OPERTATIONS AUDITING MODULE 1

GOVERNANCE PERSPECTIVE
Governance Perspectives
1. The Agency Concept
2. Corporate Ethics and Accountability
3. International Scandals and their impact
4. Models of Corporate Governance
5. The External Audit
6. The Audit Committee
7. The Internal Audit
8. The link to Risk Management and Internal Control

The learners are expected to be able to:

1. Obtain sufficient knowledge on the concept of Corporate Ethics.
2. Explain the role of Good Governance in the corporate environment.
3. Be familiar with the functions and works of External Auditors.
4. Identify the reason why the Audit Committee was formed.
5. Identify the functions of internal auditors
6. Differentiate external audit from internal audit
7. Obtain basic knowledge on Risk Management and Internal Control.

THE AGENCY CONCEPT

What Is Agency Theory?

Agency theory is a principle that is used to explain and resolve issues in the relationship between
business principals and their agents. Most commonly, that relationship is the one
between shareholders, as principals, and company executives, as agents.

Understanding Agency Theory

An agency, in broad terms, is any relationship between two parties in which one, the agent,
represents the other, the principal, in day-to-day transactions. The principal or principals have hired
the agent to perform a service on their behalf.

Principals delegate decision-making authority to agents. Because many decisions that affect the
principal financially are made by the agent, differences of opinion, and even differences in priorities
and interests, can arise. Agency theory assumes that the interests of a principal and an agent are
not always in alignment. This is sometimes referred to as the principal-agent problem .

By definition, an agent is using the resources of a principal. The principal has entrusted money but
has little or no day-to-day input. The agent is the decision-maker but is incurring little or no risk
because any losses will be borne by the principal.

Financial planners and portfolio managers are agents on behalf of their principals and are given
responsibility for the principals' assets. A lessee may be in charge of protecting and safeguarding
assets that do not belong to them. Even though the lessee is tasked with the job of taking care of
the assets, the lessee has less interest in protecting the goods than the actual owners.

Areas of Dispute in Agency Theory

Agency theory addresses disputes that arise primarily in two key areas: A difference in goals or a
difference in risk aversion.

For example, company executives, with an eye toward short-term profitability and elevated
compensation, may desire to expand a business into new, high-risk markets. However, this could
pose an unjustified risk to shareholders, who are most concerned with the long-term growth of
earnings and share price appreciation.

Another central issue often addressed by agency theory involves incompatible levels
of risk tolerance between a principal and an agent. For example, shareholders in a bank may object
that management has set the bar too low on loan approvals, thus taking on too great a risk
of defaults.

CORPORTE ETHICS

Ethics refers to the moral values and principles that guide an individual. Corporate ethics refers to
the moral behavior of a company and its employees while conducting business. Business ethics is
another name for corporate ethics. Business ethics reflects the purpose of doing the business.
Business ethics is the distinction between what is right and wrong in the workplace and the selection
of the right set of actions. Every corporate entity follows business ethics to a large extent in order to
survive and compete successfully in the market. Corporate entities that strictly adhere to business
ethics gain the trust of their stakeholders and thus gain more customers. An organization follows
compliance, i.e., following certain business policies, rules, procedures, and practices to deal with the
problem arising from the business environment. Business ethics also ensures that they meet
compliance requirements as it was connected with the activities of an organization.

Features of corporate ethics

 Choosing right over wrong: Business ethics allows one to distinguish between right and
wrong business practices and then select the right set of ethical practices.

 Corporate image: Following business ethics in operations helps corporate entities build a
positive corporate image, and vice versa. Ethical executives supervise every action of the
organization to maintain a positive corporate image.

 Superior to law: Business ethics take superiority over the law of the jurisdiction in which the
corporate entity operates. Insider trading, for example, is not illegal in some countries but is
illegal in others. It is important to note, however, that insider trading is an unethical practice.

 Provides a framework: Business ethics provide a general legal and ethical framework within
which corporate entities should conduct their business operations.

 Code of conduct: Business ethics is a code of conduct that enables corporate entities and
their employees to contribute to the betterment of society.

 Subjective: An organization can expand its operations at a global level. The development of
ethics must be in accordance with the expectations of the respective country.

