OFFICE OF THE COMPTROLLER & AUDITOR GENERAL OF INDIA (NEW DELHIFor infernal use of Indian Audii & Accounts Department Office of the Comptroller & Auditor General of India, New DelhiPREFACE Interne! conttels are safeguards that ore pul in place by the management of an ‘organisation to provide assurance that itseperations are proceeding asplanned, ‘The International Organisation of Supreme Audit Institutions (INTOSAI) has prepared ‘Guidelines for Internel Centrels in the Fyblic Sector. This stipulates that internal contro! is an integral process that is effected by cn entity's management and personnel and is designed te provide reosonable ossurance that the following general objeclives ore being achieved: fulfilling eecountability oblip © complying with applicable laws and regulations; © executing orderly, ethical, economical, efficient and effective operations; and ® sofeguarding resources against lass. Internal contre!s consist of five interrelated components, vizy, control environment ‘© risk essessment © control activities © information and communication © monitoring The massive size and scale of government operations and expenditure calll for effective Internal controls over Its apercttons, Inrerncl controls help strengthen the public occounrabllity of government and help bolonce the competing demends of delivering responsive and quality service to the community whilst recognising fiduciary responsibilities and maintaining standards of probity, prudence cnd ethics. Internal controls are, therefore, closely aligned with good governance, This Manucl seeks to ley down 6 framework for evaluation of internal controls in ‘Government Ministries and Departments. Internel control is ¢ dynamic process that continuously ‘adapts to the structurcl and other changes in an organization. Hence just as the checks indicated inthe Menual would need te be supslemented by the field offices while carrying out assersment of the effecilveness of Internol controls, this Manual would also need to be reviewed and updated periodically. (Vined Rai) Comptroller and Auditor General of Indic New Delhi May 22, 2009SBIPPSYD Pay rag, (ogy may sy301)x3) 4Bojopoyyay ypny SQ IpMy Bujpuoyssepuy) ABojopoyiew upry [e1ju6> joUseYUl W LIPMY [SUB Jo O}0y Josiuoy jowss4u] Wy appMy joUs9Hy Jo O}y Joven poussyuy Jo sjusuodwnaD uoyanpoluy ? I-*|puaddy [=xypucddy ¢INTRODUCTIO! 1. Nature of internal controls Internal controls, in simals terms, are activities ond safeguards that are putin place by the menagement of an organisation to ensure that its activities are proceeding os planned. Every organization has some form of internal controls. Effective internal cortrols are o prerequisite for any successful organisation. Infernal conirols are essential for good governance. 2. (Need for internal controls in government The size and scole of government operations call fer effective internal controls over its ‘operations. Interncl controls help strengthen the aublic accountability of government and helpbolonce the competing demands of delivering oresporsive and quolity service tothe: commurity whilst recognising fiduciary responsibilities ond mointoining standards of probity, prudence cnd ethics. 3. Seope af the Manu The present Manual seeks fo lay down a framenork for evaluation of infernal controls in the ministries and departments of Government of india, State Governments, parastatal ‘organizations, ete, which are audited by the IA&AD. The terms entity’ ‘management wherever ured in the Manual have te be understood inthis context. 4, Definition Internal central js an integral process that is effected by an entity's management and personnel and Is designed to provide reasonable assurance thot the Following general ‘objectives cre being achieved: * fulfilling cecountobility obligations; © complying with applicable laws and regulations executing orderly, ethical, economical, efficlent and effactive aperations; and . scfeguarding resources against oss. interned Controls Evaluation Manual | 1 |5. Internal control as an integral process: (1) internal contrel is not one event or cireumstance, but a series of actions that inthe shove context: “Internel Central System mecrs cll the pelicies and procedures {interril controls) adopted Sy the management of on entity te cssist in achieving management's objective of ensuring, as far gs practicable, the orcerly and efficient conduct of its business, ineludiag adnererce to management policies, the scfequarding of asseis, the prevention ond detection of Fraud and error, the cccuracy and completeness of the eccounting records, ond the timaly preparation of reliable financial information. The internal audit function constitutes a teporcta component ‘of intemal ecntral with the objective of determining whether other internal controls ore well designed cd properly aperated.” (Refer AAS Issued by the ICA) permeate an antity’s activities. There actions occur throughout an entity's operations on cn ongoing basis. They are pervasive and inherent in the woy the management runs the organisation. (2) Infernal control should be built in rother than built on. The internal control system is most effective when it is built into the organisation's infrastructure ond ‘operctions and | an Integral part of the essence of the ergonizetion, By building in internal control, it becomes part of and Integrated within the basic management Processes of planning, executing and monitoring. (3) Built in internal control clso helps in cost control. Adding new procedures thot are separate from existing ones acids costs. By focusing ‘on existing operetions and their contribution To affective imemal control, and by integrating controls inte Basic operating activities, an orgonisation often can avoid unnecessary procedures and costs, 6. _Effected by managementan (1) internal Consaquently, internal contr conirol is accomplished by effected by people. They should know their rales ther personnel individyels within an crgantsation. ‘ond responsibilities, and limits of cuthority. An organisation's peaple indude the management and other personnel. Although the management primarily provides -aversight, they also set the entity's objectives and have overall responsibility tor the internal control system. As internal control provides the mechanism needed to help understand risk in the context of the organisation's objectives, the management will put Internol control acilvittes in place and monitor and evaluate them. Therefore, intemal contre! is «@ 10! used by the management end is directly related to the entity's objectives. As such, management is an important element oF internal control. Hewever, all personnel in the organisation play impertant roles in making it happen. [2) Similarly, internal contro! is offected by humon nature. People do not always understand, communiccte or perform consistently, Each individual krings te the workplace a unique background and technical ability, and has different needs and priorities. Thase real affect, ond are affected by, ral control. Internal Controls Evaluation Menval7. Internal controls provide only reasonable assurance and nol absolute assurance a (2) No matter how well designed anc operated, internal control cannot provide management absolute assurance regarding the achievement of an entity's objectives, Recsonable assuranee equates to a satisfactory level of confidence under given considerations of costs, benefits and risks, Determining how much asturance is reasonable requires judgment. In exerciting that judgment, manogement should identify the risks inherent in their operations and the cecestable levels of risk under varying circumstances, and assess risk both quaniitetively and qualitatively. Reasonable assurance reflects the notion that uncertainty end risk relate to the future, which no one can predict with certainty. Also factors outside the control or iflvence of the organisation can affect the ability to achieve the obje Limitations clso result from the following realities: © human jydoment in decision making con be faulty; © breakdowns con cceur because of simple errors.ormistokes) © controls con bectcumvented by collusion of weor mare people; © management can override the internal control system; and © decisions on rise responses and establishing controls need to consider the relative costs anc benefits, These limitations preclude management from having absolute ossurance that objectives will be achieved. Reasonable ussuronce recognises the fact thot the cost of internal control should not exceed the benefit derived. Cast refers to the financial measure af resaurces consumed in secomplishing 4 specifies purpose like Rupees spent and to the eccnomi measure of lest opportunity, such as deley in operations, dedine in service levels or praductivity, et low employee morale, Benefit is measured by the degree to which the risk oF folling to achieve stated objective is reduced, Examples include increasing the probability of detecting fraud, waste, abuse, or error; preventing an Improper activity; o- enhancing legal ond regulatory comaliance, Designing internal controls that are cost beneficicl while reducing risk to on ‘acceptable level requires thar managers clearly understond the overall objectives to be achieved. Systems with excessive contrels in one crea of eperations may adversely affect other operations, For example, employees may try to circumvent burdensome procedures, inefficient operations may couse delays, excessive procedures may stifle employee creativity and problem solving or impair the Internal Controls Evaluation Manual | 3 |timeliness, cost or quality of services provided to beneficiaries, Thus, benefits derived from excessive controls inone area may be outweighed ky increased costs other actis 8. Achicvornent of objectives (1) Internal controlis geared to the achievement of a separate but interrelated series of general entity Isvel objectives, These general ebjectives ares fo) (b) (e) g accountability obligations Accountability is the process whereby public service bodies and the individuals within them are held to account for their decisions cnd actions, including their stewardship of sublic funds, fairness, and all aspects of performance. This will be realized by developing and maintaining reliable ‘ond relevant finencial ond non-financicl information and by means of a fair disclosure of thot information in timely reports to infernal a3 well os external: stakeholders, Non-financial information may relate 10 the eccnomy, efficiency and effectiveness of policies and cperctions (performance information), and to internal contrel ane its eFfectiveness. ‘Complying with lewsand regulations Government orgonisations are required to follow mony laws and regulations. Examples Include the Constitution, Finance Act, Intemational treaties, laws end ragulations on proper administratien, accounting lew, ‘environmental protection and civil rights law, tex laws, onfi-corruption law. Executing orderly, ethical, economical, efficient and effective operations The entity's operations should be orderly, ethical, economicol, efficient and effective ‘Orderly’ means in o well-arganised or methedical way, "Economical" meens not wasteful or extravagant. It means getting the right ‘amount of resources of the right quolity delivered atthe righttime and place atthe lowest cost. “Effective' refers to the cecomplishment of objectivesor tothe extentto which the outcomes of an activity match the objectives or the intended effect: of that activity. ‘Efficient! refers to the resources used to achieve the objectives. It means the minimum resource inputt te achieve o given quentity end quality of eutput, ‘ora maximum output with o given quantity and quailty of resource inputs. Internal Controls Evaluation Manual% (a) Limitations on the effectiveness of internal, a (2) ‘Ethical’ relates to moral principles. The importance of ethical behaviour and prevention and detection of fraud and corruption in the public sector has become more emphasized since the ningtles, General expectations are that public servants should serve the public Interest with Fairness end manage public resources properly. Citizens should receive impartial treatment onthe besis of legality and justice, Therefore, public ethics is o prerequisite te, and underpins public trust ord isa keystone of qood governance, Safeguarding of resources i) The significance of safeguarding the resources in the public sector needs to be stressed, This Is due to the fact thot budgetary accounting or accounting 69.0 cash basis, which is still widesprecd in the public sector, does not provide sufficient aceurence related to the maintenance of records of the resources. As 6 result, the orqanisotions in the public sector de not always have g record of all their assets, which mokes them more vulnerable, Therefore, controls should be embecided in ench of the activities related to the management of resources of the enilty, from tha emiry until the disposition, Other resources such as information, source documents and accounting records ore clso in danger of being stolen, misused or sectdenrally destroyed. Safeguarding such rascurees ond record: hos become increasingly important since the arrival of computer systems. Sensitive information stored on computer media can be destroyed cr copied, distributed and abused if coreisnot taken toprotectit. trols [An effeciive Internal control systam, nomcttar how well concalved and cperoted, con provide only reasonable and not absolute asiurance te management about the achievement of an entity's objectives or itseurvival. Irean give the management informaticn about the entity's arogress, or lack of it, towards the achievement of the objectives. But infernal control cannot change an inherently peor manager into good ane, An effective system of internal control reduces the probability of net achieving the objectives. However, there will always be the risk thot internal controls fail to operate os designed. Because internal centrel depends on the humen factor, it is subject to flaws in design, errors of judgment or interpretation, misunderstanding, carelessness, fatigue, distraction, collusion, ahuseor override. Shifts in govarnment policy or programs, demogrepaic or economic cenditians are typically beyond mancgement's control. [ntemal Controls Evaluation Manual 5 |(5) The Following are some of the reasons limiting the effectiveness of internal control systems, {a} One major limiting factor is that the deeign of an internal control system (e {c) faces resource constraints The benefits of controls must consequently be considered in relation to their cos's, Maintaining an internal contre! system that eliminates the risk of loss is not reolistic andl wauld probably cost mare: thon Is warranted by the benefit derived. In determining whether a particular contral should be established, the likelihood ef the risk eceurring and the potential effect on the entity are considered along with the related costs of establishing anew control, } Controls may not keep pace with changes in conditions. Generally, controls are cined at routing or usucl transactions. Hence, transoctlonsof anunusuol nature might escope the controls.COMPONENTS OF INTERNAL CONTROL 10. Interne! central is designed to provide reasoncble assurance that the entity's general ‘objectives are being achieved. Therefore clear objectives ore a prerequisite for an effective imernal control process. 