Internal Control

  • Uploaded by: whereisnasir
  • 0
  • 0
  • April 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Internal Control as PDF for free.

More details

  • Words: 924
  • Pages: 22
Internal Control (IC) & Enterprise Risk Management (ERM)

• Presented by: • Mohamed El Mugtaba, MBA, CPA • Member of • Member Advisory Team

© Copyright M Mugtaba 2007

© Mohamed Mugtaba 2007

1

What is Internal Control

Published Internal Control – Integrated Framework

Defined Internal control as: • a process – effected by an entity board of directors, management, and other personnel – designed to provide reasonable assurance regarding the achievement of objectives in the following categories: a) Reliable financial reporting b) Effectiveness and efficiency of operations and c) Compliance with applicable laws and regulations © Mohamed Mugtaba 2007

2

Objectives of Internal Control A well-designed system of internal control achieves the following objectives: • Accurate reliable financial statements • Safeguarding of assets • Adherence with applicable laws & regulations • Promotion of effective & efficient operations Fix your weak Internal Control The concept of (IC) reasonable assurance “cost of IC should not exceed its benefit” © Mohamed Mugtaba 2007

3

5 Components of Internal Control

CONTROL ACTIVITIES MONITORING (ongoing)

RISK ASSESSMENT INFORMATION & COMMUNICATION

RISK ASSESSMENT CONTROL ACTIVITIES

Infrastructure

MONITORING CONTROL ENVIRONMENT

INFORMATION & COMMUNICATIONS CONTROL ENVIRONMENT (foundation)

Good Internal Control Prevents © Mohamed Mugtaba 2007

4

CONTROL ENVIRONMENT FACTORS

Integrity and ethical values Commitment to competence Human resource policies and practice Assignment of authority and responsibilities Management’s philosophy and operating style Board of directors or audit committee participation © Mohamed Mugtaba 2007

5

Control Activities • Policies & procedures to ensure

management directives are followed, objectives attained, reporting complete & correct • Procedures to prevent errors, fraud • Procedures to detect errors, fraud • Documentation, approval, verification

P I P S

– – – –

Performance reviews (budget/actual/variance) Information processing (accuracy, completeness, authorization Physical controls (access to assets & records) Segregation of Duties (authorization, recordkeeping, & custody © Mohamed Mugtaba 2007

6

Risk Assessment • Managers assess business risk! • Operating objectives must be



well defined, addressing resource control and uses (e.g., technology, related laws, compliance with controls). Financial reporting risks relate to data processing, potential for error & fraud.

ERM Enterprise Risk Management

Best Practice © Mohamed Mugtaba 2007

RBIA 7 Risk-Based Internal Audit

Risk Assessment…… continued

Risk is reduced by : proper approvals, surveillance, processing, procedures, budgeting, training, “responsibility accounting,” reviewing variances from goals, technology, etc.

© Mohamed Mugtaba 2007

8

Information & Communication

• Information requirements (who

gets what data when?) • Reports consistent with objectives, with sufficient details for action • Feedback & revisions (often & proper) • Commitment to appropriate resources for effective information systems © Mohamed Mugtaba 2007

9

MONITORING Financial Reporting Controls

• Transaction cycles emphasis

(feedbacks, corrective actions) • “Real-time” basis • Variances from budgets; causes • Cross corroborations by employees • Investigating exceptions © Mohamed Mugtaba 2007

10

Control Principles

Control Principles Basic to “good” internal control are the following principles:

• Authorization and ApprovalDOP

– Transactions are authorized by a person with delegated approval authority. Accounting Manual

• Documentation of Policies and Procedures

– policies and operating procedures are formalized and communicated to employees.  Documenting policies and procedures and making them accessible to employees helps provide day to day guidance to staff and will promote continuity of activities in the event of prolonged employee absences or turnover.

• Physical Security

– Equipment , inventories, cash , and other property are secured physically, counted periodically, and compared with amounts shown on control records. © Mohamed Mugtaba 2007

11

The Fundamental Principle of Internal Control

SEGREGATE:

Incompatible Functions Authorization Record Keeping Custody

Segregation of duties reduce the opportunities to allow any person to be in a position © Mohamed Mugtaba to both perpetrate and 2007 conceal errors

Examples:

12

Segregation of duties reduce the opportunities to allow any person to be in a position to both perpetrate and conceal errors or fraud in the normal course of his duties

Examples…Incompatible Functions • Authorizing expenditure and payment • Bank reconciliation by disinterested parties (not involved in • • •

cash) HR and Payroll staff (authorise promotion/increment and payment) Payroll staff from general ledger staff Computer programmers from computer operations © Mohamed Mugtaba 2007

13

Limitations of Internal Control

The costs of internal controls must not exceed their benefits.

Costs

Benefits

Examples: 1- Admin Buildings 2- Copper © Mohamed Mugtaba 2007

14

Limitations of Internal Accounting Control Human Error

Human Fraud

Intent to defeat internal controls for personal gain

Negligence Fatigue Misjudgment Confusion

© Mohamed Mugtaba 2007

15

© Mohamed Mugtaba 2007

16

Enterprise Risk Management, (ERM) COSO Definition

Can You Read It ?

If your eye vision is > -1 Don’t worry – see next slide Source: COSO Enterprise Risk Management – Integrated Framework. 2004. © Mohamed Mugtaba 2007

17

Enterprise Risk Management, (ERM) COSO Definition



Breaking down the definition:

Process effected by board, management and personnel applied in strategy setting and across the enterprise designed to identify potential events that may affect the entity and manage risk to be within its risk appetite to provide reasonable assurance regarding the achievement of the entity objectives © Mohamed Mugtaba 2007

18

ERM Encompasses: Aligning risk appetite and strategy Enhancing risk response decisions Reducing operational surprises and losses Identifying and managing multiple and cross-enterprise risks  Seizing opportunities More Details  Improving deployment of capital    

ERM OBJECTIVES

© Mohamed Mugtaba 2007

STRATEGIC OPERATIONS REPORTING COMPLIANCE

19

The ERM Framework 

The eight components of the framework are interrelated …

© Mohamed Mugtaba 2007

20

ERM ENCOMPASSES INTERNAL CONTROL

ERM IC © Mohamed Mugtaba 2007

21

© Mohamed Mugtaba 2007

22

Related Documents


More Documents from ""

11. Budget Workshop
April 2020 7
Internal Control
April 2020 11