 Maintains ethical responsibility: Business ethics always try to maintain the organization’s
social responsibility towards society.
Corporate ethics guidelines

Corporate ethical guidelines of an organization are closely linked with a social group of consumers,
employees, investors, and the local community. The following are some of the guidelines of
corporate ethics:

 Avoid exploitations: Exploiting and cheating consumers should be avoided. The increasing
price of the product purposefully to cheat the consumers must be avoided. Satisfying the
needs of the consumers should be the main objective of the company. Activities of the
business must be adjusted based on the needs and demands of the customer.
 Distribute qualified products and services: Selling harmful products, banned goods, and
selling goods in the black market just to earn surplus profit must be avoided.
 Fair competition: Creating a healthy competitive environment for other organizations to
attain benefits should be encouraged.
 Maintain quality and quantity: While selling goods, the product must be packed with the
right weight and perfect quality with nice packaging. Such practice must be followed to
maintain the quality of the product.
 Proper accounting procedure: Paying tax regularly to the government from the profit
earned is necessary. Proper maintenance of accounts is necessary. Every transaction made
in the organization should have a proper record. The accounts should be audited by
authorized persons.
 Fair wage: An organization’s employees should be paid a fair salary or wage. An adequate
facility must be given to an employee for a good workplace.
 Proper communication: An investor in the organization must be informed of all financial and
other decisions taken at the organization as they are the owners of the company.
 Prohibition of Discrimination: Discriminating an employee based on their gender, race,
religion, language, nationality, etc. should not be done in an organization.
 No malpractice: Giving bribes and costly gifts to influence the officer for doing illegal activity
should not be done. These activities affect the business’s ethical conduct.
 Abide laws: Rules and regulations formulated by the governments must be followed
perfectly.

Types of corporate ethics

An organizational culture, management philosophy, and corporate ethics create an impact on the
performance of the company in the long run. Industry size, profitability level, and ethics are the most
important factors for the success of an organization.
Leadership ethics

An organization’s management allots teams for running day-to-day business operations. Proper
ethical practices are followed by the management, the leaders in the organization can direct the
employees to make a decision that is beneficial to individuals and for the organization. A strong
foundation in ethical behavior can retain talented individuals by maintaining a positive reputed
community in the workplace. From top management to low management corporate ethics builds a
strong relation between them.
Employee ethics

In an organization, when the management functions in ethical conduct then the employee will also
follow the footsteps lead by the management. The employee takes decisions based on the principal
guide i.e., corporate ethics. It leads the organization to increase productivity and morale among the
employee. When an employee performs their assigned duty in the workplace with honesty, integrity,
and loyalty the entire organization will be benefited from the conduct. Companies that have high
standard business ethical behavior for business operation then employee under such roof also do
their duties in high level in the workplace.

Production ethics

Corporate ethics ensures that organization products or services do not cause any harm to the public.
The success of the organization depends on the products or services provided by them. Producing
dangerous products can change the minds of the consumers which will affect the entire
organization. Producing genetically modified foods, purposefully producing defective products,
unhealthy products lead the company to face so much trouble from the public as well as the
government. While producing products, the surrounding environment should not be polluted.
Production ethics is much more important for the survival of the organization.

Marketing ethics

Marketing ethics usually deal with the principle that is hidden behind the business operation. A fair
price should be fixed without discriminating and skimming. Even though a company’s ultimate goal is
to earn a profit, corporate ethics ensure consumer protection without exploiting the consumer.
Additionally, the price of the product must be fixed. A healthy competition between the competitor
will increase the standard as well as the name and fame of an organization. While advertising the
product content must be made related to the products. A misleading advertisement make
discomfort among the consumer. A systemic approach is necessary to function the business practice
in an ethical standard.

What is Accountability?

Accountability is the concept of answerability by an individual or a department for the performance

or outcomes of specific activities. Essentially, the accountable party is responsible for the execution
of the desired role.

The principal party delegates roles to other parties but remains liable if an action is not executed
well or in the event of a loss. It is commonly practiced in the financial sector and the business world
in its entirety.

For example, the two elements of accountability can be seen in a case where an accountor delegates
the power to the accountee. Still, it is the accountor who takes responsibility and goes the extra mile
to put measures in place to prevent future reoccurrence of a mistake. The concept is further
dependent on the ethical behavior of the party held to account for the activity and influence of
regulations.

The benefit of accountability is that it assures that an auditor presented an accurate and fair view of
a company’s financial health. The auditor is, therefore, legally and criminally liable for fraud or
breach of contract resulting from the audited financial statements. Accountability commands care,
knowledge, and skills during accounting practice since a slight omission or an act is tantamount to
professional negligence.

The accountor gives the mandate and delegates the power, while the accountee receives power.

International Scandal and their impact

The most notorious accounting fraud case is the LEHMAN BROTHERS SCANDAL. The global financial
services firm hid over $50 billion in loans disguised as sales.

The Lehman Brothers bankruptcy scandal was a major financial crisis that had significant
consequences for the bank and its stakeholders, as well as the global financial system and the
economy. The bankruptcy of Lehman Brothers, one of the largest and most influential investment
banks in the world, was a key event of the global financial crisis, and it had far-reaching implications
for the financial industry and the economy. In this blog post, we will explore the events leading up to
the bankruptcy, the consequences of the bankruptcy, and the lessons learned from the scandal.

The Events Leading Up to the Bankruptcy

Lehman Brothers was founded in 1850 as a small dry goods store in Alabama. Over time, the
company evolved into a major investment bank, with a global presence and a reputation for
innovation and risk-taking. However, Lehman Brothers’ success was built on risky financial practices
and the use of complex financial instruments, such as mortgage-backed securities and collateralized
debt obligations (CDOs). In the years leading up to the bankruptcy, Lehman Brothers was heavily
exposed to the subprime mortgage market, which was experiencing a severe down turn. The
subprime mortgage crisis, which began in 2007, was triggered by a surge in defaults on subprime
mortgages, which were issued to borrowers with poor credit ratings. As the crisis deepened, the
value of mortgage-backed securities and CDOs, which were held by Lehman Brothers and other
financial institutions, plummeted.

The Bankruptcy Filing and its Consequences

On September 15, 2008, Lehman Brothers filed for bankruptcy, becoming the largest bankruptcy in
U.S. history at the time. The bankruptcy filing sent shockwaves through the global financial system
and the economy, as Lehman Brothers was a major player in the financial industry and its collapse
had far-reaching consequences. The bankruptcy of Lehman Brothers had a significant impact on the
bank’s employees, customers, and shareholders. The bank’s collapse resulted in the loss of
thousands of jobs, as well as significant financial losses for shareholders and customers. The
bankruptcy also had a ripple effect on other financial institutions and the economy, as Lehman
Brothers’ collapse exacerbated the global financial crisis.

Models of Corporate Governance

Models of corporate governance are, at their most basic level, the set of norms, procedures,
procedures, policies, and rules that influence how individuals direct, administer, and manage a
company. It represents a resolve on the part of the organization to uphold accountability, diversity,
transparency, and fairness. Additionally, it alludes to the connections between business objectives
and stakeholders.

This obligation primarily rests with the board of directors of a corporation. Aiming to reduce conflicts
of interest and guarantee that all shareholders are handled fairly, this system of checks and
balances. However, this delicate power equilibrium depends on three important anchors.
Models of corporate governance involved in this triangle connection are the board of directors,
management, and shareholders. While each has specific duties, they all must cooperate for the
system to be successful and balanced.

Executives and shareholders may disagree; for instance, shareholders may want to concentrate on
profit while the CEO may want to make investments to increase employee involvement. Corporate
law would dictate how this is resolved.

All three of the relationships in the governance triangle—management and shareholders,

management and the board of directors, and the board of directors and shareholders—rely on open
communication and shared responsibility.

Management, staff, suppliers, and customers are additional stakeholders, as are outside factors like
creditors, regulators, and the community.

Who is Included in a Governance Team?

Major shareholders, company founders, and executives make up the board of directors, which has
the most impact in this situation. However, independent trustees might be a part of it.

Making sure a company’s leaders are successfully managing its finances and acting in the interests of
all stakeholders is one of the main objectives of corporate governance. The majority of businesses
also have to abide by outside laws and regulations that apply to their specific industry.

The board and the management structure established beneath it are in charge of establishing a goal
or purpose to work toward, creating a consistent process to achieve it, organizing operations to
support that process, evaluating performance outcomes, and using those outcomes to grow both
themselves and employees as individuals or teams.

