internal control & inv mgmt
TRANSCRIPT
-
8/2/2019 Internal Control & Inv Mgmt
1/25
Presented by:
Nirajan Simkhada, FCA
-
8/2/2019 Internal Control & Inv Mgmt
2/25
Introduction Internal Policies such as Accounting Manual, Financial
Rules, Staff Rules etc in each organization aimed towards
implementation of Strong Control System and Compliance.
Rule 95 of Financial Procedures Rule 2064 provides that
each Ministry/Department shall prepare and implement an
internal control system commensurate with the nature ofoperations to accomplish the work in an economical,
efficient and effective manner; make financial reporting
system more reliable and to accomplish the function in
accordance with the prevailing laws. Control system varies in accordance with nature of
operations and size of the organization. However, the
bottom line is it should be adequately designed and
effectively implemented.
-
8/2/2019 Internal Control & Inv Mgmt
3/25
Definition
A sound internal control system facilitates smooth
functioning of activities under the budgetary
framework. It is the plan of organization and all
methods/procedures adopted to assist in achieving
management objectives of ensuring: Safeguarding of assets
Prevention and detection of fraud and error
Accuracy and completeness of accountingrecords
Timely preparation of reliable financial
statements.
-
8/2/2019 Internal Control & Inv Mgmt
4/25
Definitions .contd Alternatively, Internal Control is a Series Of Procedures
designed to promote and protect sound management
practices. Adherence to sound internal control procedures will
significantly increase the likelihood that:
Operations of organization is conducted effectively and
efficiently;
Financial information is reliable, so that managers and the
board can depend on accurate information to make
programmatic and other decisions;
Assets and records of the organization are not stolen,misused, or accidentally destroyed ;
The organizations policies are followed and
Government regulations are met.
-
8/2/2019 Internal Control & Inv Mgmt
5/25
Level of Assurance
Internal Control process designed by management provides
REASONABLE ASSURANCE regarding the achievement of
objectives in the following categories:
Effectiveness and Efficiency of Operations
Reliability of Financial Reporting
Compliance with applicable laws and regulations
Understanding Internal Controls provides an additional
reference tool for the personnel to: Identify and assess operating controls, financial reporting,
and legal/regulatory compliance.
Processes and to take action to strengthen controls where
needed.
-
8/2/2019 Internal Control & Inv Mgmt
6/25
Level of Assurance.Contd
An effective control system provides
REASONABLE, but not ABSOLUTE assurance
for the safeguarding of assets, reliability of
financial information, and compliance with laws
and regulations. Reasonable Assurance is to provide management
with the appropriate BALANCE BETWEEN RISK
and the LEVEL OF CONTROLS to meet the
objectives.
The COST of a control should not exceed the
BENEFIT to be derived from it.
-
8/2/2019 Internal Control & Inv Mgmt
7/25
Balancing Risk and ControlBalancing Risk and Control : Risk is the probability that an event or action will
adversely affect the organization. The primary categories of risk are errors,
omissions, delay and fraud.
Control procedures shall decrease risk to a level where management can accept
the exposure to that risk.
Being out of balance can cause the following problems:
In order to achieve a balance between risk and controls, internal controls should
be proactive, value-added, cost-effective and addresses the exposure to risk.
Excessive Risk Excessive Controls
Loss of Assets, Donor or Grants Increased Bureaucracy
Poor Business Decisions Reduced Productivity
Noncompliance Increased Complexity
Increased Regulations Increased Cycle Time
Public Scandals Increase of No-Value Activities
-
8/2/2019 Internal Control & Inv Mgmt
8/25
Characteristics of FraudCharacteristics for Fraud : Motivation, Opportunity and Personal Characteristics
Motivation is usually situational pressures in the form of a need for money, personalsatisfaction, or to alleviate a fear of failure.
Opportunity is access to a situation where fraud can be perpetrated, such as weaknesses
in internal controls, necessities of an operating environment, management styles and
corporate culture.
Personal characteristics include a willingness to commit fraud. Personal integrity and
moral standards need to be flexible enough to justify the fraud, perhaps out of a needto feed their children or pay for a family illness.
Controls:
It is difficult to have an effect on an individuals motivation for fraud.
Personal characteristics can sometimes be changed through training and awarenessprograms.
Opportunity is the easiest and most effective requirement to address to reduce the
probability of fraud. By developing effective systems of internal control, you can remove
opportunities to commit fraud.
