Professional Documents
Culture Documents
Submitted to
CERTIFICATE
This is to certify that Ms.Akruti K. Patel has worked and
Last but not the least I record my sincere thanks to all beloved and respectable
persons who helped me and could find any separate mention.
Above all I praise GOD the most beneficial, the most merciful that I have been
able to complete my training project successfully.
(AKRUTI K. PATEL)
ABSTRACT
Simultaneously, The capital markets have seen many new financial instruments
and players being Introduced, making the transactions and operations more
complex. In this context,Internal audit is to be carried out on the basis of standing
laws and regulations, which Generally include also the policies and decrees of
state as well as rules and by-laws of Enterprise.
Within this framework of extremely fluid business environment, the purpose of our
study is to underline the importance of a well-organized internal control system
for ensuring the safe and soundness of a credit institutions activity, And by this
the stability of the banking system as a whole. According to up-to-date theoretical
and empirical literature, the results point out that all components of internal audit
is vital in the effectiveness of internal audit and consequently in the business
survival and success.
The data collection methods used was questionnaire. Findings revealed that, risk
assessment component, control activity, information and communication system
and monitoring system were found to be functioning effectively.
Finally, management should embark on prompt effective follow-up procedures to
ensure that, appropriate change or action occurs in response to changes in risk.
INDEX
Suggestion 76-83
Bibliography 84-85
Appendix 86-89
LIST OF TABLE:
Internal controls have existed from ancient times. In Hellenistic Egypt there was a
dual administration with one set of bureaucrats charged with collecting taxes and
another with supervising them. VanCreveld, Martin. The rise and Decline of
States, (Cambridge University Press)
In an undated work Brink contends that, internal control as a concept has existed
as early as there have been substantive relationships. He added, its origin can be
documented and traced back to civilized communities that existed around 5000
B.C. The governments of these empires imposed a number of taxes on
individuals and business. For the proper accounting and collection of these taxes,
an elaborate system of checks and counterchecks was established. Such early
internal control systems were designed primarily to minimise errors and
safeguard state property from dishonest tax collectors (Cited in Gupta 1991).
Kissner has identified three distinct categories of internal controls which are
briefly discussed:
Larry E. et al., , stated that, five components of COSOs control framework may
be viewed as both fundamental principles and an aid to planning, evaluating and
updating
controls.
They are:
1. Control Environment.
2. Risk Assessment.
3. Control Activities.
4. Accounting, Information, and Communication systems.
5. Monitoring.
It went on to say that effective internal control still depends on having the five
internal
control components in place and operating effectively, such that a bank has
reasonable, not absolute, assurance that it will prevent or detect material
misstatements in a timely manner. This study adopts the COSO frame work of
effective internal controls system which is discussed below.
The Control Environment consists of the integrity, ethical values, and competence
of the
entity's personnel, as well as management's philosophy and operating style. An
active and
effective board of directors should provide oversight. It should recognize that the
"tone at the top" and the attitude toward controlling risk affect the nature and
extent of derivative
activities. The board should review management's planned decisions regarding
the
appropriateness and effectiveness of derivative strategies and positions. For
example, the
board should probe for explanations of past results to determine that derivative
activities are effective in accomplishing objectives for which they were used.
(COSO, undated)
The audit committee should work with internal and external auditors to oversee
implementation of risk management policies, procedures, and limits.
Senior management should recognize that its philosophy and operating style
have a pervasive effect on an entity. For this reason, senior managers should
understand their control responsibilities, authorize use of derivatives only after
risks and expected benefits have been carefully analysed, and clearly
communicate objectives and expectations for derivative activities. Senior
managers should make a conscious decision about the extent of authority over
derivatives delegated to management. Management should have the
competence needed to understand derivative activities. Employees involved in
such activities should possess the necessary skills and experience. The training
process should develop and improve specific skills relating to responsibilities and
expectations about derivative activities. (COSO undated) Millichamp (2002)
describes control environment as the overall attitude, awareness and actions of
directors and management regarding internal controls and their importance in the
entity. The control environment encompasses the management style, and
corporate culture and values shared by all employees. The factors reflected in
this idea include the following:
The students Manual of Auditing (2000) say that understanding of the control
environment helps to assess the likely effectiveness of internal controls. Effective
control environment therefore is a very important ingredient in any effective
internal control system.
Management should clearly link benefits of and support for derivative use with
entity-wide objectives. Management also should obtain an understanding of
personnel, management operating systems, valuation methodologies and
assumptions, and documentation as a foundation for identifying and assessing
the capability to manage risk exposures associated with bank activities.
Management should provide specific measurement criteria for achieving
derivative activities objectives, such as value at risk. Risk analysis processes for
derivative activities should include identifying risk, estimating its significance, and
assessing the likelihood of its occurrence. (COSO undated)
In addition to this, the Kansas State Universitys Internal Audit Manual (2005) said
a
precondition to risk assessment is establishment of objectives, linked at different
levels and internally consistent and the objectives must be established before
administrators can take necessary steps to manage risk. The process of
identifying and analysing risk is an on-going process and is a critical component
of an effective internal control system.
