SlideShare uma empresa Scribd logo

Internal control system

M
Madiha Hassan

Basics of Internal Control System

Negócios
1 de 20
Baixar para ler offline
Internal Control System A High Level Perspective 1
Internal controls • There are several types of internal control, and each organisation will use some or all of these, to a greater or lesser extent. Some organisations have more extensive and more effective controls than others. • Internal controls are applied to prevent adverse events from happening or to detect failures in control when they occur. A useful and common method of categorising internal controls is to analyse them into three categories: 1. Financial controls. 2. Operational controls. 3. Compliance controls 2
Standard Internal control system • An internal control system consists of a ‘control environment’ and control procedures. • A useful definition of internal control was given by the US Committee Of Sponsoring Organizations (COSO). • The COSO Framework defines internal control as the achievement of objectives’ in the following three categories 1. Reliability of financial reporting (through financial controls). 2. Effectiveness and efficiency of operations (through operational controls). 3. Compliance with relevant laws and regulations (through compliance controls). 3
The COSO Framework elements -1 A control environment: • The control environment sets the tone of an organization, influencing the control consciousness of its people. • It is the foundation for all other components of internal control, providing discipline and structure. • Control environment factors include the integrity, ethical values and competence of the entity's people, management's philosophy and operating style, the way management assigns authority and responsibility, and organizes and develops its people; and the attention and direction provided by the board of directors. 4
The COSO Framework elements -2 Risk identification and assessment: • Every entity faces a variety of risks from external and internal sources that must be assessed. A precondition to risk assessment is establishment of objectives, linked at different levels and internally consistent. • Risk assessment is the identification and analysis of relevant risks to achievement of the objectives, forming a basis for determining how the risks should be managed. • As economic, industry, regulatory and operating conditions will continue to change, mechanisms are needed to identify and deal with the special risks associated with change 5
The COSO Framework elements -3 Control Activities: • Policies and procedures that help ensure management directives are carried out. • These policies & procedures help ensure that necessary actions are taken to address risks towards achievement of the entity's objectives. • Control activities occur throughout the organization, at all levels and in all functions. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties. . 6
The COSO Framework elements -4 Information and communication: • Pertinent information must be identified, captured and communicated in a form and timeframe that enable people to carry out their responsibilities. • Information systems produce reports, containing operational, financial and compliance-related information, that make it possible to run and control the business. They deal not only with internally generated data, but also information about external events, activities and conditions necessary to informed business decision-making and external reporting. • Effective communication also must occur in a broader sense, flowing down, across and up the organization. All personnel must receive a clear message from top management that control responsibilities must be taken seriously. They must understand their own role in the internal control system, as well as how individual activities relate to the work of others. • Effective communication with external parties, such as customers, suppliers, regulators and shareholders is required 7
The COSO Framework elements - 5 Monitoring: • Internal control systems need to be monitored--a process that assesses the quality of the system's performance over time. • Monitoring is accomplished through on-going monitoring activities, separate evaluations or a combination of the two. • On-going monitoring occurs in the course of operations. It includes regular management and supervisory activities, and other actions personnel take in performing their duties. • The scope and frequency of separate evaluations will depend primarily on an assessment of risks and the effectiveness of on- going monitoring procedures. • Internal control deficiencies should be reported upstream, with serious matters reported to top management and the board. 8
Fundamental Concepts 1. Internal Control is a process. It is a mean to an end not an end itself. 2. Internal control is not merely a policy manual and forms but it is the assurance of effective and efficient implementation of those manuals. 3. Internal control can be expected to provide only reasonable assurance not an absolute assurance of the implemented control. 4. Internal control is geared to the achievement of the objectives in one or more overlapping categories. 9
Financial controls • Financial controls relates to the preparation of reliable published financial statements, including interim and condensed financial statements and selected financial data derived from such statements, such as earnings releases, reported publicly • Financial controls are designed to ensure that: − There are no errors in the preparation of accounting records and financial statements. − No fraud is committed (there may be controls for detecting fraud when it occurs , as well as controls that try to prevent fraud from being able to occur). − Assets of the company are not stolen, lost or damaged. 10
Operational controls • Operational controls addresses the company 's basic business objectives, including performance and profitability goals and safeguarding of resources. • Operational controls are designed to prevent failures in operational procedures, or to detect and correct operational failures if they do occur. Operational failures may be caused by: − Program breakdowns (total breakdown or in certain function) − Failures in the performance of systems. − Weaknesses in procedures / process execution. − Poor management such as no planning, monitoring,… 11
