P1 GOVERNANCE RISK

AND ETHICS
Lecture 4
Nearchos A Ioannou
M Acc, ACCA ,CFE
Structure of Lecture

- Introduction to Internal Controls

- Role and purpose of the internal
audit function
Objectives

Explain the concept of internal control

including its components and
importance to the entity.

Distinguish between general computer

controls and specific controls.
What is internal control?
(as defined by IAA 8.20)
Internal control is a process,
designed and effected by those
charged with governance,
management and other personnel, to
provide reasonable assurance about
the achievement of objectives in the
following categories:
Categories
-Effectiveness and efficiency of operations
(Operations Objectives)

-Reliability of financial reporting and

information (Financial Reporting
Objectives)

-Compliance with applicable laws and

regulations (Compliance Objectives)
Restaurant

Operational objective: Order taken

correctly
Financial reporting objective: Money
received from customer recorded
accurately
Compliance reporting objective: In
accordance with food health and
safety regulations.
Components of Internal
Control
The control Environment
The entitys risk asessment process
The information System and
communication
Control Activities
Monitoring of Controls
Control Environment

Is the overall philosophy of

management towards the entitys
internal control and its importance in
the entity.

An auditor is required to obtain an

overall understanding of the control
environment
Control Environment (cont.)

In order to assess the control

environment of an entity,
corroborative inquiry is required
meaning that :INQUIRY ALONE IS NOT
ENOUGH it should be backed up with
observation and inspection.
Entitys risk assesment
process
An auditor should obtain an
understanding of the entitys process
for identifying business risks relevant
to financial reporting objectives and
deciding about actions to address
those risks.
Definition of a business
risk
Business risks result from
actions or
conditions events circumstances
inactions

that could
adversely affect the entitys ability to achieve its objectives and
execute its strategies
through the setting of inappropriate objectives and strategies
Information system

Consider the information system

relevant to financial reporting
objectives, including the accounting
system
Control Activities
Are a component of internal control that includes
policies and procedures which help ensure that
management directives are carried out.
They help ensure that necessary actions are taken
to address risks of not achieving the entity s
financial reporting objectives.
The control activities that are ordinarily relevant to
an audit are those that prevent or detect and
correct, on a timely basis, misstatements in the
financial statements that are considered material
by management or unauthorized disposition of
assets or incurrence of liabilities.
<IAA Glossary>
Control activities

Relate to policies and procedures to

achieve entitys specific objectives
Examples:
-Approval and control of documents
-Checking arithmetical accuracy of
records.
-Reconciliations.
Monitoring controls

Usually this depends on the presence

of an internal audit department
Entity-level and process-level
considerations structure

ce
s
po ial

ion
g

an
rtin
Re anc

at

pli
er
Components to be

Fin

m
Op

Co
considered:
Monitoring of controls
at the process-level
for each significant
Control activities process, account
Components to be balance, class of
considered: transactions or
The information system
at the entity-level and communication disclosure

The entitys risk assessment

process

The control environment

Internal control and risk
management
Turnbull report stresses the link
between internal controls and risk.
When setting up controls the nature
and extent of risk should be
accounted for, as well as the
likelihood of these risks being
materialised also costs of operating
such controls should be identified too.
Internal Audit

Internal audit assists management in

achieving the entitys corporate
objectives, particularly establishing
good corporate governance.
Definition

Internal audit is an appraisal or

monitoring activity established within
the entity as a service to the entity. It
reports the adequacy and
effectiveness of components of the
accounting and internal control
systems.
Internal V External audit
Internal External
Activity designed An exercise to
to value and enable auditors to
improve express an opinion
organisations on the financial
operations. statements.
Internal V External
Audit(cont.)
It reports to the It reports to the
board of directors shareholders or
and others charged members of a
with governance i.e company on the
audit committee. truth and fairness
Report is private of the accounts.
and for the Report is publicly
directors available to
shareholders.
Internal V External
Audit(cont.)
Internal audit work External audit work
relates to relates to the
operations of the financial
organisation statements.
Internal auditors External auditors
are often are independent of
employees of the the company and
company its management.
Regulation

Internal audit is not regulated in the

same way as external audit.
There are no legal requirements.
The scope and nature is more likely
to be set by the company policy.
Scope of the internal audit

It has two key roles to play in the

organisational risk management:
Ensure that the companys risk
management system operates
effectively.
Ensuring that strategies implemented
in respect of business risks operate
effectively.
Role of internal audit
department
It monitors the companys overall
risk management policy to ensure it
operated effectively.
It monitors strategies implemented
to ensure that they continue to
operate effectively.
Responsibility for fraud and
error
Internal audit may have a role in
preventing and detecting fraud.
How?
Internal audit assignments

Value for money audits examine the

economy, efficiency and
effectiveness of activities and
processes (known as the three Es)
VFM

Economy Maintain the appropriate

quality and quantity of inputs
(physical, human and financial
resources) at the lowest cost
Efficiency The relationship between
goods or services produced.
Effectiveness How well an activity
is achieving is objectives.
Problems with VMA

Measuring output (Fire Brigade)

Defining objectives (Non-profit making
organisations)
Sacrifice of quality( teacher pupil ratio)
Measuring effectiveness (Hospitals)
Over-emphasis in cost control
Measuring efficiency (Profit V Non-
profit organisations)
IT Audit

Is a test of controls in a specific area

of business, the computer systems.
An IT specialist may be necessary.
IT systems subject to
controls
E business
Operational systems
Access control
Capacity management
Desktop audit
Asset management
Problem management
Networks
System development process
Financial audit

The financial audit is internal audits

traditional role, it involves the review
of available evidence to substantiate
information and financial reporting.
Operational audit

Audits of the operational processes

of the organisation. They are known
as management or efficiency audits.
Their prime objective is the
monitoring of managements
performance in ensuring company
policy is adhered to