You are on page 1of 21

Brain Friendly Lecture Notes

Internal Control for (CMA/CIA/CICA) Students


Online Classes/Mentoring Available (Skype ID- StuCo786)

(Valid 2013)
by Hafiz Muhammad Adnan Rana - Professional Accountant/Auditor Trained with PwC (A.F.Ferguson & Co Chartered Accountants) Author of following for CIA/CMA/CICA and Internal Auditing Profession Raising Above Personalities (Internal Control) Travel to Chitral (Urdu Story based) Keeping the SOX on (Corporate Governance) Real Life Examples Business Financial Decisions (CMA Part II) Missing Millions (Fraud) Travel to Dubai (Urdu Story based) Souls are Weak, They are Liability (Risk Management / ERM) Travel to London (Urdu Story based) Chief Inspiring Officer @ Accurate Consultants, Sialkot (Audit/Tax/Advisory/Accounting) Socialprenuer @ The Student College, Research and Training Centre, Sialkot

Islamic Republic of Pakistan


The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near stuco786@gmail.com www.stuco786.com Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd

Internal Controls
Reminder why controls needed

The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538

nd

Internal Controls always puzzled students. And when it comes to comparing with Internal Check - their hearts stop beating. So better to know components than definition of Control/Internal Control without being a FREAK.

The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538

nd

Internal control consists of five interrelated management areas as per COSO.

This can be easily remembers with the word CREAM.


C for Control environment R for Risk Management E for Employment of accounting information systems and communication M for Monitoring (of the control system)
nd

A for Activities (Designed for control purposes)


The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538

C for Control environment

Its not HARD thing, its soft thing. As the Org grow, so does the distance between boss and employees whose role model is owner (culture this is the way we do things over here type (Bill Gates, Steve Jobs) watched closely and followed in small org. In big Org this gap is filled by ethical training that guides CEO to Janitor at door to behave ethically. Control environment is feel of a control.

Auditor uses the following factors to assess the quality of control environment of a particular client (i.e. The Student College) COACH ME

C for Communication and enforcement of integrity and integrity values throughout the organization. O for Organizational structure A for Assignment of authority and responsibility C for Commitment to competence a learning organization . H for Human resource policies and procedures M for Managements philosophy and operating style E for Enforcement of best practice corporate governance principles
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd

Next is R for Risk Management but do not get confused with COSO ERM and COSO Internal Control.

COSO is committee of sponsoring Org (www.coso.org) and sponsoring Org are IIA, AICPA, IMA, AAA (American Accounting Association and FEI (Financial Executives International) Each of these Org preaching Risk/Control mindset.
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd

R for Risk Management

Managements risk policies and procedures in regard to the identification, analysis and management of risks.

Auditor obtain understanding of the IS and its risks including the related business processes, relevant to financial reporting: APPLES
A for Accounting records P for Procedures (SOP) P for Process used (Segregation of Duties) L for Ledger via journal entries (Day Books + Journal) > Ledgers CA> TB >FS E for Events and conditions and their capture (IAS 10) Going Concern ISA S for Significant classes of transactions (Unusual Transaction) Fire, Earthquake

The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538

nd

E for Employment of accounting information systems and communication


Methods used to identify, assemble, classify, record and report the entitys transactions and to maintain accountability for related assets and investments.
Auditor should know how the Company and its officers communicate significant matters relating to financial reporting i.e. the exception reporting.

CATERS

C for Channels of communication made available for people to report suspected improprieties (Whistle Blowing) A for Adequacy of communications across the organization (Variance Analysis) T for Timely and effective follow up action (Internal Auditor) E for Effectiveness with which employees duties and control responsibilities are communicated. (Change/Deputation/Orientation/Trianing/ Aprraisal) BBS R for Receptivity of management to employee suggestions (Maxell Floppy) S for Sufficiency and effectiveness of the channels with external parties, such as customers (Key Account Management-PR) and suppliers. (Digital Transaction) JIT
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd

A for Activities (Designed for control purposes)

Policies and procedures that management established to achieve its objectives for financial reporting and the security of its assets.

Auditor should know what activities are designed to clean the organization from errors and malfeasance. I PASS A MOP

I for Information processing controls (General Controls/Application Controls) P for Physical Controls over assets (Locks, Chowidars) A for Authorization and approval controls (<1000 $) >1000$ S for Segregation of duties controls S for Supervision controls (Double Check) Internal Audit I PASS A MOP A for Arithmetic and accounting controls (+-)-Casting M for Management (Doing the things right) Leadership (Doing the right things) O for Organizational control (Variance Analysis, KPI) P for Performance reviews (Appraisals)
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd

I for Information processing controls Separate Online Lecture P for Physical Controls over assets

STORY-Checking some of these physical controls would involve the use of audit SAMPLING techniques
S > Stores (Safe custody of materials)

A > Assets with WDV of Nil (Generally not covered in external audit) M> Money-valued documents (Cheque books) P> Private use of organizational assets (Policy regarding laptops and cars) L> Leases agreements and rent agreements (Locked) I> Insurance Policies, customer lists (Locked) G> Grading products (Defective goods)

N> No access policy (Building, Office, Software, Documents)


The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd

A for Authorization and approval controls


Authorization and Approval are two truly confused words for many. Lets explore these further

Authorization is (TO BOARD of DIRECTORS from SHAREHOLDERS) 1. To grant authority (status) or power (gave you choice) to. 2. To give permission for; sanction: the city agency that authorizes construction projects. 3. To be sufficient grounds for; justify.