Compliance controls • Compliance controls ensure that the company complies with the most significant laws, rules and regulations. • The most significant regulations for a company vary according to the nature of its business, (i.e. compliance with health and safety regulations, in the case of banks money laundering prevention regulations,….) 12
13 Compliance controls Regulations Who Needs to Comply Security Areas Covered Compliance Requirements HIPAA US healthcare organisations and partners all over the globe Creating, storing and transmitting electronic protected health information All major "Best Practice Safety " areas Sarbanes Oxley (SOX) & Accounting Standards US public companies and partners over the globe Defined to secure the public against corporate fraud and misrepresentation All major "Best Practice Financial " areas PCI DSS (Also Covered by Breach Laws) Merchants who take credit cards Privacy of Customer Financial Data Varies by size of merchant, requires Best Practices plus 3rd Party Quality Risk Assessments
Establishing internal control system – (1) • The board of directors is responsible for maintaining a sound system of internal control. • They should set appropriate policies on internal control & seek regular assurance to satisfy that the system is operating effectively. • In deciding the policies for internal control and assessing what constitutes an effective system of internal control, the board should consider the following factors: 1. The nature and extent of the risks facing the company; 2. The extent and categories of risks that the board regards as acceptable for the company to bear. 3. The likelihood that the risks will materialise. 4. The company’s ability to reduce the incidence and impact on the business of the risks that do materialise. 5. The costs of operating particular controls relative to the benefits to be obtained from managing the risks they control. 14
The internal control system should: 1. Be embedded in the operations of the company and form part of its culture. 2. Be capable of responding quickly to risks which the business may face as they emerge and develop. 3. Include procedures for reporting immediately to the management responsible of control failings and any corrective action that should be undertaken. 15 Establishing internal control system – (2)
Internal audit overview • Internal audit is defined as an independent appraisal activity established within an organisation as a service to it. It is a control which functions by examining and evaluating the adequacy and effectiveness of other controls. • If the board of directors and the audit committee do not have the time to carry out a detailed review themselves, and they can rely on information provided to them by internal auditors • Internal auditors may be full-time employees of the company or external professionals appointed by the company to carry out specific investigations. • There must be a system for monitoring and review by higher level management 16
The possible tasks of internal audit –(1) 1. Reviewing the internal control system. Traditionally, an internal audit department would carry out checks on the financial controls in an organisation. The checks would be to establish whether suitable financial controls exist and if so, whether they are applied properly and are effective. It is not the function of internal auditors to manage risks, only to monitor and report them, and to check that risk controls are efficient and cost-effective. 2. Special investigations. Internal auditors might conduct special investigations into particular aspects of the organisation’s operations (systems and procedures), to check the effectiveness of operational controls. 17
The possible tasks of internal audit –(2) 3. Examination of financial and operating information. Internal auditors might be asked to investigate the timeliness of reporting and the accuracy of the information in reports. 4. Value for money (VFM) audits. This is an investigation into an operation or activity to establish whether it is economical, efficient and effective. 5. Reviewing compliance by the organisation with particular laws or regulations. This is an investigation into the effectiveness of compliance controls.. 18
6. Risk assessment. Internal auditors might be asked to investigate aspects of risk management, and in particular the adequacy of the mechanisms for identifying, assessing and controlling significant risks to the organisation, from both internal and external sources. 7. Internal auditors might be involved in providing continuous support to the risk management process. If a company has established a risk oversight committee with responsibility for the oversight and reporting of risks, a senior internal auditor might be one of the committee members. The internal audit department might even have responsibility for coordinating risk management within the company, and reporting to the board or audit committee about risks on a company-wide basis. 19 The possible tasks of internal audit –(3)
Investigation of internal controls Internal auditors are commonly required to check the soundness of internal financial controls. In assessing the effectiveness of individual controls, and of an internal control system generally. • Factors to be considered: 1. Automated controls are by no means error- or fraud-proof, but may be more reliable than similar manual controls. 2. Non-discretionary controls are checks and procedures that must be carried out. Discretionary controls are those that do not have to be applied, either because they are voluntary or because an individual can choose to dis-apply them. 3. Finding if the controls extensive enough or carried out frequently enough ? Are the controls applied rigorously? For example, is a supervisor doing his job properly? (to check whether the controls are effective in achieving their purpose) 20