Audit Committee
What Is the Audit Committee?
The audit committee is responsible for helping independent auditors oversee the corporation’s
financial reporting system in a process independent of management. They achieve this in the
following ways:

 Providing vital oversight of the corporation’s financial reporting processes, internal controls
and independent auditors
 Serving as a check and balance over the company’s financial reporting practices
 Granting a forum for discussing financial concerns candidly and objectively

An audit committee is appointed by the board and is composed of between three and seven board
directors who aren’t part of the corporation’s management.

Audit committees should have at least one individual on the committee who is considered a financial
expert. The audit committee chair should be a certified public accountant (CPA) or otherwise
considered a financial expert; however, it’s not necessary for all members of the committee to be
financial professionals.

Responsibilities of the Audit Committee

While the audit committee is responsible for performing the audit, they are also responsible for
other essential tasks relative to the audit and the corporation’s internal control system. Audit
committee responsibilities encompass many oversight responsibilities, including fraud prevention,
ethics and compliance, oversight of the independent auditor and involvement with external
communications. Additional functions of an audit committee include:

 Risk Oversight: The audit committee ensures that the company’s risk management plan is
well-defined and effective. Management should discuss the company’s policies and
guidelines that govern risk management. Both parties should be knowledgeable about major
financial risk exposures and the steps managers should take to monitor and control risks.

 Ethics and Compliance: This is an important function of the audit committee because it
requires members to address allegations or violations of the code of ethics promptly and
consistently. Audit committees must protect individuals who come forth with reports of
questionable behavior by employees. The company must have a fair process for addressing
violations of ethics or compliance, which should include regular compliance audits.

 Oversight of the Independent Auditor: An essential part of the audit committee's duties is
to be responsible for appointing, compensating and overseeing the duties of the
independent auditor. This responsibility extends to resolving any disagreements with
management. Audit committee members should meet with the independent auditor at least
quarterly.

 Oversight of Internal Audit: Audit committee members’ roles require them to oversee and
make suggestions for improving the company’s internal operations and processes. Proper
oversight of the internal audit requires companies to enlist the help of independent internal
auditors to ensure the integrity and transparency of the processes.

 Facilitate External Audit: During the annual audit, the audit committee meets separately
with external auditors to examine matters that need to be discussed privately. It’s important
for audit committees to work toward preventing fraud. Auditors with forensic audit
expertise are adept at detecting willful accounting errors and anomalies. Because of
their unique relationship with external auditors and the importance of their duties, audit
committees must have authority over their budgets and for managing external auditors.

 Manage Financial Reporting and Controls: The role of the audit committee requires them to
be familiar with the processes and controls for financial reporting and internal controls. This
requires working with members of management, independent auditors and internal auditors
to acquire adequate knowledge about the company’s financial reporting and internal
controls. The committee uses this information to determine whether the company’s
financial reporting processes are designed and operating effectively.

 Review Regulations and Requirements: Regulations require audit committees to review

any significant changes in accounting principles and the adequacy of internal controls. Audit
committee functions include reviewing the company’s response to material control
deficiencies and reviewing the effects of alternative GAAP methods with management.

 Review of Filings and Earnings Releases: Financial analysts, ratings agencies and other
financial experts rely on audit committees to oversee earnings releases, SEC filings
containing financial information and other financial reports to ensure they’re transparent
and fair. Audit committee teams are also responsible for working with legal teams to ensure
that disclosures are accurate and complete and include reporting on financial trends.
  Provide Recommendations to Management: The audit committee should allow
management adequate time to review and comment on the audit committee’s annual audit
findings. An important function of an audit committee is to provide management with
an audit committee report and final management letter that offers recommendations on
how to comply with best practices for financial reporting and internal controls.

Audit committee members are responsible for performing a wide variety of duties, working closely
with a wide variety of stakeholders. Financial regulations are also evolving, especially during these
volatile economic times. Audit committees should stay current with financial trends, global risk
reports, and new or evolving legal or regulatory requirements. This is all to ensure that the company
has sound financial reporting practices and robust internal controls.

The Audit Committee's Role in Corporate Governance

The audit committee plays a vital role in corporate governance because they hold the board and the
organization accountable in almost every area, from internal and external audits to financial and risk
management. The audit committee and management must maintain the internal controls and
governance that ensure that the financial reporting process is accurate and effective.

