Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internal/External Audit and Internal Controls February 23, 2000 David Dudley Federal Reserve Bank of NY.

Published byPrimrose Miles Modified over 8 years ago

Similar presentations

Presentation on theme: "Internal/External Audit and Internal Controls February 23, 2000 David Dudley Federal Reserve Bank of NY."— Presentation transcript:

1 Internal/External Audit and Internal Controls February 23, 2000 David Dudley Federal Reserve Bank of NY

2 2 Outline of Presentation Internal Control Concepts Role of Internal and External Audit

3 3 Definition of Internal Control Internal control is a process effected by an entity’s Board of Directors and Senior Management and other personnel designed to provide reasonable assurance regarding three objectives and five components

4 4 Three Objectives of Internal Control Effectiveness and efficiency of operations (including safeguarding of assets) Reliability of financial reporting Compliance with applicable laws and regulations

5 5 Five Components of Internal Control Control Environment - “tone at the top” Risk Assessment - management’s identification of key risks Control Activities - entity level and activity level Information and Communication - internal and external Monitoring - adequacy of controls over time

6 6 Control Environment Integrity and Ethical Values Commitment to Competence Management’s Philosophy/ Operating Style Organizational Structure Assignment of Authority and Responsibility Board of Directors and/or Audit Committee Participation Human Resources Policies and Procedures

7 7 Risk Assessment Objectives Identification and analysis of objectives Activities to achieve objectives Risk exposure Management of risk exposure

8 8 Control Activities Two elements: –Policies –Procedures

9 9 Types of Control Activities Authorization or approval Verification Reconciliation Segregation of duties Operating performance reviews Security of assets Physical/logical security reviews Supervisory reviews Two week vacation policy System checks Limits Review of MIS data

10 10 Information and Communications Identification Capture Exchange

11 11 Monitoring Ongoing Activities Separate Evaluations

12 12 Context of Controls A function of Entity’s: –Size, organization, ownership –Nature of business –Diversity and complexity –Methods of transmitting, processing and retaining information –Applicable laws and regulations

13 13 Preventative vs. Detective Controls Preventative - prevents undesirable events Detective - detects errors and irregularities that have already occurred

14 14 Limitations Small Offices Collusion Ignorance Pace of business/Growth Judgment Cost Management override

15 15 International Emphasis on Internal Controls Basel Committee on Banking Supervision Framework for the Evaluation of Internal Controls –Policy Statement finalized September 1998 –Identifies Causes of Recent Banking Problems

16 16 Internal Control Breakdowns - Basel Report Conclusions Lack of adequate management oversight and accountability; failure to develop a strong control culture Inadequate assessment of the risks of certain banking activities Absence or failure of key control structures and activities Inadequate communication of information between levels of management Inadequate or ineffective audit programs and other monitoring activities

17 17 Internal Control Breakdowns Causes: –Inadequate evaluation of new business risks –Insufficient segregation of duties –Ineffective management oversight –Absence of a separate monitoring mechanism

18 18 Internal Control Breakdowns Internal audit deficiencies –Untimely or piecemeal audits –Ineffective follow-up –Unfamiliarity with business procedures –No training in sophisticated areas

19 19 Framework for the Evaluation of Internal Controls Purpose: To be used by bank regulators to evaluate internal control systems Consists of thirteen general principles applicable to all banking institutions

20 20 Thirteen Principles Management Oversight (3) –Board should approve strategies, policies and risk appetite –Senior management should implement board strategies and policies –Board and senior management should promote high ethical standards

21 21 Thirteen Principles Risk Recognition Assessment (1) –Senior management should identify and evaluate risk factors Control Activities and Segregation of Duties (2) –Control activities should be integral part of daily activities of institution –Senior management should ensure appropriate segregation of duties

22 22 Thirteen Principles Information and Communications (3) –Senior management should have adequate and comprehensive data –Senior management should create effective channels of communication for relevant information concerning significant activities –Senior management should develop appropriate information systems for all activities

23 23 Thirteen Principles Monitoring Activities and Correcting Deficiencies (3) –Senior management should monitor overall effectiveness of internal controls –Audit should perform effective and comprehensive audits –Audit will ensure that internal control deficiencies promptly reported to management

24 24 Thirteen Principles Evaluation of Internal Control Systems by Supervisory Authorities (1) –Supervisors should require all banks to have effective internal control systems

