Professional Documents
Culture Documents
(Valid 2013)
by Hafiz Muhammad Adnan Rana - Professional Accountant/Auditor Trained with PwC (A.F.Ferguson & Co Chartered Accountants) Author of following for CIA/CMA/CICA and Internal Auditing Profession Raising Above Personalities (Internal Control) Travel to Chitral (Urdu Story based) Keeping the SOX on (Corporate Governance) Real Life Examples Business Financial Decisions (CMA Part II) Missing Millions (Fraud) Travel to Dubai (Urdu Story based) Souls are Weak, They are Liability (Risk Management / ERM) Travel to London (Urdu Story based) Chief Inspiring Officer @ Accurate Consultants, Sialkot (Audit/Tax/Advisory/Accounting) Socialprenuer @ The Student College, Research and Training Centre, Sialkot
Internal Controls
Reminder why controls needed
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd
Internal Controls always puzzled students. And when it comes to comparing with Internal Check - their hearts stop beating. So better to know components than definition of Control/Internal Control without being a FREAK.
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd
Its not HARD thing, its soft thing. As the Org grow, so does the distance between boss and employees whose role model is owner (culture this is the way we do things over here type (Bill Gates, Steve Jobs) watched closely and followed in small org. In big Org this gap is filled by ethical training that guides CEO to Janitor at door to behave ethically. Control environment is feel of a control.
Auditor uses the following factors to assess the quality of control environment of a particular client (i.e. The Student College) COACH ME
C for Communication and enforcement of integrity and integrity values throughout the organization. O for Organizational structure A for Assignment of authority and responsibility C for Commitment to competence a learning organization . H for Human resource policies and procedures M for Managements philosophy and operating style E for Enforcement of best practice corporate governance principles
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd
Next is R for Risk Management but do not get confused with COSO ERM and COSO Internal Control.
COSO is committee of sponsoring Org (www.coso.org) and sponsoring Org are IIA, AICPA, IMA, AAA (American Accounting Association and FEI (Financial Executives International) Each of these Org preaching Risk/Control mindset.
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd
Managements risk policies and procedures in regard to the identification, analysis and management of risks.
Auditor obtain understanding of the IS and its risks including the related business processes, relevant to financial reporting: APPLES
A for Accounting records P for Procedures (SOP) P for Process used (Segregation of Duties) L for Ledger via journal entries (Day Books + Journal) > Ledgers CA> TB >FS E for Events and conditions and their capture (IAS 10) Going Concern ISA S for Significant classes of transactions (Unusual Transaction) Fire, Earthquake
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd
CATERS
C for Channels of communication made available for people to report suspected improprieties (Whistle Blowing) A for Adequacy of communications across the organization (Variance Analysis) T for Timely and effective follow up action (Internal Auditor) E for Effectiveness with which employees duties and control responsibilities are communicated. (Change/Deputation/Orientation/Trianing/ Aprraisal) BBS R for Receptivity of management to employee suggestions (Maxell Floppy) S for Sufficiency and effectiveness of the channels with external parties, such as customers (Key Account Management-PR) and suppliers. (Digital Transaction) JIT
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd
Policies and procedures that management established to achieve its objectives for financial reporting and the security of its assets.
Auditor should know what activities are designed to clean the organization from errors and malfeasance. I PASS A MOP
I for Information processing controls (General Controls/Application Controls) P for Physical Controls over assets (Locks, Chowidars) A for Authorization and approval controls (<1000 $) >1000$ S for Segregation of duties controls S for Supervision controls (Double Check) Internal Audit I PASS A MOP A for Arithmetic and accounting controls (+-)-Casting M for Management (Doing the things right) Leadership (Doing the right things) O for Organizational control (Variance Analysis, KPI) P for Performance reviews (Appraisals)
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd
I for Information processing controls Separate Online Lecture P for Physical Controls over assets
STORY-Checking some of these physical controls would involve the use of audit SAMPLING techniques
S > Stores (Safe custody of materials)
A > Assets with WDV of Nil (Generally not covered in external audit) M> Money-valued documents (Cheque books) P> Private use of organizational assets (Policy regarding laptops and cars) L> Leases agreements and rent agreements (Locked) I> Insurance Policies, customer lists (Locked) G> Grading products (Defective goods)
Authorization is (TO BOARD of DIRECTORS from SHAREHOLDERS) 1. To grant authority (status) or power (gave you choice) to. 2. To give permission for; sanction: the city agency that authorizes construction projects. 3. To be sufficient grounds for; justify.
