-
Internal Control 5 Components
C R I M E
• Control activities
• Risk assessment
• Information and communication
• Monitoring
• Control Environment
1st-Control
Environment (E)
Is the foundation
for all other components including
-
Integrity , Ethics , People competences
-
Management Philosophy
-
Assigning of Authority & Responsibility
-
Direction by Board of directors
-
HR - Human Resources Management
-
Policies & Procedures
-
Organization Structure
-
2nd-Risk Assessment (R)
A risk is anything that
endangers the achievement of an objective. management is responsible for the
assessment of risk.
The Risk may be - external – Threats
– like ( Technology , market , suppliers ..)
-Or internal
( employee robbery , bribes , illegal acts , disruptions in computer systems
..)
-Risk assessment is the process of identifying(quantified),
analyzing and managing the risks that have the potential to prevent
the organization from achieving its objectives.
- identifying, analyzing risk
1-Determining the dollar value
of assets that are exposed to loss.(severity of loss)
2-The probability that a loss will occur.(likelihood
of occurrence)
The risk assessment forms
the basis for determining how the risks will be managed.
- Managing risk
is the ongoing process of
designing and operating internal control that mitigate the risk(risk cannot be
eliminated).
-
The total risk
= inherent risk × control risk × detection risk
-
Inherent risk: - the risk that related to the nature of the item itself.
-
Control risk: - the risk that the control cannot prevent the occurrence of unwanted
event(management override the control or the collusion among employees. )
-
Detection risk: - the risk that the control cannot
detect the unwanted event .
3rd- Control Activities(C)
Are policies that address the identified
risks and procedures that ensure that management directives are carried out and
objectives will be achieved .
Types of control
|
Preventive
|
To avoid the occurrence of an unwanted
events
Like segregation of duties, training, maintenance,
authorization, job rotation
|
|
Directive
|
To ensure the occurrence of a desirable
events.(all members of the IAA must be CIA's)
|
|
Detective
|
To detect the occurrence of an unwanted
events after it occurred
Like Bank reconciliation , variance
analysis.
|
|
Corrective
|
The procedures put in place to correct
occurrence of an undesirable event discovered by detective controls and minimize future occurrences of the
problem .
|
|
Compensating
|
To compensate for weakness elsewhere .
|
Preventing
are the most cost effective controls and detective are the most expensive
controls
AICPA classifies
Control activities that may be relevant to an audit as follows
P I P S
• Performance reviews
• Information processing
• Physical controls
• Segregation of duties
Performance
reviews include the comparison of actual performance to budgets,
forecasts, and prior
period performance.
Information
processing includes controls performed to check the accuracy,
completeness, and
authorization of transactions.
Physical
controls encompass the physical security of assets. They include adequate
safeguards over access to assets and records, authorization for access to
computer programs and data files, and periodic counting and comparison with
amounts shown on control records.
Segregation of duties
Objective
: No employee is in a position to
both perpetrate and conceal irregularities
Different
people must perform these functions
|
Authorizing
Or initialization of a transaction
|
Recording
And maintaining journals
|
Custody
Or Physical keeping of an assets
|
Reconciliation
of
physical assets to a recorded amount
|
Notes:-
Segregation
does not guarantee that fraud will not occur (only reasonable assurance )
because Two or more employees
could collude with one another to commit fraud and covering for one another .
Collusion occurs when two or
more individuals work together to overcome the internal control system and
perpetrate a fraud. When two or more people work together, they are able to get
around the segregation of duties that may have been set out.
- Segregation of duties Examples
Controller
:(رئيس حسابات) performing the accounting function
Treasurer:-
(امين خزينة ،مدير مالي ) performing
custodianship (حفظ) function
Clerk :-(كاتب
الحسابات ) performing the accounting function
Purchases and spending cycle
Personnel and payroll cycle
Production and conversion cycle
Investing and finance cycle
Purchase / payable cycle
|
Authority to execute
transactions
|
Recording
|
Custody of asset
|
Reconciliation
|
|
-vested in purchasing
dep. Not the treasurer for example
|
- recording done by
accounts payable, not purchasing dep.
|
Vested in the warehouse.
|
Performed by inventory
control not the warehouse
|
Payroll cycle
|
Authority to execute
|
Recording
|
Custody of asset
|
Reconciliation
|
|
-vested in the human
resources dep. which authorizes the hiring and termination of employees and
their rates.
|
Done by the Payroll department.
|
Vested in the treasurer.
|
Performed by the general ledger accounting group.
|
Sales / Receivable cycle
|
Authorization
|
Record
|
Custody
|
Reconciliation
|
|
Vested in the sales dep.
. Not the treasurer for example
|
- recording done by
accounts receivables, not sales dep.
|
Custody of the
merchandise(vested in the warehouse)
Custody of cash(vested
in the treasurer)
|
Performed by the general ledger accounting group not the
treasurer or warehouse
|
4rth – Information &
Communications
Reports must contain the
information that management needs – and in a timely manner – and communicated
in a manner that enables people to carry out their tasks
Communications must be
ongoing , between different levels and forward and backward – ensuring proper
feedback
Both internal & external
information must be available – responsibilities reported downward – and
employee must alert management to potential problems
5th –
Monitoring
Management must assess
quality of internal control system performance over time
Management must also
revisit problems to make sure that it is corrected
Monitoring is either
ongoing monitoring – regularly - (
during normal operation ) or separate evaluation ( with the assistant of
internal auditor )
-
Responsibilities
Internal Control is board
and management responsibility
The internal Auditor only
evaluate effectiveness of the internal control system
المشاركات
Comments (0)
إرسال تعليق