Recomendados

Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit pptLetzconsult.com
 
Internal control and internal audit presentation for bank
Internal control and internal audit presentation for bankInternal control and internal audit presentation for bank
Internal control and internal audit presentation for bankMohammad Halim Stanikzai
 
8. internal control new
8. internal control new8. internal control new
8. internal control newSyed Osama Rizvi
 
List of control (soap spam ir)
List of control (soap spam ir)List of control (soap spam ir)
List of control (soap spam ir)AdamRice38
 
INTERNAL CONTROLS & INTERNAL AUDIT.ppt
INTERNAL CONTROLS & INTERNAL AUDIT.pptINTERNAL CONTROLS & INTERNAL AUDIT.ppt
INTERNAL CONTROLS & INTERNAL AUDIT.pptGoharSaeed6
 
Auditing Chapter 2
Auditing Chapter 2Auditing Chapter 2
Auditing Chapter 2aaykhan
 
Chapter 11, Tests of Controls
Chapter 11, Tests of ControlsChapter 11, Tests of Controls
Chapter 11, Tests of ControlsSazzad Hossain, ITP, MBA, CSCA™
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 

Recomendados

Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit pptLetzconsult.com
 
Internal control and internal audit presentation for bank
Internal control and internal audit presentation for bankInternal control and internal audit presentation for bank
Internal control and internal audit presentation for bankMohammad Halim Stanikzai
 
8. internal control new
8. internal control new8. internal control new
8. internal control newSyed Osama Rizvi
 
List of control (soap spam ir)
List of control (soap spam ir)List of control (soap spam ir)
List of control (soap spam ir)AdamRice38
 
INTERNAL CONTROLS & INTERNAL AUDIT.ppt
INTERNAL CONTROLS & INTERNAL AUDIT.pptINTERNAL CONTROLS & INTERNAL AUDIT.ppt
INTERNAL CONTROLS & INTERNAL AUDIT.pptGoharSaeed6
 
Auditing Chapter 2
Auditing Chapter 2Auditing Chapter 2
Auditing Chapter 2aaykhan
 
Chapter 11, Tests of Controls
Chapter 11, Tests of ControlsChapter 11, Tests of Controls
Chapter 11, Tests of ControlsSazzad Hossain, ITP, MBA, CSCA™
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
Fraud Risk Assessment
Fraud Risk AssessmentFraud Risk Assessment
Fraud Risk AssessmentTahir Abbas
 
Presentation on Audit Findings
Presentation on Audit FindingsPresentation on Audit Findings
Presentation on Audit FindingsDeshapriya Senanayake
 
Unit 3 internal control
Unit 3 internal controlUnit 3 internal control
Unit 3 internal controlRadhika Gohel
 
Internal Audit
Internal AuditInternal Audit
Internal AuditAhmad Tariq Bhatti
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit departmentSalih Islam
 
Audit presentation
Audit presentationAudit presentation
Audit presentationMetafrique group
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit pptIbrahim Jimalle
 
Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal AuditKaran Puri
 
Chapter 3
Chapter 3Chapter 3
Chapter 3EasyStudy3
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditingHardik Shah
 
Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Sazzad Hossain, ITP, MBA, CSCA™
 
Technology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal ControlTechnology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal ControlZefren Edior
 
Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Mohammad Wahid Abdullah Khan
 
Internal control
Internal controlInternal control
Internal controliPleaders - Re-engineering Legal education, New Delhi
 
Lecture 10, Chapter 14, Auditing Sales and Receivables
Lecture 10, Chapter 14, Auditing Sales and ReceivablesLecture 10, Chapter 14, Auditing Sales and Receivables
Lecture 10, Chapter 14, Auditing Sales and ReceivablesSazzad Hossain, ITP, MBA, CSCA™
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controlsCenapSerdarolu
 
6. audit techniques
6. audit techniques6. audit techniques
6. audit techniquesSyed Osama Rizvi
 
Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
Internal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraInternal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraJenard Wachira
 
Audit report
Audit reportAudit report
Audit reportReal Estate Services
 
Sourcing Finance Uk 2009
Sourcing Finance Uk 2009Sourcing Finance Uk 2009
Sourcing Finance Uk 2009Advent UK
 
Social Audit Case Study
Social Audit Case StudySocial Audit Case Study
Social Audit Case StudyDragon Sourcing
 

