Internal Controls MADE EASY by HMA

Brain Friendly Lecture Notes
Internal Control for (CMA/CIA/CICA) Students

Online Classes/Mentoring Available (Skype ID- StuCo786)
(Valid 2013)
by Hafiz Muhammad Adnan Rana - Professional Accountant/Auditor Trained with PwC (A.F.Ferguson & Co Chartered Accountants) Author of following for CIA/CMA/CICA and Internal Auditing Profession Raising Above Personalities (Internal Control) Travel to Chitral (Urdu Story based) Keeping the SOX on (Corporate Governance) Real Life Examples Business Financial Decisions (CMA Part II) Missing Millions (Fraud) Travel to Dubai (Urdu Story based) Souls are Weak, They are Liability (Risk Management / ERM) Travel to London (Urdu Story based) Chief Inspiring Officer @ Accurate Consultants, Sialkot (Audit/Tax/Advisory/Accounting) Socialprenuer @ The Student College, Research and Training Centre, Sialkot
Islamic Republic of Pakistan

The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near stuco786@gmail.com www.stuco786.com Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd
Internal Controls
Reminder why controls needed
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd
Internal Controls always puzzled students. And when it comes to comparing with Internal Check - their hearts stop beating. So better to know components than definition of Control/Internal Control without being a FREAK.
nd
Internal control consists of five interrelated management areas as per COSO.
This can be easily remembers with the word CREAM.

C for Control environment R for Risk Management E for Employment of accounting information systems and communication M for Monitoring (of the control system)
nd
A for Activities (Designed for control purposes)

C for Control environment
Its not HARD thing, its soft thing. As the Org grow, so does the distance between boss and employees whose role model is owner (culture this is the way we do things over here type (Bill Gates, Steve Jobs) watched closely and followed in small org. In big Org this gap is filled by ethical training that guides CEO to Janitor at door to behave ethically. Control environment is feel of a control.
Auditor uses the following factors to assess the quality of control environment of a particular client (i.e. The Student College) COACH ME
C for Communication and enforcement of integrity and integrity values throughout the organization. O for Organizational structure A for Assignment of authority and responsibility C for Commitment to competence a learning organization . H for Human resource policies and procedures M for Managements philosophy and operating style E for Enforcement of best practice corporate governance principles
nd
Next is R for Risk Management but do not get confused with COSO ERM and COSO Internal Control.
COSO is committee of sponsoring Org (www.coso.org) and sponsoring Org are IIA, AICPA, IMA, AAA (American Accounting Association and FEI (Financial Executives International) Each of these Org preaching Risk/Control mindset.
nd
R for Risk Management
Managements risk policies and procedures in regard to the identification, analysis and management of risks.
Auditor obtain understanding of the IS and its risks including the related business processes, relevant to financial reporting: APPLES
A for Accounting records P for Procedures (SOP) P for Process used (Segregation of Duties) L for Ledger via journal entries (Day Books + Journal) > Ledgers CA> TB >FS E for Events and conditions and their capture (IAS 10) Going Concern ISA S for Significant classes of transactions (Unusual Transaction) Fire, Earthquake
nd
E for Employment of accounting information systems and communication