Various types of risks can be identified and as stated in The Annual Internal
Control Handbook, these include inherent, control, combined, and/or fraud.
According to Miller control activities are those activities required to ensure that
management objectives are met. They are basically activities that management
puts in place for the outworking of the organisations objectives.
Control Activities are the policies and procedures to help ensure that
management directives are carried out. Policies governing derivative use should
be clearly defined and communicated throughout the organization. The risk
management policy should include procedures for identifying, measuring,
assessing, and limiting business risks as the foundation for using derivatives for
risk management purposes. Aspects of the risk management policy for
derivatives should include controls relating to managerial oversight and
responsibilities; the nature and extent of derivative activities, including limitations
on their use; and reporting processes and operational controls. The policy should
provide for monitoring exposures against limits, and for the timely and accurate
transmission of positions to the risk
measurement systems. It also should provide for evaluation of controls within
management information systems, including the evaluation of resources provided
to maintain the integrity of the risk measurement system. (COSO, 1992).
The COSO release continued that control activities help ensure that, necessary
actions are taken to address risks to the achievement of the entitys objectives.
Control activities occur throughout the organization, at all levels and in all
functions. They include a range of activities as diverse as approvals,
authorizations, verifications, reconciliations, reviews of operating performance,
security of assets and segregation of duties.
Additionally, the United States General Accounting Office (GAO) Exposure Draft,
(1999), expanded on the above by giving the following examples of control
activities:
In addition to this, the Internal Controls Guide for Directors (2001) stated that,
accounting, information and communication systems identify, capture, and
exchange information in a form and time frame that enable bank staff to carry out
their responsibilities. Accounting systems include methods and records that
identify, assemble, analyse, classify, record and report a banks transactions.
Information systems produce reports on operations, finance, risk management,
and compliance that enable management to manage the bank.
The organisation's people must be able to capture and exchange the information
needed to conduct, manage and control operations. Again, pertinent information
must be identified, captured and communicated in a form and time frame that
enables people to carry out their responsibilities. Effective communication must
flow down, up and across the organization.(This includes a clear message from
top management to all personnel that control responsibilities must be taken
seriously.)
All personnel must understand their own role in the internal control system, as
well as how their individual activities relate to the work of others. All personnel
must have a means of communicating significant information upstream. There
must also be an effective communication with external parties.
1.3.5 Monitoring
The COSO framework (undated) says that monitoring is the component that
assesses the quality and effectiveness of the system's performance over time.
Control systems relating to banks activities should be monitored to ensure the
integrity of system-generated reports. The organizational structure should include
an independent monitoring function over activities, providing senior management
with an understanding of the risks of bank activities, validating results, and
assessing compliance with established policies.
Internal control systems need to be a process that assesses the quality of the
systems performance over time. This is accomplished through on-going
monitoring activities, separate evaluations or a combination of the two. On-going
monitoring occurs in the normal course of operations. It includes regular
management and supervisory activities, and other actions personnel take in
performing their duties. The scope and frequency of separate evaluations will
depend primarily on an assessment of risks and the effectiveness of on-going
monitoring procedures. Internal control deficiencies should be reported upstream,
with serious matters reported to top management and the board. (COSO, 1992)
It added that, these concepts are summarised in two fundamental principles from
COCOs Guidance as follows:
Principle 19: On-going monitoring and/or separate evaluations enable
management to determine whether the other components of internal control over
financial reporting continue to function over time.
Simmons (1995), states that, all five components of the control system must be
present and functioning effectively in order to conclude that internal controls over
operations are effective. It continues that while internal control is a process, its
effectiveness is a state or condition of the process at a fixed point in time. It
concludes that determining whether a particular control system is effective is a
subjective judgment resulting from an assessment of whether the five
components of control are present and functioning effectively.
Along similar lines, Larry et al., (2007), asserts that, effective internal control
depends on having the five internal control components in place and operating
effectively, such that a bank has reasonable not absolute assurance that it
will prevent or detect material misstatements in a timely manner.
Alluding to this, the United States General Accounting Office GAO (1999) reports
that, these standards (components) define the minimum level of quality
acceptable for internal control in organizations and provide the basis against
which internal control is to be evaluated.
1.5 INTERNAL CONTROL OBJECTIVES
Internal control objectives are the desired goals for a specific event cycle which if
achieved minimises the potential that waste, loss unauthorised use or
misappropriation will occur. The internal control objectives include authorisation,
completeness, accuracy, validity, physical safeguards and security, error handling
and segregation of duties.
The job description and detailed work programmes of senior staff should
include the routine daily supervision of junior staff. This has to be done in a
sensitive but programmed way;
In most cases, the staff whose work is being supervised should be aware
that this supervision is taking place;
They should be encouraged to share difficulties, and to make suggestions
as to how their job might be carried out more effectively.
