Final Report To Submit

ATTOCK CEMENT
PAKISTAN LIMITED
GROUP MEMBERS
o UMER KHURSHEED (20299)

o SHAIKH OMER TARIQ (18740)
o MOHTASHIM KHALID (20309)
o MOHAMMAD ANAS (18976)
Submitted to Ma’am Shazia Baig

ATTOCK CEMENT PAKISTAN LIMITEDDecember 11, 2018
Contents
Contribution Chart.............................................................................................................2
Acknowledgement.............................................................................................................3
Letter of Acknowledgement..............................................................................................4
Executive Summary...........................................................................................................5
Introduction .......................................................................................................................6
ACPL Organizational Structure.........................................................................................8
LEGAL STATUS OF THE COMPANY....................................................................................
Paid-up Capital...................................................................................................................9
Major Stockholders............................................................................................................9
Major Investment/Foreign..............................................................................................10
Audit Scope and Objectives.............................................................................................11
GOVERNANCE MODEL.........................................................................................................
Board of Directors............................................................................................................12
Audit Committee..............................................................................................................13
Audit Committee Meetings..............................................................................................13
Code of Corporate Governance.......................................................................................14
INTERNAL CONTROL SYSTEM............................................................................................
Internal Control and Audit Function..............................................................................15
Whistle Blowing Policy.................................................................................................15
Fraud Detection Mechanism........................................................................................16
Relationship with External and Internal Auditors.....................................................16
RISK MANAGEMENT SYSTEM..........................................................................................
Major Risks....................................................................................................................17
Risk Management Tools and Policies.............................................................................18
Risks Register of Attock Cement Pakistan Ltd............................................................23
CONCLUSIONS...............................................................................................................26
Pag
e1
CONTRIBUTION CHART
1. LEGAL STATUS OF THE COMPANY:

a. Authorized Capital/Paidup Capital.
b. Major Stockholders
c. Major Investment/ Foreign
d. Audit Scope/ Objectives
2. GOVERNANCE MODEL:
a. BOD’s name.
b. Audit Committee’s Heads
c. Audit Committee Meetings
d. Code of Corporate Governance
3. INTERNAL CONTROL SYSTEM:

a. Whistle Blowing Policy
b. Fraud Detection Mechanism
c. Relationship of External and Internal Auditors.
4. RISK MANAGEMENT SYSTEM:

a. Major Risks
b. Risk Management System Tools/ Policies
c. Risk Register
Pag
e2
SR. NO. UMER ANAS MOHTASHIM OMER TARIQ
1 a c b d
2 b a c d
3 c a b -
4 a,c c c b,c
ACKNOWLEDGEMENT
In the Name of Allah, The Most Beneficent and The Most Merciful
We are grateful to Allah Almighty for His utmost graciousness and help throughout the work of our
term report. We bow our head in front of our Lord on the successful completion of our term report.
This work would not have been possible without the support and guidance of our course faculty
member, Ma’am Shazia Baig, who worked actively to provide group members with her valuable time
and accomplish this task. Without her immense determination and constant check, we would not be able
to complete our term report.
We are profoundly indebted to Institute of Business Management for providing us an opportunity to
enhance our skills and rationale through such reports.
Hopefully, this term report will lead to the positive reception and command for our hard work. Our
gratitude to them is beyond words.
Pag
e3
LETTER OF ACKNOWLEDGEMENT
Date: 11th December 2018.
This is an acknowledgement that the students of Institute of Business Management (IoBM) have visited
Attock Cement Pakistan Limited on 19th November 2018. The students have taken a head office at
Block-4 Clifton, Karachi, Pakistan where they have met Deputy Manager (Internal Audit), who briefed
them on the details about the working of the company in Internal Audit Department.
Please note that I met the following IoBM students regarding their project on Internal Auditing:
- Umer Khursheed
- Mohtashim Khalid
- Mohammad Anas
- Shaikh Omer Tariq
Umair Muhammad Siddiq.