25 25 Comprehensive Internal Controls Key elements of internal controls: –Adequate segregation of duties –Independent testing - e.g., audit –Appropriate to the type and level of risks –Clear lines of authority and responsibility –Appropriate reporting lines

26 26 Role of External Audit Macro Level Depends upon services provided: –Financial Statement Audit –Directors Examination –Consulting

27 27 Evaluation of External Audit Depends upon the services provided Review of financial statements and management letters Discussion of key risks Review of work papers

28 28 Role of Internal Audit Detail-oriented An independent assessment of the effectiveness of internal controls

29 29 Evaluation of Internal Audit Overall effectiveness of the function: –Independence –Mission –Resources/qualifications/skills –Interaction with Senior Management

30 30 Mission Audit Charter –Roles, reporting lines and responsibilities –Full access to all information

31 31 Independence Reporting line: –Domestic - Audit Committee of the Board of Directors –US branches and agencies of foreign banks - head office audit –Administrative reporting line to Senior Management Includes approval of the annual plan, salary, budgets and sign-off on the annual appraisal

32 32 Audit Resources Sufficiency of resources Qualifications of staff Skill level and training

33 33 Interaction with Senior Management Level of audit within the organization Audit’s dealings with Senior Management Prompt resolution of issues by management

34 34 Quality Timeliness Risk assessment methodology Annual audit plan Types of audit coverage Audit programs Audit reports and work papers Audit follow-up

35 35 Risk Assessment Methodology Identification of key risks within the institution Format of the methodology: –Risk-based –Qualitative and/or quantitative factors –Combination of risks and/or other factors

36 36 Sample Factors - Risk Assessment Credit risk Market risk Liquidity risk Operations risk Reputational risk Legal risk Fraud risk Trading risk Credit and sales risk Control environment Reporting risk Revenue or expense volatility

37 37 Sample Factors - Risk Assessment –Transactional values/volumes and changes –Error impact –Nature of process –Reliance on data –Access to physical assets –Economic or political trends –Quality of management or department head –Staff quality and changes –Degree of management judgment and quality of supervision –Product changes –Legal/regulatory impact

38 38 Annual Audit Plan Based upon the risk assessment methodology Normally part of a multi-year cycle Approved by the Board of Directors or head office audit Quarterly - Updates to the plan Detailed analysis of changes to the plan

39 39 Types of Audit Coverage Full scope audits Control self-assessments Key control or risk reviews Targeted audits Continuous monitoring Conversion/system development audits/ data center and application reviews

40 40 Audit Programs Detailed programs for each auditable area Completed during the first audit and subsequently updated Coverage of key risks and controls in the area Appropriate sampling methodology

41 41 Audit Reports and Work Papers Audit Reports Detailed Analysis –executive summary –description of the work performed –analysis of conditions and/or rating Audit Work Papers –proper documentation and cross- referencing –appropriate narratives and conclusions

42 42 Exception Follow-up Tracking system or methodology –Issue/Problem, Status of corrective action, Accountability, Timeframe Head Office Commitment and Support Significant items cleared in a timely manner –Progress, Approval

43 43 Audit Outsourcing The performance of internal audit activities by an external party such as a CPA firm. Co-sourcing, contracting Issues: –Independence, conflict of interest,work management, understanding of the corporate culture, continuity

44 44 Overall Evaluation of Internal Audit Positive evaluation - determine extent of reliance on internal audit Issues - include in the examination report Annually - analyze changes in audit

45 45 Relying upon External Audit Nature of the work performed –Financial audits –Other control reviews –Outsourcing or Co-sourcing

46 The End

Download ppt "Internal/External Audit and Internal Controls February 23, 2000 David Dudley Federal Reserve Bank of NY."

Similar presentations

Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.

Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.
Internal Control.

Internal Control.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
The Islamic University of Gaza

The Islamic University of Gaza
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.

INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Purpose of the Standards

Purpose of the Standards
Presented By: Donna Denker, CPA Donna Denker & Associates.

Presented By: Donna Denker, CPA Donna Denker & Associates.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Control environment and control activities. Day II Session III and IV.

Control environment and control activities. Day II Session III and IV.
INTRODUCTION TO PUBLIC FINANCE MANAGEMENT Module 3.2 -Internal Control & Audit.

INTRODUCTION TO PUBLIC FINANCE MANAGEMENT Module 3.2 -Internal Control & Audit.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Internal Control and Control Self-Assessment

Internal Control and Control Self-Assessment

Similar presentations

Ads by Google