Before the audit committee begins its work, committee members must understand how
management develops and reports internal financial information. Having a good understanding
of audit reports ensures that audit committee members will know the potential impact of financial
statements and how they interact with compliance and risk management. All audit committee
members must also be up to speed on recent professional and regulatory changes and
announcements to maintain the appropriate controls throughout the audit process.

Internal Audit

Internal auditing is an independent, objective assurance and consulting activity designed to add
value and improve an organization’s operations. It helps an organization accomplish its objectives by
bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk
management, control, and governance processes.

Performed by professionals with an in-depth understanding of the business culture, systems, and
processes, the internal audit activity provides assurance that internal controls in place are adequate
to mitigate the risks, governance processes are effective and efficient, and organizational goals and
objectives are met.

Evaluating emerging technologies. Analyzing opportunities. Examining global issues. Assessing risks,
controls, ethics, quality, economy, and efficiency. Assuring that controls in place are adequate to
mitigate the risks. Communicating information and opinions with clarity and accuracy. Such diversity
gives internal auditors a broad perspective on the organization. And that, in turn, makes internal
auditors a valuable resource to executive management and boards of directors in accomplishing
overall goals and objectives, as well as in strengthening internal controls and organizational
governance.

Seems like a lot to ask from one resource? Maybe for some, but for internal auditors — it’s all in a
day’s work.

Definition of Internal Auditing

According to the Definition of Internal Auditing in The IIA's International Professional Practices
Framework (IPPF), internal auditing is an independent, objective assurance and consulting activity
designed to add value and improve an organization's operations. It helps an organization accomplish
its objectives by bringing a systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control, and governance processes.

Internal Audit Profession Resources

For newcomers to the profession of internal auditing as well as experienced practitioners who want
to promote the profession and its role in the success of an organization, the following resources are
ideal for elevating the profession, enhancing professionalism, and building awareness.

Internal auditors have the training and skills to perform detailed auditing. Learn what internal
auditors do and what the job requirements are.

Internal auditors help safeguard organizations by analyzing compliance, risk, and potential. They

examine company documents and data to identify issues like regulatory noncompliance, data

inaccuracies, and employee theft.

Internal auditors work in many different industries, including healthcare, tech, education, and

government. Internal auditors usually hold full-time positions, but they can also work as contractors

for shorter auditing projects.

People who are good with numbers and like to work on their own often excel in this career field.

Internal auditors report their findings to other internal stakeholders, but they complete most of their

work independently. Like other accounting professionals, internal auditors need strong critical

thinking skills and sharp attention to detail.

Internal auditors are in high demand. In 2019, human resource consulting firm Robert Half identified

internal auditing as one of the most in-demand accounting and finance roles. Keep reading to learn

about skills, education, and career paths for internal auditors.

What Does an Internal Auditor Do?

Internal auditors examine and analyze company records and financial documents. They identify

issues like compliance concerns, risks, fraud, and data inaccuracies. After reviewing all records within

their audit's scope, they investigate any problems they find.

Internal auditors use their knowledge of laws, industry regulations, and company policies to identify

potential instances of noncompliance, fund misappropriation, and other risks to the business.

An internal auditor's job description usually includes the following responsibilities.

 Financial Record Examination: Internal auditors carefully examine a company’s financial

records to identify areas of risk or concern.
 Compliance Analysis: By leveraging their knowledge of industry regulations and company
policies, internal auditors identify potential noncompliance.
 Risk Management: When reviewing internal data and records, internal auditors look for
areas of financial and legal risk.
 Theft and Fraud Detection: Internal auditors seek out internal fraud and theft. This can
include misuse of funds, embezzlement, time fraud, and employee theft.
 Communication: Internal auditors need to communicate key findings from their audits orally
and in writing as requested.

Key Hard Skills for Internal Auditors


Accounting Software Proficiency: Internal auditors must navigate their
organization’s accounting software. Specific software programs vary by employer, but
internal auditors should have some training or experience with common accounting tools
like QuickBooks.

Math Skills: Internal auditors need strong mathematical skills to understand and evaluate
financial documents and data. They should be able to calculate margins, percentages, and
averages.

