Internal control structure of the organization

INTERNAL CONTROLS

Plans and actions of the organization including

management’s attitude, methods, procedures and
other measures that provide for reasonable assurance
that the following general objectives are achieved
1. Assets are safeguarded against loss due to
waste, abuse, mismanagement, errors, fraud
and other irregularities
2. Laws, regulations and management
directives are complied with
3. Reliable financial and management data are
developed maintained and fairly disclosed in
timely reports
Why look at controls
 Understanding of internal controls is important in
order to
1. Assess the risk an organization is facing in its daily
transactions and routine course of business
2. In order to make recommendations for
improvements
3. Identify the reasons as to why the error occured
Understanding & Examining Internal Controls
 The auditor is expected to review the internal
controls as a part the audit
1. Review and document the systems and procedures in
place to carry out transactions and other operations
(permanent file)
2. Identify the points in accounting system and other
systems being audited
3. Identify and document the controls and determine
that the controls are operating
4. Assess the adequacy and effectiveness of the controls
Documenting the controls
 Narrative
 Flow chart

METHODS OF ASSESSING THE

CONTROLS
1. Internal Control Questionnaire
2. Walk trrough
Responsibility of maintaining the controls
Internal controls are the responsibility of the
management to install, review and update the
control system
In government it is also the responsibility of the
Controller General of Accounts to
“ lay down the principles governing the internal
financial controls for government departments in
consultation with the Ministry of Finance and
provincial Finance Departments”
Elements of Control
Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
Control Environment
Methods of assigning responsibility
Management and staff’s integrity and values
Management and staff’s commitmant to competence
Management’s reaction to outside change and
influence
Internal audit unit
Risk Assessment
Identification and assessment of risks to the
achievement of objectives
This would allow the management to install internal
controls
Control Activities
 Policies and procedures that help management
directives are carried out. They help ensure that
necessary actions are taken to address the
identified risks
 Control Activities include
1. Proper authoriztion
2. Control over physical assets and records
3. Inependent checks on performance
4. Segregation of duties
Information and Communication

 Prompt and proper recording of transactions

 Prompt communication of instructions
1. vertical and horizontal
2. Outside and inside
Monitoring

Ongoing and periodic evaluation of internal controls

Spot checks
Limitation of Internal Controls
Internal control structure can provide only a
reasonable and not an absolute assurance
Judgments in making decisions can be faulty
Controls can be circumvented by collusion
Internal Control Questionnaire
(Environmental
 )
By verbal enquiry and observation conclude
on the overall level of control consciousness
 Questions include
1. Do employees have clear understanding of
their responsibilities
2. Is management accountable for the
establishment of internal controls
3. Are controls applied all the time
 Are there clear procedures and directives and are
there clear management procedures to ensure they
are complied with
1. Communication of what is acceptable
2. Employee evaluations provide a feedback on their
performance
3. Promotions and rewards are consistant with
performance
ICQ on Organization
 Is organization clearly defined in terms of:
1. Functions and Authority
2. Responsibility for decision making
3. Rotation of officers in key positions
4. Limitations on authority
2. Are these functions performed independently
of each other
– Accounting and internal audit
– Recording of receipt and collection of money
– Approval/authorization of payment
– Recording of expenditure and issue of
payment
– Recording of assets
This can be done by obtaining an
organizational chart, description of duties and
responsibilities
ICQ on Competence of personnel

Do procedures for selection of staff ensure that staff

selected is competent
Do staff get adequate training
Do staff have a clear description of their dutues
Is the staff properly supervised
Evaluation and rewarding systems are in place
ICQ on management and operating style
Clear policies and procedures
Extent of computerization
Do PAO and DDO exercise adequate control over
financial matters like timely budget and account
preparation and analysis
Benchmarks for performance
Corrective actions
Reporting
Are management reports prepared and circulated
regularly
Are management reports used for monitor financial
and operational activities\
What are the checks on reliability of data
What actions are taken on the reports
Protection of assets and records
Are there checks for protection of cash collection and
custody
Are checks there for avoiding unauthorized access to
records (manual & comptuer)
Disaster recovery plan
Record retention plan
Internal Audit
It is a kind of internal control
For the management
System analysis and effectiveness
Advise for greater efficiency and effectiveness
Thank you