Internal controls

Session objectives Define Internal Controls To understand components of Internal Controls, control environment and types of controls To understand how to review Internal Controls

What is Internal Control Internal control is a process Internal control is effected by people Internal control is geared to the achievement of objectives Internal control cannot be expected to provide absolute assurance of the achievement of objectives

As defined by Committee of Sponsoring Organisations (COSO), USA Process effected by entities management and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following three broad categories Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations

As defined by the Internal controls standards committee of INTOSAI Integral process to provide reasonable assurance that the following general objectives are being achieved Fulfilling accountability obligations Complying with applicable laws and regulations Executing orderly, ethical, economical, efficient and effective operations Safeguarding resources against loss Internal control is a dynamic integral process and management at all levels have to be involved to provide reasonable assurance of the achievement of its objectives

Components of internal controls Control environment - Assignment of Authority and Responsibility Risk assessment Information and communication Monitoring Control procedures and activities

Control environment Depends on Management’s overall attitude, awareness and actions regarding internal control The factors influencing control environment are Integrity and ethical values Commitment to competence Management philosophy and operating style Organisational structure Internal audit and Audit Committee Use of IT HR policies and practices

Internal control structure Controls should be Appropriate Consistent Cost-effective Management should periodically review and update controls so that these remain effective

Types of internal controls Management, Administrative or Accounting Preventive, Detective or Directive Preventive Which deter undesirable events from occurring Detective To detect and correct undesirable events that have occurred Directive To cause or encourage a desirable event to occur

Limitations of Internal Controls Can provide only reasonable and not absolute assurance about the achievement of the entities objectives As it depends on human factor, is subject to flaws in design, errors of judgment or interpretation, misunderstanding, collusion, fatigue etc. Design of an internal control system faces resource constraints

Review of Internal Controls Ascertaining the system Discussion with auditing entity Drawing a detailed flow chart highlighting all activities and process flow Identifying the controls Testing compliance Conforming the controls with management Testing compliance for each identified control

Review of Internal Controls Evaluating the system Analyzing the results Forming opinion regarding adequacy and functioning of controls All this should be documented and reported

Objectives of assessment of Internal Controls To check whether Internal control systems have been prescribed and documented Systems are adequate Management implements these in the manner prescribed Management periodically reviews them through internal audit and takes corrective measures

Case study