-
8/2/2019 Internal Control & Inv Mgmt
9/25
Components of Internal Control
5 components divided in 2 broad groups:
1. Control Environment
2. Control Procedures :
2.1 Risk Assessment;
2.2 Control Activity;2.3 Information & Communication; and
2.4 Monitoring
-
8/2/2019 Internal Control & Inv Mgmt
10/25
Components of Internal ControlContd
Control (or Operating) Environment
Overall attitude, awareness and actions of executors and
management regarding the internal control system and its
importance in the entity.
It is the control consciousness of an organization and
atmosphere in which people conduct their activities and
carry out their control responsibilities.
Factors reflected in the control environment include
The function of the executive board and its sub-committee
Managements philosophy and operating style
The entitys organizational structure and methods of assigning
authority and responsibility
Managements control system including internal audit function,
personnel policies and procedures and segregation of duties.
-
8/2/2019 Internal Control & Inv Mgmt
11/25
Control Environmentcontd
Effective Control Environment
Competent peopleknowledgeable, mindful
Understanding of responsibilities, limits to their authority, and
Committed to doing right thing in right way.
Committed to follow an organization's policies and procedures and
its ethical and behavioral standards. The governing board and management enhance an
organization's control environment when they establish and
effectively communicate written policies and procedures, a code
of ethics, and standards of conduct.
Management is responsible for "setting the tone" for their
organization that encourages highest levels of integrity,
personal and professional standards, and assignment of
authority and responsibility.
-
8/2/2019 Internal Control & Inv Mgmt
12/25
Control Environmentcontd
Control Environment Tips
The control environment is greatly influenced by the extent to
which individuals recognize that they will be held accountable.
Listed below are some tips, not all inclusive, to enhance a
department's control environment.
Written Policies and Procedures clearly mentioning employee responsibilities,limits to authority, performance standards, control procedures, and reporting
relationships.
Discussion of ethical issues with employees.
Compliance with Conflict of Interest policy and disclose potential conflicts of
interest.
Adequate job descriptions exist, department has an adequate training program
for employees.
Employee performance evaluations are conducted periodically.
Appropriate disciplinary action is taken when an employee does not comply
with policies and procedures or behavioral standards.
-
8/2/2019 Internal Control & Inv Mgmt
13/25
Components of Internal ControlContd
Control Procedures
Policies and Procedures in addition to the controlenvironment which management has established to achieve
the entitys goals and objectives. Risk Assessment: (1) Identification, (2) Analysis and (2) Mitigation of Risk.
How to Identify Risk? Ask the following questions
What could go wrong?
How could we fail?
What must go right for us to succeed?
Where are we vulnerable?
What assets do we need to protect?
Do we have liquid assets or assets with alternative uses?
How could someone steal from the department?
How could someone disrupt our operations?
How do we know whether we are achieving our objectives?
-
8/2/2019 Internal Control & Inv Mgmt
14/25
Components of Internal ControlContdRisk Identification
On what information do we most rely?
On what do we spend the most money?
How do we bill and collect our revenue?
What decisions require the most judgment?
What activities are most complex?
What activities are regulated?
What is our greatest legal exposure?
Instances of High risk transactions
Petty cash (if high volumes are processed), Assets with Alternative Uses,
Cash Receipts (continuing education programs, gifts, endowments, special
events, bookstore, performances, etc.), Consultant Payments, Travel
Expenditures, Payments to Non-Vendors, Payroll (rates, changes,
terminations), Equipment, Equipment Moved Off-Location .
-
8/2/2019 Internal Control & Inv Mgmt
15/25
Components of Internal ControlContdRisk Analysis: Prioritize those risks based on following:
Assess the likelihood (or frequency) of the risk occurring. Estimate the potential impact if the risk were to occur; consider both
quantitative and qualitative costs.
Determine how the risk should be managed; decide what actions are necessary.
Risk Assessment Tips Make sure the department has a mission statement and written goals and
objectives.
Assess risks at the department level.
Assess risks at the activity (or process) level.
Make sure that all risks identified at the department level are analyzed andproper resolution is sought in the organizational level.
-
8/2/2019 Internal Control & Inv Mgmt
16/25
Components of Internal ControlContdControl Activity:
These are actions, supported by policies and procedures that, when carried outproperly and in a timely manner, manage or reduce risks.