11. Internol contre! consists of five interrelated components: control envirenment risk ossessment control activities Information and communication 1 12, Relationship between ebjectives and components a) There Is © direct relationship batween the objectives, which represent what an antity strives to achieve, and the internal central compenents, which represent what is needed ta achieve them. The reletionship is depicted in @ three-dimensional matrix, in the shape of a cube, The four objectives — accountability, complicnee, operations and safeguarding resources — are represented by the vertical colurans, the five companents are represented by horizontal rows, ond the organisation or entity and its departments cre depicted by the third dimension af the matrix. interned Controls Evaluation Manual | 7 |(2) (3) (4) (5) Each component row “cuts across" and applies to all four objectives. For example, financial and non-financial deta generated from internal ond eaternal sources, which belong to the informaiton and communication component, ore needed to manege operstions, te report and fulfill accountability purposes, and to comply with applicable laws. Similarly, looking o1 the objectives, all five component: are relevant to each objective, Taking one oblective, 2.9. effectiveness and efficiency af operations its dleor that all five components cre opplicable ond important to its achievement. Internal control is not cnly relevant to an entire organisation but also to cn individual department. This relationship is depicted by the third dimension, which represents entire organisations, entities ond cepartments, Thus, one can focus on any of the matrix’s calls. The five components af internal control are briefly explained in the subsequent paragraphs. Control environment a) (2) (3) Control environment meons the overall antude, awareness and actions of manpgement regarding the intemal cantral system ond its importance: inthe entity. The control environment is the foundation fer the entire internal control system. It provides the discipline and structure as well as the climate which influences the ‘overall quality of internal control, It has overall influences on how objectives and strotegy are establithad, and conrrol activitierare structured. The codtral envincmnent sets tha fone of an cigantsction, kifluancing the contvel consciousness af its staff. It is the foundation for all other components. of internal control, providing diseipline and structure. Internal Controls Evaluation Manual(4) Elements ef the contre! environment are: the personal and professional Integrity ond ethical volues of the management and staff, including @ supportive attitude toward internal control; competence; the“tone at the top"; ‘organisational structure; and human resource policies and practices. eee 14. Risk Assessment a (2) Risk assessment is the process of identifying and analysing relevent risks to the achievement of the entity's objectives and determining the oppropriate response. As stressed In the definition, internal control can provide only reasonable ‘assurance that the objectives of the ergcnisatien are being achieved. Risk assessment os « component of internal control, plays a key role in the selection of the cppropricta control octivitiesto underrake. Consequently, setting objectives is @ precondition to risk ‘assessment. Objectives must be defined before the manage- ment con Identify the risks to thelr achlevement and toke the necessary ociions to manage the rises. That means having in place an engoing process for evaluating and addressing the imaact of risks in a cost effective way and having staff with the appropriate skills to identify and assess the potential risks, Internal control activities are a reszonse te risk in that they are designed to contein the uncertainty of outcome that hos been identified, 15. — Risk identification a A strategic approach te risk assessment depends on identifying risks against key organisational objectives, Risks relevant to those objectives are then considered and evaluated, resulting ino small number of key risks, Identifying key risks isnot ‘only important in order to identify the mest important arcaste which resources in risk assessment should be allocated, but cso in erder to allocate responsibility for management of these risks. Internal Controls Evaluation Manual | 9 |16. (2) (3) An entity's performance con ke at risk due te internal or external factors at both the entity and cetivity levels, It is, therefore, important that rise identification is comprehensive, Risk identification sh be on engoing, intoractive process ane is often integrated with the planning process. Risk evaluation a (2) In order to decide how to handle risk, it is essential not only to identify in principle that a certain type of risk exists, but to evaluate its significance and assess the Tikelihond of the risk event occurring. The methodology for analysing risks con vary, largely because many risks are difficult to quantify (c.g. risk to reputation ‘and image) while others lend themselves to quantification (perticvlarly financial risks). As euch, risk evaluation especially fer the formeris & subjective exercise. One of the key purpases of risk evaluation is to inform mancgemert abeut areas of risk where action needs to be taken and their relative priority. Therefore, it will usually be necessary to develop some framework for categorising all risks. Generally, such categorization will be as high, medium, or low. It is beHer to minimize the categories, as over refinement moy lead to spuricus separation of levels whichin reality connot be separated clearly. Internal Controls Evaluation ManualUnderstonding link between weak internal cantieland fraud. Weok internal controls not only permit Froud, they acivolly encourage it in government Lossof repetotion of theinnocent + Punithmertet the perpstoter Froud preventic 4 Menagement’s commitmenttoma'rtain goed cantrels «Elected cfficia'! support for mone ge ments comraltment to cantrols Hew fe control the fiduciary risk of fraud: © Follow upenadvarse ndiestars © Checkthecontrel decuments ‘Corafulexarinarian of unusvalransactions + Analytica! review oF transactions through sources Most commontypes of fraud: + Missing ossets//inveatory Pitering InFloted travel claims Double payments Falseclaim: Payroll fravd In short, bypassing the regulotary frameworkcisthe most commononateny of any fraud. The audit trail will be ‘cyullable through control decuments lke cash bock,stock ledger, bincores, etc. 17. Riskprofile The result of the actions ouilined above will be a risk profile for the organs 18. Developmentof responses (1) Having developed a risk profile, the organisation can then consider on oppropriate respons (2) The procecures that an organisation installs to treat risk cre called internal control tivities. Risk assessment should play © key role in the selection of appropricte contre! activities to undertake. It is not pessibis te eliminate all risk: ond internal controls can only provide recsenable assurance that the objectives of the ergonisetien are being achieved. However, entities that actively ossess and manage risks ore more lizaly to be better prepared to respond quickly when things go wrong and ta respond tachange In general. (3) In designing an internal control system, it is important that the contrel cetivity installed is propertionate to the risk, Apart from the most extreme undesirable cutcome, itis normally sufficient to design a contral to give a reasonable assurance ef confining loss within the risk cppetite of the ergonisation. Every control het on cssociated cost andthe contral activity must offer value for its costinrelation tothe risk thatitisaddressing, Internal Controls Evaivation Manual | 1 |(4) Since governmental, econemic, industrial, reguletory and operating conditions cortinyellly change, the risk environment of any organisation it constantly changing, and priorities of objectives ond the consaquort importance of risks will shift and change. Fundamental to risk assessment Is an ongoing, irerctlve process 10 Identify chonged conditions ond take actions as necessary. Risk models and related controls have to be regularly revisited and reconsidered in order to have assurance that the risk profile continues to be valid, that responses to risk remain ‘appropriately tergeted and proportionste, anc mitigating controls remain affective as risks change over time, 19. Information and Communication ay Information and communication cre essential to the realisation of all the internal control objectives. For example, ane of the objectives of internal control ina government organisation is fulfilling public accountability obligations, This can be achieved by developing and maintaining relicble and rolevant Financial ane non- financial information and cemmuniceting this information by meons of a fair disclosure in timely reports, Information and communication relating to the organisation's performance will create the possibility to evaluate the orderliness, ethicality, economy, efficiency and effectivenass cf operations. In many cases, certain infarction or communications hove to be provided in order tocomply with laws and regulations. Information (2) (4) A precondition for reliable and ralavant information is the prompt recording and proper classifiection of iranscetfons cnd events. Pertinent Information should be identified, coptured and communicated in a form ond timeframe thai enables slaff to carry out their infernal conirol ond responsibilities (timely communication tothe right pecple). Therefore; the internal control system cnd all transactions and significant events should be fully documented. informarien systems produce reports that contain operational, financial end non- financial, one compliance-related information and that meke it possible to run ‘and control the operations. They decl nor only with Internclly generated cara, but ‘abso information about external events, activities and conditions necessary to enable decision-making and reporting. Management's ability te make appropriate decisions is affected by the quality of informatien which implies that the informatier © cppropriate (Is the needed information there®}; © Himely (Isit there when required®); * current (Isit the latest availoble?}; . . accurate (Isit correct?) cecessible [Canitbe obtained easily by the relevent parties?). Internal Controls Evaluation ManvalCommunication (5) Eective communication should accur in all directions, Flowing dawn, across and ¥a the atganisation, threughout all compenents ane! the entire structure. (@) All personnel should receive a clear message from top: management that control responsibilities should be taken seriously, They should understand their own rele in the internal contro! eystem, ar well es how their individvel activities relare 10 the work of others. (7) Information is o basis for communication, which must meet the expectations of groups and individucls, enabling them tocarry out their responsibilities effectively. (8) Ona of the most critical communications channels is that betwaen the management and its staff. Management must be kept up to date on performance, develosments, rks and the functioning of internal control, and other relevant events and Issues. In the same way, the monagement should communicate to Irs sta!f whotinformaticn it needs.and provide feedbock and direction. (9) Inaddition to internal communications, management should ensure thet there are adequate means of communicating with, and obtaining information from external parties, at external communications can provide input that may hove a highly significantimpact on the organisation achieving its goals. (1) The system of internal control must be under continuing | Indisctorsufweakcentrobs: supervision by monagement to | © Regular receipt of government orders, rules, determine thar it is functioning regulations ets by the fieki formations os prescribed and is modified, concerning their sphere of activity (Week controls as appropriate, for changes in ata ee ae conditions, Monitoring internal Reguior reporting system for management control ensures thet contrels are esos (ed So of « repo-ting operating os Intended end that a aa they are medified A system of communication with internal audit ‘appropriately fer changer in | [eakcertol imiemol cuatrne ora simety conditions. This is accomplished thraugh ongoing monitoring activities, saparote evaluations or a combination of both, in order to ensure that internal control continues te be applied at all lavels and access the entity, and that internal control achiewes the desired results. ‘obout system breaches) (2) Ongoing monitoring occurs in the course of normal, recurring operation: of on organisation. It it performed continually end on © recl-time basis, it reacts dynamically 1o changing conditions and is ingrained in the entiry’s operctions. Asa result, Ir ls more effective than separcte evaluottons, Since separate evaluations take place after the feet, problems will often be identified more quickly by ongoing monitoring routines, Intemal Controls Evaluation Manvel | 13 |(3) (4) (5) (6) 7 The scope and Frequency of separate evaluations should depend primarily on the assessment of risks and the effectiveness of engcing monitoring procedures, When making thet determinaticn, the organisation should consider the nature and degree of changes, from both internal anc external events, and their associated risks; the competence and experience of the personel implementing risk responses and related controls; ond the resilts of the ongoing monitoring. Separate evoliations of control can abo be useful by focusing directly on the effectiveness of the controls at a specific time. Separate evaluations may toke the form cf self-assessments as well as a review of control design and direct testing of internal control. Separate evaluations may clso be performed by the external auditors. Usually, some combInctlon of ongolng monitoring and separate evaluations will ensure that internal contral mointoins its effectiveness over time. All deficiencies found during ongoing monitoring or through separate evaluations should be communicated to the appropriste level of management te take necessary action, The term “deficiency” refers to @ condition that affects on entity's cbility to cchieve its general objectives. A deficiency, therefore, may represent & perceived, porantial or real shortcoming, or on opportunity 10 strengthen Internal control to Increase the Iikellhood tha: the entlty's general objectives will be achiaved. Monitoring internal contrel should include policies ard procedures that ensure that the findings of aucits and ether reviews are adequately and promptly resolved. Managers are required tox {) promptly evaluate Findings From audits and other reviews, including these dations reported by auditors and others whe evaluote agencies’ operations, {ii) determine proper actions in rezpense to findings and recommendations from audits and reviews, and complete, within established time frames, cll octiars that correct or otherwise resolve thematters brought totheir attention. The rezelution pracess begins when audit cr other review results cre reperted to management, and is only completed after cetion has been teken that (i) correctsthe identified deficiencies, producesimprovements, or 7) demonstrates thot the findings ond recommendation: do not worrant mancgement action. Internal Controls Evaluation Manualz. Control activities. i (2) Control activities are the policies and procedures established ond executed 10 address rises anc to achleve the entity's objectives. To be effective, control activities need tos * be appropriate (that is, the right control in the right place cond commensurate tothe risk involved), jon consistently cecerding to plan throughout the period {that is, be complied with carefully by all employees involved and not bypassed when key personnel are away or the workload ishecvyl; & becost effective (thati the benefits derived); 16 cost of implementing the control should rot exceed * be comprehensive, reasonable and integrated inta the overall organisational objectives. Control octivitiesinclude c range.of policies and procedures as indicatad below. ()—Avihortzction and approval procedures Authorizing and executing transactions and events should be only done by persons acting within the scope of their authority. Authorization is the principal means of ensuring that only valid wanseetion end event are initiated as intended by management. Authorization procedures, which should be documented and clearly communiccted to managers and employees, should Include the specific conditions and terms uncer which authorizations are to be made. Conforming to the terms of an authorization means that employees act in ccoordance with directives ond within the limitations estoblished by management or legislation, (ii) Segregetion of duties (authorizing, processing, recording, reviewing) To reduce the risk of error, woste, of wrongful acts ond the risk of not deteding such problems, nesingle individyal or section siould control all key stages of a transaction or event, Rother, duties and responsibilities should be assigned systematicclly to a number of individuals to ensure thet effective checks and balances exist. Key cutics include autherizing and recording transactions, processing, and reviewing or auditing transactions, Collusion, however, can reduce or destroy the effectiveness of this internal control technique. A small organisarion may hove too few employees to fully implement this technique. In such cases, the management must be aware of the risks and compensate with other controls. Rotation af employees may help ensure that one person does not deal with all the key aspects of transactions or events for an undue length af time, Also, encouraging or requiring annual holidays may help reduce risk by bringing about a temporary rotation of duties. Inemal Controls Evaluation Manvel 15 |(iii) Control: over access forerources and records Aecess to resources ond records is limited to authorized Inelividuals whe ore accountable for the custody ond/oruse of the resources. Restricting accessto resources reduces the risk of unauthorized use or less to the government and helps ta achieve management objectives. The degree of restridion depends ‘on the vulnerability of the resource and the perceived risk of loss or improper use, and should be periodicclly assessed. When determining on csset’s