In carrying out supervisory responsibility, management should: Review
adequacy of internal control on a regular basis to ensure that all significant
controls are operating effectively.
Where the Organization has an internal audit system, entrust to it some of
its supervisory functions, especially with respect to review of internal
controls.
The internal audit, in addition to other control functions, may carry out :
Surprise cash counts,
Physical inventories of stores,
Checking vehicle log books.
Visit to Project site/area where programme activities are taking place.
Detective
Auditors should design the audit to provide reasonable assurance that the
financial statements are free of material mis-statements resulting from
violations of laws and regulations that have a direct and material effect on
the determination of financial statement amounts.
To meet that requirement, auditors should have an understanding of
internal controls relevant to financial statement assertions affected by
those laws and regulations.
Auditors should use that understanding to identify types of potential mis-
statements, consider factors that affect the risk of material mis-statement,
and design substantive tests. For example, the following control
environment factors may influence the auditors' assessment of control risk:
a) Managements awareness or lack of awareness of applicable laws and
regulations.
b) Organizations policy regarding such matters as acceptable operating
practices and code of conduct, and
c) Assignment of responsibility and delegation of authority to deal with
such matters as organizational goals and objectives, operating functions,
and regulatory requirements.
1.9.12 Governance
1.9.13 Transparency
The organization should have transparency in purpose of work by:
Making clear documentation as to who they are, what they do and how
they do;
explicitly following and documenting financial norms, accounting policies,
staff and management policy;
preparing and making available annual reports with a summary of major
activities undertaken, achievements made, tasks to be undertaken and
financial statements about their constituencies, affiliates etc.
1.9.14 Limitations Of Internal Control
Inherent inability to achieve 100% control due to control risks, such as:
Judgment individual judgment and decision making can be faulty.
Breakdowns can occur because of human failures such as simple errors
or mistakes.
Management Override management can have the ability to override
controls
No Communication of Expectations.
Too Much Trust in Key Employees.
Lack of Proper Authorisation Procedures
Lack of Attention to Detail.
Changes in Organisational Structure
Tendency Toward Crisis Management
Missing Documents.
Alteration of Documents
Excessive Number of Voided Documents.
Documents Not Numerically controlled.
Questionable Handwriting or Authorisation.
Duplicate Payments.
Unusual Billing Address or Arrangements.
Address of Employees Same as Vendor.
Duplicate or Home Made Photocopied Invoices.
Excessive Cheques to Cash withdrawals.
Excessive Unpaid Advances to Employees.
Excessive Spoilage / Damaged Goods.
Failure to Reconcile Bank Accounts.
Excessive Unpaid Advances to Employees.
2.1 INTRODUCTION
A sample can refer to a set of people or objects chosen from a larger population
in order to represent that population to a greater extent. Therefore, the size of the
study sample and the way in which it is chosen will certainly have implications for
the confidence in the results and the extent to which generalizations can be
made.
Simple random sampling is the most basic sampling procedure to draw the
sample.
Simple random sampling forms the basis for many of the more
complicated sampling procedures.
Questionnaire:
The closed-ended questions, on the other hand, involved questions that were
answered by simply checking a box or circling the proper response from a set of
options that was provided. While the closed-ended questions allow for easier
analysis of the data due to standardized questions, their main limitation is that
they allow the researchers to determine only what the respondents are doing and
not how or why they are doing it.
The data collection format will depend on the kind of data to be collected.
However, in this particular study both primary and secondary data were used
We have used various classified datas to know the clear picture in an easy way.
So that internal control can be made effective
2.9 SCORING:
Responses for the research questionnaire were made on a five-point Likert scale
as follows:
Strongly Agree = 5
Agree = 4
Not sure = 3
Disagree = 2
Strongly Disagree = 1
In all the constructs, high scores imply that the variables being measured are
effective.However, ineffective internal control systems and structures would be
characterized by low scores
Tool Usefulness
This tool discusses internal control from a broad, overall department perspective
based on the internal control standards and focusing on managements
operational and program objectives. Although the focus may vary, the concepts
should remain complementary.
This Management and Evaluation Tool was developed using many different
sources of information and ideas.
3.1 INTRODUCTION
This chapter attempts to review literature in the area of internal control systems in
ARDBs. The literature review is discussed under various sub headings
A literature review is a text written by someone to consider the critical points of
current knowledge including substantive findings as well as theoretical and
methodological contributions to a particular topic. Literature reviews
are secondary sources, and as such, do not report any new or original
experimental work. Also, a literature review can be interpreted as a review of an
abstract accomplishment.
Its main goals are to situate the current study within the body of literature and to
provide context for the particular reader.
The definition of internal control has evolved over recent years as different
internal control models have been developed. This study presents some
definitions of internal control by different people and organisations. This has
become necessary because the concept of internal control is a dynamic concept
and is incapable of precise lasting definition.