Accounting Principles Knowledge: These professionals need solid familiarity with accounting
principles. In particular, they should understand and know how to apply the generally
accepted accounting principles.


 Understanding of Relevant Laws and Policies: Since internal auditors focus on compliance,
they need a firm grasp on applicable laws and policies.

Key Soft Skills for Internal Auditors


Critical Thinking: Strong critical thinking skills can help auditors approach data trends and
issues from a strategic and analytical perspective.

Attention to Detail: Internal auditors spend most of their time drilling down into complex
data. They must identify issues that most people would overlook. Successful internal
auditors should pay attention to details and carefully review every item and number in a
document.

Ability to Work Independently: Internal auditing is a good career path for self-motivated
people. Although internal auditors need to communicate with other internal team members,
they do most of their work alone.

Communication: Internal auditors need to communicate complex information clearly. When

they present audit findings, they may have to adjust their communication approach so that
people with limited accounting knowledge can understand the key takeaways.

Internal Auditor Areas of Expertise

Internal auditing is a broad field that provides many professional opportunities and career paths.

Internal auditors can specialize in various areas depending on their interests and career goals.

So, what does an internal auditor do in different industries? Let's take a look at three popular

specializations.

Healthcare Internal Auditor

Healthcare internal auditors provide auditing services for healthcare organizations. They may work

for medical facilities or providers like hospitals, medical research centers, and physician group

practices. They can also find jobs with health insurance companies and healthcare systems.
Increased compliance requirements for healthcare organizations generate high demand for internal

auditors in this field. There is even a special certification available for internal auditors working in

healthcare. The certified healthcare internal audit professional credential is available to internal

auditors with professional experience in the healthcare sector.

Common Job Titles

 Internal Auditor
 Staff Auditor
 Audit Director
 Senior Auditor
 Compliance Manager
 Audit Executive

Public Sector Internal Auditor

Local government agencies often hire internal auditors. Since government entities run on public

funding, they have a special responsibility when it comes to financial compliance and budget

management.

Internal auditors identify areas of waste or misuse and make sure that all policies and regulations are

being followed. Public universities and educational districts also employ internal auditors.

Common Job Titles

 Internal Auditor
 Senior Internal Auditor
 State Auditor
 Government Internal Auditor
 Financial Auditor
 Supervisory Auditor

Internal Auditing Consulting

Businesses may bring in internal auditors as contractors or through a consulting firm. These auditors

may perform basic internal audit services or focus on special projects such as sustainability auditing.

Major consulting firms like Deloitte and PricewaterhouseCoopers offer internships in their audit and

assurance departments. These opportunities can benefit students and recent graduates looking to
get into internal auditing. Consulting and accounting firms have clear advancement structures that

take employees from internships to entry-level roles up into management.

Common Job Titles

 Internal Auditor
 Audit and Assurance Consultant
 Internal Auditing Consultant
 Audit and Assurance Sustainability Associate
 Risk and Regulations Internal Audit Associate
 Senior Internal Audit Associate
 Audit and Assurance Manager

How to Become an Internal Auditor

What is an internal auditor's career path like? Most professionals in the field start with a bachelor’s

degree in accounting or a related major such as finance or business administration. However, further

education or certifications can help auditors qualify for higher-level positions.

Students willing to spend 1-2 more years in school may want to consider a master’s degree in

accounting. Employers may also look for candidates who have passed the certified internal

auditor (CIA) exam. Internal auditors focused on fraud and theft detection may benefit from

a certified fraud examiner certification.

The Link to Risk Management and Internal Control

Internal controls are key elements of risk management frameworks. They include processes to
assess, mitigate and monitor risks. Organizations can be embed internal controls throughout the
program cycle and as part of its overall governance structures and reporting systems.

How do internal controls help in risk management?

Internal control refers to the policies and procedures implemented by an organization to ensure the
integrity of financial and accounting information, promote operational efficiency, and prevent fraud.

A system of internal controls is a set of policies and procedures that ensure the integrity of financial
and accounting information, promote compliance and operational efficiency, and prevent fraud. Risk
management identifies, evaluates, and mitigates potential risks to an organization’s operations and
financial stability. Together, internal control and risk management help organizations to identify and
mitigate potential threats to their financial and operational well-being as well as adhere to
compliance. Internal control procedures are designed to provide reasonable assurance that an
organization’s objectives are met, and risk management is the process of identifying and assessing
potential risks to the organization, and implementing strategies to mitigate or manage those risks.
 Both internal control and risk management are critical components of an organization’s overall
governance and compliance framework.