vulnerability, its cost, portability and exchangecbility should be considered. (iv) Veriffections Transoctions and significant events are verified before and after processing, e.g. when gaods are delivered, the number of goods supplied is verified with the number of goods ordered, Afterwards, the number of goods invoices! is verified with the number of goods received. The inventory is verified by performing physical stock verification. (r) Reconcifations Records are reconciled with the opgropriate documents on @ regular basis, .g. the accounting records relating to bank accounts are reconciled with the corresponding bank stotements. (vi) Reviewsef operating performance Operating performances are reviewed against a set of standards ona regular bosis, assessing effectiveness and efficiency. (vil) Reviews. operations, processes and activities ‘Operations should be reviewed, This type of review of the actual operations of cn organisation is different from the monitoring of internal control. (vill) Supervision (assigning, reviewing and appreving, guidanes and training) Competent supervision ensures that internal control objectives are achieved. Assignment, review, ond approval of anemployee's workencompass: + clearly communicating the duties, responsibilities ane accountabilities assigned te each stoff member, © systematically reviewing each member's work tothe extent necessary; © approving work at critical peints to ensure thattit flows es intended, A supervisor's delegation of work should not diminish the supervisor's ‘accountabitity for these responsibilities and dutles. Supervisors also provide thelr emplayees with the necessary guidance and troining ta help ensure thot errars, waste, and wrongful cts are minimized ond thot monagemer ungerstood and achieved, Internal Controls Evaluation Manual{4) The above mentioned list is not | tnateaioss of weak controle exhaustive but enumerates the © Reviews ef performance ogalnst chjectives mostcommon preventive and |” (/scleceptrel ebeeres ofreviews) detective control activities. b of aciviias (Wank 7 (5) Once a control activiry is ‘obsence of proper decumentation) Implemented, It is essenticl that Prescrintion of performance indicators [Weak exsuronce about its effective- control: lack of performerce indicators) ness 1s obtained. Moreover, it Key reconcilictions lice hané recerciiarion, eneh must be clear that control reconciliation, asset reconciliation, ete) [Weak activities form only a component ‘control erratic ar non-recanclllction) of internal control. They should be integrated with the other four comsonents of internel control. 22, Information Technology Contral Activities (1) Asinformatien technology has cdvenced, organisations hove become increasingly dependent on computerized information systems to carry out their operations and to process, maintain, and report essential information. As a result; the reliability ‘and security of computerized deta and of the systems thet process, maintain, and report these data are a major concern fo the manogement and auditers of organisations. (2) The use of automated systems to process information introduces several risks that need to be considered by the organisation. These risks arise, inter alia, from: * uniform processing of transactions; © Information systems qutematically Initiating tronsactions; increased potential for undetected errors; © oxistence, completeness, and volume.of audit trails; © the nature of the hardware and software used; and recording of unusual or non-routine transactions. For example, an inherent risk from the uniform processing of transactions is that ‘any error arising from computer programming problems willl occur consistently in similar transactions. Effective information technology controls con provide management with reasonable cssurance that Information processed by Its systems meets desired control cbjectives, such as ensuring the completeness, timeliness, and validity of data and preserving itsintegrity. (3) Informerien systems imply specific tyoes of contral activities, Therofere informaticn technology controls consist of hwo broad groupings: General con‘rols; and * Application contro's Intemal Controls Evaluation Manvel 7 |General Controls mm General controls are the structure, policies and procedures thot opaly to all er a large segment of an entity's Information systems and help ensure thelr proper operation. They creote the environment in which application systems and controls operate. (2) The major categorie: of general controls are: (1) antity.widle security program planning ond management, {il] access controls, (i) controls on the development, maintenance and chonge of the applicatfon software, iv) system softwere controls, lv] segregation of duties, and Iwi) service continuity. Application Controls (1) Application controls are the structure, policies, and procedures that apply to separate, individual application systems, and are directly related to individual computerized cpplications. These controls are genorally designed to prevent, detect, and correct errors and irregularities as infermetion flows through information systems. (2) General ond application controls are interrelated and both are needed to ensure comalete and accurate information processing. (3) Because information technology chenges rapidly, the associated controls must evolve constantly to remain affective Internal Controls Evaluation ManualChapter ROLE OF INTERNAUBIT 3 IN INTERNAL CONTROL 25, Therole of Internal Audit iv) (2) 13) (4) Internal audit is @ very imaortant component of internal control, Interne! cuditors examine the effectiveness ef internal contre! and recemmend improvements, but they de nothave primary responstol ity for establishing or maintaining i. Traditionally, ‘intemal audit" developed ct on audit service to management to ensure that each unit of the organization follows the policies, procedures ond instructions Iuid down by the management end the records are maintained accurately and prometly. As such, the internal cudit function was concerned more with reutine checking ond review ef the various records maintained in an organization. According to the modern view, internal sudit Is no longer considered es © routine shecking and review of the records. The following definition given by the Institute ‘of Intomal Auditors, USA (IIA) reflects the modern view. “internal auditing is an independent appraisal function established within an ‘organization to examine and evaluate its activities as a service to the organization. The objective of intornal auditing is to astist mombers of tho ‘organization In the effective discharge of their responstbilities. To this enc, infernal auditing furnishes them with analyses, opproisols, recommendations, counsel and informationconcerning the activitiesreviewed.” According to this definition, an internal audiler hes ‘0 go beyond ihe books of ‘account ond records and oppraise the various functions of the organization, To achieve effective interna! control, best practice requires o robust internal audit function complementary with ather lools such as fraud control, safely oudil ond progam evaluation. Thus one of the principcl functions of infernal auclit is the ‘examination oF internal contrel systems. Internal audit provices the senior management, with a valueble resource te evaluate internell centro! systems, and te provide assurance conceming the effectiveness of contrel systems. Internal audit is, Ineffect, part of the performance monitoring process Internal Controls Evaluation Manual | 19 |Main Objectives of Internal Audit ay (2) (3) As per the modem practice, the internal audit should be vested with the responsibility to assess and review the internal control system, quality assurance precedures and risk management procedures in the office. It should help the office to identify and evaluate significant expesure to risk end impreve the risk management and contral systems, The intemal audit activity should evaluate risk exposures relating to the organization's gevernanes, operations, and information systems regarding the: Reliability and imegrity of finoncicl and operctional information. * Effectivensas and efficiency of operations. * Scfeguarding of assets. * Compliance with laws, regulations, anc contracts. The internal cudit activity should assist aa organisation in maintaining effective control by evaluating their effectiveness and efficiency and by promoting continuous Improvement. Based on the results of the risk assessment, she internal cudit activity should evaluate the adequacy and effectiveness of controls encompassing the organisation governance, operations, ond information systems. This should include: © Reliability and integrity of financicl and eperetional information. © Etfectivenoss and efficiency of operations. ® Scfeguarding of assets. © Complionce with laws, regulations, ane contreets. Internal Auditin Government Departments Intermal cudit units have been set up in the account: organisations in the Ministries Departments. However, their functioning is very limited anc confined meinly to accounting work. The various reports of the Comptreller and Auditor General have ‘breught fe light several deficiencies in the functioning of the intemal audit units and the need for effecting substenticl improvements. Internal Controls Evaluation ManvalChapter ROLE OF EXTERNAUINT 4 IN INTERNAL CONTRO 28, — Responsibility far infernal canirol U1) Wi should be clurly boroe in mind that the management of the odminisiroiivs bedy/deportment is primarily responsible for inferaal control, External ouditers olay on impartoni rele in the internal coniral process, However, they are not rotpontible for the establishment or operation of the organisation's interne control system. [2)_ttsthe polfcy of the Comptroller and Auditor General of India (C&AG), ecting as independent external auditor, to encourage and suppor! the estoblisiment of ‘effective internal contro! in the government. The assessment of internal control alays an important pert in the C&AG's compliance, financicl and performance ‘audits, The various Forms of cudit reports inter alic communicate the audit Findings cond recommendations oninternal cantrols to management and legisloture. 29, — Impertanes of assessment of internal contre! 0) The assessment ef internal contral, before undertaking substantive audit tests, is ‘important fer the fellewing reasons. (i) In view of the large size and complexity of modern government ministries / depertments, effective internal contro! systems cre essential for their proper odminisiration. in view of the huge volume of transactions, it will be impossible for the external ouditor to carry out a detailed cudit of a large number of transactions withie the constaials af limited time and resources available. increcaing Use of computers and automation has considerobly affected the flow of tronsactions and decumonts. The auditor may net be in 4 pesition to hove the intermediate documents anc links which ore useful ina manuel system. This cells for greater reliance on the internal controls in the ‘computerised! systems. An audit can be made more efficient if the nature, timing and exrent of substantive audit procedures are determined on the basis of on evaluation of the effectiveness of the internal control systems. Internal Controls Evaluation Manual | a |3. (3) The external avditer should get an understanding of the accounting system and related internel controls in the ministry / desartment under audit and sheuld study ‘ond avaivate the operation of those controls upon which he wishes to rely in determining the nature, timing and extent of other audit precedures. Where the external ouditer concludes thet he con place relience on certain internal controls, his substantive procecures would) normally be less extensive than would otherwise be required and may alse diffe os to thale nature end timing. On the other hand, where the external cuditor finds that internal controls in certain areas are not adequats, he may decide to apply more extensive substantive procedures, or change the timing of the tests te be applied, or extend his audit tests to carry out a more-detailed examination of the unsatisfactory assect: of the system. The Auditing Standards of the Comptroller ond Auditor General cf india stipulate that the study and evaluation of internal control should be carried out according to the type of audit undertaken. In the case of regularity [Financial] cudit, mainly such controls are evaluated that assist in sofeguarding assets and resources, and assure the cecuracy and completeness of accounting records. In the case of regularity (compliance) audit, uch assessment is mainly of cenirolt that o management In complying ‘with laws ond regulations. In she case of performance cudit, such controls ore evcluated that assist in conducting the business of the audited entity in an economic, efficient ond effective manner, ensuring adhe: te management policies, and producing timely ond relfable financial and management information, External auditors’ assessing of internal conirel precedures External auditors’ assessing of internal control procedures implics: determining the significance ond she se being assessed; ty of the rise for which controls are assessing the susceptibility ta misuse of resources, foilure to ottain objectives regarding ethics, economy, efficiency ond effectiveness, or failure to fulfill ‘accountability obligations, and nen-compliance with laws and regulations; Identifying and understanding the relavant Intemnel controls; determining what is already known about control effectiveness; assessing the adequacy of the control design; determining, through testing, IF controls are effective; reporting on the infernal control assessments anc discussing the necessary corrective actions. Interface between external auditorand internal audit o The external quditors need to develop a good working relationship with the internal cudit units so thot experience and knowledge can be shared and work mutwally can be supplemented ond complemented se that the benefits to be gained can be maximised. Inciuding Internal audit observations and recognizing | 2| Intarnal Controls Eveluation Manualtheir contributions in the external audit repert, when appropriate, ear alse foster this relationship, The external auditors should develop precedures fer crsessing the internal audit unit's work 10 determine te which extent it can be relied upon. A strong imernel audit unit could reciuce the audit work of the external auditor and avoid needless duplication of work. The external ouditors should study the internal audit reports, related werking papers, and compliance to and setlement of internal audit findings. (2) Although internal and external aucitors have different ond clearly defined roles they co share the same broad purpose of serving Parliament end the public by helping to ensure the highest stanelards of regularity ond propriety for the use of public funds and resources and in promoting efficient, effective cnd economic public cdmirisiration. Good co-operation maximises the benefits which can be gained from working together in areas where there is an overlap in the work to be done. Intemal Controls Evaluation Manvel B |AUDIT METHODOGY 32. exo This chapter details the audit methodology to be used for evaluating the internal contrels. This includes evaluating the adequacy of existing infernal control arrangements and testing the actual operation of internal controls. The audit should be conducted through sample check of records in the selected departments and their subordinate /ottached offices. The audit should also cover the systems and practices Followed with reference to the provisions of the Central Secretariat Manmal of Office Procedure (CSMOP), government rules, orders and instructions, etc: The sample fcr audit, interalig, should cover records relating to budget and expenditure, manpower policies, internal werk study, internal audit and various control registers. Cne of the most important cimensions of internal controls is control over the state of affairs in the attached, field and subordinate ‘offices functioning under the administrative control of the department and cutonomaus bodies receiving grant-n-aid from the department, Evaluation of the adequacy of existing internal control arrangament (1) Inconsidaring the adequacy of contral, the auctor should start with higher level controls, for example, strategic planning, which affect the whole system, and work down to the lower level contrels such as those over individual transactions. There is no absolute measure of whet constitutes adequate control. Auditors must use their iuclaement in determining whet level of control is cparopriate in the light of their evaluation of the risk and mctericlity involved, (2) In evalvating the adequacy of controls, the auditor naeds to consider the likelihood of undesirable events occurring {risk} and their