Mais conteúdo relacionado

Mais procurados

Fraud Risk Assessment
Fraud Risk AssessmentFraud Risk Assessment
Fraud Risk AssessmentTahir Abbas
 
Unit 3 internal control
Unit 3 internal controlUnit 3 internal control
Unit 3 internal controlRadhika Gohel
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit departmentSalih Islam
 
Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal AuditKaran Puri
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditingHardik Shah
 
Technology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal ControlTechnology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal ControlZefren Edior
 
Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Mohammad Wahid Abdullah Khan
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controlsCenapSerdarolu
 
Information System audit
Information System auditInformation System audit
Information System auditPratapchandra
 
Internal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraInternal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraJenard Wachira
 

Mais procurados (20)

Fraud Risk Assessment
Fraud Risk AssessmentFraud Risk Assessment
Fraud Risk Assessment
 
Presentation on Audit Findings
Presentation on Audit FindingsPresentation on Audit Findings
Presentation on Audit Findings
 
Unit 3 internal control
Unit 3 internal controlUnit 3 internal control
Unit 3 internal control
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 
The role of internal audit department
The role of internal audit departmentThe role of internal audit department
The role of internal audit department
 
Audit presentation
Audit presentationAudit presentation
Audit presentation
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
 
Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal Audit
 
Chapter 3
Chapter 3Chapter 3
Chapter 3
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditing
 
Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9
 
Technology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal ControlTechnology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal Control
 
Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)Internal auditing for “one & all” (second edition)
Internal auditing for “one & all” (second edition)
 
Internal control
Internal controlInternal control
Internal control
 
Lecture 10, Chapter 14, Auditing Sales and Receivables
Lecture 10, Chapter 14, Auditing Sales and ReceivablesLecture 10, Chapter 14, Auditing Sales and Receivables
Lecture 10, Chapter 14, Auditing Sales and Receivables
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controls
 
6. audit techniques
6. audit techniques6. audit techniques
6. audit techniques
 
Information System audit
Information System auditInformation System audit
Information System audit
 
Internal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraInternal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo Wachira
 
Audit report
Audit reportAudit report
Audit report
 

Destaque

Sourcing Finance Uk 2009
Sourcing Finance Uk 2009Sourcing Finance Uk 2009
Sourcing Finance Uk 2009Advent UK
 
Offshoring and Co-sourcing
Offshoring and Co-sourcing Offshoring and Co-sourcing
Offshoring and Co-sourcing Nimish Goel
 
case study of Reliance comapny
case study of Reliance comapnycase study of Reliance comapny
case study of Reliance comapnySumeet Patel
 
CV Thomas Nygaard Hamann 2013
CV Thomas Nygaard Hamann 2013CV Thomas Nygaard Hamann 2013
CV Thomas Nygaard Hamann 2013Thomas Hamann
 
Fear and Success: Are They Related?
Fear and Success: Are They Related?Fear and Success: Are They Related?
Fear and Success: Are They Related?Leslie Samuel
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheLeslie Samuel
 

Destaque (11)

Sourcing Finance Uk 2009
Sourcing Finance Uk 2009Sourcing Finance Uk 2009
Sourcing Finance Uk 2009
 
Social Audit Case Study
Social Audit Case StudySocial Audit Case Study
Social Audit Case Study
 
Offshoring and Co-sourcing
Offshoring and Co-sourcing Offshoring and Co-sourcing
Offshoring and Co-sourcing
 
Cost Segregation
Cost SegregationCost Segregation
Cost Segregation
 
case study of Reliance comapny
case study of Reliance comapnycase study of Reliance comapny
case study of Reliance comapny
 
CV Thomas Nygaard Hamann 2013
CV Thomas Nygaard Hamann 2013CV Thomas Nygaard Hamann 2013
CV Thomas Nygaard Hamann 2013
 
Resume
ResumeResume
Resume
 
Senior Cover Letter: Consulting
Senior Cover Letter: ConsultingSenior Cover Letter: Consulting
Senior Cover Letter: Consulting
 
McKinsey Resume Sample
McKinsey Resume SampleMcKinsey Resume Sample
McKinsey Resume Sample
 
Fear and Success: Are They Related?
Fear and Success: Are They Related?Fear and Success: Are They Related?
Fear and Success: Are They Related?
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
 

Semelhante a Internal control system

topic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptxtopic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptxvailethmwaisanila
 
Kontrol & Audit Sistem Informasi
Kontrol & Audit Sistem InformasiKontrol & Audit Sistem Informasi
Kontrol & Audit Sistem Informasidwiki apsyarin
 
INTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxINTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxHeldaMaryA
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit Sreekanth Narendran
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self AssessmentManoj Agarwal
 
Information system control and audit
Information system control and auditInformation system control and audit
Information system control and auditAstri Stiawaty
 
Audit report- Consideration of Internal Control
Audit report- Consideration of Internal ControlAudit report- Consideration of Internal Control
Audit report- Consideration of Internal Controlnellynljcoles
 
Tugas control & audit sistem informasi
Tugas control & audit sistem informasiTugas control & audit sistem informasi
Tugas control & audit sistem informasiNur Fatrianti
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal controlTommy Zul Hidayat
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal controljayussuryawan
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controlstarunmallappa
 
IFC Knowldge Sharing 23.02.20 (1).pptx
IFC Knowldge Sharing 23.02.20 (1).pptxIFC Knowldge Sharing 23.02.20 (1).pptx
IFC Knowldge Sharing 23.02.20 (1).pptxSejalJain178980
 
Appreciation of Internal Controls
Appreciation of Internal ControlsAppreciation of Internal Controls
Appreciation of Internal ControlsDheeru Singh
 
Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Habib Ullah Qamar
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
UNCCInternalControls.pptx
UNCCInternalControls.pptxUNCCInternalControls.pptx
UNCCInternalControls.pptxAral20101
 
Assessing risks and internal controls training
Assessing risks and internal controls trainingAssessing risks and internal controls training
Assessing risks and internal controls trainingshifataraislam
 
IFC Dr SkGupta pptx NIRC Internal financial control
IFC Dr SkGupta pptx NIRC Internal financial controlIFC Dr SkGupta pptx NIRC Internal financial control
IFC Dr SkGupta pptx NIRC Internal financial controlajayinvestrade
 

Semelhante a Internal control system (20)

topic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptxtopic 3 internal controls..audit.pptx
topic 3 internal controls..audit.pptx
 
Kontrol & Audit Sistem Informasi
Kontrol & Audit Sistem InformasiKontrol & Audit Sistem Informasi
Kontrol & Audit Sistem Informasi
 
INTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxINTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptx
 
chapter2-190516054412.pdf
chapter2-190516054412.pdfchapter2-190516054412.pdf
chapter2-190516054412.pdf
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit
 
Internal control and Control Self Assessment
Internal control and Control Self AssessmentInternal control and Control Self Assessment
Internal control and Control Self Assessment
 
Internal audit
Internal auditInternal audit
Internal audit
 
Information system control and audit
Information system control and auditInformation system control and audit
Information system control and audit
 
Audit report- Consideration of Internal Control
Audit report- Consideration of Internal ControlAudit report- Consideration of Internal Control
Audit report- Consideration of Internal Control
 
Tugas control & audit sistem informasi
Tugas control & audit sistem informasiTugas control & audit sistem informasi
Tugas control & audit sistem informasi
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal control
 
Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal control
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controls
 
IFC Knowldge Sharing 23.02.20 (1).pptx
IFC Knowldge Sharing 23.02.20 (1).pptxIFC Knowldge Sharing 23.02.20 (1).pptx
IFC Knowldge Sharing 23.02.20 (1).pptx
 
Appreciation of Internal Controls
Appreciation of Internal ControlsAppreciation of Internal Controls
Appreciation of Internal Controls
 
Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3Lecture 17 sas framework internal control - james a. hall book chapter 3
Lecture 17 sas framework internal control - james a. hall book chapter 3
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
 
UNCCInternalControls.pptx
UNCCInternalControls.pptxUNCCInternalControls.pptx
UNCCInternalControls.pptx
 
Assessing risks and internal controls training
Assessing risks and internal controls trainingAssessing risks and internal controls training
Assessing risks and internal controls training
 
IFC Dr SkGupta pptx NIRC Internal financial control
IFC Dr SkGupta pptx NIRC Internal financial controlIFC Dr SkGupta pptx NIRC Internal financial control
IFC Dr SkGupta pptx NIRC Internal financial control
 

Último

Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noidadlhescort
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLkapoorjyoti4444
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...daisycvs
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfAmzadHosen3
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1kcpayne
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756dollysharma2066
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Sheetaleventcompany
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangaloreamitlee9823
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 

Último (20)

Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 

Internal control system

  • 1. Internal Control System A High Level Perspective 1
  • 2. Internal controls • There are several types of internal control, and each organisation will use some or all of these, to a greater or lesser extent. Some organisations have more extensive and more effective controls than others. • Internal controls are applied to prevent adverse events from happening or to detect failures in control when they occur. A useful and common method of categorising internal controls is to analyse them into three categories: 1. Financial controls. 2. Operational controls. 3. Compliance controls 2
  • 3. Standard Internal control system • An internal control system consists of a ‘control environment’ and control procedures. • A useful definition of internal control was given by the US Committee Of Sponsoring Organizations (COSO). • The COSO Framework defines internal control as the achievement of objectives’ in the following three categories 1. Reliability of financial reporting (through financial controls). 2. Effectiveness and efficiency of operations (through operational controls). 3. Compliance with relevant laws and regulations (through compliance controls). 3
  • 4. The COSO Framework elements -1 A control environment: • The control environment sets the tone of an organization, influencing the control consciousness of its people. • It is the foundation for all other components of internal control, providing discipline and structure. • Control environment factors include the integrity, ethical values and competence of the entity's people, management's philosophy and operating style, the way management assigns authority and responsibility, and organizes and develops its people; and the attention and direction provided by the board of directors. 4
  • 5. The COSO Framework elements -2 Risk identification and assessment: • Every entity faces a variety of risks from external and internal sources that must be assessed. A precondition to risk assessment is establishment of objectives, linked at different levels and internally consistent. • Risk assessment is the identification and analysis of relevant risks to achievement of the objectives, forming a basis for determining how the risks should be managed. • As economic, industry, regulatory and operating conditions will continue to change, mechanisms are needed to identify and deal with the special risks associated with change 5
  • 6. The COSO Framework elements -3 Control Activities: • Policies and procedures that help ensure management directives are carried out. • These policies & procedures help ensure that necessary actions are taken to address risks towards achievement of the entity's objectives. • Control activities occur throughout the organization, at all levels and in all functions. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties. . 6
  • 7. The COSO Framework elements -4 Information and communication: • Pertinent information must be identified, captured and communicated in a form and timeframe that enable people to carry out their responsibilities. • Information systems produce reports, containing operational, financial and compliance-related information, that make it possible to run and control the business. They deal not only with internally generated data, but also information about external events, activities and conditions necessary to informed business decision-making and external reporting. • Effective communication also must occur in a broader sense, flowing down, across and up the organization. All personnel must receive a clear message from top management that control responsibilities must be taken seriously. They must understand their own role in the internal control system, as well as how individual activities relate to the work of others. • Effective communication with external parties, such as customers, suppliers, regulators and shareholders is required 7
  • 8. The COSO Framework elements - 5 Monitoring: • Internal control systems need to be monitored--a process that assesses the quality of the system's performance over time. • Monitoring is accomplished through on-going monitoring activities, separate evaluations or a combination of the two. • On-going monitoring occurs in the course of operations. It includes regular management and supervisory activities, and other actions personnel take in performing their duties. • The scope and frequency of separate evaluations will depend primarily on an assessment of risks and the effectiveness of on- going monitoring procedures. • Internal control deficiencies should be reported upstream, with serious matters reported to top management and the board. 8
  • 9. Fundamental Concepts 1. Internal Control is a process. It is a mean to an end not an end itself. 2. Internal control is not merely a policy manual and forms but it is the assurance of effective and efficient implementation of those manuals. 3. Internal control can be expected to provide only reasonable assurance not an absolute assurance of the implemented control. 4. Internal control is geared to the achievement of the objectives in one or more overlapping categories. 9
  • 10. Financial controls • Financial controls relates to the preparation of reliable published financial statements, including interim and condensed financial statements and selected financial data derived from such statements, such as earnings releases, reported publicly • Financial controls are designed to ensure that: − There are no errors in the preparation of accounting records and financial statements. − No fraud is committed (there may be controls for detecting fraud when it occurs , as well as controls that try to prevent fraud from being able to occur). − Assets of the company are not stolen, lost or damaged. 10
  • 11. Operational controls • Operational controls addresses the company 's basic business objectives, including performance and profitability goals and safeguarding of resources. • Operational controls are designed to prevent failures in operational procedures, or to detect and correct operational failures if they do occur. Operational failures may be caused by: − Program breakdowns (total breakdown or in certain function) − Failures in the performance of systems. − Weaknesses in procedures / process execution. − Poor management such as no planning, monitoring,… 11
