Documentos de Académico
Documentos de Profesional
Documentos de Cultura
• Discuss
• Collaborate
• Network
• Exchange knowledge
• Sharpen our skills
• Exchange information
• Exchange experiences
On
INTERNAL CONTROLS
• OUTLINE
• Introduction
• Oversight of Internal Control to fraud
Prevention, Detection,
• Irregularities and other forms of financial
improprieties.
• Forms of Risk and control:
• Risk based Control Vs Value Based Control
• Value Optimization
• Risk Management.
• Conclusion
• References
Introduction
Well, the main aim of any activity in an organization
should be to achieve the objectives of the organization
itself.
The main aim of internal auditing is to assist the
organization to achieve its objectives. No Long Story!
In the light of these developments, increasing scope and attention are directed to the
industry or profession that can guarantee safe and sound assurance on which trust and
reliability of the advice can be bought and consumed as pain killer or relief for the victims
of the developments.
The usual questions mostly asked when things go wrong either in an enterprise, industry
or globally was “where were the auditors”.
The question therefore overheats the already heated system. Hence, the continuous
oversight functions of internal control to cases of errors, irregularities, fraud and other
improprieties.
Irregularities and other forms of financial improprieties
Specific control. Implicit in the general controls are the specific controls
which the audit plans and procedures designed from the risk assessment
/risk rating of an enterprise. It is application of general control to specific
transaction, processes and circumstances of an enterprise.
The specific objectives of any audit will address one or more of the following
general management objectives:
• Risks are appropriately identified and managed.
• Interaction with the various governance groups occurs as needed.
• Financial, managerial, and operating information is accurate, reliable, and
timely
• Employees’ actions are in compliance with Organization policies and
procedures,and applicable laws and regulations.
• Resources are acquired economically, used efficiently, and
adequately protected.
• • Plans and objectives are achieved.
• Quality and continuous improvement are fostered in the
Organization’s control process.
• • Significant legislative or regulatory issues impacting the
organization are recognized and addressed appropriately.
• During the course of the audit, conditions may arise which warrant
revising the audit procedures, scope or budgeted hours. The auditor
should evaluate the situation, make timely recommendations to
audit management, and obtain approval before incorporating any
changes.
These controls are designed to correct undesirable outcomes which have been
realized. They provide a route of recourse to achieve some recovery against loss or
damage. An example of this would be design of contract terms to allow recovery of
overpayment. Insurance can also be regarded as a form of corrective control as it
facilitates financial recovery against the realization of a risk. Contingency planning is
an important element of corrective control as it is the means by which organizations
plan for business continuity / recovery after events which they could not control.
DIRECTIVE CONTROLS
These controls are designed to ensure that a particular outcome is achieved. They
are particularly important when it is critical that an undesirable event is avoided -
typically associated with Health and Safety or with security. Examples of this type of
control would be to include a requirement that protective clothing be worn
during the performance of dangerous duties, or that staff be trained with required
skills before being allowed to work unsupervised.
DETECTIVE CONTROLS
There are a number of ways the organization can manage risks to bring them to a
level which the board consider acceptable:
void the risks, for example not starting up a business selling innovative
A
products or closing a factory making dangerous chemicals. This may mean
giving up significant opportunities. This process is known as ‘termination’.
olerate them, without planning any contingencies. These are the ‘asteroid hits
T
earth’ type of risk. This does not mean that no-one will address this risk –
governments may decide to try and deflect asteroids using nuclear missiles.
olerate them, and plan contingencies. These are the ‘hurricane destroys
T
factory’ type of risk.
Just as external auditors independently report on an organization’s accounts, so the internal audit
activity independently reports that internal controls are operating properly. Recent financial scandals
have reinforced the need for this type of independent opinion.
So what is the purpose of internal auditing? It is frequently phrased in terms like, “to ensure proper
internal controls exist”. The problem with this statement is that it gives the impression that internal
auditing is only concerned with financial controls. Also, managers frequently consider controls to be
the responsibility of accountants and auditors, and are not therefore prepared to accept ownership of
them.
Managers, however, can see how risks directly affect them and are more likely to accept that it is their
responsibility to manage them. In addition, since the internal controls necessary depend on the risks
identified.
Now this is where the fun starts. What is risk management and what responsibility
does the internal audit activity have? Let’s start with some certainties:
‘Risk management’ is a term widely used, and ‘Risk Manager’ jobs exist in
Organizations. Theoretically, since managers own risks, they must ‘manage’ them.
That accountability cannot be passed to a third party. In practice, risk managers tend
to have responsibilities between managers and the internal audit activity, assisting
the organization to identify its risks, running risk workshops, coaching staff in risk
management and setting ‘best practice standards’.
Conclusion
• Internal Control is a serious business and as such designing, observing, implementing or executing
the system of internal control has taken a centre stage in the life of an enterprise’s continuous
existence and relevance. Internal auditing provides assurance service to management and also
occupies a prominent role in providing interpretations of inestimable values that last and outlive an
enterprise.
• Local and International corporate scandals of different sizes, dimensions and magnitude has
questioned the mandates of professional bodies, consultants and advisors in providing a value
added service to improve the bottom line of both individual and corporate businesses.
• Signing into Law Sarbanes-Oxley Act of 2002 has created a paradigm shift in the ‘business as
usual’ of services professional. The drama of suicides, bankruptcy ,paying fines on penalty,
surcharges and risk going to jail are few cases to mention.
• As widely reported in business practice, one of the methods for discovering frauds in by instituting a
sound system of internal control that will guarantee assurance to the organization processes.
Hence, most corporate failure attributed to the inability of the external audit of the enterprise to nip
the issues in the bud is rather unfortunate. Particular reference to Cadbury Nigeria Plc where the
firm of Chartered Accountants (Akintola Williams Delloite) was fined N20million naira was a sad
development to the Public Accounting practice.
• Finally, every one in the organization is required to protect the resources of the organization as an
internal control compliant in line with the age long definition of internal control which was put it as
‘whole system of controls, financial and otherwise established to carry on the business of an
enterprise, in an orderly and efficient manner, safeguard the assets of enterprise and secure as far
as possible the completeness, accuracy and validity of records.