Deputy Manager Internal Audit.
Attock Cement Pakistan Limited.
D-70, Block-4, Kehkashan-5, Clifton, Karachi.
Pag
e4
EXECUTIVE SUMMARY
The report is prepared in light of the internal audit review of Attock Cement. Attock Cement has a
celebrated history of satisfying customer needs both domestically and internationally especially in the
fields of Cement specifically Ordinary Portland Cement. Sulphate resistant Cement . Block Cement.
Attock Cement Pakistan Limited is a member company of Pharaon Commercial Investment Group,
previously known as Attock Oil Group, the largest foreign investment group in Pakistan
The objective of engagement is to assist and effectiveness of internal controls of Attock Cement
Pakistan LTD. Ensuring that risks are responded with proper course of action and implentation of
internal controls system according to the companies SOPs in order to minimize fraud and errors and
maximize the companies profitability
Attock Cement does have an audit committee as described in the code of corporate governance.
Pag
e5
INTRODUCTION
The journey of Attock Cement started from the year 1981 and the company started its commercial
production in 1988. in 25 years, company has shown steady growth. ACPL has attained new peaks every
year through strong team work, continuous modernization of plant to improve efficiency and with
utmost hard work. ACPL has cemented its place not only in the local market but also in the regional
markets through selling quality products.
Pag
e6
CORE VALUES
 The Company follows highest standards of ETHICS with special reference to business integrity
and process transparency. All our standards and processes can stand the test of scrutiny. We
maintain the highest level of integrity both as individuals and as a corporate organization.
 The Company is committed to provide its customers QUALITY products that provide them best
value for their money. We promote high standard and timely delivery of quality products.
 The Company ensures that it operates in a safe environment conducive to efficient productivity.
The Company is committed to provide an environment free from discrimination for its
PEOPLE. Open communication, participative decision making approach and nurturing of the
leadership qualities are the values followed by the Company. An employee reward system has
been developed guided by a transparent system of recognition. We encourage and respect team
spirit among our human resource.
 The Company believes in maximizing shareholders’ value through strategic investment,
sustainable growth and application of best available technology to achieve desired results.
Pag
e7
ORGANIZATIONAL STRUCTURE
Pag
e8
LEGAL STATUS OF THE COMPANY
AUTHORIZED CAPITAL/ PAID-UP CAPITAL:
Pag
e9
Authorized Capital/ Paid-up Capital = Rs.1,145,225,000
MAJOR STOCKHOLDERS:
CATEGORIES OF SHAREHOLDERS
Pharon Investment group Ltd

Modarabas and Mutual funds
Non banking Financial
Institutions
Directors, Chief Executive
Officer, and their spouse
Local
Individual
 Pharon Investment Group Ltd = 84.06%
 Modarabas and Mutual Funds = 4.39%
 Non Banking Financial Institutions, Insurance Co. = 1.57%
 Directors, Chief Executive Officer, and their Spouse = 0.11%
 Others:
Local = 4.94%
Individual = 4.92%
Pag
e 10
MAJOR INVESTMENT/FOREIGN
Attock Cement Pakistan Limited is a member company of Pharaon Commercial Investment Group,
previously known as Attock Oil Group, the largest foreign investment group in Pakistan.
The initial capital outlay of the cement plant was approximately Rs. 1.5 billion with foreign exchange
component of around US$ 45 million, making it not only the single largest enterprise in private sector
but also the most capital intensive business endeavor from the Middle East.
Pag
e 11
AUDIT SCOPE/ OBJECTIVES

The audit objectives of the Internal Audit Office of the ATTOCK CEMENT are founded on the annual
audit plan. The annual audit plan is derived from the Attock Cement Pakistan Limited Internal Audit
Charter and the annual audit plan identifies risks in the areas of:
SCOPE:
• Financial
• Operational
• IT
• Strategic
OBJECTIVES:
 Monitoring of Internal Control: The establishment of adequate internal control is the