Approval is (FROM SHAREHOLDERS ON IMPORTANT MATTERS like Approving Dividend, Investments and Financial Statements)
1. The action of officially agreeing to something or accepting something as satisfactory. 2. The belief that someone or something is good or acceptable.
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd
STORY-One could say that authorization and approval are the belt and BRACES of internal control (Belt and braces is an idiom which means making double sure B > Budget Committee (Budgets are realistic and adhered to) R > Remuneration Committee
(Authorization/recommendation of remuneration of Dir)-NED
A > Audit Committee (Review of internal/external audit and internal controls) C > Capital Expenditure Committee (Capital budget, project management) E > Exception Policy (>1000 $ authorization is needed)
S > Steering Committee (Decisions related to projects, IS development project) But what is STEERING Committee ?
An advisory committee usually made up of high level stakeholders and/or experts who provide guidance on key issues such as company policy and objectives, budgetary control, marketing strategy, resource allocation, and decisions involving large expenditures.
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd
STORY-These types of controls are in ACCORD with sound principles of the segregation of duties and one of them is Authorization A > Accounting Manual (Financial Accounting System) C > Chart of Accounts (Codes)
C > Conflict of Interest Policy (Avoid double income by Directors) O > Organizational Chart (Roles and Responsibilities)
R > Restriction on Cheque Signatories (>1000 $ Finance Director Signature) D> Directors Responsibility (Investment, Interim Dividend, Bad Debts) Custody (Data and Assets can not be misused) STORY-DP (Data Processing) canFAIL D > Daily banking of cash (to avoid theft)
P > People responsible for assets should not be permitted to sold them (unless previous approval taken) F > Forms to be pre-numbered (Invoices, vouchers, clock cards) A > Access Control (Computer or Manual System)
I > Individual responsible for handling cash should not perform recording or reconciliation of cash L > Locked Storage of data on Cds or on registers. Recording
STORY-These controls are PLACED in the accounting system to ensure segregation in terms of recording transactions. P > Posting references in Ledgers (Grid Box)
L > Listing of mail receipts (Cheques)-Remittance List A > Accounting personnel rotated (Mail Room)
E > Entries in Day Books then ledgers (6 Day Books>ledger>TB>FS) D > Debtorsa/creditor Age Analysis, A/P, A/R Bank Reconciliations
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd
STORY-WE COME TO the conclusion that supervisors are essential to ensure a wellcontrolled system in place. W > Work Coverage Review (Completion) Production Department (Time Card) E > Ensure adequacy of resources (To fulfill their objectives) - HR C > Competence of people promotion from internal sources or recruit from outside O > Oversee the work of new staff and juniors (Orientation/Coaching) M > Monitor and control work and its quality (Job Well Done) E > Ensure training (updating knowledge of staff) - CPD T > Trouble shooting problems (Machine Breakdown)
O > Offer advice and support for people who need it (Motivation).
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd
STORY- Organizations are FACTIONS (faction is group of persons associated or acting together) An organization structure:
F > Facilitates flows of work
A > Allocate authority and responsibility C > Coordinates and control activities T > Transfer and share communication, knowledge, skills and competence I > Imposes monitoring and control systems N> Networks (Contact with others) O > Operates at both formal and informal levels S> Segregates Work (Horizontals (Departments) / Vertical (Senior/Junior))
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd
STORY- Reviews and surprise checks sometimes cause a FRACAS to develop between the reviewed and the manager being reviewer. (A fracas is a noisy argument)
F > Functional performance reviews (Stock Movements) R > Reconciliations (Bank, Debtors, Creditors) A > Activity Reviews (Surprise check of time cards)-Timekeeping department C > Comparison of records with physical assets (Fixed Assets /Inventory) A > Actual performance reviewed against budgets (Variance Analysis/Exception Reporting)
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd
Managements ongoing and periodic assessment of the efficiency and effectiveness of the design and operation of its internal control structure to determine whether it is operating as intended and modified when needed.
Auditor should know how the Company monitors its system. Usually this is achieved by reviewing internal audit reports.
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd
Lack of Segregation of Duties Lack of Authorization Controls Cost of Establishing IC Management Override You are FREE to contact within Islamic Sharia Limits. BEST WISHES !!!
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd