Student Name: Mohamed Valiyakath

Aboobacker
Course: MBA
Registration Number: 581122473 LC Code: 00205
Subject Name: Internal Audit &
Control
Subject Code: MF0013

Q1. Define and explain the term auditing. Personal qualities of an
auditor are important for the successful conduct of audit. Comment
(Definition of auditing, Explanation of auditing, Qualities of an auditor)

Answer:
Definition of auditing
Auditing in its modern concept, is a scientific and systematic examination of books, vouchers
and other financial and legal records in order to verify and report upon the facts regarding the
financial condition disclosed by the balance sheet and the net income revealed by the profit and
loss account.In the abovementioned definitions, the focus is on the examination of the financial
records and report thereon. But now-a-days, audit is not only concerned with checking of
financial records but also costing records, operational records, performance records etc.
Efficiency audit has become a buzzword in modern Auditing.
Explanation of Auditing
Auditing is as old as Accounting itself. The word audit has been derived from the Latin word
audile meaning to hear, listen or give credence toxin ancient times it was the practice to
check the accounts of an estate by hearing the business records from accounting parties by the
person authorized to check the accounts. There is historical evidence supporting that household
accounts of early rulers were kept by at least two persons, independently of one another, to
keep a check on mistakes and misappropriations. In the Maryann, Greek and Roman empires,
there was a foul proof system of control over public revenue and expenditure. The industrial
revolution in the 18th century and also advent of joint stock companies increased the number
and complexity of business transactions. There was an ever growing need to ensure an
independent statutory review of the accuracy and reliability of the Books of Accounts.
Independent firms of professional Accountants came into existence to audit the accounts.
Auditing profession received statutory recognition with the passing of the British Companies Act
in 1862, and detection of fraud became the primary objective of Auditing. In the United States,
Auditing profession was introduced in 1900 and ascertaining of actual financial conditions and
earning of an enterprise was set out as the main objective of Auditing.
Qualities of an Auditor
An auditor renders a professional service to his client. He should not only possess the
prescribed statutory qualifications but also certain personal qualities. Some of those personal
qualities are mentioned below:
1. Common sense: According to Spicer and Pegler,the auditor should have a full share of that
most valuable commodity-commonsense. This is necessary to distinguish between important
and not so important information.
2. Independence: Expression of opinion is a prime duty of an auditor. An influenced and biased
person cannot form an independent opinion. Hence, independence in true sense is an utmost
quality of an auditor.
3. Honesty and Integrity: Like any other professional viz. Doctors, Lawyers etc. auditor should
possess a high moral character. In a way, he is a public servant. He must not knowingly,
misinterpret any fact or sign any document under undue pressure.
4. Objectivity: Independence of an auditor depends on his ability to act with objectivity. For
example, the auditor of XYZ Company believes that closing stock has not been properly valued
but accepts a certificate from the management as to its valuation. In this case, the auditors
judgment lacks objectivity.
5. Communication: He should be able to communicate effectively, both orally and in writing.
Particularly in the matter of report writing, he should be able to convey his message clearly and
unambiguously.
6. Tactfulness: He should be firm, yet diplomatic with his client and staff. He should be tactful
enough to obtain necessary written as well as oral evidence from his client, so that he can form
a reasonable opinion.
7. Awareness of latest developments: An auditor should keep his knowledge up to date
related to his audit work likes changes in laws, changes in professional standards, latest
development in technical guidelines etc.

Q2. Write the key objectives of a good internal audit system. Narrate
the points of dissimilarities between external audit and internal audit.
(Key objectives of a good internal audit system, Dissimilarities
between external audit and internal audit)