There is currently considerable interest in the topic of internal audit and its
contribution to exact management of any business economic resources. This
developing role of the internal auditing is also reflected in its current definition, i.e.
Internal control is the system of internal administrative and financial checks and
balances designed by management, and supported by corrective actions, to
ensure that the goals and responsibilities of the organization are achieved
In accordance with the above, growth in international financial markets has given
banks the opportunity to design new products and to provide a wide range of
services, there can be noticed an increase in associated risks. Simultan1eously,
there is growing management recognition of the importance of implementing a
good internal control system as some of the recent reports on bank failures have
highlighted fraud and negligence as the major contributory factors.
In other words, the activities of internal audit are now seen as critical elements in
the assurance process. Strong internal control systems have long been seen as
particularly relevant to banks because of their vulnerability to fraud and the links
between information systems and money. Despite the afore mentioned
perspectives of the researchers regarding the crucial role of internal auditing,
there is no such a study examining the internal audit function within. In this
context, the purpose of this paper is to highlight the interaction between
components of internal audit and effectiveness of internal auditing in banks, in
particular.
Consistent with our predictions, our results indicate that the success of internal
auditing is strongly associated with the five elements of internal control system
Control environment, Risk assessment, Control activities, Information and
communication and Monitoring. The remainder of the paper is organized as
follows. The next section presents the research design by providing information
on the development of the survey and the methodology for data analysis. The
third section reviews the related literature and provides the focus of the study by
analyzing the effectiveness of internal auditing and presenting the recent
empirical literature review.
The results of the study are reported and discussed in the fourth section. Then,
the fifth section summarizes the paper, presents major findings of the study and
forwards the ensuing conclusions. Finally, the paper concludes by limitations of
the study and future research direction
3.3.1 Introduction
Systems are vehicles for transforming policies into performance. Systems stem
from
the objectives and policies of the organization and have to be in tune with them.
They help the organization to efficiently and effectively attain its goals. They work
As tools for achieving results and not as ends in themselves. Any system in an
organization should satisfy the following parameters.
Control systems work, to some extent, like nervous system of a living organism. It
maintains and controls works of other systems of an organization. A sound
system of internal checks and control is the sinequa-non for any business
organization striving to attain success in its fields.
Proper system and procedures act as in-built safeguards not only to ensure
smooth working, but also guard against possible irregularities and fraudulent
practices.
From the evolution of cooperative banking system it can be seen that like any
other organization cooperatives also have the checks and control mechanism in
built in its system. With the passage of time various developments took place,
which prompt a need for rejuvenation of the system. The factors which are
responsible for this are given as under:
Frauds are visual manifestations of poor internal checks and controls in banks.
Apart from financial damage, frauds cause a lot of collateral damage to the
organization.
Profitability of the bank goes down due to increase in NPAs, failure in plugging
leakage of income. Business growth suffers. Chaotic atmosphere in the
organization comes to the front. Banks operation becomes supervisory and
regulatory concern.
3.3.4.1 Broad Objectives Of ICS :
The ICS is linked to all functional, administrative areas of banks operation. The
primary objective of ICS should be:
i. to ensure proper functioning of the systems in place in the organization thereby
safeguarding assets of the organization to the satisfaction of all stake holders
including supervisor and regulators.
ii. To introduce new ICS keeping in view changing business environment, new
Products, business expansion, supervisory and regulatory requirements etc.
iii. to review efficacy of the old ICS and introduce changes ( documenting,
internalizing, practicing)
iv. to identify irregularities committed by an individual, groups by way of omission
or commission.
v. to identify loopholes in the system which are responsible for occurrence of the
irregularity.
vi. to protect interest of the organisation by stemming the leakage of income, to
protect interest of depositors and financiers,
vii. to ensure providing true and fair picture of the organisation to the higher
financing agency, depositors, supervisors, regulators and owners.
The Board of Directors are responsible to the stake holders of the bank for
attaining
set objectives. They should realise the need of the ICS rather than taking it as a
supervisory compliance. The board should assess the amount of financial,
reputation, and business losses besides, supervisory remarks the bank has
suffered
due to poor internal control
When talking about ICS for a bank it may be borne in mind that the bank is
already
having a system. It is only to be revamped in keeping with the present
requirements.
The State cooperative Societies Act and Rules and Bye-law of the bank have
various attributes such as system of annual and concurrent audit, presentation of
balance sheet and profit and loss accounts, penalty for non repayment of bank
dues, penalty for employees causing loss to bank, etc.
Past experience of the bank and practice followed by other bank are also of help
for
designing an ICS for the bank. However, first of all, there should be an
organisational structure for designing/reviewing the ICS policy and undertaking
related tasks for betterment of the organisation.
The bank in keeping with its volume of business, staff strength and other
demands
and constraints may go for different structure. However, given the business level
of
present LT structure, other supervisory prescriptions given time to time an ICS
model is proposed. A ven-diagram of organisation structure and works to be
attended is suggested as under:
Board of Directors
Audit Committee Managing Director
It should also frame a policy to take care of ICS of affiliated ARDBs through its
own machinery. The ARDBs may also go for above ICS structure.