responsibility of management which demands proper attention on a continuous basis.
 Examination of Financial and Operating Information: This may include review of tools used
to identify measure, classify and report such information. Also, specify inquiry into the
individually
 Items including detailed testing of transactions, balances and procedures.
 Review of Compliance with Laws, Regulations and Other External Requirements along with
management policies, directives and other internal requirements.
 Assistance in maintaining effective controls by evaluating the design and operations of internal
controls and promoting continuous improvements.
 Assessing means of safeguarding assets from losses.
 Communicating by findings at appropriate level on a timely basis.
 Functional system to monitor their supplier invoices and supplies
 Monitoring system of inventory.
Pag
e 12
GOVERNANCE MODEL
BOARD OF DIRECTORS
FOUNDER CHAIRMAN Dr. Ghaith R. Pharaon
CHAIRMAN Mr. Laith G. Pharaon
DIRECTOR Mr. Wael G. Pharaon
DIRECTOR Mr. Shuaib A. Malik
DIRECTOR Mr. AbdusSattar
DIRECTOR AND CHIEF EXECUTIVE Mr.Babar Bashir Nawaz
DIRECTOR Mr. Agha Sher Shah
DIRECTOR Mr. Sajid Nawaz
DIRECTOR Mr. Irfan Amanullah
Pag
e 13
AUDIT COMMITTEE
The board of directors has established an audit committee in compliance with the code of corporate
governance with the following members:
Serial. No. Name of Directors Position Status

Non-executive/
Agha Sher Shah Chairman Independent director
1
Mr. Shoaib A. Malik Member

2 Non-executive
Mr. Abdus Sattar Member

3 Non-executive
The Internal Audit Department consist of 4 members which is lead by Deputy Manager(Internal Audit)
Umair Muhammad Siddiq.
Moreover, the board has outsourced the Internal Audit function to EY Ford Rhodes Chartered
Accountants, who are considered suitably qualified and experienced for the purpose and are conversant
with the policies and procedures of the company.
AUDIT COMMITTEE MEETINGS
Pag
e 14
AUDIT COMMITTEE:
Four quarterly meetings during the financial year ended June 30, 2018.
HR AND REMUNERATION COMMITTEE:

One meeting during the financial year ended June 30, 2018.
CODE OF CORPORATE GOVERNANCE

1- The management company has implemented provisions of the code of corporate governance
relevant for the year ended June 30th,2018.
2- The financial statements prepared by management present fairly Attock Cement state of affairs,
the result of its operations, cash flows and changes in equity .
3- Appropriate environmental policies have been consistently applied in order to meet the
requirements of UNEP.
4- Quality and quantity assurance is top priority of the company by providing the clients with the
best products, without any compromise or negligence .
5- The system of internal control is sound in design and has been effectively implemented and
monitored.
6- Attock cement has a strict code of conduct it is committed in conducting business in an honest
ethical and legal manner.
7- Directors and employees must avoid conflict of interest situation between their personal interests
and the interest of the company.
Pag
e 15
INTERNAL CONTROL SYSTEM
Internal Control and Audit Function

The Board is responsible for effective implementation of a sound internal control system
including compliance with control procedures. Review compliance with responsible for
monitoring the supply chain, Distribution line and strategies, along with the compliance
with Relevant International Accounting Standards ,Review accounting and internal
control system ,Review the economy, efficiency and effectiveness of operations,
Examines the financial and operational information; assisting with the identification of
significant risks.
WHISTLE BLOWING POLICY

The company encourages Whistle Blowing System to raise the issue directly to Chairman Audit
Committee and / or to Chief Executive and / or to the Company Secretary and / or to Head of Internal
Audit provided that:
Pag
e 16
 The Whistleblower has sufficient evidences to ensure genuineness of the fact after a proper
investigation at his own end;
 This Whistleblower understands that his act will cause more good than harm to the company and
he/she is doing this because of his loyalty with the company; and
 The Whistleblower understands the seriousness of his/ her action and is ready to assume his/ her
own responsibility.
The management understands that through the use of a good Whistle Blowing Plan, they can discover
and develop a powerful ally in building trust with its employees and manage fair and transparent
operations. The company therefore provides a mechanism whereby any employee who meets the above
referred conditions can report any case based on merit without any fear of retaliation and reprisal to any
of the above offices.
Whistle blowing can be done through number of ways:
 Email
 Face to face conversation
 Text message
 Phone call
 Complaint box
FRAUD DETECTION MECHANISM
The Management has adopted a culture to detect, identify and report any activity which is not in line
with the company policies, any misuse of company’s properties or any breach of law which may affect
the reputation of the company. The company has adopted the best corporate policies to protect
employees who report corporate wrongdoings, illegal conduct, internal fraud and discrimination against
retaliation.
The company promotes transparency and accountability through publication of accurate financial
information to all the stakeholders, implementation of sound, effective and efficient internal control
system and operational procedures.
All Executives have signed a code of conduct and the company takes any deviation very seriously.
Pag
e 17
RELATIONSHIP OF EXTERNAL AND