significance to the erganisation (motericlity). (3) Rite may be viewed os the chance for probability) of ene or mere of management's objectives not being met. |t refers bath fo unwanted outcomes which mightarise and te the potential feilureto realise desired results. (4) Moteriolity is a reflection of the significance 10 the orgonisation os 6 whele of © | 4 Internal Controls Evoluetion Manualfailure to achieve management's objectives. In considering materiality, the cuditor should take into account: {) the possible direct and indiract financial consequences; the importance af particular management cbjectives in the context of the: ‘organisation's overall objectives; and the potenticl for embarrassment to higher management (Ministers, Secrelaries and other higher officers) (5) If the quditer is not satisfied that the existing controls are aeequate to ensure that objectives are cchieved, or if no controls ex'st at all, a contrel weakness will have been identified. The auditor should use professional judgement in deciding ‘whether controls are adequote. (8) Controls should nat be evaluated in isolation as they interrelate and often operate in @ hierarchy. Where controls appear ta be missing ar inadequate, the cuditor should search for other controls which compensate for the-apporent weakness and enable the control objactivete be met. (7) Two most common tools used in. internal control evalua Internal control questionnaires. ‘¢ flowcharting and Flowcharting This it @ diagremmetic methed of recording and describing a system which can chow the flow of documents, information or processes and the related controls within that system. It can show the internel control system at a glance ond can be helpful to an auditor who analyses o system to find cul haw effectively i! works and fa delec! ony weaknesses inthe system, Internal control questionnaires (ICQs) ‘An ICG lists @ series of questions which the cuditor may wish to ask ro understand and evakiate en internal control system, The questions are pre-designed and it con be ensured that all aspects of an internal control system are covered, The questionnaire con alsa be kep! as a record of the auditer's evaluation af the internal contral system. Testing of Internal Controls (1) Auditors use resting 16 confirm their understanding of how a system works and 10 form or corroborate an osinion obout the adequacy or otherwise of a internal control. This is done by measuring particular characteristics of solocted transactions or processes and comporing the results with those expected, (2 Testing may be undertaken ct different steges in an audit, depending on the purpose of the tests. [ntermal Controls Evaluation Manual | 5 |37. Typesof test "Wall threw gh' tests a (2) "Walk through" tests are designed fo confirm the auditor's derstanding of how © system operates. This understanding con be derived from a cambinction of cbservation, Interviews and examination of management's documentation of the system, In conducting “walk through" tests, the auditor looks primarily for evidence of the existence of controls, This may involve examining o number of different transactions ct each stage of the process or following the same transaction from start to finish, Compliance testing on (2) (3) (4) ‘When the auditor considers that an internal control is adequate and will contrioute to the achievernent of a contro! abjective, the next step is ta determine whether the control Is effectively and consistently applied. If the effectiveness of the control Is likely 10 vary, for example, when different staff are responsible for operating the control, the auditor shauld ensure that *he sample selected for testing takes eccount, ot far as practicable, of such variations. The cim of compliance testing is to obtain essurance that controls established oy management ars operating as intended ond ere effective. it is not intended primarily cs.< means of identifying errors or failures to achieve objectives Errors found in compliance resting may indicate contrel weaknestes. They de not demonstrate positively that the system is failing to achieve its objectives. The cuditer should clso consider the risks involved anc the need for more stringent controls over application of the procedures. The auditor is more concemed! with the recsons for errors or omissions ond the effectiveness of contrels rather than the mistekesthemselves. Records of controls, ¢g., signatures confirming that checks hove been undertaken, ore not necessarily proof that the controls have been properly applied. The cuditor may need to reperform the process to discover any instances where the centrelhasnot been performed correctly. 38. Testing slralegy and process Planning the fesfing a ‘The auditor should decide: - what to test + whateach test is for - howto test. | | Internal Controls Eveluation Manual(2) The level and direction of testing should toke account of the analysis of risk and materiality undertaken os part of the evaluation of control. (3) Where the auditor ir catiefied thet there are weeknesser, depending upen the cudit objectives and time aveilable, the auditor may carry on furthar testing te determine whether significant control weaknesses have been exploited, Period of testing (4) Tests should normally be reflecting the current trans conditions, for exemple the performonce of particular staff or pressure at particulor times, are likely to affect how controls operate, the auditor should take this into cecount in selecting the transactions te be examined so that the audit Findings are representative, = If changes inoperating Lavel of testing (5) There con be na hard and Fast rules about the amount of testing necessary except thot the cuditor should take Into account the materiality of possible fallures 10 meet objectives. The cost of testing lergs populations is usvally pronibitive, unless computer interregation is possible. The auditar con adopt sampling techniques. The auditor should take inte eecsunt all relevant factors, including the testing objective, risk and materiality, resulls of evaluation of control by the auditor, the time evailoble and the varlabtliry and volotility of the populotion tobe tested. 39, Principal techniques For testing controls (1) The following aaragraghs deteribe the principal techniques fortesting contrals. Observation (2) Observation is particularly impertant where there Is ne permanent record of cctivities. For example, discreet observation by the auditor can reveal whether there is imaroper access to a restricted compuier area despite stringent formal controlson paper. Interviewing / Inquiry (3) Interviewing is useful when evidence is absert or unclear. Care should be taken because the behoviour ef the auditor could effect the attitude of the cuditec- and cninsensitive aparcach could lead to anuncooperative and defensive reaction. Analysis (4) Where a sronscetion or process comprises a set of interrelated ports, the cuditor may need to anclyse ond verlfy each part beforehe orshe can form a judgement ebout the whole, For example, in audit of contracts, the soundness of the contract itself depends on the noture and inter-rclationship of its individual terms and conditions, Internal Controls Evaluation Manual | wi |Verification (5) Verification involves the auditor confirming the truth, accuracy or validity of transactions. The role of audit ie te evaluate and test the controls, not to confirmthe validity of data as an ond ia itself In using verification tests, therefor, the cuditor should ensure that they are related tothe operation of controls. Methods used are: (i) — comparisen - withsome ascertainable fact er standard, fer example, that instruction manvals are up te date or staff have offended appropricte training courses at prescribed interval (il) confirmation checking with third parties youching - checking a transaction against supporting documentation, for example, 4 payment to a supplier against tha corresponding purchase ‘order ond stockentry, etc. Re-performeancee (6) Re-performance is particularly relevant where calculations or measurements have been suppasedly checked os a control and the cuditor wishes to check thet the control actually operated, For example, there might be a contral thata prescribed percentage of payments exceeding certain value should be checked Sy supervisory officers. The auditor may repertorm the check on co sample of that percentage. Tastdata (7y Test data are commonly used for testing computer systems, but may also be used in manual systems, for example, fo test controls aver types of tromadions which sccurinfrequently. 40. Documentation of test results an Adequate documentation of the testing undertaken is important to support the conclusions reached by the auditor, Far each test, this sheuld include: © tert objectives * detail of the nature and extent of tests inckding any methods used to determine thesize ond selection af samples © test results and the cuditor's eveluation © conclusions. (2) Testing should be decumented to the level necessary to enoble a reviewer to perform any of the tests. | 1 | Internal Controls Eveluation Manual4. Reporting a ‘The uditors should comply with the requirements of the Auditing Standords with regard te Reporting. The fellowing are illustrative requirements: In perfarmance audits (2) Auditors should report the seope of their work on internal centrols and ony significont weaknesses found during the audit, (3) Reporting on internal controls will vary depending on the significance of any weaknesses found ond the relationship of those weaknesses to the oudit objectives In financial audits (4) Auditors should repert deficiencies in internal control that they consider to be reportable conditions. The fellowing are exomples of manters that may be reportable conditions: © Absence of appropricte segregatton of duties consistent with appropricte contral objectives; * Absence ef appropriate reviews and approvals of transactions, accounting entries or systems output; © = |nadequate provisions for the safeguarding of assets; * Evidence of failura to safeguard assets from loss, damage or misappropriation; © Evidence that © system fails to provide complete cond accurate output consistent with the auditea’s control objectives bescuse of the misapplication of control procedures; © Evidence of Intentional override of Internal control by those In autherity tothe dotrimenrof the overall objectives of the system; © Evidence of failure to perform tasks that are part of internal contrel, such as reconellictlon not prepared ornottimaly prepared; Absence of a sufficient level of contral consciousness within the organisation; © Significant doficienciot inthe detign or cporotion of intemal control that could result in Violations of lows and regulations having a dirset anc material effect on the finonclal statements; cnd ® Fcilure to follow up ond correct previously identified deficiencies in internal control. [ntermal Controls Evaluation Manual v1") |(71 (8) (9) Auditors should report whether satisfactory action was token or not, on the audit reports. In reporting repertable conditions, auditors should identity those thot are individuclly or cumulotively material waaknesses. Auditors should ensure that stancards for objectives, scope, methocology, audit results and report presentation, as aapropriate are followed in their reports on audit of financial statements ‘When cuditors detect deficiencies in internal control that are not of material noture, they should communicale those deficiencies to the auditee, preferably in wrling, If the euditors have communicated ather defictencles In internal contral to toa management, they should refer to such cemmuricotion when they report cn internal control. All communications te the auditee cout ceficiencies in internal contral should be documented in the working papers. ‘The report should be drofred in accordance with the requirements of the ‘Style Guide’ issued by the Comptroller and Auditor General. Additional guidance on understanding Audit Risk ond extracts fram Auditing anc Assurance of the Instirure of Chortered Accountants of Indic 's given in Appendices 1B Ilo this chapter. Internal Controls Eveluation ManualUNDERSANDING MODIT RISK ¢ In very bread terms, audit risk is the risk of @ meteric! misstctement of © financial statement item thatis or should be included in the cudited financial statements of an entity. In this regard, @ financial statement item includes any related notes to the financial ‘stotements, © Intheery, cudit risk renges anywhere fram zero (0.0), where there is complete certainty of re material misstatement, to one (1.0), where there Is complete certainty of a material misstotement. In practice, however, audit risk is alwoys greater than zero. There is abwerys some risk of material misstatement as it isnot possible, (except for the cudit of the-simplest ‘of Financial statements), dus to the limitations inherent in both accounting and auditing, to be absolutely certainthat amaterial misstatement will not exist ‘Components of auditrisk Audit risk [AR] may be initially decomposed into twecomponentss © the risk of o motericl misstatement of @ financial statement item in the unaudited financial stetements [RMM] end © the risk thot the misstatement will not be detected by the cudiiar (equcl fo one minus the probability of detection by the auditor, (1 - PriDa]). Thus, iF there wos a 50% risk of e material misstatement in a financial statement item inthe: unaudited financicl statements and a probability of 80% that the misstatement would be detected by the auditor, audit risk, ot the risk of a material misstatement in the audited financial statements would be equal to 10%. le, AR=RMMx(1-PriDa)} =0.5x(1-0.8)=0.10 The risk of material misstatement in the unaudited financial stotement [RMM] may be decomposed os follows: @ theinherentrisk of o material misstatement occurring (RMIMI) and interned Controls Evaluation Manual | 31 |© the risk that it will not be detected by the entity (equal to one minus the probability of the entity detecting the misstatement(1 - Pr(De)). Thus, substituting the two components of RMM, cudit risk can be mathematically defined as follows: AR =RMMIx(1~PriDe})x(1 -Pr(Da)) Thus if there was: © an BO% inherent risk of 6 material misetotement in & Financial statement tem, © 230% probability of such o misstatement being detected by the entity, and © a probability of 40% that, if not detected by the entity, the misstatement would be detected by the auditor, budit risk, or the risk of a material mi be equal to 33.6%. ie, AR=RMMix(1 -PriDe)}x (1 -Pr(Da)) =0.8x(1-0.3}x(1-0.4)= tement in the audited finoneial statements would 396 The three components of audit risk (R/MMi, 1 - PriDe), and | - Pr(De)), are referred to respectively a3 inherent rsk [[R], control risk [CR] and detection risk [DR]. This gives rise fo the audit risk model of: AR=IRx CR x DR, where = IR, inherent risk, is the perceived level of risk that a material misstatement may occur in the client's unaudited Financial statements, or underlying lovels of aggregatien, in the absence of intemal control procedures. In the last example cbove, inherent risk was 80%. | CR, control risk, is the perosived level of risk that a material misstatement in the client's unaudited Financiol stotements, er underlying levels of aggregation, will not be detected and corrected by the management's internal control procedures. In the last example above, control risk was 70%. | DR, dotoction risk, is the perceived level of risk thet ¢ moteric! misstatement in the client's unaudited financicl stotements, or underlying levels of aggregation, will not be detected by the auditor. In the last example above, detection risk was 60%. There are two distinct concepts of cudit risk - the ceceptoble level of audit risk and the achievable level of audit risk The acceptable level of cudit risk [AR*] is the risk of a material misstatement in financial statements that is aeceptable te the auditon The echlevable level of audit risk [AR] Is the risk the audited financial statements will contain a material misstotement. (AR is cn ex ante concept ond thes itis referred te atthe cchievable level of risk rather than an ex pesteoncept of an achieved level of risk). 