The cell will make Assets Liability management by collecting data from different
sources. Funds flow analysis will be made to find out liquidity position of the bank
vis-a-vis the commitments. The section will collect information on NPA and review
it to find out reasons for sticky loans and suggest measures for recovery. It will
review the accounting policies, systems and controls of the bank to ensure
transparency. The cell will work as a coordinating agency of accounts section and
management. The cell will coordinate during conduct of inspection/audit by
external
agency and ensure compliance to their findings.
The cell with the help of Administration Department will firm up and document the
overall ICS policy frame work of the bank with reference to :
_ Content of inspection report ; The department will prepare a check list of works
to be attended by the inspecting officials during the visit. A model of inspection
format is enclosed.
_ Period for drafting : Drafting period should be same as duration of on-site
inspection.
_ Finalisation and submission of report: After the drafting is over, the principal
inspecting officer will submit the draft report to the authority of inspection
department for review and finalisation. The bank has to decide the level of officer
who should finalise and send the report to the branch/ARDB. Two weeks may be
given for completion of this formality. The inspection team should take all
responsibility up to despatch of the report. Logistic support should be provided
to the team by the department.
_ Time frame for compliance: The report should be divided into two parts. Minor
defects and major defects. Time frame for rectifying minor defects should be 15
days from the date of issue of the report and major defects to be complied with
within 45 days.
_ Coverage and quality of reports: The internal audit / inspection department will
follow a format as given in Annexure II for the purpose of eliciting information
and writing the report. The format is self explanatory and contained almost all
areas of banks functioning in a questionnaire form. The inspecting officer will
give his/her observations alongside of the questionnaire. The audit committee
may award marks to the report in the following parameters in 100 marks scale :
The status of the ARDB/branch may be arrived at on marks it will get from the
inspection. The units may be categorised as under :
_ Issue of warning signals : On the basis of the inspection findings warning signal
may be issued to the branch/ARDB. A system of critical monitoring may be
introduced to keep a vigil on the financing unit in that weak area.
Other issues ;
Annual budget for internal inspection, allocation of man power, fixation of visit
schedule etc., will be drawn in advance and accorded sanction of the Board
through
the Audit Committee.
1.General:
A close scrutiny of frauds perpetrated in banks would reveal that such frauds are
not
due to lack of instructions or absence of proper systems and procedures, but due
to
the flouting of established systems and procedures by the officials. To facilitate
banks to tackle fraud related issues in totality, NABARD vide circular
No.NB.DoS.HO.Pol/ 3121 / J-1 / 2006-07 dated 13 November 2006 issued
comprehensive guidelines in which emphasis was given on strengthening internal
checks and control system of the bank, monitoring of frauds and establishment of
Vigilance cell.
a] Detective Vigilance:
b] Punitive Vigilance:
Some of the major areas of the bank's activities which are highly susceptible to
frauds and the safeguards for prevention of frauds have been discussed in the
following paragraphs:
a. Cash
i.If the actual cash in the safe is less than the balance held in cash book.
ii.If cash is said to be in transit or theft from counters as an explanation for cash
shortage.
iii. If there is an attempt to conceal shortage by a bogus instrument/voucher kept
along with the cash to indicate that the amount mentioned therein has been paid
out of the cash much after the cash balance was struck.
The safeguards to be observed are (i) observing the principle of dual custody, (ii)
verification of daily cash balance before its lodgment, in safe, in transit (iii)
arranging
for separate enclosures for cashiers, (iv) proper lodgment of duplicate set of
vault/safe keys and periodical rotation thereof, (v) posting of guards (vi) insurance
of cash in safe/counters/ transit (vii) surprise verification of cash at counter/vault
by
an officer other than the joint custodians.
b. Deposit Accounts
Frauds are perpetrated in deposit accounts, both by outsider and staff. The fraud
may be perpetrated by staff by issuing fake scrips stolen from the bank custody
to
depositors, by accepting cash from innocent depositors and issue of counter folio
as
a mark of receipt of cash, encashment of old matured FDR with the help of
dishonest
outsider. The outsiders may open deposit account by producing stolen
instrument,
tampered instrument.
With active support of delinquent staff member, loans are disbursed against
forged
land documents, loans to nominal members which are misutilised with active
support of bank officials, recovery misappropriated by staff.
While sanctioning advances against gold ornaments the banks are defrauded by
the
customers by accepting spurious ornaments. The purity and content of the gold
may
be examined through acid test. The bank should also arrange to weigh the
ornaments in water to detect wax contents if any in the ornament.
NFS loans and Housing loans are sanctioned with fabricated income documents
like
income tax returns, salary certificates etc. Excess loans sanctioned by over
valuation
of property, Multiple financing availed by borrower by showing forged documents,
Property sold before repayment of loans, diversion of loans.
d. Suspense Account
The frauds in this account are generally perpetrated when the "Bankers' Account"
is
debited in respect of transactions which are not genuine.
i. The cheque signed by any one of the signatories should not be kept overnight.