  • 12. Compliance controls • Compliance controls ensure that the company complies with the most significant laws, rules and regulations. • The most significant regulations for a company vary according to the nature of its business, (i.e. compliance with health and safety regulations, in the case of banks money laundering prevention regulations,….) 12
  • 13. 13 Compliance controls Regulations Who Needs to Comply Security Areas Covered Compliance Requirements HIPAA US healthcare organisations and partners all over the globe Creating, storing and transmitting electronic protected health information All major "Best Practice Safety " areas Sarbanes Oxley (SOX) & Accounting Standards US public companies and partners over the globe Defined to secure the public against corporate fraud and misrepresentation All major "Best Practice Financial " areas PCI DSS (Also Covered by Breach Laws) Merchants who take credit cards Privacy of Customer Financial Data Varies by size of merchant, requires Best Practices plus 3rd Party Quality Risk Assessments
  • 14. Establishing internal control system – (1) • The board of directors is responsible for maintaining a sound system of internal control. • They should set appropriate policies on internal control & seek regular assurance to satisfy that the system is operating effectively. • In deciding the policies for internal control and assessing what constitutes an effective system of internal control, the board should consider the following factors: 1. The nature and extent of the risks facing the company; 2. The extent and categories of risks that the board regards as acceptable for the company to bear. 3. The likelihood that the risks will materialise. 4. The company’s ability to reduce the incidence and impact on the business of the risks that do materialise. 5. The costs of operating particular controls relative to the benefits to be obtained from managing the risks they control. 14
  • 15. The internal control system should: 1. Be embedded in the operations of the company and form part of its culture. 2. Be capable of responding quickly to risks which the business may face as they emerge and develop. 3. Include procedures for reporting immediately to the management responsible of control failings and any corrective action that should be undertaken. 15 Establishing internal control system – (2)
  • 16. Internal audit overview • Internal audit is defined as an independent appraisal activity established within an organisation as a service to it. It is a control which functions by examining and evaluating the adequacy and effectiveness of other controls. • If the board of directors and the audit committee do not have the time to carry out a detailed review themselves, and they can rely on information provided to them by internal auditors • Internal auditors may be full-time employees of the company or external professionals appointed by the company to carry out specific investigations. • There must be a system for monitoring and review by higher level management 16
  • 17. The possible tasks of internal audit –(1) 1. Reviewing the internal control system. Traditionally, an internal audit department would carry out checks on the financial controls in an organisation. The checks would be to establish whether suitable financial controls exist and if so, whether they are applied properly and are effective. It is not the function of internal auditors to manage risks, only to monitor and report them, and to check that risk controls are efficient and cost-effective. 2. Special investigations. Internal auditors might conduct special investigations into particular aspects of the organisation’s operations (systems and procedures), to check the effectiveness of operational controls. 17
  • 18. The possible tasks of internal audit –(2) 3. Examination of financial and operating information. Internal auditors might be asked to investigate the timeliness of reporting and the accuracy of the information in reports. 4. Value for money (VFM) audits. This is an investigation into an operation or activity to establish whether it is economical, efficient and effective. 5. Reviewing compliance by the organisation with particular laws or regulations. This is an investigation into the effectiveness of compliance controls.. 18
  • 19. 6. Risk assessment. Internal auditors might be asked to investigate aspects of risk management, and in particular the adequacy of the mechanisms for identifying, assessing and controlling significant risks to the organisation, from both internal and external sources. 7. Internal auditors might be involved in providing continuous support to the risk management process. If a company has established a risk oversight committee with responsibility for the oversight and reporting of risks, a senior internal auditor might be one of the committee members. The internal audit department might even have responsibility for coordinating risk management within the company, and reporting to the board or audit committee about risks on a company-wide basis. 19 The possible tasks of internal audit –(3)
  • 20. Investigation of internal controls Internal auditors are commonly required to check the soundness of internal financial controls. In assessing the effectiveness of individual controls, and of an internal control system generally. • Factors to be considered: 1. Automated controls are by no means error- or fraud-proof, but may be more reliable than similar manual controls. 2. Non-discretionary controls are checks and procedures that must be carried out. Discretionary controls are those that do not have to be applied, either because they are voluntary or because an individual can choose to dis-apply them. 3. Finding if the controls extensive enough or carried out frequently enough ? Are the controls applied rigorously? For example, is a supervisor doing his job properly? (to check whether the controls are effective in achieving their purpose) 20