best interest o sha

• #he board consists o both inside and o!tside directors who have1pertise and who are active and involved. Independence rommanagement is critical, so that i necessary, di(c!lt and probin

will be raised


14/22

Risk Assessment

• Risk: anything that endangers the achievement o

objective• Risk assessment is the process o identiying, an

and managing the risks that have the potential tprevent the organi"ation rom achieving its objec

• Assessment o risk involves determining

•the vol!me o transactions

• the average dollar amo!nt per transaction,

• the dollar val!e o assets that are e1posed to loss, as

• the probability that a loss will occ!r

• #he company)s objectives m!st be established b

the risks can be assessed.


15/22

Risk Assessment

• External risks incl!de changes in technologchanges in the market in which an entity openew legislation bringing new re0!irements, ndisasters, economic changes, a ail!re o a kes!pplier, or being s!ed, dera!ded, or robbed

• Internal risks incl!de employee embe""lem

accompanied by alsi$cation o records to cothe thet, lack o compliance with governmenreg!lations, or other illegal acts by employeeas taking a bribe. #hey can incl!de disr!ptioncomp!ter systems, poor management decisierrors, or accidents.


16/22

Control Activities

• Control activities: the policies that address the

identi$ed risks and the proced!res that ens!re thmanagement directives are carried o!t, th!s helpens!re that the organi"ation)s objectives will beachieved.

• #he identi$ed risks cannot be completely eliminacan minimi"e them thro!gh designing appropriatecontrol activities

• Management m!st comprehend laws and reg!latimposed on the organi"ation rom the o!tside andthat compliance policies and proced!res are in pl

• Control activities can be preventive, detective,

directive, corrective or compensating.


17/22

Control Activities

• Preventive: to avoid the occ!rrence o an !n

event. Segregation o d!ties, s!itable a!thori"transactions, checking creditworthiness o c!sbeore goods are shipped etc.

• irective: to ens!re the occ!rrence o a desirevent. Managers o a constr!ction company in

project managers to hire local workers in ordea avorable image in the comm!nities in whichoperates

• etective: to detect the occ!rrence o an !nwevent. ?ank reconciliations, checking or missdoc!ment n!mbers in pre6n!mbered doc!menperormance reporting with variances.


18/22

Control Activities

• Corrective: %roced!res p!t in place to reme

problems discovered by detective controls, ssteps taken to identiy the ca!se o the problcorrect errors arising rom the problem, and tthe processing system to minimi"e !t!re occo the problem

• Compensating: Controls that compensate shortcomings elsewhere. A bank reconciliatioa compensating control as well as a detectivebeca!se it can compensate or 8aws in the cthat are typically established over the receipdisb!rsement processes.


19/22

Control Activities

• @ core principles that drive $nancial reporting proce

• !egregation of duties: the process o dividing d!ties amemployees to ens!re that no single individ!al is given tooresponsibility. A!thori"ing, recording, keeping physical c!sreconciliation

• "uthorisation: mployees sho!ld be appropriately empocan perorm their tasks, receive speci$c doc!ments and m

that impact transactions and assets.• "de#uate documents and recordkeeping. Manageme

responsible or the saeg!arding o assets and it m!st havin the acc!racy and legitimacy o its so!rce doc!ments, ininvoices, p!rchase orders, s!bsidiary ledgers, sales jo!rna

• %re6n!mbered

• %repared at the time the transaction occ!rs

• S!(ciently simple to easily !nderstand


20/22

Control Activities

• !afeguarding of assets and records. #he mo

saeg!arding controls incl!de controls to protect company)s assets rom losses d!e to nat!ral. Sacontrols also incl!de physical protection meas!reaccess to assets and doc!ments.

• Independent veri$cation. #o ens!re that the oprinciples are being ollowed to yo!r satisaction.perormed by someone other than the person resthe original operation are generally more e'ectivass!ring that transactions are processed and actperormed acc!rately.


21/22

Inormation and Comm!nicat

• Relevant inormation m!st be identi$ed, capt!red, and com

a manner that enables people to carry o!t their responsibil• Comm!nication m!st be ongoing, both within and between

levels and activities o the organi"ation. All personnel m!sttheir roles in the internal control system and have a meanscomm!nicating signi$cant inormation !pstream.

• Reports m!st be available containing operational, $nancialcompliance inormation needed or inormed decisions.

• S!pervisors m!st comm!nicate d!ties and responsibilities employees that report to them, and employees m!st be abmanagement to potential problems.

• Inormation m!st be comm!nicated to those o!tside the ors!ch as vendors, and m!st be able to be received rom e1t

• #he systems m!st provide a way to comm!nicate importanto the very top o the organi"ation, when appropriate.


22/22

Monitoring

• Monitoring: assesses the 0!ality o the internal

system)s perormance over time.• Revisit previo!sly identi$ed problems to make

they have been corrected.

• ways o monitoring:

• ongoing monitoring d!ring normal operations, and

• separate eval!ations by management with the assisinternal a!dit !nction. I monitoring is done reg!lar

normal operations, it lessens the need or separate

• Bhen de$ciencies in internal control are discovsho!ld be reported immediately to senior mana

and, or very signi$cant matters, to the board o

Documents

Internal Control and Review