Leaves of the cheque books may be counted frequently.
ii. Debit advice received from the bank with whom an account is maintained ,
should not be kept Un-responded. For example, when a debit is raised in
bankers' account in respect of a returned cheque for which a credit has been
afforded earlier, the ARDB concerned should immediately respond to the
entry by debiting the account of the party concerned. If, instead, the debit
advice is deliberately destroyed or misplaced, a fraud results. It is, therefore,
suggested that the balances in the Bankers' Account should be periodically
reconciled with the balances shown in the statement of accounts received
from the concerned banks.
g.Investments
Fraud in this portfolio can be perpetrated by outsider by not handing over the
securities, siphoning of incentives in purchase or sale, stealing of liquid
instruments
etc. The preventive measures as detailed in investment chapter may be followed
by
the bank as a preventive measure.
h. Immovable property, furniture and fixtures and stationery
Frauds in these portfolios mainly involve in purchase / payment of hire charges at
rates higher than the market rates. The safeguards suggested in relevant
chapters
may be referred to .
5. How To Deal With A Fraud :
Frauds comes about occasionally. Some times due to lack of knowledge to deal
with
the subject the banks fail to recover its losses due to the frauds and also loss the
legal
battle against the fraudstar. The banks therefore, should formulate guidelines
indicating process involved in dealing with a case of fraud as and when it comes
to
the notice. A general suggestion for dealing a current fraud is given as under :
b. Detailed enquiry may be instituted by the bank through its own machinery
without loss of time to assess the amount of losses and modus operandi of
frauds. The modusoperandi interalia covers a brief history of incidence, how it
came to light, the process adopted by the delinquent in defrauding the bank,
technique adopted by the delinquent to escape the internal check system
including daily checking in place in the bank etc. While assessing losses details
of
accounts involved, details of entries in registers altered, vouchers tampered etc.,
to be given. Care should be taken to record dates of happenings in all the cases.
d. The insurance agency may be appraised and request may be made for a claim
form.
e. Once modus operandi of the fraud and extent of losses caused to the bank is
found out FIR may be lodged with the police and claim of indemnity from the
insurance bank may be made.
f. After departmental enquiry by the RCS departmental proceedings may be
made
against the delinquent as per cooperative societies act and rules and other laws
in
force.
g. Being a person on public duty, the banks may take action under prevention of
corruption Act, 1988 and Central Vigilance Commission Act 2003.
h. In no circumstance the resignation offered by the employee should be
accepted
before final departmental action is completed. The employee should not be
allowed to dispose off his properties and properties in the names of its spouse,
children and close relatives.
a. Enquiry may be instituted promptly and if found to have proof, police complaint
may be lodged to arrest the delinquent.
b. Higher financing agencies, insurance bank to be apprised about the
incidence. Detailed enquiry, as mentioned in earlier paragraph, may be instituted
to find out modus operandi and extent of loss to be completed in a specific time
frame.
c. Suitable action to be initiated so that the delinquent is not able to dispose of his
assets and fled the area.
d. Legal opinion may be sought to frame charge against the delinquent before
charge sheet is lodged with the police.
6. Preventive Measures
Cases involving gross negligence of duty, whether they involve any loss to the
bank
or not, and cases of malafide action should be examined thoroughly and the
concerned employees should be suitably warned/punished, irrespective of the
grade.
Exemplary and deterrent punishment has the salutary effect of toning up overall
efficiency and integrity. Such punishments should be made known to other
employees.
Now that more and more semiliterate or illiterate persons are being induced to
develop banking habit, the banks should advise them of the basic precautions
which
they should take to prevent frauds in their accounts. Apart from putting up
suitable
posters containing appropriate instructions for those who can read them, the
bank's
employees should personally explain them to the semi-literate/illiterate
customers.
CHAPTER 4
DATA PRESENTATION
&
ANALYSIS
4.1CONTROL ENVIRONMENT
Tab. 4.1
Management Decision
35
30
30
25
20 20
20
15 15
15
10
0
Strongly Agree Agree Not Sure Disagree Stongly Disagree
Tab 4.2
Policies
35
35
30 25
25 20
20 15
15
10 5
5
0
Strongly agree Agree Not Sure Disagree Strongly Disagree
25
19
20 16
12
15
10
0
Strongly agree Agree Not Sure Disagree Strongly Disagree
4. The banks culture, code of conduct, human resource policies and performance
reward systems support the business objectives and internal control systems.
30
26
25
20 19
15
11
10 8
0
Strongly agree Agree [ Not Sure Disagree Strongly Disagree
5. The bank has clear objectives and these have been communicated so as to
provide effective direction to employees on risk assessment and control issues.
