Z 09300000120164004 PP T 04

Essentials Companion KHS Pickett 2011 Training Slides
Narrative
You will need a copy Essential Guide to Internal Auditing 2nd Edition
of the book as future
reference material
for this presentation. Chapter Four
Internal Controls
Narrative Training Aim

This presentation is To present a brief introduction to internal auditing that will
aimed at increasing give you an initial understanding of:
your level of
understanding of the 1.Control frameworks.
following topics.
2.Control mechanisms.
3.Our control model.
4.The internal audit role.

Narrative YOUR CHOICE

In the UK, the Internal control: facilitates the effectiveness and
Turnbull report on efficiency of operations, helps ensure the reliability
corporate of internal and external .. and assists
governance compliance with laws and regulations.
described the What is the missing word:
importance of
internal control. 1.auditing
Which attribute is
least appropriate. 2.reporting
3.regulations
Narrative YOUR CHOICE ANSWERED

The correct response Internal control: facilitates the effectiveness and
is number 2; internal efficiency of operations, helps ensure the reliability
and external of internal and external .. and assists
reporting. compliance with laws and regulations.
What is the missing word:
1.auditing
2.reporting
3.regulations
Narrative
Why Controls?
A word from the
experts in this case The board should maintain a sound system of
the UKs combined internal control to safeguard shareholders
code on corporate investment and the companys assets. The board
governance 2008. should, at least annually, conduct a review of the
which requires the effectiveness of the groups system of internal
board to review their controls and should report to shareholders that
system of internal they have done so. The review should cover all
control at least material controls, including financial, operational
annually. and compliance controls and risk management
systems.
Narrative
The Turnbull report
The UKs Turnbull The reports from management to the board should, in
report on corporate relation to the areas covered by them, provide a
governance balanced assessment of the significant risks and the
addressed this idea effectiveness of the system of internal control in
of internal control. managing those risks. Any significant control failings or
weaknesses identified should be discussed in the
reports, including the impact that they have had, could
have had, or may have, on the company and the
actions being taken to rectify them. It is essential that
there be openness of communication by management
with the board on matters relating to risk and control.
Narrative Sarbanes Oxley Reporting Requirements
The catastrophic company Statement of managements responsibility for establishing and

failures of Enron and WorldCom maintaining adequate internal control over financial reporting.
led to the Sarbanes-Oxley Act in Statement identifying the framework used by management to
2002 to tighten up company evaluate the effectiveness of internal control over financial reporting.
regulation. One huge implication
Managements assessment of the effectiveness of the registrants
was the use of SOX internal
control certification over financial internal control over financial reporting.
reporting systems. SOX led A statement that the registered public accounting firm on
amended SEC annual filing managements assessment of the registrants internal control over
requirements which meant that financial reporting.
registrants annual report had to
The assessment by management of its internal controls had to be done
include an report on internal
control over financial reporting. in conjunction with a suitable internal control framework which is free
from bias and allows qualitative and quantitative measurements of
internal control to be made in a consistent manner.
Essentials Companion KHS Pickett 2011 objectives
inherent risks
Narrative
We have developed a
simple model in Figure 4,1
to help explain internal
control. An organization will
risk control
set clear objectives and strategy achievements
then assess the inherent
risks to achieving these
objectives. Before it can
reach the black
achievements box, there
needs to be a control
strategy to deal with the
inherent risks and provide a
reasonable expectation of
getting there.
inherent risks
Narrative
If all risks could be
controlled through the risk
control strategy and if
everyone behaved in an
risk control
exactly predictable way, we strategy achievements
could stop our model here
and we would always
achieve our business
objectives. Unfortunately
this is not the case.
Narrative
An Exercise
Have a go at this
short exercise.
Think of the last time things went wrong at

work and consider the extent to which this
could have been predicted and guarded
against.
Narrative
One Response to your Exercise
How did you get on?
Some argue that Controls help mitigate the impact of all those
most events can be
material risks that undermine your efforts to
anticipated while
others feel it is succeed.
impossible to guard
against everything.
Narrative
Managements responsibilities
Turnbull has made
clear that
management is The board of directors is responsible for the companys
responsible for the system of internal control. It should set appropriate policies
controls that are put on internal control and seek regular assurance that will
in place to manage enable it to satisfy itself that the system is functioning
risk. effectively. The board must further ensure that the system
of internal control is effective in managing risks in the
Managements role is manner which it has approved.
on pages 98 to 100.
Narrative
Internal audits responsibilities
On the other hand,
the internal auditor
has to be concerned The internal audit activity must assist the organization in
about the state of maintaining effective controls by evaluating their
control in the effectiveness and efficiency and by promoting continuous
organization. The pace improvement.
has been set by the
IIA whose
Performance Standard
2130 goes straight to
the point.
Narrative Scope of internal control