Approval is (FROM SHAREHOLDERS ON IMPORTANT MATTERS like Approving Dividend, Investments and Financial Statements)

1. The action of officially agreeing to something or accepting something as satisfactory. 2. The belief that someone or something is good or acceptable.

The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538

nd

STORY-One could say that authorization and approval are the belt and BRACES of internal control (Belt and braces is an idiom which means making double sure B > Budget Committee (Budgets are realistic and adhered to) R > Remuneration Committee
(Authorization/recommendation of remuneration of Dir)-NED

A > Audit Committee (Review of internal/external audit and internal controls) C > Capital Expenditure Committee (Capital budget, project management) E > Exception Policy (>1000 $ authorization is needed)

S > Steering Committee (Decisions related to projects, IS development project) But what is STEERING Committee ?

An advisory committee usually made up of high level stakeholders and/or experts who provide guidance on key issues such as company policy and objectives, budgetary control, marketing strategy, resource allocation, and decisions involving large expenditures.
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd

S for Segregation of duties controls


This entails three fundamental functions that must be separated and adequately supervised: Authorization, Custody, Reporting
Authorization (Only necessary transactions are undertaking not fraudulent ones)

STORY-These types of controls are in ACCORD with sound principles of the segregation of duties and one of them is Authorization A > Accounting Manual (Financial Accounting System) C > Chart of Accounts (Codes)

C > Conflict of Interest Policy (Avoid double income by Directors) O > Organizational Chart (Roles and Responsibilities)

R > Restriction on Cheque Signatories (>1000 $ Finance Director Signature) D> Directors Responsibility (Investment, Interim Dividend, Bad Debts) Custody (Data and Assets can not be misused) STORY-DP (Data Processing) canFAIL D > Daily banking of cash (to avoid theft)

P > People responsible for assets should not be permitted to sold them (unless previous approval taken) F > Forms to be pre-numbered (Invoices, vouchers, clock cards) A > Access Control (Computer or Manual System)

I > Individual responsible for handling cash should not perform recording or reconciliation of cash L > Locked Storage of data on Cds or on registers. Recording

STORY-These controls are PLACED in the accounting system to ensure segregation in terms of recording transactions. P > Posting references in Ledgers (Grid Box)

L > Listing of mail receipts (Cheques)-Remittance List A > Accounting personnel rotated (Mail Room)

C > Cash Register Backup (CD/DVD/Tapes)

E > Entries in Day Books then ledgers (6 Day Books>ledger>TB>FS) D > Debtorsa/creditor Age Analysis, A/P, A/R Bank Reconciliations

The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538

nd

S for Supervision controls


Supervisor, one who oversees the work or tasks of another

STORY-WE COME TO the conclusion that supervisors are essential to ensure a wellcontrolled system in place. W > Work Coverage Review (Completion) Production Department (Time Card) E > Ensure adequacy of resources (To fulfill their objectives) - HR C > Competence of people promotion from internal sources or recruit from outside O > Oversee the work of new staff and juniors (Orientation/Coaching) M > Monitor and control work and its quality (Job Well Done) E > Ensure training (updating knowledge of staff) - CPD T > Trouble shooting problems (Machine Breakdown)

O > Offer advice and support for people who need it (Motivation).
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd

A for Arithmetic and Accounting controls Separate Online Lecture

The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538

nd

M for Management Controls Separate Online Lecture

The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538

nd

O for Organizational control

STORY- Organizations are FACTIONS (faction is group of persons associated or acting together) An organization structure:
F > Facilitates flows of work

A > Allocate authority and responsibility C > Coordinates and control activities T > Transfer and share communication, knowledge, skills and competence I > Imposes monitoring and control systems N> Networks (Contact with others) O > Operates at both formal and informal levels S> Segregates Work (Horizontals (Departments) / Vertical (Senior/Junior))
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd

P for Performance reviews

STORY- Reviews and surprise checks sometimes cause a FRACAS to develop between the reviewed and the manager being reviewer. (A fracas is a noisy argument)
F > Functional performance reviews (Stock Movements) R > Reconciliations (Bank, Debtors, Creditors) A > Activity Reviews (Surprise check of time cards)-Timekeeping department C > Comparison of records with physical assets (Fixed Assets /Inventory) A > Actual performance reviewed against budgets (Variance Analysis/Exception Reporting)

S > Surprise checks of petty cash. (Imprest = Vouchers + Cash in hand)

The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538

nd

M for Monitoring (of the control system)

Managements ongoing and periodic assessment of the efficiency and effectiveness of the design and operation of its internal control structure to determine whether it is operating as intended and modified when needed.

Auditor should know how the Company monitors its system. Usually this is achieved by reviewing internal audit reports.
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd

Conclusion Internal Control VS Internal Check


An example of internal control is segregating the record keeping for an asset and its physical custody, such as in the case with inventory and cash. No one individual should have complete control over a transaction from beginning to end. Internal checks make it difficult for an employee to steal cash or other assets and concurrently cover up by entering corresponding amounts in the accounts. An example of internal check is the establishment of input and output controls within a data processing department. A group or person has the responsibility of checking control totals provided by the user department with those generated during the processing of the data.
The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538
nd

Limitations of Internal Control

Lack of Segregation of Duties Lack of Authorization Controls Cost of Establishing IC Management Override You are FREE to contact within Islamic Sharia Limits. BEST WISHES !!!

The Student College (StuCo), Research, Training and Recruitment Centre Office 10, 2 Floor, Able Plaza (near Jinnah Cricket Stadium) Sialkot Pakistan stuco786@gmail.com www.stuco786.com 0346-5388538

nd