Majority of the Clear Objectives 40 % indicated that they Agree that there
is effective monitoring. Whilst 16 % Strongly Agree. A Total of 4% were in
different whilst 22% disagree and whilst 18% Strongly Disagree with the
effectiveness of monitoring as an internal control measure.
Tab 4.5
Clear objectives
Strongly agree
18 16
Agree
Not Sure
Disagree
22 Strongly Disagree
40
4
Tab 4.6
Technology issues
10 10 Strongly agree
17 Agree
19
Not Sure
Disagree
Strongly Disagree
44
7. There is a clear understanding by staff within the bank of what risks are
accepted by management.
10 14 Strongly agree
Agree
Not Sure
28 Disagree
24
Strongly Disagree
24
30
25
25
20
15
15
15
10
10
5
0
Strongly agree Agree Not Sure Disagree Strongly Disagree
35 36
30
25 26
20
17
15 12
10 9
5
0
Strongly agree Agree Not Sure Disagree Strongly Disagree
10. The bank uses Close Circuit Television (CCTV) systems to protect physical
assets.
Majority of the Staffs Role 48 % indicated that they Agree that there is
effective monitoring. Whilst 28 % Strongly Agree. A Total of 3% were in
different whilst 15% disagree and whilst 6% Strongly Disagree with the
effectiveness of monitoring as an internal control measure.
Tab 4.11
Staff's Role
15 28 Strongly agree
Agree
Not Sure
3
Disagree
Strongly Disagree
48
Majority of the Staffs Activities 20 % indicated that they Agree that there is
effective monitoring. Whilst 30 % Strongly Agree. A Total of 15% were in
different whilst 20% disagree and whilst 15% Strongly Disagree with the
effectiveness of monitoring as an internal control measure.
Tab 4.12
Staff's Activities
15
20
Strongly agree
Agree
Not Sure
Disagree
20
Strongly Disagree
30
15
13. All staff understand that, they are accountable for activities they conduct.
Tab 4.13
12
22
Strongly agree
Agree
Not Sure
Disagree
26
Strongly Disagree
22
18
4.5 MONITORING
14. Reports on significant failings or weaknesses are reported to management on
a timely basis.
Majority of the Reports on failings or weakness are reported to
managment 27 % indicated that they Agree that there is effective
monitoring. Whilst 13 % Strongly Agree. A Total of 29% were in different
whilst 23% disagree and whilst 8% Strongly Disagree with the
effectiveness of monitoring as an internal control measure.
Tab 4.14
30 29
27
25 23
20
15 13
10 8
0
Strongly agree Agree Not Sure Disagree Strongly Disagree
Tab 4.15
8 14 Strongly agree
Agree
29 Not Sure
33 Disagree
16 Strongly Disagree
Tab 4.16
40 36
35
30 26
25
20 16 15
15
7
10
0
Strongly agree Agree Not Sure Disagree Strongly Disagree
CHAPTER 5
CONCLUSION
5.1 INTRODUCTION
This project work seeks to assess the effectiveness of internal control systems at
ARDBs. This chapter presents the summary of findings, recommendations aimed
at
addressing weaknesses in the internal control systems as well as direction for
further studies and conclusion from the findings
5.2 CONCLUSION
From the empirical research carried out, it was revealed that internal controls In
ARDBs are effective. In fact, this is evident from all the five constructs
Considered in the study as each of them namely, control environment, risk
assessment, control activity, information and communication systems and
monitoring appeared to be effective.
Majority of the respondents 62.5% indicated that they agree that there is effective
monitoring in ARDB whilst 27.5% strongly agree.A total of 8.8% were in different
whilst 1.2% disagrees with the effectiveness of monitoring as an internal control
measure.
SUGGESTIONS
SUMMARY OF FINDINGS
It was revealed from the study that, the control environment at ARDBs is very
effective as majority of the respondents (93%) agree to that assertion with a very
few not being sure of the effectiveness of Control environment.
Again, the empirical evidence from the study indicated that, majority (72%) of the
Respondents agree to the assertion that there is an effective control activity
functioning In ARDBs.
The last element of internal control considered by the study was monitoring and
this
Happened to be the most effective (90%) in the bank with nearly all respondents
showing that, they perceive monitoring to be effective
Accounting Principles:
Following ways the transaction should be recorded so that internal control can be
effective through these accounting principles. A recording of transactions in books
on day to day basis, should be done having regard to basic principles of
accounting as under:-
ii. Investments must be valued only at the realisable amounts and in accordance
with regulatory norms/ guidelines.
iv. Provisions for doubtful advances must be made to the satisfaction of the
auditors
and in accordance with guidelines issued by the regulatory authority.
v. Premises and other fixed assets must be accounted for at historical cost.
vii. Provisions for gratuity and provident fund benefits to staff are to be made on
accrual basis. Separate funds for gratuity and provident fund are to be created
and should not be mixed with the funds of the ARDB.
ix. The net profit disclosed in the Profit and Loss account must be computed after
provision for standard loans, bad and doubtful debts, provision for overdue
interest, depreciation/ erosion in the value of securities and other asset, transfers
to contingency funds and other usual or necessary provisions.