IIAs Performance
Standard 2130.A1
provides four key 1.Reliability and integrity of financial and operational
aspects of the scope information;
of controls.
2.Effectiveness and efficiency of operations;
3.Safeguarding of assets; and
4.Compliance with laws, regulations, and contracts.

inherent risks
Narrative
control parameter - limits
So activity moves an
organization towards
achieving its preventive controls
risk control
objectives, by keeping strategy achievements
the activities within
prescribed standards. preventive controls
Preventive controls
are set which ensure
everything is
contained with the
upper and lower
control parameters.
Narrative
An Exercise
List all the issues that
you would consider
when designing good
controls.
What are the attributes of good controls.

Narrative An Exercise one response

Here are just some of Controls are all means devised to promote the achievement of
the issues that affect agreed objectives.
the way controls are All controls have a corresponding cost
Controls belong to those who operate them.
designed and
Internal control is all about people since controls work well only if
implemented within they are geared to the users needs in terms of practicality and
an organization. usefulness.
Overcontrol is as bad as undercontrol.
See pages 102 to Entropy is the tendency to decay and all control systems will
103. underachieve where they are not reviewed and updated regularly.
The organizational culture affects the type of control features that
are in place, which may be bureaucratic or flexible in nature.
inherent risks
Narrative
Because there is so performance

much to consider preventive controls
when designing risk control
strategy achievements
controls, a suitable
control environment preventive controls
and framework is
communications
required to drive the control parameter - limits
risk control strategy.
control
We will deal with environment
these next.
control
framework
Narrative
The Control Framework
Some time ago,
Committee of
Sponsoring
MONITORING
Organizations (see
www.coso.org)
Launched their
IN
CONTROL
IO
FO
AT
ACTIVITIES
Internal Control
RM
IC
AT
UN
Integrated
IO
M
M
N
Framework.
CO
RISK ASSESSMENT
CONTROL ENVIRONMENT
Narrative The Control Environment

The control environment sets the tone of an
Sticking with the
COSO framework, we
organization, influencing the control consciousness
can use their of its people. It is the foundation for all other
definition of the components of internal control, providing discipline
control environment. and structure. Control environment factors include
the integrity, ethical values and competence of the
Pages 104 through to entitys people; managements philosophy and
113 describes the operating style; the way management assigns
COSO and several
other controls
authority and responsibility, and organizes and
frameworks. develops its people; and the attention and direction
provided by the board of directors.
inherent risks
Narrative corrective controls/learning

We can now refine our
detective controls
control model by adding in performance
the reporting line on preventive controls
controls to the board and risk control
AC (audit committee). We strategy achievements
also include other types of
control such as detective preventive controls
controls where activities

falls outside the parameters control parameter - limits detective controls
and corrective controls that
control corrective controls/sanctions
seek to fix defective
environment
activities. The idea is to corporate governance
keep our business in line control Board and AC
with the set success criteria framework
(or parameters).
Narrative
An Exercise
Control mechanisms
are all those specific
measures in place to
that seek to mitigate
specific risks to the
business. How would How would you categorize the control
you categorize them?
mechanisms that are applied in your
organization?
Narrative
Examples of Control Mechanisms
We can answer this
Authorization
question of Physical access restrictions
catagorizing controls Supervision
with a suitable list. Compliance checks
Procedures
Each item is Recruitment and human resource practices
explained in pages Segregation of duties
Document numbering and referencing
115 to 118. Project management
Financial systems controls
IT security
Performance management
Narrative
An Exercise
We said earlier on
that is everyone was
perfect, and all risk
could be contained
then we would never
fail. The question is Why do controls sometimes fail?
then, why do
controls fails in the
real world?
Narrative
Why Controls Fail
We can answer this
question with a Management override
suitable list. Lack of staff
Poor control culture
Each item is Staff collusion
explained in pages Reliance on single performance indicator
118 to 120. Reliance on memory
Retrospective recording
Uncontrolled delegation
Narrative The Fallacy of Perfection

There is a great deal of material
around on internal control along with Controls tend to cost money and slow an organization down.
thousands of specific control
mechanisms for key business systems
Controls are needed to help manage risks to an
like procurement, income, transport, organizations business.
stores etc. Some adopt the view that
anything and everything can be Controls cannot guarantee success.
controlled with the right set of Control is effected through people and dependent on the
measures and this position leads us
to the fallacy of perfection. The more way they behave and relate to each other.
measures put in place to achieve Even the best-managed organization can fail.
objectives the greater the certainty
of achieving objectives. But the The fallacy is that controls will ensure success and it is just a
measures will normally cost money question of how many measures are needed and how they
and time and will tend to involve
doing more work, to get to the end should be best implemented. While internal control can help
result. In business, time, additional
work and cost are all factors that run
an entity achieve its objectives, it is not a panacea.
counter to success.
Essentials Companion KHS Pickett 2011 objectives GAP
inherent risks

We have added in the Statement of
internal control One important detective controls
performance
constituent of the control model is
the feed into the published
preventive controls
statement on internal control. directive controls
risk control
And there is the Gap which achievements
strategy
breaks through the upper and
lower control parameters. This gap
may be defined as an extra preventive controls
capacity to allow for growth and
the potential to reach outside the communications
norm, challenge existing control parameter - limits detective controls
assumptions and search for new
corporate inspiration. This is control corrective controls/sanctions
policy,
important so that control environment competence
frameworks dont just contain corporate governance
& training Statement on
activities, but also allow for some Board and AC
experimentation and innovation, control internal control
that break the rules but still sit framework
within the constitution.
Essentials Companion KHS Pickett 2011
Narrative
We need to outline the
Linking risk management,
link between
corporate governance
governance and control
codes, risk
management and
internal control. Have
a look at the next slide Risk Internal
for our approach to Management
this task.
Controls
Essentials Companion KHS Pickett 2011
Narrative
Corporate Governance Codes
Corporate governance codes,
corporate structures and disclosure
arrangements will help promote
good accountability. Within the
Internal Corporate Structures
context of the control framework,
the organization should employ a
Control
process for identifying, assessing
and managing risk. After having Framework Disclosure Arrangements
assessed key risk, they will need to
be managed in line with a defined
risk management strategy. Internal
controls will seek to mitigate
unacceptable levels of risk. The
Risk Internal
strategy for managing risk and
ensuring controls do the job in hand Management Controls
should then be incorporated into an
overall strategy that drives the Corporate
organization towards the Strategies & Review
achievement of its objectives.
Narrative
Where does Internal Auditing fit into
To answer this the internal control equation?
question we need to
return to the
definition of internal Internal auditing is an independent, objective
auditing. The final assurance and consulting activity designed to add
part makes clear we value and improve an organizations operations. It
are concerned with helps an organization accomplish its objectives by
risk management, bringing a systematic, disciplined approach to
control and evaluate and improve the effectiveness of risk
governance management, control and governance processes.
processes.
Essentials Companion KHS Pickett 2011 objectives GAP
Audit of
residual risk
inherent risks

For the audit role two more
boxes appear in our model detective controls
performance
called Audit of Residual
preventive controls
Risk. The top box says that directive controls
risk control
internal audit will assess strategy achievements
whether the risk that
remains after all controls are preventive controls
in place, is within
communications
acceptable levels. The control parameter - limits detective controls
bottom box says that audit
Audit of
will review the way residual control policy, corrective controls/sanctions
residual risk
environment competence
risk is presented to
& training corporate governance Statement on
stakeholders in terms of Board and AC
control internal control
assertions on the adequacy framework
of internal controls.
Narrative Training Aim

We hope that this To present a brief introduction to internal auditing that will
presentation has give you an initial understanding of:
increased your level
of understanding of 1.Control frameworks.
the following topics.
2.Control mechanisms.
3.Our control model.
4.The internal audit role.

Narrative
You will need a copy Essential Guide to Internal Auditing 2nd Edition
of the book as future
reference material
for this presentation. Chapter Four
Internal Controls

Z 09300000120164004 PP T 04

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Z 09300000120164004 PP T 04

Enviado por

Direitos autorais:

Formatos disponíveis

Essentials Companion KHS Pickett 2011 Training Slides

Narrative Training Aim

3.Our control model.

4.The internal audit role.

Narrative YOUR CHOICE

Narrative YOUR CHOICE ANSWERED

Narrative Sarbanes Oxley Reporting Requirements

The catastrophic company Statement of managements responsibility for establishing and

Think of the last time things went wrong at

Narrative Scope of internal control

3.Safeguarding of assets; and

4.Compliance with laws, regulations, and contracts.

What are the attributes of good controls.

Narrative An Exercise one response

Because there is so performance

Narrative The Control Environment

control parameter - limits

controls where activities

Narrative The Fallacy of Perfection

control parameter - limits

control parameter - limits

Narrative Training Aim

3.Our control model.

4.The internal audit role.

Você também pode gostar