32 | Internal Controls Evaluation Manual© The acceptable level of audit risk [AR*] it estimated by reference to the expected reliance on the cudited Financial statements, The grecter the expected reliance, the lower is the acceptable level of audit risk. The achievable level of audit cisk [AR] is estimeted by reference to the ex ante components of the audit risk mocel, Thnt Is, the estimoted achievable valves of inherent, control and detection risks. The aim of on ‘ouditer is to achieve an acceptable level of audit risk; te aehieve a level of audit risk thatis ccceptoble to the auditer, © There-are similorly rwe concepts of detection risk - the acceptable lavel of detection risk and the achievable level of detection risk, The acceptable level of detection risk IDR*] is the maximum level of detection risk an aucitor can allow ro-eccur, Onthe other hand, the achieveble level of detection risk [DR] is, broacily, the risk that a material misstotement ip the uicudited information will no! be datacted bay the auditor, (Again, DRIs an ex ante concept and thus itis referred te. os the achievable level of risk rether than on ex postconcep! of an achieved level of risk). Intemal Controls Evaluation Manvel 3 |AUDIT METHODOLOGY Extracts from AAS 6 In & continuing engagement, the cuditer will ke aware of the eecounting and internal contro! systems through work carried cut previously but will need to update the knowledge gained and consider the need fo abiain further audi! evidence of ony changes in controls. Before relying on proceduresperformed in prior audits, the ouditer should! obtain cudit evidence which supports this: reliance. The auditor would ebtein audit evidence as 10 the nature, timing ond extent of any changes in the entity's accounting end interne! control systems since such procedures were. performed and assess their impact on the auditcr's intended reliance. ‘The longer the time lapsed since the performance of such procedures the leser the assurance that moy result, The auditor should consider whether the internal controls were in use throughout the period. if substantially different controls were used at different times during the period, the auditor should consider cach seperately. A breakdewn in internal centrols for a specific portion of the period requires separate consideration of the nature, timing and extent of the audit procedures to be ‘applied tothe transactions and other events of that period. Accounting ond Internal Control Systems (1) Inferno! controls reloting to the accounting system ore concerned wlth achieving the: following ebjectives: (a) Tronsactions are execuied in accordance with menagement's general or specific outhorisation. (b) Alltrensactions and other events are promatly recorced in the correct smount, in the appropriate occounts and in the proper accounting period 30 as to permit preparation of financic| statements in accorcance with the applicable accounting polides/practices and relevant statutory requirements, if any, and to maintain ‘occountchillty for assets. (a Assets and records are safeguarded from unauthorised access, use or dispesition. (d) Recorded assets cre compored with the existing assets at reasonable intervals and appropriate cction istaken with regard to any differences. | 4 Internal Controls Evoluetion Manual(ii) The cuditer should obtain an understanding of the cecounting system sufficient to identity andunderstand: > major classes of transactionsinthe entity's operations; % — howevch transactions are initiated; % ——signiffcont cccounting records, suaporting documents and specific accounts in the financial statements; enc > accounting and financial reporting process, from the Initiation of significant transactions and ether events to their inclusion in the finencial statements, Ordinarily, the auditor's understanding of the accounting and internal control systems significant tothe cudit is obtained through previous experience with the entity end is supplemented by: 3 inquiries of appropriate management, supervisory ond ather personel at various organisational levels within the entity, together wih reference te documentation, such at procedures maruals, job deccriptions, cystoms descriptions and flow charts; inspection of documents ond records praducad by the accounting and internal contral systems; and % observation of the entity's activities anc eparctions, including observation of the ‘organisation of computer operations, personnel performing control arocedures ond the nature of transeetion preeessing. {ilt) In the audi of financiel statements, the ouditor is concamed only with those policies ene procedures within the accounting and internal contro! systems the? are relevent te the assertions made in the fincneial statements. The understending of relevent aspects of the cxcounting ond intemal control systems, together with the inherent and control risk assessments and ather considerations, will enable the cuditer to: > of the accounting sysiem as a basis for preparing the > identify the types of potential material misstatements thet could occur in the financial statements; > consider factors that affect the risk of moterial misstatements; and > develog cn approariate cudit plan and determine the nature, timing and extent of hisaudit procedures [ntermal Controls Evaluation Manual | 35 |DETAILED CHECKLISTS 42, This Chapter provides the illustrative checklists in the Annex that may be used for evaluating Internal controls in government. The Annex contains o general checklist followed by checklists for some specific creas, 43, The checks mentioned in the checklists in the Annex and the areas to be covered are illustrative and not exhoustive. The cuditors should toke inte cecount the nature of ‘functions of the particular Ministry /Departmem, provisions laid down in relevant Codes, Manuols, Rules cnd Regulations as prescribed by the Government and Instructions issued from time to time by the Office of the Comptroller and Auditer General, | 36 | Internal Controls Evoluetion ManualAnnex Gonaral Cheeklic! for Evaluation of Internal Controls 5 Check Yes [No] -NA- | Work Ne. Papar Reference: 1. | Whether there exist @ formal mecheriem in the shape of Acts & Policy statements In respect of standard: erd processes for intemal ‘control. 2. | Whether the Organizational arveture provides fer clecr reporting lines that establish links between accountability, responsibilty and authorization of varicus actiitior 3. | Whether the top moragement is comecious of the Importance ef intemel centrel anc gives it cadecuate Importance. (Refer GFR 64) 4. | Whether © wall defined delagotion of powers exists, with Important / exceptional maners: being under the powers of aigher levels of management 5. | Whether the O1 ives of the Organisation are well defined and whether there ore any specific targels prescibed | Whether prececural monvals exikt in respect a Finarcial raters (cash, banking, cccounihg, iene, —expenchure, budgeting, ote) fb. Staff recruitment, training, perfcrmance ‘and discipline © Purchase of goods end services, comrocts dL Qutsourcing of funetions & Code of personal ennduct with guidance on gifts and hespitality F__Uto of computer systems 7. [Whether the varkes officials ore given adequate training in their functional creas & | Wheiher there ore spedfic ond attuinable ‘targets tet far various officers / officals in the ‘organisation 9__| Whether cn Intemel audit sysiem Bin place 10. | Whether thare is separation of duties in such a ‘way that more than one individual is involved lino tronssetien Ti. Wheiher there ore piiyaical aura mecires restricting accets to buildings, information systems, valuables, etc. Intemal Controls Evaluation Menval12. 13. 14, Whether there is © system of supervision and review of the work of various functionaries: Whether there ore systams for taking adequate remedial action in case of theft, 1d, detaleorion, ere VWihetier there are adequate safeguords to protect cash, valuables ord resourees through security / police escom, safes, strong reoms, physical cccess restriction, etc. 15. ‘Whether there cre systers te ensure sequential numbering of documents, receipts, vouchers, ofc. 16. Whether there are systems of Reconciliations, he the act of balancing one system to another, fer example, Sank reconciliation, reconciliation of departmental figures with accounting figures 19. Whether there are systems 1 ensure timely rendition of accounts Whether there ore systems te obtain dedaration of ast, intimetion of certata high value tronscetions, etc. VWihathor thore ic on edequate end roliable MIS which will ensure thet important / exeoptionsl matters or motters requiring anention are being reported to. appropriate higher levels ef management ‘Whether the daporment has prepared any manual or Flow chart listing out steps In various activities ond procedures which are specific to is working, 2. Whather the Stall Tmpeciion Unt or Tiemal Werk Study / OBM Unit or any other agency has performed {I) Organksaron and methods Studies ond [i] Werk Measurement Study, ete for preseriking apprepriste ware nerm: anc stondards of oviput in terms of quality aad quantity os envisaged in CSMMOP anc, iF 46, ‘whether their recermmendations were comalied ‘Whather time limits were fixed for disporal of caves ond, if x0, whether these time lirits were adhered to. ‘Whether the references from Members of Parlicment and VIPs were promptly attended to in tha prescribed manner. Whether any monthly pragramme of inspecticn of sections / desks during o year wos drawn by the Department / Avnistry Whether each section/desk in the department Is incpected by an officor of er abovo the rork Internal Controls Evaluation Manualof Under Secreiary/Deik Officer, whe does not hondie ony port of the work of the section/desk concerned, once in a year tc ‘ascertain the extent te which the provision of the CSMOP ond inerruer'ane ttwed thereunder are being followed as per CSMOP, 2B. Whather the ispecting Officer, afer camying ‘out the inspection €3 indicated obova, has repored significant peinrs, if any, emercing from the inspection, to the Secretary. 2A ‘Whether the Inspecting Offieer has, in adaittion, brought the Important findings 1 the notice of the Department of Administrative Reforms ond Public Griavances (AR & FG) by 30th April each year. 2B. Wasther the Department / Minlsiry has devised procedures and strotagies for risk assessment / risk Ident'ffcaticr, grading of risk, analysis of impact and pion for risk management (including contro! activities for meritoring and mitigating the risks), commensurate with the quantum of funds handled, geogrephical spread, comolexitio:, dagrae of cacentrelizarion, diversity in nawea of the activities of the Department / Ministry. 2B Exomine if Internal controls have been Mrusiured to emsurea char ond logical plan of ‘organisartonol functions which estobiishes clear lines of authority ond responsibilty for ‘administretive, Fnancial and technical ectvities keoping in view the enity's base objective/activity, See if 0, Organisations! setup is designed to serve the main objectives/goals/activities of the organizotion, b, Tho units ore functionally segregated to encore protestionel, functional ened technical specialisation. ¢. Poss created ond duties assigned have the approval of the comperent outhority. d. The financial functions are separate from administra functions. The person reszontible for the cusedy of the resourees Is soparate frem the ene whe Inemal Controls Evaluation Menvalrecor: trantactions, maintain ecccunts and Frenelal reparrs. f. The duties/resporsibillifes ond financial powers of each authority are cleorly defined @ No post has remained vacant for a long Period end whathor additional charge eld by nether official har diluted and Impacted financial funcional propriety h, Procedural manuals hove been prepared for various funcitons ond activities and these manwcls cre reviewed ond updated periodically. ‘Adminisirative Control Registers: ‘Moirtanance of varieus comrol ragitrars i¢ on Important olemert of inmmel contral erruewra. All registers induding subsidiary records shovle! be ia presribed form ond poges shovid be numbered Following i on illustrative lst of some of the standard control registers being maintained 4) Expenditure control register b) Advance ragister ¢] Pay bill register a) Té ane ITC bill rngister fe) Medical daim expenditure registers f) Library accession/issue register a) Stationery register hy Stock register |) Stock issue register |) Dead stock register k)_ Investment register I) Register of comracs im) Register of refund of revenue n) Grantsfivaid register 6} Sanction register p) Register of choque books Ei A EDP control Exam! 1) Type of cctivity function computerised 2) Whether various reports genercted cre being cuthenticared/utilised fer the purpose| For which those have keen developed. Internal Controls Evaluation Manual3) Whether provision exists fer generating Management Information System (MIS) reports for control purposes. 4| Whether cdequete security existed for aecessing a+ well as recording /medification of data only by authorised personnel. 5) Whether there exist well defined pelicy or guidelines on access control, the system Integrity ond continuity plan tn case of disaster. 32. 33. Whether the administrative report contains:- *A certificate signed by the secretory of the ministry/departmest certifying that the prescribed intemal contral systems as par the Statement cf Interncl Controls (SIC) have been adhered to and the recommendations of internal audit have been acted upon, *A statement showing the recommendations of Infernal audit and action taken on each. Monitoring & Evaluation of programme: anc schemes + Wheiher the implementing agencies have submitted physical anc financial tergets in respect of the programmes / schemes Implemented by the deportment/ministry, ‘+ Whether ony physical inspection oF works executed in the deporment was conducted by the Controlling Officer 3B. Review the functioning of Parliament Unit te see how lt anures timely dispocal of sll Paper: and monitoring that the assurances given te the Lak Sabha ond Rajya Sobha ore fulfilled within a gerled of three months, whether Register of | Perliomentory Assurances wos maintained. As per Central Secretariat Manual of Office Procedure (CSMOPI, every department should formulate cn Anaual Action Plon indica‘ing time frome of action with monh-wise break-up of torgets 16 be ochiaved in respect of each of the activities to be performed during the ensuring financiel year in the month of January, £0 “hat the programmes and projects undertaken by the department cre implemented in a systematic manner within the prescribed fire frame. Intemal Controls Evaluation Menval «|‘Monthly perfomance repor's on the Heme of Action Flon incicating the detail: of targetec and cetual performance wit commants cn end quarterly resorts should be Check wherher the requirements were complice wits Comments / Compensating Conirals: | 2| Internal Controls Evaluation ManualChecklist for Evaluation of Internol Controls relating to Cah Management 5 Cheek Yor [No] -NA- Werk No. Paper Reference 1. | Whether cash book is maintained ia prescriber ferm 2 | Whether cosh book pages are machine numbered Z| Whether cash ook concins a certificate on the fit seme regarding the rumber of pages duly signed by eompstent autyacity 4 ‘Whether entries of receiots and expenciture cre made promptly every day in the Cath Book and attested by DDO everyday cfter verification of reesipts ond paymea's with challant and vouchers? ‘Whether pre-numbered recelp are liaued In cave of cash receipts | Whether the entries in the cash book ore checcad by on cfficer not connected with the writing of cash book 7. | Whether certificate to the effect that the cosh balance found during phyticc! verification ‘oareed with the alone ir recerded in the cosh book @_| Whother surprise chock oF cash blanca fe conducted periodically by authorities not responsiole for maintenance of cath book and © certificare to the effect thot the cash bolance found during shysical verification agreed with the book bolance Is recorced 9.__| Whether c resort of suprise check is mainicined. 10. | Whether huge cash balance is maintained, in comearison with requirements for immediate disbursement. (As per Rule 100 (2) of Receipt & Payment Reles, 1983 money shall not be drawn from Government ccenunts unless i is required for imrediate disbureemeni). 