Consistent with the concepts and principles outlined in the foregoing paragraphs,
all
items of income and expenditure must be compiled under relevant heads so as to
disclose the sources of income, nature of expenditure incurred to earn it, the
composition of assets, sources from which capital has been procured and the
nature
of liabilities outstanding for payment. The accounting system in all ARDB needs
to
follow these principles and policies in the treatment and recording of all financial
transactions.
In spite of the fact that, the study found the internal control structures to be
effective, some weaknesses were however revealed which must be brought to
the attention of management for the necessary corrective actions to be taken.
These are discussed under their respective sub-headings below.
Control Environment
A closer look at the individual questions however can help improve the situation
especially if management implements the following recommendations.
It was found out from the study that the banks culture, code of conduct, human
resource policies and performance reward systems are not very effective.
Management therefore must ensure that there are clear rewards (incentives) for
doing the right things and consequences (disincentives) for doing the wrong
things. In that respect if a serious problem occurs because of a breakdown in
internal control and it is found that management did not play its part to establish a
proper internal control environment, or did not act expeditiously to fix a known
problem, then those responsible need to be held accountable and face the
consequences.
It is also recommended that management must not only do what is right in the
organization but also must be perceived to be doing what is right so that their
good examples might motivate others also to imitate them since they set the tone
at the top.
Also to ensure that, the right thing is done, management should establish an
anonymous fraud tip hotline and enact a whistle-blowers protection policy (where
a suspicion of fraud and waste is reported)
Risk Assessment
In ensuring effective control activity, management must enforce job rotation and
vacation policies in order to improve upon transparency and bring benefits to the
bank. This not only ensures that the bank only has someone who can step into a
job in the event of an emergency, but it also deters fraud when potential
perpetrators know that someone else will do their job for a period of time.
If fraud is occurring, another person reviewing the work is likely to expose that
fraud. Most fraud requires a great deal of attention and rarely stands up to
scrutiny by outsiders, particularly during a week or more of vacation. This is very
essential because even in medical practices where there is no fraud, this policy
helps detect on going errors and inefficiencies. Job rotation and enforced
vacation are inexpensive yet can reveal any hidden weakness in the internal
control process.
Monitoring
Though monitoring appears to be the most effective construct with about 90% of
the
respondents agreeing there is an effective monitoring, there are some few things
which mustbe brought to the attention of management.
Firstly, management must encourage all staff to report significant failings and
weakness promptly in order to ensure internal controls are working effectively.
Future researchers should explore other factors that influence the motivation of
staff at ARDBs. The current evidence is that most of the employees of the bank
are not motivated and for that matter they engage in corrupt practices.
ARDBs:
It needs to improve on mainly these three factors i.e. Promise, Doing it
right and Competency as these factors are more important for banking
industry and they are lagging on these factors.
It should maintain these four factors i.e. Promptness, Willingness,
Competency and Understanding as these four factors are important for
banking industry.
It should deemphasize on factor Appearance and Approachable as in
these factors they are performing well, but these factors have less
importance as compared to other factors.
It should concentrate on insisting on error free records, on performing the
service correctly the first time and employees telling customers exactly
what services will be performed.
It should improve its performance on Understanding and Credibility as
these factors are important for banking industry and they are lagging in
these two factors.
It should concentrate on employees always being willing to help
customers, on giving customers individual attention, on employees giving
customers personal attention.
It should increase internal control level of their system by mainly focusing
on following factors:
Keeping promise to do something by certain time.
Performing the work correctly the first time.
As on above factor, most of the respondents shows neither satisfied nor
dissatisfied, so by improving this factors satisfaction level can be improve.
BIBLIOGRAPHY
WEBSITES:
http://www.newpaltz.edu/internalcontrols/evaltool.pdf
http://www.studymode.com/subjects/'internal-control-as-a-tool-for-fraud-
management
http://en.wikipedia.org/wiki/Literature_review
The FIRST BOOK: "Intelligent internal control and risk management ...
Risk Management, Assurance and Internal Control Systems
BOOK:
Management Control Systems- Sudhir Prakashan
APPENDIX
QUESTIONAIRE
This study is purely academic and respondents are assured that whatever
information is provided will be highly confidential.
Instructions: Please kindly tick the box that clearly expresses your view about a
question.
A. PERSONAL DATA
B. CONTROL ENVIRONMENT
individual.
C. RISK ASSESSMENT
9. The bank has clear objectives and these have been communicated so as to
provide effective direction to employees on risk assessment and control issues.
11. There is a clear understanding by staff within the bank of what risks are
accepted by management.
D. CONTROL ACTIVITY
12. Processes exist for independent verification of transaction (to ensure
integrity)
14. The bank uses Close Circuit Television (CCTV) systems to protect physical
assets.
17. All staff understand that, they are accountable for activities they conduct.
F. MONITORING