Methods used to identify, assemble, classify, record and report the entitys transactions and to maintain accountability for related assets and investments.
Auditor should know how the Company and its officers communicate significant matters relating to financial reporting i.e. the exception reporting.
CATERS
C for Channels of communication made available for people to report suspected improprieties (Whistle Blowing) A for Adequacy of communications across the organization (Variance Analysis) T for Timely and effective follow up action (Internal Auditor) E for Effectiveness with which employees duties and control responsibilities are communicated. (Change/Deputation/Orientation/Trianing/ Aprraisal) BBS R for Receptivity of management to employee suggestions (Maxell Floppy) S for Sufficiency and effectiveness of the channels with external parties, such as customers (Key Account Management-PR) and suppliers. (Digital Transaction) JIT
nd
A for Activities (Designed for control purposes)
Policies and procedures that management established to achieve its objectives for financial reporting and the security of its assets.
Auditor should know what activities are designed to clean the organization from errors and malfeasance. I PASS A MOP
I for Information processing controls (General Controls/Application Controls) P for Physical Controls over assets (Locks, Chowidars) A for Authorization and approval controls (<1000 $) >1000$ S for Segregation of duties controls S for Supervision controls (Double Check) Internal Audit I PASS A MOP A for Arithmetic and accounting controls (+-)-Casting M for Management (Doing the things right) Leadership (Doing the right things) O for Organizational control (Variance Analysis, KPI) P for Performance reviews (Appraisals)
nd
I for Information processing controls Separate Online Lecture P for Physical Controls over assets
STORY-Checking some of these physical controls would involve the use of audit SAMPLING techniques
S > Stores (Safe custody of materials)
A > Assets with WDV of Nil (Generally not covered in external audit) M> Money-valued documents (Cheque books) P> Private use of organizational assets (Policy regarding laptops and cars) L> Leases agreements and rent agreements (Locked) I> Insurance Policies, customer lists (Locked) G> Grading products (Defective goods)
N> No access policy (Building, Office, Software, Documents)

nd
A for Authorization and approval controls

Authorization and Approval are two truly confused words for many. Lets explore these further
Authorization is (TO BOARD of DIRECTORS from SHAREHOLDERS) 1. To grant authority (status) or power (gave you choice) to. 2. To give permission for; sanction: the city agency that authorizes construction projects. 3. To be sufficient grounds for; justify.
Approval is (FROM SHAREHOLDERS ON IMPORTANT MATTERS like Approving Dividend, Investments and Financial Statements)
1. The action of officially agreeing to something or accepting something as satisfactory. 2. The belief that someone or something is good or acceptable.
nd
STORY-One could say that authorization and approval are the belt and BRACES of internal control (Belt and braces is an idiom which means making double sure B > Budget Committee (Budgets are realistic and adhered to) R > Remuneration Committee
(Authorization/recommendation of remuneration of Dir)-NED
A > Audit Committee (Review of internal/external audit and internal controls) C > Capital Expenditure Committee (Capital budget, project management) E > Exception Policy (>1000 $ authorization is needed)
S > Steering Committee (Decisions related to projects, IS development project) But what is STEERING Committee ?
An advisory committee usually made up of high level stakeholders and/or experts who provide guidance on key issues such as company policy and objectives, budgetary control, marketing strategy, resource allocation, and decisions involving large expenditures.
nd
S for Segregation of duties controls

This entails three fundamental functions that must be separated and adequately supervised: Authorization, Custody, Reporting
Authorization (Only necessary transactions are undertaking not fraudulent ones)
STORY-These types of controls are in ACCORD with sound principles of the segregation of duties and one of them is Authorization A > Accounting Manual (Financial Accounting System) C > Chart of Accounts (Codes)
C > Conflict of Interest Policy (Avoid double income by Directors) O > Organizational Chart (Roles and Responsibilities)
R > Restriction on Cheque Signatories (>1000 $ Finance Director Signature) D> Directors Responsibility (Investment, Interim Dividend, Bad Debts) Custody (Data and Assets can not be misused) STORY-DP (Data Processing) canFAIL D > Daily banking of cash (to avoid theft)
P > People responsible for assets should not be permitted to sold them (unless previous approval taken) F > Forms to be pre-numbered (Invoices, vouchers, clock cards) A > Access Control (Computer or Manual System)
I > Individual responsible for handling cash should not perform recording or reconciliation of cash L > Locked Storage of data on Cds or on registers. Recording
STORY-These controls are PLACED in the accounting system to ensure segregation in terms of recording transactions. P > Posting references in Ledgers (Grid Box)
L > Listing of mail receipts (Cheques)-Remittance List A > Accounting personnel rotated (Mail Room)
C > Cash Register Backup (CD/DVD/Tapes)
E > Entries in Day Books then ledgers (6 Day Books>ledger>TB>FS) D > Debtorsa/creditor Age Analysis, A/P, A/R Bank Reconciliations
nd
S for Supervision controls