INTERNAL AUDITORS
Being a public limited company Attock cement limited by law is required to have external auditors as
per compliance. The external auditors will only check financial statements of the company. The internal
auditors share their internal audit report or findings with the external auditors, if it is a need of external
auditor. Both the external auditor and the internal auditor share their findings in order to avoid any
overlapping and duplications in their findings.
RISK MANAGEMENT SYSTEM
MAJOR RISK
 SUPPLY OF COAL: Can be defined as the process where the purchase,sale and distribution of
coal is involved. Coal is being used in power generation, the manufacturing of cement, iron and
steel.Supply of coal plays a major part in the workings of attock cement and is considered a top
priority by the management as a key Strategic risk.
 DEBTOR RISK: can be defined as all the activities and processes where the sales department is
involved in the collection of money from creditors. The operations of the sales department are
considered a tops operational risk within ATTOCK Cement as highlighted further in the
companies risk register.
 INVENTORY THEF/ DETORIATION: Excessive shrinkage levels can indicate problems

with inventory theft, damage, and miscounting, incorrect units of measure similar issues.
Inventory deterioration is the stage of the product life cycle where the product value of goods
will decline or even be lost.
 ASSET RISK: generally refers to assets in this case the plant equipment machinery and the risk
involved in maintaining all these assets .Asset risks in this case can be volatile in nature as
machinery within attock cement are working through out the day and night and can break down
at any moment causing the whole plant to come to a stoppage.
Pag
e 18
 ENVIRONMENTAL RISK: generally refers to assets in this case the plant equipment
machinery and the risk involved in maintaining all these assets .Asset risks in this case can be
volatile in nature as machinery within attock cement are working through out the day and night
and can break down at any moment causing the whole plant to come to a stoppage.
 PROCUREMENT RISK: According to the internal auditor at Attock Cement, a key risk for the
company is associated with the procurement of materials for the manufacturing process. The
procurement of coal was quoted as an example. Coal is essential to produce the energy required
in the cement manufacturing process, which poses a potential risk because coal must be
imported. The cost of importing coal depends on various factors, with the most important being
foreign exchange rates.
RISK MANAGEMENT SYSTEM TOOLS AND POLICIES

 FINANCIAL:
Financial audit is an independent, objective evaluation of an organization's financial reports and

