ASSIGNMENT OF FINANCIAL

AUDIT
Grant Thornton

Prepared by: Ramin Amin

Kabul University, Economics Faculty, Accounting
Department
Instructor: prof. NAJIBULLAH HADAD
About: grant Thornton is a firm that provide standard and best professional service to
clients and it established under AISA license in Afghanistan for the first time and then
start to the several service which are mentioned below:

 - External audit
 - proposal writing and project management
 - making financial and accounting systems
 - business consultancy and advising
 - tax and advisory

Internal control:

Internal controls are the policies and procedure that a corporate put into place in order to
protect its assets confirm its accounting data is correct, and maximize the efficiency and
effectiveness operation and promote an atmosphere of compliance between its
employees. There are three main types of internal controls.

Internal control defined is a process for assuring of an organization objectives in

operational efficiency and effectiveness reliable financial reporting, and compliance with
laws, regulations and rules. A broad concept, internal control includes all that controls
risks to an organization.

Internal control is all of the policies and measures management uses to attain the
following goals. Protection assets - well designed internal controls protect assets from
unplanned loss or loss from fraud.

PAGE 1
Five Components of internal control

1 - Control Environment

2 - Entity’s Risk Assessment Process

3 - Control Activities

4 - Information System and Communication

5 - Monitoring of Controls

1 - Control Environment

A control environment also called (Internal control environment) is a period of financial

audit, internal audit and Creativity Risk Management. It means the overall confidence,
consciousness and action of managements and management regarding the internal control
system and it is position to the entity. They express it in administration style, business
culture, values, attitude and operational style the administrative structure, and human
resources rules and procedures.

Entity Risk Assessment Process

It is to recognize and manage any type of risk that faces the corporate how does this
relate to auditing and the financial statements. Well, the company should be evaluating
the risk of financial statement fraud and that's going to have a performance on the
company's internal controls if they take it more really the risk of financial statement fraud
and they really go and say this is a risk that we need to assess we need to understand the
management could be playing good rule with the estimates of depreciation or things like
that if then that going to impact on the internal controls for the company.

PAGE 2
Control activates

Control activities are the rules, procedures, methods that help confirm that management
answer to decrease risk identified throughout the risk assessment process is carried out.
control activities are activities taken to minimize risk. Example of these activities include
reconciliations, approvals, approval processes. An essential part of the control activity
component is separation of duties.

Information System and Communication

information and communication are important and critical to effective internal control
why is that the case well think about it if you have an accounting system that is not
producing quality financial info if you are getting information from the financial
statement / from your accounting system that cannot be trusted and there is all kinds of
issues.

For example you don't have information about the dates when journal entries are recorded
that would be pretty ridiculous that's a pretty poor accounting system but let's say that's
the if you don't have those information then it is going to be hard to evaluate things like
remove when a sale was actually verified and so out was it recorded in the proper period
or was it recorded in the wrong period also not just your accounting system but thinking
about the internal control responsibilities and are those tasks being adequately conveyed
to the employees by either top management and that could be through an email perhaps
top management sends an email and explains the employees okay this is the person in
charge of this and so forth or the organization could have formal policy manuals that lay
out did the actions for internal controls so internal controls are not going to be that
helpful if you have them in place but unknown knows what they are or how to work
them.

Monitoring of Controls
Monitoring activities and intensive care has to do with assessing the internal
controls it not enough to just says okay we went and we some internal controls and

PAGE 3
 we guess that they're working. Monitoring internal controls is vital to ensure
controls are operating professionally. Monitoring involves the use of assessments
by management and 3-parties of the controls in place to identify issues and
communicate that subjects to the appropriate parties for helpful action to be taken.
It includes regular management and guiding activities, and other actions personnel
take in performing their duties.

Organization chart:

Applying internal controls steps:

Control Environment:
The control environment is the culture, values, and expectations that grant Thornton put
into place. Ways to establish and nourish the environment are:

PAGE 4
 Set “tone at the top” by applying and helping ethical standards, integrity, and
accountability policies

 Set mission, goals and objectives so the organization knows what it is to achieve

 Create structure, organizational responsibilities and reporting chains

 Hire knowledgeable and reliable staff members and provide necessary training for them

 Provide management and good governance by staying on top of operations and

performance, and correcting problems when identified

 Emphasize that compliance with law and regulations are the confidence for the
organization

 Assure that goals and objectives are clear (especially when there are many grant
awards) and not in competition with each other or compliance requirements

 Hold people accountable for their responsibilities.

Entity’s Risk Assessment Process

The grant Thornton Enterprise Risk Management look at the whole of organization and
everything that could affect its Leadership should supervise a risk management process
and ways to accomplish this are:

 each function identifies the risks to operations and performance

 Inspiration with staff to control possible external risks

 Learn about new risks by employee and customer surveys, etc.

 Consider the potential for fraud once identifying examining and responding to risks

PAGE 5
 rank the risks and discuss about controls or actions need to remove or reduce the risk

 Develop counteractive actions and assign someone to be in charge of applying each.

Control activities

Control activities are the policies and procedures put into place to run operations,
accomplish goals, and prevent fraud. Basic internal control methods are:

Establish responsibility

- Assign each task to only one person.

- Establish organizational structure.

Implement separation of responsibilities

- Don’t make one employee responsible for all parts of a process.

- Use compensating controls, such as additional monitoring or secondary sign-offs, when

separation is not possible.

 Restrict Access

- Don’t provide access to systems, info, assets, etc. unless needed.

 Create policies and procedures

- Implement written instructions with directives to follow them.

- Assure controls cover all areas of compliance.

- Assure controls cover security of assets and technology.

 Create record keeping

- Document all expenditures and the justifications for them.

Information System and Communication

They grant Thornton rely on quality of information and effectiveness of dissemination.
Use the following suggestions to guide your information and communication protocols:

 Establish relevant and reliable information systems to track operations, goal progress,
and compliance

PAGE 6
  Generally distribute information through the organization to ensure that critical
information is delivered to the right staff in a timely way. Ask staff members what
information they need but are not getting

Monitoring of Controls
In grant Thornton managers need to verify the effectiveness of the controls. Ways to
achieve this include:

 Start a system of quality control to all processes like supervisory reviews, approvals,
and automatic omission drafts

 Conduct repetitive reviews of real performance related to goals and budgets

 Conduct distinct management review of a function to control whether it is working as

planned or control need to be design.

 Arrange external audits

 Path all helpful actions, and ensure that they are executed and working as planned

 Use monitoring to tie corrective actions back to developments in Control 5

Environment and Control Activity standards

 Watch for signs of control problems.

Flow Chart

PAGE 7
Test of control

PAGE 8
 The auditors of grant Thornton test the effectiveness of a control used by a client
entity to prevent or detect material misstatements. Also The auditor scientifically
examines the customer’s revenue process to identify relevant controls that help to
prevent, or detect and correct, material misstatements However, if the test reveals that
controls are weak the auditor will improve their use of substantive testing.

 Reperformance. Auditors pledge a new transaction, to see which controls are

used by the client and the usefulness of those controls.

 Observation. Auditors observe a business process in action and in specific the

control essentials of the process.

 Inspection. Auditors observe business documents for approval signatures

,review check marks, which show that controls have been performed


Conclusion

In the conclusion, the grant Thornton company is performing good, and doing well,
sbecause the company have such great internal control process. Also have an internal
audit department that take care about company and improve the efficiency and
effectiveness of the organization to prevent from errors and frauds. Also, the preform all
component of internal control in best way and doing well.

PAGE 9