Answer:
The significance of internal audit is growing day by day. Historically, internal audit was mostly
confine to ensure that the accounting and allied records have been properly maintained, the
assets management system is in place in order to safeguard the assets and also to see whether
standing policies and procedures are duly complied with. But with the passage of time, the
objectives of internal audit have been significantly changed. Now cost benefit analysis,
resources utilization and their proper deployment, effectiveness of management decisions etc.
are also being reviewed by the internal auditor.
Briefly, the objects of internal audit may be described as follows:
1. Evaluation of business control system: Internal audit is concerned with ensuring effective
and efficient system of accounting control, standard cost control, budgetary control and other
functional control.
2. Compliance with standard policies and procedures: Reporting to management about the
compliance of standard policies and procedures is an important objective of internal audit.
For example, suppose companys standing policy is that any purchase order worth more than
Rs. 4, 00,000/- cannot be awarded without asking quotation from at least three parties. If
internal auditor found that this has not been strictly followed then he must report those cases to
the management.
3. Safeguarding and adequate utilization of business assets: Internal audit has to ensure
that all assets of the company are properly recorded. It has to verify assets utilization report and
determine whether fixed targets have been achieved or not.
For example, suppose internal auditor found that valuable scrap are not being properly
recorded in the books, he should include this observation in his audit report.
4. Reliability of Management Information System (MIS): Internal Audit ascertains the
reliability of financial and operating reports prepared throughout the organization. The
management relies on the reports of internal auditors as they provide an assurance as to
validity of records and transactions of the enterprise.
5. Suggesting improvements: The ultimate objective of internal audit is to assist management
in the effective discharge of their responsibilities by furnishing them with proper suggestions for
improvements. To achieve full objectives of internal audit, the internal audit should have
sufficient authority to access all necessary records of the organization.
Essentials for Effective Internal Auditing
High organizational status: Whether internal audit is undertaken by an outside audit firm or
by an internal audit department of the company itself, the organizational status of the internal
auditor must be high. In an ideal situation, he should report to the highest authority of the
company. He should have the liberty to directly communicate with the external auditor.
Independence: Internal auditor must have the full independence of work. There should not be
any constraints or restrictions placed upon his work. Independence facilitates internal auditors to
render the impartial and unbiased opinion essential to the proper conduct of audits.
Technical competence: The internal audit team should be professionally qualified and
adequately trained. The number of staffs should appropriate.
Due professional care: The internal auditor should exercise due professional care in fulfilling
his responsibilities. Examples of the exercise of due professional care by the internal auditor are
the existence of adequate audit manuals, audit programmers and working papers.
Reporting and follow-up: The internal auditor should ensure that his findings with
recommendations should reach to the appropriate authority of the management. He should also
ensure that proper follow up actions have been taken by the management based on his reports.

Points of dissimilarities
External and internal audits differ in the following respects:
1. Mandatory: In most of cases, enterprises are under compulsion of law to appoint an external
auditor. However, internal audit is not mandatory expect for those companies where Companies
(Auditors Report) Order, 2003 is applicable.
2. Independent: The external auditor is independent of the organization which appoints him. On
the other hand, internal auditor is generally an employee of the organization or an outside audit
firm appointed especially for the purpose. So, independence of internal auditor is assured in
most cases.
3. Scope: The scope of an external audit is determined by Law as applicable to organization
and cannot be modified or restricted. Whereas the scope of internal audit is determined by the
management and may be expanded or restricted depending on the needs and objectives of the
organization.
4. Responsibility: The responsibility of external auditor is very wide and covers almost all
stakeholders of the company. However, the internal auditor, who is an employee of the
company, is only responsible to the management.
5. Power: The external auditor being appointed by law has statutory powers to conduct audit.
He has very wide powers compare to internal auditor. The power of internal auditor comes from
the views of management. In many companies, internal auditor also has very wide power and
he reports directly to audit committee of the company.
6. Submission of Reports: External auditor submits his report to the owners or shareholders.
But an internal auditor submits his report to management.
7. Periodicity: External audit may be conducted on an annual or on a periodical basis. But
internal auditor reviews the operations of a company continuously i.e. throughout the year.

Q3. Give the role of internal auditor in the Companys Management.
List down the duties of auditor Under Section 581ZG.(Role of internal
auditor in the companys management, Duties of auditor u/s 581ZG)

Answer:
Role of Internal Auditor as a Part of Management
Management is an art and science of conducting the affairs of an organization in such a manner
that its goals and objectives are achieved through optimum utilization of available resources.
For optimum utilization of available resources, management should quantify its objectives
through budget and targets. The role of internal auditors should be to constantly review and
monitor the policies, procedures, budget and targets of the organization. Deviations, if any,
should be immediately reported to the appropriate authority.