Supervisor, one who oversees the work or tasks of another
STORY-WE COME TO the conclusion that supervisors are essential to ensure a wellcontrolled system in place. W > Work Coverage Review (Completion) Production Department (Time Card) E > Ensure adequacy of resources (To fulfill their objectives) - HR C > Competence of people promotion from internal sources or recruit from outside O > Oversee the work of new staff and juniors (Orientation/Coaching) M > Monitor and control work and its quality (Job Well Done) E > Ensure training (updating knowledge of staff) - CPD T > Trouble shooting problems (Machine Breakdown)
O > Offer advice and support for people who need it (Motivation).
nd
A for Arithmetic and Accounting controls Separate Online Lecture
nd
M for Management Controls Separate Online Lecture
nd
O for Organizational control
STORY- Organizations are FACTIONS (faction is group of persons associated or acting together) An organization structure:
F > Facilitates flows of work
A > Allocate authority and responsibility C > Coordinates and control activities T > Transfer and share communication, knowledge, skills and competence I > Imposes monitoring and control systems N> Networks (Contact with others) O > Operates at both formal and informal levels S> Segregates Work (Horizontals (Departments) / Vertical (Senior/Junior))
nd
P for Performance reviews
STORY- Reviews and surprise checks sometimes cause a FRACAS to develop between the reviewed and the manager being reviewer. (A fracas is a noisy argument)
F > Functional performance reviews (Stock Movements) R > Reconciliations (Bank, Debtors, Creditors) A > Activity Reviews (Surprise check of time cards)-Timekeeping department C > Comparison of records with physical assets (Fixed Assets /Inventory) A > Actual performance reviewed against budgets (Variance Analysis/Exception Reporting)
S > Surprise checks of petty cash. (Imprest = Vouchers + Cash in hand)
nd
M for Monitoring (of the control system)
Managements ongoing and periodic assessment of the efficiency and effectiveness of the design and operation of its internal control structure to determine whether it is operating as intended and modified when needed.
Auditor should know how the Company monitors its system. Usually this is achieved by reviewing internal audit reports.
nd
Conclusion Internal Control VS Internal Check

An example of internal control is segregating the record keeping for an asset and its physical custody, such as in the case with inventory and cash. No one individual should have complete control over a transaction from beginning to end. Internal checks make it difficult for an employee to steal cash or other assets and concurrently cover up by entering corresponding amounts in the accounts. An example of internal check is the establishment of input and output controls within a data processing department. A group or person has the responsibility of checking control totals provided by the user department with those generated during the processing of the data.
nd
Limitations of Internal Control
Lack of Segregation of Duties Lack of Authorization Controls Cost of Establishing IC Management Override You are FREE to contact within Islamic Sharia Limits. BEST WISHES !!!
nd

Internal Controls MADE EASY by HMA

Uploaded by

Document Information

Original Description:

Copyright

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Internal Controls MADE EASY by HMA

Uploaded by

Copyright:

Brain Friendly Lecture Notes

Internal Control for (CMA/CIA/CICA) Students

Islamic Republic of Pakistan

Internal control consists of five interrelated management areas as per COSO.

This can be easily remembers with the word CREAM.

A for Activities (Designed for control purposes)

C for Control environment

R for Risk Management

E for Employment of accounting information systems and communication

A for Activities (Designed for control purposes)

N> No access policy (Building, Office, Software, Documents)

A for Authorization and approval controls

S for Segregation of duties controls

C > Cash Register Backup (CD/DVD/Tapes)

S for Supervision controls

A for Arithmetic and Accounting controls Separate Online Lecture

M for Management Controls Separate Online Lecture

O for Organizational control

P for Performance reviews

S > Surprise checks of petty cash. (Imprest = Vouchers + Cash in hand)

M for Monitoring (of the control system)

Conclusion Internal Control VS Internal Check

Limitations of Internal Control

You might also like