Preventive Control :
Determine or prevent undesirable events from occurring,
Proactive controls that help to prevent a loss.Examples are segregation of duties, proper authorization, adequate documentation, and
physical control over assets.
Detective Control:
Detect undesirable acts
Reactive controlsExamples of detective controls are reviews, analyses, variance analyses, reconciliations,
physical inventories and audits.
-
8/2/2019 Internal Control & Inv Mgmt
17/25
Components of Internal ControlContdInformation & Communication: General Controls & Application Controls
General Controls are practices designed to maintain the integrity and availabilityof information processing functions, networks, and associated application systems
and includes:
Access Security, Data & Program Security, Physical Security
Software Development & Program Change Controls
Data Center Operations
Disaster Recovery Plan
Application Controls are the computer programs and processes, including manual
processes, that enable to conduct essential activities; buying products, paying
people, accounting for expenses and forecasting and monitoring budgets andincludes:
Input controls (e.g., edit checks)
Processing controls (e.g., record counts), and
Output controls (e.g., error listings).
-
8/2/2019 Internal Control & Inv Mgmt
18/25
Components of Internal ControlContdMonitoring
Organizations may select from a wide variety of monitoring procedures, includingbut not limited to:
Periodic evaluation and testing of controls by internal audit,
Continuous monitoring programs built into information systems,
Analysis of, and appropriate follow-up on, operating reports or metrics thatmight identify anomalies indicative of a control failure,
Supervisory reviews of controls, such as reconciliation reviews as a normal part
of processing,
Self-assessments by boards and management regarding the tone they set in the
organization and the effectiveness of their oversight functions, Audit Committee inquiries of internal and external auditors, and
Quality assurance reviews of the internal audit department.
-
8/2/2019 Internal Control & Inv Mgmt
19/25
Non-Profit Organization Perspective
Following minimum internal control procedures shall be followed
in case of non-profit making organizations.
Segregation of duties (authorization, recording, control and
payment),
Written standard procedures covering major activities and
operations, Examination of arithmetical accuracy of books of account,
Preparation of various control accounts,
Preparation of Trial balance,
Reconciliation of balances (Banks, subsidiary accounts, debtorsand creditors, etc.) and follow up for settlement,
Authorization of various transactions,
Control to access of books of account by unauthorized person,
-
8/2/2019 Internal Control & Inv Mgmt
20/25
Non-Profit Organization Perspectivecontd
System of protection given to various assets,
Physical verification of various fixed assets, consumables
and cash
Preparation of budget and comparison with actual
including investigation of unusual fluctuation, if any,
Procedure of reporting fraud and handling the same,
Transparency in disclosing activities and financials
(public/social auditing, information to DAO, SWC, etc.),
Independent and surprise verification, supervision and
monitoring, and
Internal Audit.
-
8/2/2019 Internal Control & Inv Mgmt
21/25
Conclusion: Maintaining Effective Controls
Segregation of duties by making every effort to apportion
duty in such a manner that no one individual, includingprogram coordinators, accountant, administrative assistants
and other senior personnel, controls all aspects of
transaction.
The auditor's management letter is an important indicatorof the adequacy of internal control structure, and the
degree to which it is maintained.
Cost benefit analysis
Minimum controls standards shall be established
-
8/2/2019 Internal Control & Inv Mgmt
22/25
Inventory Management
Non-expendable Inventory Management:
Permanent Record of Non-expendable Items: its cost,
quantity, make, brand, identification code, date of
acquisition, location and working condition.
Assets Movement Register (Loan Register)
Log Books of Vehicles:
Date of use, purpose of use and authority for use.
Calculation of mileage, cost of maintenance and operation of
vehicle shall be analysed
Unrealistic and unreasonable fluctuations shall be investigatedand reported to concerned higher authority.
Physical Verification: Periodic and Reconciliation
Safeguarding (Insurance Cover): Comprehensive risk
coverage
-
8/2/2019 Internal Control & Inv Mgmt
23/25
Inventory Management
Expendable Inventory Management
Processing and Payment: Requisition, GRN, PAID Stamp
Expenses on consumption basis
Issue : Requisition basis
Periodic reconciliation Separate and Updated records
Restricted Access
Safeguarding of Balances in Store
-
8/2/2019 Internal Control & Inv Mgmt
24/25
Questions
Please
-
8/2/2019 Internal Control & Inv Mgmt
25/25
Thank you