Let us discuss the role of internal auditor in the perspective of above figure.
1. Review of Internal Control System: The internal auditor should review
the internal control system of the organization. He should determine whether the existing control
system is appropriate and adequate keeping in view the objectives of the organization. For
example, having a separate credit control department in a smaller size company is not justified,
if the objective of customer payment default risk, can be minimized through control in built in the
accounting and sales system.
2. Review of Safeguards for Assets: The main concern of management is to establish that all
assets of companies are adequately protected against any damage or loss of any kind. Here an
Internal Auditor can play a very important role by reviewing the means used for safeguarding
assets against losses mainly fire, theft, damage due to improper use etc. Proper accounting of
all assets should be ensured.
3. Review of Compliance with Policies, Plans, Procedures and Regulations: Every
company has its own policies, plans, procedures and regulations for conducting various
managerial and non managerial functions. In this context, internal auditor should verify that:
a) There is an adequate system by which the policies and plans are communicated to all
concerned, and
b) There is proper compliance of policies, plans, procedures and regulation by all. If he found
any deviation he should cover this in his report with suitable recommendation.
4. Review of Organization Structure: A well designed organization structure is the basic
requirement for the smooth functioning of any organization. Organization structure defines the
authorities and responsibilities of executives. The internal auditor should examine organization
chart to find out whether the structure is simple and economical and that no functions enjoys an
undue dominance over the others. He should see whether the lines of authority and
responsibility are clearly defined and communicated to all the organizational levels. The internal
auditor should examine the reasonableness of the span of
control of each executive (the number of sub-ordinate that an executive controls). Unity of
commands is another area which should be examined by internal auditors. Unity of commands
means each executive should report to only one superior.

Duties of auditor under this part (Sec. 581 ZG)
Without prejudice to the provisional contained in Section 227, the auditor shall report on the
following additional matters relating to the producer company, namely:
The amount of due along with particulars of bad debts if any;
The verification of cash balance and securities;
The details of assets and liabilities;
All transactions which appear to be contrary to the provisions of this part;
The loans given by the producer company to the directors;
The donations or subscription given by the producer company;
Any other matter as may be considered necessary by the auditor.
Q4. The effectiveness of the internal control system can be ensured if
the important aspects of the companys operations are kept in mind.
Explain the characteristics of an effective internal control system.
Write the elements of internal control. (Characteristics of an effective
internal control system, Elements of internal control)
Answer:
Characteristics of Effective Internal Control System
Internal control is the whole system of controls, financial or otherwise, established by the
management in order to carry on the business of the enterprise in an orderly manner, safeguard
its assets and secure as far as possible the accuracy and reliability of its records. Now question
arises, whether internal control system is her effective or ineffective, how you will determine it.
Obviously, there are certain special characteristics of an effective internal control system which
are discussed
below:
1. Plan of organization: A proper plan and an appropriate structure of the organization is a
must for implementation of an effective internal control system. It is true that the appropriate
structure will be different for different organizations but few features are common for all. Some
of them are as follows:
Organization structure should facilitate independence of different functions performed at
different level.
There should be clear demarcation between the department which conducts the activities
and the department which records the activities.
Similarly, there should be clear demarcation between the department which is custodians of
the assets and the department which maintains account relating to those assets.
Authorities and responsibilities of each department should be clearly defined based on the
policies of the management.
There should not be any scope of duplication of jobs, duties and assignments in the
organization structure.
2. Authorization, Record and Control Procedures: The basic objective of authorization,
record and control procedure should be to ensure that:
Every item of expenditure has been properly authorized and accounted for.
Every item of receipt has in fact been received and duly accounted for and
There is proper custody of the funds and other assets of the enterprise, and there is no
misapplication or misuse of the same.
This will necessitates for having an appropriate procedures for proper review and authorization
of all transactions before they are entered in the books of account. Documents pertaining to
each transaction should bear signatures or initials of the persons concerned to ensure effective
accountability. Fixing of responsibility for the transaction will become easier if there is an
accounting manual laying down the authorities and responsibilities of all persons connected with
the accounting work.
3. Sound practices: An effective internal control system must have inherent safeguard in
procedures and processes. A strong system of internal check should be in practice. Under
internal check system, it should be ensured that no person alone handles a transaction
completely from beginning to end. Moreover, there should be inbuilt system, which ensures that
work of every individual gets checked automatically by another person.
4. Quality of Personnel: The availability of competent and efficient personnel is a basic
prerequisite of an effective internal control system. It is the competent executives who carry out
and enforce effectiveness in the internal control system. Competency of personnel does not
mean competency of departmental heads and key personnel alone, but all the persons, who
perform routine tasks at different levels. This will require proper selection and training of the
personnel, backed by effective direction, supervision and control and an ample provision for
quick corrective action to prevent lax performance, or violation of prescribed procedures.

