Module 5: Internal Control and

Financial Scrutiny Processes

Session 5.1: Internal Control and
Internal Audit
Moinul Islam

Learning Objectives

To familiarize participants with Internal Control

(IC) and Internal Audit (IA) concepts

To understand importance of IC and IA in sound

financial management

To apply IC and IA knowledge for better

management

Internal Control and Internal Audit

Slide 5.1.2

Internal Control
The whole system of controls, financial and
otherwise, established in order to provide
reasonable assurance of
efficient and effective public services,
reliable financial information and reporting and
compliance with applicable laws and regulations

Internal Control and Internal Audit

Slide 5.1.3

Purpose

Reasonable assurance that objectives are being

achieved;
Provide public services in an economic, efficient
and effective manner;
Account for their financial and operational activities
in a transparent manner;
Adhere to applicable laws, regulations and rules;
Safeguard resources against losses.
Should be built-in rather than built-on

Internal Control and Internal Audit

Slide 5.1.4

Components of Internal Control

Control Environment sets the tone of an

organisation
Risk Assessment identifies and analyses
relevant risks to the achievement of entitys
objectives
Control Activities policies and procedures
established to address risks and to achieve the
entitys objectives
Information and Communication essential
to the realization of all internal control activities
Monitoring to assess the quality of the
systems performance over time

Internal Control and Internal Audit

Slide 5.1.5

Types of Controls

Administrative Controls roles and

responsibilities, delegation of authority,
communication channels, reporting
responsibilities, etc.
Financial/Accounting Controls recording of
transactions, maintaining financial records, etc.
Management Controls -

Internal Control and Internal Audit

Slide 5.1.6

Administrative Controls
Key preventative controls:
o Objectives of the organization are clear and
documented
o Personnel are aware of their roles and
responsibilities
o Adequate supervision is established
o Reporting systems are clear with established
cycles

Internal Control and Internal Audit

Slide 5.1.7

Administrative Controls
Key Detective Controls:
o Sound arrangements exist to monitor and review
operations and performance
o Internal Audit and Inspection Unit in place
o focuses on outputs and quality of service delivery
o Adequate review mechanisms followed and
corrective action taken to address issues raised
by inspection or audit units

Internal Control and Internal Audit

Slide 5.1.8

Financial/Accounting Control
Key Preventative Controls:
o A realistic budget having specific budget
responsibilities clearly established
o Sound budgetary control systems instituted
o Adequate authorization and approval procedures in
place
o Sound accounting arrangements established
o Checking of invoices prior to payment strictly
followed
o Adequate physical security of assets to prevent
losses
Internal Control and Internal Audit

Slide 5.1.9

Financial/Accounting Control
Key Detective Controls:
o Independent physical checks carried out regularly
and loss of assets, misuse reported and effective
action taken
o Review of financial records done to ensure
completeness, reconciliation and accuracy
o Inspections carried out to examine and highlight
weaknesses in internal control and any losses or
errors
Internal Control and Internal Audit

Slide 5.1.10

Management Control
Key Preventative Controls:
o Plans for service delivery together with performance
measurement indicators
o Policies and objectives for a service clearly stated and
backed up with suitable indicators of efficiency and
effectiveness
o Appropriate organizational structures established to
facilitate the achievement of policy objectives in an
efficient and effective manner
o Adequate procedures and guidelines are in place
o Human Resources Development system exists
o Staff are well motivated
o Adequate management communication systems
instituted
Internal Control and Internal Audit

Slide 5.1.11

Management Control
Key Detective Controls:
o
o
o

Periodic review of specific areas of activity

Adequate internal audit coverage takes place
External audit report is used

Internal Control and Internal Audit

Slide 5.1.12

Evidence of Internal Control System

Legislative mandate
Organization charts
Procedure manuals
Policy and Budget statements
Guidelines issued by the Ministry of Finance
Internal audit reports
External (C&AG) audit reports

Internal Control and Internal Audit

Slide 5.1.13

Assessing and Reviewing Internal Control

Some of the sources are:
PAC recommendations
Recommendations of the Parliamentary Standing
Committee
Findings from IMED reports
Findings and recommendations in reports received from
the C&AG audits
Findings and recommendations in reports of internal
audit
Known failures in systems and controls which resulted in
losses
Findings and recommendations in quality reviews or
inspections
Accounting information
Internal Control and Internal Audit

Slide 5.1.14

Internal Audit - Definition

Internal auditing is an independent, objective
assurance and consulting activity designed to add
value and improve an organization's operations. It
helps an organization accomplish its objectives by
bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk
management, control, and governance processes

The Institute of Internal Auditors, 1996

Internal Control and Internal Audit

Slide 5.1.15

Need for Internal Auditing

Activity verifying that internal

controls are in place and
operating effectively
Irrespective of the private and
public sector organizations
Provides an independent and
objective opinion to the highest
authority on risk management,
control and corporate
governance

Internal Control and Internal Audit

Slide 5.1.16

Independence

Internal Control Manual (2005) mentions

independence as an important element of
internal audit
Reports to the highest authority of the
Ministry/Division
Submits recommendations to the highest level
(PAO) including the Audit Committee
Independent from the operational and
accounting responsibilities

Internal Control and Internal Audit

Slide 5.1.17

Purpose

Evaluating organizations internal control system,

identifying weaknesses and suggesting remedial
actions

Helping attain organizational objectives and goals

Evaluating organizational risk management,

control management and governance

Internal Control and Internal Audit

Slide 5.1.18

Responsibility

Audit comments provided by

the Internal Audit Chief after
approval of the PAO
Examine organizational risks
and managerial controls
Examine effectiveness of
internal control and
recommend improvements
Role in respect of assuring
probity, compliance and
regulatory as well as
performance reporting

Internal Control and Internal Audit

Slide 5.1.19

What is included in the audit report?

Background Information
Audit Objective
Scope of Audit
Findings (What was found)
Why it happened
What is required
What effect it has

Recommendation for improvement

Response who, when and how

Internal Control and Internal Audit

Slide 5.1.20

Audit Committee

A high level committee

that acts as an
interface between the
PAO and audit related
activities of the
Ministry
Evaluating the Internal
audit Reports
Review of actions
taken based on audit
recommendations

Internal Control and Internal Audit

Secretary/Principal
Accounting Officer

Internal Audit

Audit Committee

Audit Cell

Slide 5.1.21

Internal Control and Internal Audit

Slide 5.1.22

What happens after the audit?

Follow-up
Review corrective action
Report to Audit Committee/CEO

Internal Control and Internal Audit

Slide 5.1.23

Exercise
Case

Study on Internal Control

Internal Control and Internal Audit

Slide 5.1.24