Escolar Documentos
Profissional Documentos
Cultura Documentos
Narrative
You will need a copy Essential Guide to Internal Auditing 2nd Edition
of the book as future
reference material
for this presentation. Chapter Four
Internal Controls
Essentials Companion KHS Pickett 2011 Training Slides
3.regulations
Essentials Companion KHS Pickett 2011 Training Slides
1.auditing
2.reporting
3.regulations
Essentials Companion KHS Pickett 2011 Training Slides
Narrative
Why Controls?
A word from the
experts in this case The board should maintain a sound system of
the UKs combined internal control to safeguard shareholders
code on corporate investment and the companys assets. The board
governance 2008. should, at least annually, conduct a review of the
which requires the effectiveness of the groups system of internal
board to review their controls and should report to shareholders that
system of internal they have done so. The review should cover all
control at least material controls, including financial, operational
annually. and compliance controls and risk management
systems.
Essentials Companion KHS Pickett 2011 Training Slides
Narrative
The Turnbull report
The UKs Turnbull The reports from management to the board should, in
report on corporate relation to the areas covered by them, provide a
governance balanced assessment of the significant risks and the
addressed this idea effectiveness of the system of internal control in
of internal control. managing those risks. Any significant control failings or
weaknesses identified should be discussed in the
reports, including the impact that they have had, could
have had, or may have, on the company and the
actions being taken to rectify them. It is essential that
there be openness of communication by management
with the board on matters relating to risk and control.
Essentials Companion KHS Pickett 2011 Training Slides
inherent risks
Narrative
We have developed a
simple model in Figure 4,1
to help explain internal
control. An organization will
risk control
set clear objectives and strategy achievements
then assess the inherent
risks to achieving these
objectives. Before it can
reach the black
achievements box, there
needs to be a control
strategy to deal with the
inherent risks and provide a
reasonable expectation of
getting there.
Essentials Companion KHS Pickett 2011 objectives
inherent risks
Narrative
If all risks could be
controlled through the risk
control strategy and if
everyone behaved in an
risk control
exactly predictable way, we strategy achievements
could stop our model here
and we would always
achieve our business
objectives. Unfortunately
this is not the case.
Essentials Companion KHS Pickett 2011 Training Slides
Narrative
An Exercise
Have a go at this
short exercise.
Narrative
One Response to your Exercise
How did you get on?
Some argue that Controls help mitigate the impact of all those
most events can be
material risks that undermine your efforts to
anticipated while
others feel it is succeed.
impossible to guard
against everything.
Essentials Companion KHS Pickett 2011 Training Slides
Narrative
Managements responsibilities
Turnbull has made
clear that
management is The board of directors is responsible for the companys
responsible for the system of internal control. It should set appropriate policies
controls that are put on internal control and seek regular assurance that will
in place to manage enable it to satisfy itself that the system is functioning
risk. effectively. The board must further ensure that the system
of internal control is effective in managing risks in the
Managements role is manner which it has approved.
on pages 98 to 100.
Essentials Companion KHS Pickett 2011 Training Slides
Narrative
Internal audits responsibilities
On the other hand,
the internal auditor
has to be concerned The internal audit activity must assist the organization in
about the state of maintaining effective controls by evaluating their
control in the effectiveness and efficiency and by promoting continuous
organization. The pace improvement.
has been set by the
IIA whose
Performance Standard
2130 goes straight to
the point.
Essentials Companion KHS Pickett 2011 Training Slides
inherent risks
Narrative
control parameter - limits
So activity moves an
organization towards
achieving its preventive controls
risk control
objectives, by keeping strategy achievements
the activities within
prescribed standards. preventive controls
Preventive controls
control parameter - limits
are set which ensure
everything is
contained with the
upper and lower
control parameters.
Essentials Companion KHS Pickett 2011 Training Slides
Narrative
An Exercise
List all the issues that
you would consider
when designing good
controls.
inherent risks
Narrative
control parameter - limits
Narrative
The Control Framework
Some time ago,
Committee of
Sponsoring
MONITORING
Organizations (see
www.coso.org)
Launched their
IN
CONTROL
IO
FO
AT
ACTIVITIES
Internal Control
RM
IC
AT
UN
Integrated
IO
M
M
N
Framework.
CO
RISK ASSESSMENT
CONTROL ENVIRONMENT
Essentials Companion KHS Pickett 2011 Training Slides
inherent risks
Narrative corrective controls/learning
Narrative
An Exercise
Control mechanisms
are all those specific
measures in place to
that seek to mitigate
specific risks to the
business. How would How would you categorize the control
you categorize them?
mechanisms that are applied in your
organization?
Essentials Companion KHS Pickett 2011 Training Slides
Narrative
Examples of Control Mechanisms
We can answer this
Authorization
question of Physical access restrictions
catagorizing controls Supervision
with a suitable list. Compliance checks
Procedures
Each item is Recruitment and human resource practices
explained in pages Segregation of duties
Document numbering and referencing
115 to 118. Project management
Financial systems controls
IT security
Performance management
Essentials Companion KHS Pickett 2011 Training Slides
Narrative
An Exercise
We said earlier on
that is everyone was
perfect, and all risk
could be contained
then we would never
fail. The question is Why do controls sometimes fail?
then, why do
controls fails in the
real world?
Essentials Companion KHS Pickett 2011 Training Slides
Narrative
Why Controls Fail
We can answer this
question with a Management override
suitable list. Lack of staff
Poor control culture
Each item is Staff collusion
explained in pages Reliance on single performance indicator
118 to 120. Reliance on memory
Retrospective recording
Uncontrolled delegation
Essentials Companion KHS Pickett 2011 Training Slides
inherent risks
Narrative corrective controls/learning
Narrative
We need to outline the
Linking risk management,
link between
corporate governance
governance and control
codes, risk
management and
internal control. Have
a look at the next slide Risk Internal
for our approach to Management
this task.
Controls
Essentials Companion KHS Pickett 2011
Narrative
Corporate Governance Codes
Corporate governance codes,
corporate structures and disclosure
arrangements will help promote
good accountability. Within the
Internal Corporate Structures
context of the control framework,
the organization should employ a
Control
process for identifying, assessing
and managing risk. After having Framework Disclosure Arrangements
assessed key risk, they will need to
be managed in line with a defined
risk management strategy. Internal
controls will seek to mitigate
unacceptable levels of risk. The
Risk Internal
strategy for managing risk and
ensuring controls do the job in hand Management Controls
should then be incorporated into an
overall strategy that drives the Corporate
organization towards the Strategies & Review
achievement of its objectives.
Essentials Companion KHS Pickett 2011 Training Slides
Narrative
Where does Internal Auditing fit into
To answer this the internal control equation?
question we need to
return to the
definition of internal Internal auditing is an independent, objective
auditing. The final assurance and consulting activity designed to add
part makes clear we value and improve an organizations operations. It
are concerned with helps an organization accomplish its objectives by
risk management, bringing a systematic, disciplined approach to
control and evaluate and improve the effectiveness of risk
governance management, control and governance processes.
processes.
Essentials Companion KHS Pickett 2011 objectives GAP
Audit of
residual risk
inherent risks
Narrative corrective controls/learning
Narrative
You will need a copy Essential Guide to Internal Auditing 2nd Edition
of the book as future
reference material
for this presentation. Chapter Four
Internal Controls