Professional Documents
Culture Documents
Chapter 9
Organizational Control & Audit
.
Five Elements of Sound Internal Control System (as per COSO ERM Framework)
Control environment
Tone at the top (Board)
Overall attitude by Board and Management
Create a culture of strong internal controls
Risk assessment
Identify all risks
Prioritize based on impact and probability
Control activities
Design formal policies, procedures & systems Implement internal controls across all functions
Supervision
System checks and validations built into the software
Screening and training of personnel
Monitoring
Regular reviews by management
Internal and external audits
i.e. why Board needs assurance that internal controls are working adequately?
Board is responsible to manage risks, hence they need to know that whether internal controls are working
properly or not
Board makes decisions based on ‘information’, and strong internal controls will generate reliable
information
All reporting to shareholders, external, regulatory and internal reporting is based on internal control
system
Internal and external auditors use information in order to perform their tasks
Internal Audit
& Compliance
Internal Audit
Internal audit is an independent, objective assurance function established within the organization, with the aim
of ensuring that governance process, risk management and internal controls are working effectively. It may be a
statutory requirement to have an internal audit or it may be strongly recommended under codes of corporate
governance. The primary objective of internal audit is to assist other functions in the effective discharge of their
responsibilities. The work of internal audit is quite varied and includes financial / internal controls review,
compliance, operational audits, fraud investigations, etc.
Internal auditor should not be involved in operational activities or systems they are auditing
Internal Auditor should be appointed by Audit Committee (and not by Exec Management)
Internal Auditor to report directly to Audit Committee
Internal Auditor to have direct access to Chairman of the Board
All remuneration, promotion, bonus to be decided by Audit Committee (and not by Exec
Management)
Practical
Cost effective
Reduces risks to a tolerable level
The internal auditor should also conduct a post-implementation review to ensure that the recommendations
have been actioned by the management
Audit Committee
Provides assurance to shareholders and other stakeholders hence increasing their confidence May
Practice Questions
P1 – Jun 2013 Q2: Imp of Int Audit in Regulated Ind | Audit Comm | Regulatory Rep (Bulp Co)
P1 – Dec 2014 Q4: Need for Int Audit | Why Int Ctrl Fails | CPD (Loho Co)