financial reporting processes. The primary purpose for financial audits is to give regulators, investors,
directors, and managers reasonable assurance that financial statements are accurate and complete
1. Existence—recorded transactions exist;
2. Completeness—existing transactions are recorded;
3. Accuracy—recorded transactions are stated at the correct amounts
4. Classification—transactions included in the client's journals are properly classified;
5. Timing—transactions are recorded on the correct dates;
6. Posting and summarization—recorded transactions are properly included in the master files and
are correctly summarized.
Pag
e 19
 OPERATIONAL:
A review of how an organization's management and its operating procedures are functioning with
respect to their effectiveness and efficiency in meeting stated objectives. For example, a business might
perform an operational audit if its senior management has become convinced that operational
improvements can be made and need to be identified.
1) Pre-audit process:
The process normally begins with an introductory meeting to inform the unit's senior management that
an audit will take place, to explain the process, and to gather background information.
Following the introductory meeting, the auditor performs a preliminary gathering of information using
various sources of information (for example, the unit's web site) to identify the possible components and
concerns. At the end of this stage, a binder is prepared and is used in the risk assessment meeting with
the auditors.
2) Risk assessment meeting with auditors:
The risk assessment meeting involves the key managers of the department or faculty or unit to be
audited.
The key managers also perform an assessment of the importance of each concern (low, medium or high)
for each component. They are also requested to perform a voting exercise to compare and rank the
components and concerns. This step is preferably completed during the meeting, but may be completed
separately with each manager.
The result is a risk template. The high-risk areas identified by management will then provide the focus
for the audit project.
3) Control matrix:
The auditor meets with the managers of the high-risk areas to identify the key management objectives
and the key control activities performed. After these meetings, the auditor documents the key
management objectives and the key controls.
The lack of key controls identified, referred to as control design issues, is also documented in the matrix.
Once the first draft of the control matrix is completed, it is sent back to the managers for confirmation
and validation. The lack of key controls (control design issues) is also discussed with management.
The key controls identified in the matrix represent the controls to be tested in the next phase.
Pag
e 20
4) Test design:
Once the matrix has been agreed upon with management, the auditor designs the test procedures for the
identified key controls. The auditor prepares a test design for each key control activity identified in the
matrix.
The testing plan is reviewed before the testing phase begins. The testing phase usually requires the
auditor's presence in the department to conduct interviews, examine documents, and obtain explanations.
The auditor documents the results of the tests, the conclusion, and any proposals. During testing, the
auditor also discusses preliminary findings with individual managers.
The test results become the basis for the first draft of the audit report.
5) Report drafting:
After the previous stages have been completed, the auditor can produce a draft report to be presented
and discussed with management. The draft report uses the following standard structure:
• Memo
• Conclusion
• Background information
• Scope
• Objectives
• Proposals
• Risk template and key controls as an appendix
• Other appendices
The report review and discussion process is designed to arrive at agreed action plans to resolve
identified issues. Any management-accepted risks and differences of opinion are also reported.
The report drafting process involves meetings with increasingly senior levels of the management
hierarchy until the report has both the moral and monetary (if needed) support for the issues raised.
6) Final audit report
The final report is distributed to all managers of an audited unit, the relevant members of senior
management, the Vice-Principal, (Administration and Finance), the Chair of the Audit Committee of the
Board, and the external auditors.
Pag
e 21
(i) Components: Represent the principal deliverables of the unit (products, services or processes.
(ii) Concerns: Represent the events that could prevent the audited unit from achieving its objectives.
(iii) Controls: Any action taken by management, the board, and other parties to enhance risk
management and increase the likelihood that established objectives and goals will be achieved.
Management plans, organizes, and directs the performance of sufficient actions to provide reasonable
assurance that objectives and goals will be achieved.
 IT ( INFORMATION TECHNOLOGY ):
An IT audit can be defined as any audit that encompasses review and evaluation of automated
information processing systems, related non-automated processes and the interfaces among them.
IT auditors, at ATTOCK CEMENT while performing an application control audit focus on:
• Identifying the significant application components; the flow of transactions through the
application (system); and to gain a detailed understanding of the application by reviewing all available
documentation and interviewing the appropriate personnel, such as system owner, data owner, data
custodian and system administrator.
• Identifying the application control strengths and evaluating the impact, if any, of weaknesses you
find in the application controls
• Developing a testing strategy
• Testing the controls to ensure their functionality and effectiveness
• Evaluating your test results and any other audit evidence to determine if the control objectives
were achieved
• Evaluating the application against management’s objectives for the system to ensure efficiency
and effectiveness.
 STRATEGIC:
An important part of business strategy is concerned with ensuring that these resources and competencies
are understood and evaluated - a process that is often known as a "Strategic Audit"
(1) Resource Audit:
Pag
e 22
The resource audit identifies the resources available to a business. Some of these can be owned (e.g.
plant and machinery, trademarks, retail outlets) whereas other resources can be obtained through
partnerships, joint ventures or simply supplier arrangements with other businesses.
(2) Value Chain Analysis:
Value Chain Analysis describes the activities that take place in a business and relates them to an analysis
of the competitive strength of the business. Influential work by Michael Porter suggested that the
activities of a business could be grouped under two headings:
1. Primary Activities - those that are directly concerned with creating and delivering a product (e.g.
component assembly)
2. Support Activities, which whilst they are not directly involved in production, may increase
effectiveness or efficiency (e.g. human resource management). It is rare for a business to undertake all
primary and support activities
Value Chain Analysis is one way of identifying which activities are best undertaken by a business and
which are best provided by others ("outsourced").
(3) Core Competence Analysis:
Core competencies are those capabilities that are critical to a business achieving competitive advantage.
The starting point for analysing core competencies is recognising that competition between businesses is
as much a race for competence mastery as it is for market position and market power.
Senior management cannot focus on all activities of a business and the competencies required to
undertake them. So the goal is for management to focus attention on competencies that really affect
competitive advantage.
(4) Performance Analysis:
The resource audit, value chain analysis and core competence analysis help to define the strategic
capabilities of a business. After completing such analysis, questions that can be asked that evaluate the
overall performance of the business. These questions include:
How have the resources deployed in the business changed over time? This is historical analysis
How do the resources and capabilities of the business compare with others in the industry? This is
industry norm analysis
How do the resources and capabilities of the business compare with "best-in-class" - wherever that is to
be found? This is benchmarking
How has the financial performance of the business changed over time, and how does it compare with
key competitors and the industry as a whole? This is ratio analysis
Pag
e 23
(5) Portfolio Analysis:
Portfolio Analysis analyses the overall balance of the strategic business units of a business. Most large
businesses have operations in more than one market segment, and often in different geographical
markets. Larger, diversified groups often have several divisions (each containing many business units)
operating in quite distinct industries.
An important objective of a strategic audit is to ensure that the business portfolio is strong and that
business units requiring investment and management attention are highlighted. This is important - a
business should always consider which markets are most attractive and which business units have the
potential to achieve advantage in the most attractive markets.
RISK REGISTER OF ATTOCK CEMENT