Why is internal control important in risk management?

Internal controls are important because they help organizations to achieve their objectives by:
 Ensuring the accuracy and reliability of financial and operational information.
 Protecting assets from fraud and misappropriation.
 Complying with laws and regulations.
 Managing and mitigating risks.
 Improving efficiency and effectiveness of operations.
 Providing a basis for monitoring and evaluating the performance of the organization.
 Enhancing organizational governance and accountability.
 Building trust and confidence of stakeholders such as investors and customers.
In short, internal controls help organizations achieve their objectives by providing assurance that
their operations are conducted effectively and efficiently, their assets are protected, and that the
organization is in compliance with laws and regulations. Additionally, internal controls provide a
basis for monitoring and evaluating the organization’s performance, which ultimately improves its
overall effectiveness and efficiency.

Different types of risks

There are several types of risks, including:
 Financial reporting risk: This type of risk involves the possibility of inaccurate or incomplete financial
reporting due to errors, fraud, or misappropriation of assets.
 Compliance risk: This type of risk arises when an organization fails to comply with laws, regulations,
or industry standards.
 Operational risk: This type of risk arises from inadequate or failed internal processes, systems, or
human factors that may lead to unexpected losses.
 Strategic risk: This type of risk arises from the possibility of an organization’s strategy not achieving
its intended objectives or objectives being misaligned with the organization’s overall mission.
 Reputation risk: This type of risk arises from negative publicity or a loss of public trust in an
organization.
 Cybersecurity risk: This type of risk arises from the possibility of unauthorized access, use,
disclosure, disruption, modification, or destruction of information.
 Business continuity risk: This type of risk arises from the possibility of an organization not being able
to continue its operations due to an unexpected event or disaster.
 Human resource risk: This type of risk arises from the possibility of an organization not having the
right people with the right skills to achieve its objectives.

How to implement internal controls

Establishing clear policies and procedures: This involves creating written guidelines for financial and
operational processes, such as financial reporting, purchasing, and inventory management.
 Segregation of duties: This involves dividing responsibilities among different employees to reduce
the risk of fraud or errors. For example, separating the duties of employees who handle cash from
those who handle banking transactions.
 Assigning responsibilities: Assigning tasks to individuals sets the foundation for accountability. This
also clears up who does what and removes any possibilities for later confusion.
 Conducting regular internal audits: This involves reviewing financial and operational processes to
ensure they are in compliance with policies and procedures and identifying any areas that need
improvement.
 Providing adequate training and supervision: This involves providing employees with the necessary
training and resources to perform their tasks correctly, as well as regular supervision to ensure they
are following policies and procedures.
 Establishing a system of internal communication: This involves creating a system for employees to
report any concerns or issues they may have, such as fraud or other forms of misconduct, without
fear of retaliation.
 Regularly reviewing and updating internal control procedures: This involves periodically reviewing
and updating internal control procedures to ensure they remain effective and relevant.

How does internal control help in risk management?

 Identifying and assessing risks: Internal control procedures, such as regular internal audits, can help
identify and assess potential risks to the organization, such as fraud, errors, or operational
inefficiencies.
 Mitigating risks: Once risks have been identified and assessed, internal control procedures can be
implemented to mitigate or reduce those risks. For example, segregation of duties can help prevent
fraud by limiting the ability of one person to both initiate and approve transactions.
 Monitoring and reporting risks: Internal control procedures can be used to monitor and report on
risks, both to management and external parties such as auditors or regulators. This can help ensure
that risks are being effectively managed and that any necessary corrective action is taken.
 Compliance: Internal control procedures can help an organization comply with laws and regulations,
such as financial reporting standards, by providing a framework for ensuring that financial and
operational processes are in compliance.
 Continual improvement: Internal control procedures help organizations to continually improve by
identifying areas for improvement and providing a framework for implementing necessary changes.
Overall, internal control procedures serve as a foundation for managing risks and ensuring the
organization’s stability, reliability, and compliance with laws and regulations.