11. | Whether poymants ere praferatly mace oy cheque only and whether payment of large awounts (axceeding preserbed value) is made in cash and not by cheque [Payment of amount ceeding Rs. 10,000 sheuld be made py cheques, a: required by Receipt ond Payment Bulas, 1983 Ta. | Whether the book bolonce are perlodically checked with physical balances and telliad! TS [Whether receipts ore corrsctly ported in chronological arcler from ail recelpt books Intemal Controls Evaluation Manual 8 |irs Whether bank recercifation is prepare regularly ord difference: barwaen balances as per benk pass book erd cash book cre being Investigated and clscrad, 1 Whether eash receipts ere net diverted to meet day to day expenditure Te the transactions thereln are accounted for In the [ime subsidiary cosh books ere maintcined, main cath kook promptly 7. ‘Whether coshie- has furriched ficlality bonds Te. Whether casi Balances are kept within limits prescribed ond not excessive is Whether all receipts (including cheques, dratis etc.) were posted in occounts end deposited into Government account on the same day of next working day. (As per Recaipt erd Payment Rules, 1963) Whether Bank accounts have been opened with proper apprevol, Whether there if a reed end juitilication of having mace thon one bank account. ‘Whether the payments ars properly authorised and recorded immediately in the account. Whether countertells of poy in clips er cach receipts are on record. Wihethar cheque books are kept ih rake custody nd the prescribed p-ocedure: Is duly obssarved. Whether the pald cheques occomponying the Bunk Scroll are excmined to find ost that there are ng vaguthorised alterations in the names of the payees ond the amounts payabl where such alterstions ere found even under attestation of the DDO, the cases are: checked with reforente te the related pa'd vouchers anc sanction. Whether adequate ears is taken in iswing cheques in lieu of cancelled /time barred cheques with reference to relavont records Comments / compensating controls: Imermal Controls Evaluation ManualChecklist for Evaluetion of Intemal Controls relating te Budgeting and Expenditure Control Cheek “NAS ‘Werk Pope: Retorence Whether there ore rvied and instructions relating to the formuletion of budget and revised ‘ertimates ened responsibilities of different furciloncries. Wheiker there were wide varietien: under “Revenve Expenditure", “Casitcl Expenditure", “Loons”, “Charged” ond "Voted" catagerier. © Whether the expenditure fs confined within the ‘approved revised estimates. © Was the expenditure under Pion and nox-Plon ‘within the revised estimate? Wos chere on excext ‘or saving beyond 10%% © Were there persistent savings over last three years under any Major head, indicating poor pre-budget scrutiny of schernes? Wheiter the Revised Estimates ond fuciget Estimates submitted to Finance Dept. cre ‘supportec by the estimate racaived from the ‘eximating avihorities far various zones/effieers, sete. (ODOs) ‘Whether the savings were eurrendored before jhe end oof frontal yeor/otfecting Implementation of progrommas and orivitier, Wheiker there ore arrengemerts te prevent transfer of funds from the Consolidated Fund to depot accounts fer uifzarion in wbsequent financiel years “Wherker she drowing and divauiing officers ore adhering te the time schecules prascrized for submission of estimates. ‘Wheiker the Depertment is exercising adequate scruiiny over the estimates fumished by the drawing ord disbursing officers and the \usfifisation furnished in support of original ‘estimares ond estimates of cdditional requirements, Wherker the adninisrative Secretory ard Head ‘of the Department are exercising odequote and ‘effective role in formulating the depormental budget ond oxersiting their detignated responsibilities. Internal Controls Evaluation Manual10. Provision of funds Examine «shothert @ Control recorce are maintcined to. watch progress of revenue and expenditure against estimated recelpts ond allocated funds. b. Variation between acval exgenditere and budget allocation are exaniined — a! cppropriate levels and wherever necessary re-appropriation is approved by specificd cuthorities Whsthe there adequate _syilems ane orrongemans qveilnble for determination of allotmert of funca to various drawing and isbureing officers end thelr timely ralacisn. 12. Whether the DOO i nominated by competent cuutharity. 13. As por GFR 291, permorent advance or imprest for meeting dey to day comingent anc emergent expenditure should be granted to government sarvane by the head of deparment in consultetion with Intemol Finance Wing, keaping the amount of acivonce 0 the minirum ‘as required fer smeoth functioning. Check whether the oravisions arc complisd with. ‘Whether the advances drawn on abstract contingent bills for meking edvancs payment 16 cuppline ere. are adjused within fitter days of the drawal of advance [as requited by Rule 299(0) of GFRs_2005) 15. Check whether contingent advances, TA aadvoners, [TC advonees, atc. are adjusted within the proseriked period. Whether the control registers preribed under the GFRs, Recsipt ond Payment Rules, ete, for exercising check over expencture are proparly meintaired in the prescribed monner, Seme Mhusttative records are Cosh Beok, Bill Register, Deed Stock Register, Register of Undiskursee Pay and Allowances, Siock Register of Receipt Boole, TA Bil Register end Leg Books. ‘Yhather the funds ere released iimely te various drawing and disbursing officers ‘Whether here are adequate arrongemerts for communicetion of allotments to she drawing anc disbursing afficers concerned ‘Whether there is adequate mechinery for exercising apenciwure comrol ard monitoring expenditure incurred ky field units Internal Controls Evaluation Manual20, ‘Whether the monthly expenditwe statements ar received timely from the drowing and disbursing ‘officers, crrangemants mode fer their documentation and analysis and are they utilized for the purpose of exercising effective control over expendiwra. Whether thers i © methanim 1 prevent irregular diversion af finds ond exercising contral over utilisation and prevention of diversions. Era Whether thers cre adequate crrancements for monitoring expenciture on schemes ond their adequacy. 3. Rush of expenditure ‘Whether there is mechanism to eniure veiformity in expenditure in every quarter and prevent rush of expenditure toweres the clots of tha fineneial year. (Rule 54/2] of CFRs provides shat rush of expanciture, particularly in tha clasing months af the finereial yeor, shell ke rogerded as ¢ of fitarcial propriety. MQF hes ec that under an effective cash system, nu! mors than 33 percent m Whether the instructions issued from time te time by ihe (Ministry of Finance, Departmen of Expenditure for observing fiscal prudence ane! austerity in experdivre management ore complied with (Fer example, according 10 instructons of 165.2001, reliercted on 24,9.2004 and 23.11.2005, 10 pereent cut in the number of posts was to be made and posts lying vacort for mare than ore year were to be abelished. Hove these Instructions been implememed by the Ministry, and its oltached ond svbordinate offices Ave restrictions on office expenses, telephones, patrol, hospitality, st, impored ky MOF implemented? } ‘Whether the expenditure on secret services le being adequately monitored by the respective Head ef the Office through reperts submitted by the officer designated for inawring expenditure on soerat services Intemal Controls Evaluation Menval26. ‘As per Rules 5d and 50 of GFR, controlling oficer thovid maintain © Liability Register in form GFR 6 in order to see that thore is no cose of excess expenditure cwer the sanctioned ‘mount. Further, in order to maintain proper coniral over expenditure, the controlling officer should ebtain from spending authorities, Rabilty stoterments in form GFR-6-A every month, storting from the month oF October in each Finoréal yeor. Check whether these provisions were complicd with, Commonts/Compencating Centrale: | #| Internal Controls Evaluation ManualChecklist for Evaluation of Interne! Controls relating fe Accounting 3 Check Yes | No | -NA- Work Paper Reference 1. | Whether there & reguler reconeiliotion of Fgures of expenditure ond receipts by the Drawing and Diskuising officers [D0Oz) et periodical intarvals with the figures booked by Fay ond Accounts Offices (FAQs) in the accounts and with the cccredited konk and by the PAO with the Bonk ‘ond whether differences ore investigated ancl corrediers made? {Paro 1.10 of the Civil Accoun's Manual) Z| Whether the principe! accoums efficer (PAO) of cach Ministry & sending in the prescribed Preterm @ momhly statement shewing the expenditure viedevis the budge! provision uncer the various heads of account, to the head af Deportnent responsible for cveroll control of expenditure agoinet the grant of the inky as a wrole, Whether the figures s¢ communiceted by the PAG) are comered by the Heeds cf department with those conmalidoted in Form GFR 12 and differences if eny, are token up with the PAC Whether the Head of Department 's furnishing © quarterly certificcte to the FAO certifying the correctness of the figures for the quarter. miscellaneous receipts received in cosh and valuables remitted Info berk te the PAO, 4. | Whether receipts cre being usec 19 meet expenditure, unlo:s authorised by oppropriate rules S| Whether a stock ccoount of Receipt Boot le main'gined ond dosing balance in the stock eccount verified by the Head of Office periedically and @ certificate to thal effect recercied in tha register (As por Rules 22 to 24 of Receipt and Peyment Rules). Internal Controls Evaluation Manual 49 |Roalicetion of deparmentel avenue Whathe- systems have been presribed for ensuring that. a] Proper record of racsipt backs Is kept and the books are faved only to parson: suthorised to Inve receipts. b} Receipts are machine rumberec and cre Issuee In chronalogicol order. ) Receipts are ecrractly pested in main cash book: d) Where subsidiery ncreunts are kept, tarals ore token to main cushbeck and the receipts are correctly austed, 2) Reveme fo be reolsed is comedy ssessed, demand notice is issued! anc recovery watched through araper centre! records which are poricdically reviewod. f) Revere is correctly classified th eecount, 9] In respect of realisation by way of money order, cheques and drotts, an etfecive rystom of collection and accounting has been prescribed and followed bh] The revenues realised are duly posted in Bemane and Collection ragisiers ane! eros checked to ensure that collections as pestac In Demand and Collection ragisters have been duly token to cash book, i) Loss oF revenues is duly examined anc written off under sanction of opprosrate uthority 7 Acquitiance of payments Whether the legal quitance in swpport of ayment made is obtoined in an Aequitionce Rel in Farm GAR 24 for pay ord allowances and on the office copies of kils for ether payments. Under Bole 92 of Corvecl Goverrenent Account (Receipt and! Payments) Rules. Whether Accittance Rell ond o'lice copies of bills on which quittence is obtained are stamped PAD, Internal Controls Evaluation Manualee Whether moneys were erewn on AC Eils and kept in “Deposit” ro avoid lepse of grant 18. Whether meneys drawn Fully vouched comiingent bills were supporied by proper cortificare:, for exemple, certificate regarding recelpt af stores, sub vouchers ‘Whether advances are adjusied to oppropriaie head (for example, medicel advances), whet is the conol exercised by Head af cffice/Separtment in this regard? Whether bills subtined ot the tag end cre sleered by PAO/ Trecsury/how many retuned? Whether the returns in form GFRs-12 were submitted by the controlling officers to the Admn, Department Whether the prescribed forms fo shew expenditure against the heade of accounts, te watch receipt of the prescribed retums, ets cre maintained in the Directorates or in the offices of the selected DDOs. ‘Whether Dead Stock register Ik maintained and entries made es seon as on item is aroeured ane! Issues cra mada? Whether the physical balarce of dead stock iname is tollisd with the beak balance of ech item periodically? Rogister of unditbursed pay and allowances «| Whethor an ascount of undisbursed pay ane allowances Is keat Ina register In Farm GAR 25 (As per Note 2 below ule 92{3) of Receipt anc Poyment Rules) +) Whether entries of the totol and particular amount undisburred ere mace against ech bill serfally and subsequent payments thereof ectered in the oppropricte colsnrs of the reaister ond the cash bock and each sch entry ottested by a gazetted afficer. + Whether balances of each month are properly carrie Ferword te the nent © Whether action is token to disburse the emaunt te the seyees prematly’ 1s Whether the Bill Rogister ir maintained in Farm GAR-9 by euch head of office wha is authorise to drow morey on bills cigned by him, reviewed monthly by @ gazetted officer and the rewlt of Intemal Controls Evaluation Menval | s1|the review secorded therein to prevent presentation of Fraudulent bills 19. fs @ control to ensure that TA edvancss ore adjusted within 15 days of completion of the tour? © Whether it is ensured thet, evan whan no edvonce Is drawn for the tour, TA bill is amined ‘within one year, es preseribed Gast a Log Books Ate legbooks in respect of staff cory ane thor +ehides maintained in the correct form ond entries made promptiy# + Is the eg boot belng scratized by & senior officer once @ month? # ie there @ control to check misuse of the staft cork + Ishistory sheet of vehicle ma'rtained® Office Contingencies Examine whether: @ Proper recor of expenditure under each category ie, stalhenery//postoge, maintenance of vehicles, Freight, corriage etc. fs being maintained. b, Expenditure on varios items of contingencies i regulated according to presorbed scaler cond provision of funds Exomine whether the following controls are in place, @ Vouchers ore entered ino chronelogice! order ond ore given distinct serie! numbers b Calms are clecrly tated and ore due anc admissible, & Arihmaticel calculations are checkec!. | | Internal Controls Evaluation Manual there oxists o contalized database of offices" placas of porting, duratian, pasts held, ete, for enabling implementotien of the trorsfar/alacament policy 2 a Whother there I: © pelicy of rotating the duties of staff, ic prevent development of vested intorests one enlarge the range of the chilly of employees by exposing them to different kinds ‘of work (For example, say, in key seat For not more than 2-3 years ond in o section for mot mere than 5 yours). Whether there ore systems fo obtain declaration of axets, intimation of sertcin high valve ironsoctions, etc Whether the department har prepared ony ‘Manual or Flow chart listing out steps In various oviviter ond procedures which are specific to ity working. a ‘Whother there ie an effective system in place fer mentoring of fa] Fresh eppoimments, (b) Prometion and transfer ‘Whethe:, in terms af Department of Expenditure, Ministry oF Finonco OM Nos. 713) ECoord/95 dated 05-08-99 erd DOPT OM ne.2/8/2001- PIC dated 16.5.01, rofterotec by the Ministry of Fincnce om nes 7(5) E.Coord/2004, detec 24.09.04 and 7I2JE. Coord/2005, detec 23.11.05, 10 per conf cut In number of posts was made erd abolition of post: lying vacant for more than one year was ensured. | #| Internal Controls Evaluation ManualWhether, in case of upgradation of poits, the conditions of upgradation ware complied with (like surrarder of a lower post) ‘Whether, of required by GC, ME, OM Ne. 3 (SHE IV (Al/ 76 dated 25th November 1976 below Rule 199 of Supplementary Bules (SR), the head of the office is inspecting anwelly at least ter per cent of the service books and leave eceounts, Whether the service boots of oHisiols completing twenty five years of service before fire years of retirement vere verified by the Fay and Accounts office Whether ony inductien/seriority st is mointainad? Wheiher government hos stalled infernal control fer monitoring fresh oppcintments and! ironsfer end postings in the department. ‘Whether information regarding senctioned posts ys. person: in postion was available ine date base, Whether persons were trorsferred from/to Autonowous — odiex only with proper government orders. Manpower analysis whether imemnal controls cre In piace for ensuring thar, ©. Staff patterns conform te norms end standards prescilbad for the purpose: b. Clear demarcotion of furetonal responstolliies exis! mong the personnel Job analysis, description and specifications have been clearly spelt out 4. Allecction end cetval deployment of monpewar It ot por sanctioned strength ane! controls are evellable for monitoring efficient and effective utlisetion of manpower. fe. Proper systems hove beer instituted for reviewing at periodical imervale the worte loc! and edequocy or ctherate of monpower Inemal Controls Evaluation Menval15. Advances t¢ employees Audit will examine hater control recere's heve been devited end ere boing moinined for enwuting that @. Proper record of advonce Is kept and recovery is watched b. Amount remaining unutilised is promatly refurded c Recower'es are mede in all cores a par rules 16 Whathe: there ts a system tm ensure Insurance of hovie/flot purchesed using Hows Building ‘Advance (HBA). As per Rule 7{b) af the House Building Advonce Rules an offal has to Tasure the howe/flct immediotely at his awn cast on completicn of construction cr purchess of howse/fkct for not less than the amount of advonce ond shall keep it £0 inured til the advonce together with interest thereon is fully repaid to the government. 17. Provident Fund Aecounls Examine «shether * Whether there ore adequate contrals over sanction of advance/withdrawal from GPF te prevert froudvlent drowols. * The contribution: to the fund ore in arcordanee with the prescribed rate: anc are cracited te proper account. 1 inctesse or decrease is reguloted in octordones with rules and conributians recovered. © The ocvonce er wihdrewal, both refundable and nor-re‘undable are duty authorised for the specified gurceses cccording te preteribod wlst/seales and refund of advance /vithérawal it watched. + Intered is correctly assessed at prescribec tater ond cedied a the ead of the financial year +0 the Inclvidval accounts. = Balance in cach account ir worked out ot the end of the yeor and commureated te Internal Controls Evaluation Manualthe individual employee for acceptance/ ification. Expenditure 01 Exarnine whether: @, The eniploymert of indivicval is approved oy the competent authority. b, There are written authorise in aerounts dopertent fer general berecte in pay, individvel imerease in pay, advances of solary/wages/TA, ete, leave availec, matical relmburseriant, borus, ete: & Proper control record of employmen: on specified fobs & available, di An astessment of work vis-drvis the ‘exponciture incurred is mods, 4. There are adsquete conel: against the chances oF inclusion of fictions amet, over- stoting of rotes of wages or the days of work put in, ote. f. All existing posts have keen created uncer cider: of competent cvtherity and are in preseibed pey scales, @: Pay fixofion has been reguicted correctly according 19 the rules cpplicable and that doduetiers for provident fund, incorne-tex and advances taken have been correct’y mace ord comrol registers have been matntained. hy Tours are duly sanctioned by the competent authority ond claims requlcted according to ules lary [wag Service records Examine whether: «@., Procedures have been laid for ensuring that service records of cll employees are being mointained ond checked. 1b. All events are being reccrded in sarvice records and are being chocko «Nominations in respect of DCRG und provident] furd hove beos meds and are available in the service records. d. All personal entitlements ere being correctly worked oul, checked, pod and properly recorded. Comments / Compensating Control Internal Controls Evaluation Manual‘Checklist for Evaluation of Internal Audit v 5 ‘Check ¥ No] -NA- Ne. 1. | Whether there Is an rangement for intemal oct 2 [Whether there ore arrangemenis fo ensure Indeponderce ef the intornal avdlit officials ane prevent confitct of interest 3% | Whathe- the internal audit work encompasies ell the Important functional areas ond desks or merely confined to ececunts | Whether the imemel cudir wing also cowars the variews public sector units and autenomes bodies urder the Ministry / Bepariment 3. | Whathe- the duties relating to imemal cucit ore separate frem these relating te financial edlvice, receipt, disburiement and accounting functions & | Whethe- the need of interncl audit [Chief Controller of Accounts) reports directly 10 the Savetory. 7. | Whathe- ihe internal Gudit wing i adequately stoffed Sy quelfied and troined personnel & | Whethe the intemal cucit offiriek cre given adequate training in intemal cudit work anc periedicel intervice training programmes for vpproding their knowedge ord skills. ‘Whether the iemol oudit officiolr are positing adequate experience in the functional areas which they are required to cudit ‘Whether the internal audir efficicls are being retcined in the internal aucit wing es specialists, or being transferred out to other wings? M Whether large number of intermal audit objection: are cutstending for long Whether the frequency of imemol audit is adequate 13. ‘Whether the planning of intemal audt work anc allocation of tima ond periodicity of audit are buses on risk osvessirent How/ebether i is ensured in oudit plonring thot: # All key isks cre identified and eoragorized; end /* Excmined with reference to thelr lkelthood cord impact Internal Controls Evaluation ManualWhether all the units or offices planned for internal cudit were covered, or whether there is @ shortiell Whelker adecuate follow-up action i laken in respect of the findings and recommendations of internal exit 18 7 ‘Whether tha intemal cudir reports inclida substantive findings, and not merely minor procedural lasses ‘Whether the infermcl aucit report contains genvine issves of intemel controls, compliancs froud — mwarensss ond prevention ane performance issvo%. ‘Whether the Intemel auci repre conain recommendation For corresting the deficiencies noticed. 20. Whether the intemal cucit repert: en ecch assignment are sent to the concemed Secretory in the form af a managemeat lenert (cony endarted te the head o* the unit audited), Whether there Isa Best Practke Guide or Manual tor the inemal audit wing and whether thay are usdeted a ‘Whether the internal audi wing ke aneclatedt with ony risk eseotement cethity for the Deportinent / Minster a Whether Audit Commiffees aro coniiftuted In the Ministry /Department for reviewing the complianes of the racemmendations given by the internal uct 2 24, CSordinalion belween Infernal ond statvlory audits ‘+ whether Annual Avett Flans and progrommet are shared 19 avoid duplication ond assist in thelr respective cudlt planning; © whether —instiyiioral = machonisms cre feated fe ensure commen xnde-standing and sharing of audit rechnicves and methods; + whether there i: amy sharing of training ‘Whether the intemal auchor assists the Secrercry of the Ministry/depermert in monitoring the ection taken onthe Findings and recommendations contolned in the local Avdit Ingpection Ropers ond Audit Raperts of the CBAG? 25. Whether periodic meetings are held between the stauutery auchor end Imernal auch to review the progrow? 2B Whether ¢ Regier of Sottienent of Audit Qbjecticrs (Statutory Audit) was maintained. Comments / Compensating Controls: Intemal Controls Evaluation Menval‘Checkliet For Evaluation of Internal Controls relating to Stores Purchase of Stores 5. Check Work Paper Reference, 1 Check whether there are = well-dewizod! deportmentel regulations / instructions gewerning purchase, receipt, inspection, custody, issue, condemnation, sale disposal ond stock varifention of stores 2 | Check whether there are checks fo onaure that the quantity te be purchased wos dererminod tckina inte aecount the present and future work requirements of the concerned cucitee entity Gincluding requirements received from units ane field formations) ord the ‘equiremens have been assessed on a realistic kexis ond nor merely based on availability of funds. & | Creek whether availablity ef funds (budget provisions) Is checked anc nct exceeced, before considering procurement, a | Chece whether cores of the required spetificction: cevered under rete centract: eniered Inio by the Directorate Generol of Supplies ond Di:porals or any other epproved rote controct were purchased only under such rote coatrocts, 5) | Check whether there Isc system to ermure that ‘open competitive tender (as proscriked under the relevent Finaxcal Rules) wos adopted for purchases From controctors or suppliors. 6 | Canee whether the system antures thar purchases are made only frem the lowest tenderer unless there ne recorded reasons for not doing 5 ane! duly epproved by the competent authority (Rules ‘Check whether there Ts @ system to emsure that stores procured (ordered) are of approved quality and specificetione. 8 | Check whether there ls a welll defined delegation of powors to sanction purchases, 9 | Check whether the purchase orders are split up 40 95 te avoid the necessity for obtaining the requisite soncrion of higher cuthorities (Rule 1.48 of GFRr). 137 ra 181 af GFRs) Intemal Controls Evaluation Menval10 Check whether there is @ mechanism 10 ensure that the purchase order terms and conditons conform te the applicable coda! provisions anc instructions / orders isswed from time to time. by the Government. Check whether necnsary precautions cre token fo sefegverd gavervent interest: in cases nvelving advance scymants far supply of stores in term: of the certract previsione er Government orders. 2 In cose: where advanco was acid te vepalicrs, check whether the @. Advaxces paid ore os per terns of agreerrent b. Adwerce hos been linited 10 the ccinisstbe ‘amount ond is not paid chead of prescribe time A Rroper record of sch edvance is komt and recovery odlustoent [1 watched A. Stolas ware received! within tm stipulerne! period and the advanco poymonts adjusted. 13 in ete in the officer draws mansy on cbstract contingent bills for meking advance payment te Suppline ate. whether it is antuied thor the advonce is adjusted within Fifteca days of the drawal ef edvance. (Rule 292 (2) of the GFRS 2005). Commanis / compensating contrats: Custody and Issue of Stores Check Yes “NAS Work Poper Reference Check whether officers amruned with cunedy of stores or holding charge 0! stores have furnished the sncurity preccrined in terms of tha instruerians assed from fime to timc by the compstent cusho-try and whether such security ts evrrantty in force Check whether e perticulor official ha: been respomitls for the eustody of store fer prolonged periods cnd, 1 so, what safeguards wore taken te prevent mizvee oF his postion Check whether adequare sroroge facilities are available ond precautionary meaiwres hove been token tc protect stcres from damage, undlue deterieretion, helt, pilferage, ee. Internal Controls Evaluation ManualCheck whether discrepancies, If any, between the ook balances and the ground balances were reconciled prompty. ‘Check whether appropriate ond effective Follow. up action hes been token on reperts of physica! verificotion of stores tar making goad any loses. Check whether ademucte | precautionory measures have been token to prevent misuse of materials iswed to contractors fer wie in works. ‘Check wherher there lr @ mechanism to enwre that adequate efforts are made to transfer suppls stores 19 other works, divisions, departments or offices where these could be uiilized, Check whether a report on surpivs stores that could not be so transferred to other works, divitiers, departments or offices and on obsolete cond untervicsebla sores, specifying The recon for s0 declaring them, has been promptly sent to the ecempotent aurnocity far focilaaring their disposal Check whether there Iso mechanism to ensure that oll fees of stores ore supported by proper indents and ha been approved by the competert autrority end aderowlecged ky the interded recipients Check whether thers Iz @ medhoniam to ensure that only such materials as are provided In the agreement were k:wed to contractor In ¢ Phosed omonver based on its we within oc reasonable peried. Check whether there Is o mechanism to ensure that the ccale, iF ony, preveribed by the Government or aay other authority for Inve of stores of any pariicvlar kind, was no! exceeded while issuing the stores. Comments / compensating controls: Intemal Controls Evaluation Menval | «|Write-off/disposal of stores B Check Yes | No Wark Ne. Paper Reforence 1. | Whether there is @ mechanism 0 encire tha? adequate meawres ore taker te survey ond segregete surplus, unserviceable ond obsolete eres ond to consider thelr dispersal in accordance with the procedures prescribed by Government inthis ragerd. 2 | Check whether the sole of surplus stores Is mace fon receipt of poymert: In advance agolre: proforme invoices B_ | Cheek whether sale: on credit are euthorkeed ky the competent cuthor'ty 4% | Check whether the sale procoeds ere promptly reallsed, in case of sales on credit. Analyse snd comment upen any instances of praceods agains’ credit. sales remaining unrealbsed for considerable periods, ‘Comments / compensating controls: Stores management s. ‘Thoek Yes | No | -NA- Work Ne. Paper Reference 1 | Check whether opproariaie stock limits for different categories oF stores were Fixed by the audiee eniity / Government. 2 | Check whether the Balances ih sock enced the prascri’sed lrits. 3 | Check whether there hos boon wah of expenditure on procurement ot the close of the finercial year or fictitious backing merely with € view 1o uillsing the budget grants. ‘Comments / compensating controls: | | Internal Controls Evaluation ManualStores records. ‘Chock Check whether oli stores ware examined, on receipt ond while cccepting delivery, te determine thelr condition ond to ensure that they were of the approved quality, make and specifications anc the quantities conforred to those agreed upon. Check whether the stores have bees taken on stock and entered in the Goods Received Shats/Bin Cords. Check whether the prevlaus sicck balorces have been correctly worked eut, cerred forward anc authenticated by a responsible officer. Yee | Ne “NAS Werk Check whether the individual bin cards have been malmained chronologically based en receipts ond issues. ‘Check whether the Priced Stores tacigars containing the value azcount of stcres have beer maintained, wherever required ro be maintaired, 3. Ne. 1 Where priced acceunt: ora maintained Check Check wheter the stores are priced In the prescribed manner with reasonable accuracy ond the roves inticly fixed ore reviewec periodically, correlated with marke? prices and revived where necessary. Yor ‘Check whether the valve accounts tally with the accours of works ond departments connected with stores trersections. Check whether there Is 0 sysiem of reconciilaricn of the balance: with quantity accounts Check whether craps have oven ioken for the adiuiment of profit or low due te revaluation, stock verificotion of other couse not indicative af ‘any serious disegord of rules. Coniments / compencating cantrolei Internal Controls Evaluation ManualPhysical verification of stores Cheek Check whether there Is a system of regular physical verification oF all storse, (Rver192 ond 194 of GFRs provides for physical veilfication of all stores at least onze evary year undor rules prevcibed by the head of the Departed. Check whether @ certificate of verification of stores is recorced periadically lay the resporsib cuthovity. Poper Roforonce Check whether the sysiem adopied by ihe exective for verification is edequate and grog heck whether the discrepancies Found on sock verification cre properly kivestigated and reconciled. Check whether the staff responsinle for sock verification are, wherever possible, independen: of these respersibie for the physicol custody of teres or for maintaining the accouats. Check whether the stock verifier: work, wherever practicable, directly under the control of the Government ond not uncer the heads of ihe individual departments concerned, Comments / compensating controls: Internal Controls Evaluation ManualChecklist for Evaluation of Internal Controls relating to Grants-in-aid and Loans Check Work Paper Reference Whether there i: on adequate system to furnish to CRAG / audit Office of the IALAD every year detoiled information about the firancial acisionce given % various ineirutions, the purposels) fer which the assistance was sanctioned and the total exsendiure of the institutions in order te identity the bodies ane aurhorhies that attract audit under Secilon: 14 ‘and 15 of the CRAG's (DPC) Act. ‘Wherher there ic a well defined dau pewers te saneticn grants in ciel? orion af Whether there is a system to waich receipt of uiifisation certificates fram the recipients of gqranist £ ‘Whether fore is o system of assessment by the sonctioning outherity regarding tha aitability of the institution secking the grant ond satisfying abaut clearance af any allegations agakst the institution ‘Whather there ic mechaniom to encure that no grants are sanctioned where there [1 recsencble doubt of sggestier af corrupt proctices unless the inititution concord hes been cleared oF the allegetions; ‘Whether there & a system ef indicating, in every order sanaticring a grant, whether if Is recurring or nonrecurring in neture she chject for which ite givan the genaral and special conditions, If am attached te the grent . @ provition te the effect thot the cecounts Of the grontee insituions shell be open to inspection bythe senctoning authority/Audit whenever considered naeastery by them Where the power of sanciioning grants ir delegared ro susordinare suthonties subject 10 the prior fulfillment of certain conditions by the grantees, wether the soncricring authority is having adequcte metheds to sattsfy Hself of such fulfilraenn. Internal Controls Evaluation ManualWhather thers 1s a system to engure that, before @ grant i: paid, the sanctioning cuthorities under its control should, es far as possible, obtain audited stotements of ihe accoumis of the grantee institutions in order te esteblish that the grant Is [ustified Sy thelr financlol postifor and ‘le to ensure that ony previous grant was spent for the purpose far whlch Ii was Intended, in cose euch requirement is etipuleted by the Government. e Wh cave of recurring prantrinad made to en Instinution, whether the soneticning curhority has © system to setiafy itself thar the insttution certinves 10 function as imanded and that the cireumstaneas in recognition of which the grant was sanctioned still cortinue ro exter. 10. Whether there is @ system to provide fe Audit, © formal certificate confirming the proper vilizatice of the gront from the odministrative, techrical and financial points of view. Audit should woteh the compliance of this requirement. Explonarion: Normally, the certificates shovk! be bared