PAKISTAN LIMITED
They have scheduled all black and white parameter and tell what is going on and what should be there.
Risk register is a log that contains all of the information related to the risk management activities. It
includes following details related to risk management activities. It contains risks, potential response, and
root cause of risks; risk categories and ranking.
Currently, Attock Cement Pakistan Ltd. is formally maintaining a risk register and is required to follow
the complete CCG being used in Pakistan. Attock Cement Pakistan Ltd. does rate their risks according
to seriousness of the particular area.
COMPONENTS OF RISK REGISTER:
Dates: As the register is a living document, it is important to record the date that risks are identified or
modified. Optional dates to include are the target and completion dates
Description of the Risk: A phrase that describes the risk.
Risk Type (business, project, stage): Classification of the risk: Business risks relate to delivery of
achieved benefit;, project risks relate to the management of the project such as timeframes and
resources, and stage risks are risks associated with a specific stage of the plan.
Pag
e 24
Likelihood of Occurrence: Provides an assessment on how likely it is that this risk will occur.
Examples are: L-Low, M-Medium (31-70%), and H-High (>70%).
Severity of Effect: Provides an assessment of the impact that the occurrence of this risk would have on
the project.
Countermeasures: Actions to be taken to prevent, reduce, or transfer the risk. This may include
production of contingency plans.
Owner: The individual responsible for ensuring that risks are appropriately engaged with
countermeasures undertaken.
Status: Indicates whether this is a current risk or if risk can no longer arise and impact the project.
Example classifications are: C-current or E-ended.
IMPORTANCE OF RISK REGISTER:
Managers should view the risk register as a management tool through a review and updating process that
identifies, assesses, and manages risks down to acceptable levels. The register provides a framework in
which problems that threaten the delivery of the anticipated benefits are captured. Actions are then
instigated to reduce the probability and the potential impact of specific risks.
Make your risk register visible to project stakeholders so they can see that risks are being addressed.
They may flag risks you haven't identified and give other options for risk mitigation.
Low: These issues do not appear to have substantial negative impact on operations or the control
environment, but have been bought to management’s attention for informational purpose and
consideration.
Medium: These issues involve moderate exposure to loss of assets or revenue and/ or negative impact
on operating efficiency and/or effectiveness.
High: These issues involve a substantial and direct exposure to loss of assets, loss of revenue and/or
substantially negative impact to operating efficiency.
Pag
e 25
RISK REGISTER
# Risk Description Likelihood Seriousness Grade Mitigation Action Responsible
officer
1 Supply of Coal High Extreme A Quality and quantity checks Top

(strategic) of coal at all stages of management.
transportation as well as
production.
2 Debtor Risk Medium High B High levels of receivable Sales
(operational) turnover should be Department
achieved, skilled and Head.
competent accountants
should be hired.
3 Procurement Medium Extreme A All imported raw materials Purchase
(strategic) purchased on right/best /Production
price considering dollar Department
rate and delivered on right head.
time
Pag
e 26
4 Inventory Low High C There should be proper Security Head

control/theft warehouses for storage, and Inventory
/detoriation which can prevent water from Management
(operational) seeping in. Well trained Head.
security guards should be on
duties. High definition
cameras should be in all
warehouses.
5 Asset Risk High Extreme A Monthly maintenance of Head of
plant, equipments and Engineers.
machineries.
Spontaneous checkups by
the head of engineers on
the plant side is necessary.
6 Environmental Medium High B Quality of air filters should
Risk be checked of all plants to
prevent toxic smoke
entering the environment.
CONCLUSION / PERFORMANCE REVIEW