Elements of Internal Control
An entitys internal control system is much more then entitys record keeping procedure. It
includes the elements as reflexes in Figure below:

Now, let us discuss the elements in detail.
1. Control Environment: Control environment is the foundation of the all the other elements of
internal controls. It includes and reflects the factors that set the tone of the organization,
influencing the control consciousness of its people.
2. Risk Assessment: Assessing control risk is the process of evaluating the effectiveness of an
entitys accounting and internal control systems in preventing or detecting material miss-
statements in the financial statements. After obtaining the understanding of the accounting and
internal control system, the auditor should make a preliminary assessment of control risk for the
relevant assertions in the financial statements.
3. Control Activities: Various policies and procedures that help to ensure that those necessary
actions are taken to address risks affecting achievement of entitys objectives (PIPS)
P Performance reviews (review of actual against budgets forecasts)
I Information processing (checks of accuracy, completeness, authorization)
P Physical control (Physical security)
S Segregation of duties
4. Information and Communication: It includes the accounting system consisting of the
methods and records established to record, process, summarize and report transactions and to
maintain accountability of the related assets and liabilities. To be effective, such as system must
accomplish following transaction related goals:
(a) Identity and record all valid transactions.
(b) Describe on a timely basis.
(c) Measurement of proper value.
(d) Record in the appropriate time period.
(e) Properly present and disclose.
(f) Communicate responsibilities to employees.
5. Monitoring and Supervision: Monitoring and supervision involves continuous assessment
of the quality of internal control performance over time. Management should ensure that internal
control system, as planned, functions properly and modifications needed, if any, are done on a
timely basis.

Q5. Describe general EDP controls. Explain the appraisal of
accounting system and related internal control. (General EDP
controls, Appraisal of accounting system and related internal control.)

Answer:
General Electronic Data Process Control
a) Organizational and operational controls
relate to plan of the organization and operation of EDP activities;
emphasis on segregation of EDP department from source and user departments; and
also lays importance on segregation of functions within the EDP department.
b) System development and documentation control
are designed to monitor, design, test and document the system and programmes
constituting each application;
Include:
i) Participation by user groups and accounting and internal auditing staff in system design;
ii) Joint system testing by user department and EDP personnel and its approval ; and
iii) Documentation creation and maintenance
c) Hardware controls
are built into computer equipment by the manufacturer to detect equipment failure
some of these are echo check, parity check, dual read and read after write.
d) Access controls
In order to prevent unauthorized use of data files, programmes and their support
documentation and computer hardware, access must be limited to authorized individuals;
Some types of control are use of passwords, locked doors, appointment of librarian etc.
e) Data and procedural controls
Aim at controlling daily computer operations, minimizing the processing errors and assuring
the continuity of operations in the event of a physical disaster or computer failure.

Appraisal of Accounting Systems and related Internal Control

Though the scope, objectives and general approach of Auditing does not change in a
computerized environment but the extent of audit procedures and nature of programmed
definitely get affected. Hence an auditor must have a clear understanding of clients
accounting system and related internal control. An appraisal of accounting system and a depth
study of internal control surrounding accounting system will guide him to form an opinion about
his extent of audit. Auditor, before undertaking detailed audit tests, must satisfy himself about
the inputs and output of accounting system. He should keep in mind the principle of Garbage in
Garbage out that means wrong input will always give wrong output. Hence, auditor must satisfy
himself that the inputs given to the accounting system are correct, the accounting system itself
is correct and outputs are satisfying the need of the organization.
The auditor should review the accounting system to gain an understanding of the overall control
environment and the flow of transactions. Such are view generally includes a survey of the
organization, management, personnel and nature of transactions. If the auditor wishes to rely on
internal controls in conducting the audit, he should also identify and make preliminary appraisal
of those controls on which it might be effective and efficient to rely in conducting the audit. The
auditor should specially focus on EDP organization structure. He should verify whether the
structure is in the line of the following guidelines: The care must be taken to ensure adequate
separation of duties within themed function. Moreover, EDP should be separate from user
departments, and EDP personnel should not initiate transactions. Separation within themed
function should include at least the following employees:

1. EDP Manager: is in overall charge of the data processing activity.
2. Systems Analysts: Design new systems and modify existing systems in accordance, with
the information needs of the users.
3. Programmers: Write and test programs based on the system design and/or modification.
4. Computer Operators: Process transactions through the system in accordance with the
operator instructions for the application being updated.
5. Input Preparation Group: Converts input data to a machine readable form.
6. Librarian: Maintains custody over master files and programs. Permits access only on the
basis of proper authority.
7. Data Control Group: Distributes output, monitors reprocessing of errors, and compares input
with output on a test basis. Ensure that the EDP manager reports to a sufficiently high level to
ensure the necessary breadth of computer application within the entity. Reporting to only the
chief accountant or the sales manager, for example, might restrict computing goals and prevent
maximum usage of EDP capabilities.

Q6. Explain the internal control systems in insurance companies.
Write down about the reporting internal control weaknesses. (Internal
control systems in insurance companies, Reporting internal control
weaknesses)
Answer:
Internal control system in insurance
Insurance companies paid special attention to the internal control procedures with regard to
receipts and payments of cash and cherubs, acceptance of risks, calculation of premiums,
making of loans, buying and
Selling of investments, payment of commission to agents, and to control over expenses of
management. An effective internal control system of an insurance company should provide the
following:

(a) Cash and cherubs received are deposited in the account of the insurance company without
delay. Normally, the internal control procedures provide that each branch maintains two
separate banks
Accounts-one for collection to premiums and the other for disbursement of expenses.
(b) Cash and cheque payments are made under proper authority and are adequately
documented.
(c) Risks are accepted only on the basis of a proper evaluation of the circumstances involved as
per set norms, departures from the same being properly authorized.
(d) Premiums are calculated correctly with reference to the nature of risks and the conditions
specified in the policy.
(e) Cover notes are issued in respect of all risks assumed and all cover notes are properly
accounted for. All cover notes should have preprinted running serial numbers for each class of
business and there[should be adequate controls over the issue of stationery compressing cover
notes, policy documents stamps etc.
(f) Commissions to agents are calculated as per the norms laid down and proper controls exist
over the accounts of the agents.
(g) Proper controls exist on the expenses of managements.
(h) Adequate procedures exist regarding the acceptance of claims specially with regard to the
assessment of loss and the insurers liability thereon and
(i) Adequate procedures exist regarding the communication of the transactions of the branch to
the divisional office concerned. The divisions, in turn should have adequate system to
incorporate there transactions in the books of account maintained at the divisional level.
Reporting Internal Control Weaknesses
The communication of inadequacies and weaknesses in the internal control system is made by
means of a letter known as letter of weaknesses. The points of inadequacies and weaknesses
are noted first on a study of the control system itself and, in the course of audit, points of
departure from the prescribed system and any further points of weaknesses and non
implementation of procedures are also noted; and a letter of weaknesses is issued incorporating
these points and explaining the possible dangers emanating there from. It is proper to issue
more than one letter of weakness-first on an study of the system as such and then on the
deficiencies, departure, non-implementation etc., noted in the course of audit. The points
already made in the earlier letter may not be repeated. The letter of weakness should also
request the client to take appropriate action or remedying the state of affairs. If desired by the
clients, the auditor may himself give his own suggestions for remedying the defects in the letter
of weakness itself or in a subsequent letter. If, afterwards, the auditor on study of the system
finds that the defects mentioned in the letter of weakness have not been corrected, he should
issue a further follow-up letter making reference to the original letter.

In drafting the letter of weakness, proper care should be taken in presenting
The weaknesses, in the order of materiality. For example, weakness involving stock, debtors or
plant and machinery will undoubtedly be important while weakness in petty cash or loose tools
may not be that significant, preferably, major weaknesses should be listed separately. This will
help the client to properly comprehend the implications of the weaknesses. It should be
appreciated that by writing a letter to the management about the weaknesses in the system, the
auditor is not absolved from his duty to report the shortcomings in the accounts by way of
qualification where the defects have not been corrected to the auditor satisfaction weighing the
materiality of weaknesses and their impact, if considered necessary. It should also be
understood that the nature and significance of the weaknesses may vary from client and, only
on having regard to the weaknesses in each specific case should the letter of weakness be
prepared. It should, however be made plain in the letter that the weakness reported therein are
not the only weaknesses that may existing the system and that they are ones that were found in
the course of evaluation of the internal control system or during the course of audit. The practice
of the issue of letter of weaknesses has a great merit in relieving the auditor from liability in case
serious frauds or losses have occurred, which probably would not have taken place had the
client taken due note of the auditors points in the letter of weakness. In the case Rasp.
Catterson & Ltd. (1937,81 Act L.R. 62), the auditor was acquitted of the charge of negligence for
employees fraud in view of the fact that he had already informed the client about the
unsatisfactory state in the specific areas of accounts and had suggested improvements which
were not acted upon by the management.