You might also like

• The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life

  

  From Everand

  The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life

  Mark Manson

  Rating: 4 out of 5 stars

  4/5 (5820)
• The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are

  

  From Everand

  The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are

  Brene Brown

  Rating: 4 out of 5 stars

  4/5 (1093)
• Never Split the Difference: Negotiating As If Your Life Depended On It

  

  From Everand

  Never Split the Difference: Negotiating As If Your Life Depended On It

  Chris Voss

  Rating: 4.5 out of 5 stars

  4.5/5 (845)
• • Magazines
  • Podcasts
  • Sheet music
• Principles: Life and Work

  

  From Everand

  Principles: Life and Work

  Ray Dalio

  Rating: 4 out of 5 stars

  4/5 (609)
• The Glass Castle: A Memoir

  

  From Everand

  The Glass Castle: A Memoir

  Jeannette Walls

  Rating: 4.5 out of 5 stars

  4.5/5 (1717)
• Grit: The Power of Passion and Perseverance

  

  From Everand

  Grit: The Power of Passion and Perseverance

  Angela Duckworth

  Rating: 4 out of 5 stars

  4/5 (590)
• Sing, Unburied, Sing: A Novel

  

  From Everand

  Sing, Unburied, Sing: A Novel

  Jesmyn Ward

  Rating: 4 out of 5 stars

  4/5 (1104)
• Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race

  

  From Everand

  Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race

  Margot Lee Shetterly

  Rating: 4 out of 5 stars

  4/5 (897)
• Shoe Dog: A Memoir by the Creator of Nike

  

  From Everand

  Shoe Dog: A Memoir by the Creator of Nike

  Phil Knight

  Rating: 4.5 out of 5 stars

  4.5/5 (540)
• The Perks of Being a Wallflower

  

  From Everand

  The Perks of Being a Wallflower

  Stephen Chbosky

  Rating: 4.5 out of 5 stars

  4.5/5 (2104)
• The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers

  

  From Everand

  The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers

  Ben Horowitz

  Rating: 4.5 out of 5 stars

  4.5/5 (348)
• Bad Feminist: Essays

  

  From Everand

  Bad Feminist: Essays

  Roxane Gay

  Rating: 4 out of 5 stars

  4/5 (1018)
• Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future

  

  From Everand

  Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future

  Ashlee Vance

  Rating: 4.5 out of 5 stars

  4.5/5 (474)
• Her Body and Other Parties: Stories

  

  From Everand

  Her Body and Other Parties: Stories

  Carmen Maria Machado

  Rating: 4 out of 5 stars

  4/5 (822)
• The Outsider: A Novel

  

  From Everand

  The Outsider: A Novel

  Stephen King

  Rating: 4 out of 5 stars

  4/5 (1866)
• The Emperor of All Maladies: A Biography of Cancer

  

  From Everand

  The Emperor of All Maladies: A Biography of Cancer

  Siddhartha Mukherjee

  Rating: 4.5 out of 5 stars

  4.5/5 (271)
• The Sympathizer: A Novel (Pulitzer Prize for Fiction)

  

  From Everand

  The Sympathizer: A Novel (Pulitzer Prize for Fiction)

  Viet Thanh Nguyen

  Rating: 4.5 out of 5 stars

  4.5/5 (122)
• Angela's Ashes: A Memoir

  

  From Everand

  Angela's Ashes: A Memoir

  Frank McCourt

  Rating: 4.5 out of 5 stars

  4.5/5 (441)
• Brooklyn: A Novel

  

  From Everand

  Brooklyn: A Novel

  Colm Tóibín

  Rating: 3.5 out of 5 stars

  3.5/5 (1947)
• The Little Book of Hygge: Danish Secrets to Happy Living

  

  From Everand

  The Little Book of Hygge: Danish Secrets to Happy Living

  Meik Wiking

  Rating: 3.5 out of 5 stars

  3.5/5 (401)
• A Man Called Ove: A Novel

  

  From Everand

  A Man Called Ove: A Novel

  Fredrik Backman

  Rating: 4.5 out of 5 stars

  4.5/5 (4771)
• The World Is Flat 3.0: A Brief History of the Twenty-first Century

  

  From Everand

  The World Is Flat 3.0: A Brief History of the Twenty-first Century

  Thomas L. Friedman

  Rating: 3.5 out of 5 stars

  3.5/5 (2259)
• Steve Jobs

  

  From Everand

  Steve Jobs

  Walter Isaacson

  Rating: 4.5 out of 5 stars

  4.5/5 (808)
• The Yellow House: A Memoir (2019 National Book Award Winner)

  

  From Everand

  The Yellow House: A Memoir (2019 National Book Award Winner)

  Sarah M. Broom

  Rating: 4 out of 5 stars

  4/5 (98)
• Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America

  

  From Everand

  Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America

  Gilbert King

  Rating: 4.5 out of 5 stars

  4.5/5 (266)
• The Art of Racing in the Rain: A Novel

  

  From Everand

  The Art of Racing in the Rain: A Novel

  Garth Stein

  Rating: 4 out of 5 stars

  4/5 (4208)
• A Tree Grows in Brooklyn

  

  From Everand

  A Tree Grows in Brooklyn

  Betty Smith

  Rating: 4.5 out of 5 stars

  4.5/5 (1929)
• A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story

  

  From Everand

  A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story

  Dave Eggers

  Rating: 3.5 out of 5 stars

  3.5/5 (231)
• Yes Please

  

  From Everand

  Yes Please

  Amy Poehler

  Rating: 4 out of 5 stars

  4/5 (1902)
• Team of Rivals: The Political Genius of Abraham Lincoln

  

  From Everand

  Team of Rivals: The Political Genius of Abraham Lincoln

  Doris Kearns Goodwin

  Rating: 4.5 out of 5 stars

  4.5/5 (234)
• The Woman in Cabin 10

  

  From Everand

  The Woman in Cabin 10

  Ruth Ware

  Rating: 3.5 out of 5 stars

  3.5/5 (2522)
• Fear: Trump in the White House

  

  From Everand

  Fear: Trump in the White House

  Bob Woodward

  Rating: 3.5 out of 5 stars

  3.5/5 (738)
• Wolf Hall: A Novel

  

  From Everand

  Wolf Hall: A Novel

  Hilary Mantel

  Rating: 4 out of 5 stars

  4/5 (3811)
• John Adams

  

  From Everand

  John Adams

  David McCullough

  Rating: 4.5 out of 5 stars

  4.5/5 (2409)
• On Fire: The (Burning) Case for a Green New Deal

  

  From Everand

  On Fire: The (Burning) Case for a Green New Deal

  Naomi Klein

  Rating: 4 out of 5 stars

  4/5 (74)
• The Light Between Oceans: A Novel

  

  From Everand

  The Light Between Oceans: A Novel

  M.L. Stedman

  Rating: 4.5 out of 5 stars

  4.5/5 (789)
• Manhattan Beach: A Novel

  

  From Everand

  Manhattan Beach: A Novel

  Jennifer Egan

  Rating: 3.5 out of 5 stars

  3.5/5 (792)
• The Constant Gardener: A Novel

  

  From Everand

  The Constant Gardener: A Novel

  John le Carré

  Rating: 3.5 out of 5 stars

  3.5/5 (104)
• The Unwinding: An Inner History of the New America

  

  From Everand

  The Unwinding: An Inner History of the New America

  George Packer

  Rating: 4 out of 5 stars

  4/5 (45)
• Rise of ISIS: A Threat We Can't Ignore

  

  From Everand

  Rise of ISIS: A Threat We Can't Ignore

  Jay Sekulow

  Rating: 3.5 out of 5 stars

  3.5/5 (137)
• Little Women

  

  From Everand

  Little Women

  Louisa May Alcott

  Rating: 4 out of 5 stars

  4/5 (104)