1. Internal auditors are well trained and positioned to provide numerous
assurance services to their organization.
2. The IAD keeps;
(a) full and free access to the company’s audit committee.
(b) unrestricted access to the company’s records, documents, property, and
personnel.
(c) authority to discuss initiatives, policies, and procedures regarding risk
assessment, internal controls, compliance, financial reporting, and governance
processes with management and other corporate governance participants.
Pag
e 27
3. A close working relationship between the audit committee and internal auditors
can more improve the effectiveness of corporate governance in their company.
4. Internal auditors, as an integral component of the organization’s governance,
should continue to improve their internal audit quality and effectiveness to
secure their position in corporate governance continuum.
Pag
e 28

Final Report To Submit

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Final Report To Submit

Uploaded by

Copyright:

Available Formats

ATTOCK CEMENT

o UMER KHURSHEED (20299)

Submitted to Ma’am Shazia Baig

1. LEGAL STATUS OF THE COMPANY:

3. INTERNAL CONTROL SYSTEM:

4. RISK MANAGEMENT SYSTEM:

SR. NO. UMER ANAS MOHTASHIM OMER TARIQ

Date: 11th December 2018.

Umair Muhammad Siddiq.

LEGAL STATUS OF THE COMPANY

AUTHORIZED CAPITAL/ PAID-UP CAPITAL:

Authorized Capital/ Paid-up Capital = Rs.1,145,225,000

Pharon Investment group Ltd

 Pharon Investment Group Ltd = 84.06%

 Modarabas and Mutual Funds = 4.39%

 Non Banking Financial Institutions, Insurance Co. = 1.57%

 Directors, Chief Executive Officer, and their Spouse = 0.11%

AUDIT SCOPE/ OBJECTIVES

 Monitoring of Internal Control: The establishment of adequate internal control is the

 Items including detailed testing of transactions, balances and procedures.

 Assessing means of safeguarding assets from losses.

 Communicating by findings at appropriate level on a timely basis.

 Functional system to monitor their supplier invoices and supplies

 Monitoring system of inventory.

FOUNDER CHAIRMAN Dr. Ghaith R. Pharaon

CHAIRMAN Mr. Laith G. Pharaon

DIRECTOR Mr. Wael G. Pharaon

DIRECTOR Mr. Shuaib A. Malik

DIRECTOR Mr. AbdusSattar

DIRECTOR AND CHIEF EXECUTIVE Mr.Babar Bashir Nawaz

DIRECTOR Mr. Agha Sher Shah

DIRECTOR Mr. Sajid Nawaz

DIRECTOR Mr. Irfan Amanullah

Serial. No. Name of Directors Position Status

Mr. Shoaib A. Malik Member

Mr. Abdus Sattar Member

AUDIT COMMITTEE MEETINGS

HR AND REMUNERATION COMMITTEE:

CODE OF CORPORATE GOVERNANCE

INTERNAL CONTROL SYSTEM

Internal Control and Audit Function

WHISTLE BLOWING POLICY

Whistle blowing can be done through number of ways:

 Face to face conversation

FRAUD DETECTION MECHANISM

RELATIONSHIP OF EXTERNAL AND

RISK MANAGEMENT SYSTEM

 INVENTORY THEF/ DETORIATION: Excessive shrinkage levels can indicate problems

RISK MANAGEMENT SYSTEM TOOLS AND POLICIES

Financial audit is an independent, objective evaluation of an organization's financial reports and

1. Existence—recorded transactions exist;

2. Completeness—existing transactions are recorded;

3. Accuracy—recorded transactions are stated at the correct amounts

4. Classification—transactions included in the client's journals are properly classified;

5. Timing—transactions are recorded on the correct dates;

2) Risk assessment meeting with auditors:

• Risk template and key controls as an appendix

6) Final audit report

• Developing a testing strategy

• Testing the controls to ensure their functionality and effectiveness

(1) Resource Audit:

(2) Value Chain Analysis: