Internal Control (IC) & Enterprise Risk Management (ERM

)

• Presented by: • Mohamed El Mugtaba, MBA, CPA • Member of • Member Advisory Team

© Copyright M Mugtaba 2007

© Mohamed Mugtaba 2007

1

What is Internal Control

Published Internal Control – Integrated Framework

Defined Internal control as: • a process – effected by an entity board of directors, management, and other personnel – designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
a) Reliable financial reporting b) Effectiveness and efficiency of operations and c) Compliance with applicable laws and regulations
© Mohamed Mugtaba 2007 2

Objectives of Internal Control A well-designed system of internal control achieves the following objectives: • Accurate reliable financial statements • Safeguarding of assets • Adherence with applicable laws & regulations • Promotion of effective & efficient operations Fix your weak Internal Control
The concept of (IC) reasonable assurance “cost of IC should not exceed its benefit”
© Mohamed Mugtaba 2007 3

5 Components of Internal Control

CONTROL ACTIVITIES
MONITORING (ongoing)

RISK ASSESSMENT INFORMATION & COMMUNICATION

RISK ASSESSMENT CONTROL ACTIVITIES INFORMATION & COMMUNICATIONS CONTROL ENVIRONMENT (foundation) Infrastructure

MONITORING CONTROL ENVIRONMENT

Good Internal Control Prevents
© Mohamed Mugtaba 2007 4

CONTROL ENVIRONMENT FACTORS

Integrity and ethical values Commitment to competence Human resource policies and practice Assignment of authority and responsibilities Management’s philosophy and operating style Board of directors or audit committee participation © Mohamed Mugtaba
2007 5

Control Activities
• Policies & procedures to ensure
management directives are followed, objectives attained, reporting complete & correct • Procedures to prevent errors, fraud • Procedures to detect errors, fraud • Documentation, approval, verification
– – – –

P I P S

Performance reviews (budget/actual/variance) Information processing (accuracy, completeness, authorization Physical controls (access to assets & records) Segregation of Duties (authorization, recordkeeping, & custody
© Mohamed Mugtaba 2007 6

Risk Assessment
• Managers assess business risk! • Operating objectives must be
well defined, addressing resource control and uses (e.g., technology, related laws, compliance with controls). Financial reporting risks relate to data processing, potential for error & fraud.

ERM
Enterprise Risk Management

Best Practice
© Mohamed Mugtaba 2007

RBIA
7 Risk-Based Internal Audit

Risk is reduced by : proper approvals, surveillance, processing, procedures, budgeting, training, “responsibility accounting,” reviewing variances from goals, technology, etc.

Risk Assessment…… continued

© Mohamed Mugtaba 2007

8

Information & Communication

• Information requirements (who

gets what data when?) • Reports consistent with objectives, with sufficient details for action • Feedback & revisions (often & proper) • Commitment to appropriate resources for effective information systems
© Mohamed Mugtaba 2007 9

MONITORING Financial Reporting Controls

• Transaction cycles emphasis

(feedbacks, corrective actions) • “Real-time” basis • Variances from budgets; causes • Cross corroborations by employees • Investigating exceptions
© Mohamed Mugtaba 2007 10

Control Principles Basic to “good” internal control are the following principles:

Control Principles

• Authorization and ApprovalDOP

– Transactions are authorized by a person with delegated approval authority.
Accounting Manual

• Documentation of Policies and Procedures

– policies and operating procedures are formalized and communicated to employees.  Documenting policies and procedures and making them accessible to employees helps provide day to day guidance to staff and will promote continuity of activities in the event of prolonged employee absences or turnover. – Equipment , inventories, cash , and other property are secured physically, counted periodically, and compared with amounts shown on control records.
© Mohamed Mugtaba 2007 11

• Physical Security

The Fundamental Principle of Internal Control
Incompatible Functions Authorization Record Keeping Custody

SEGREGATE:

Segregation of duties reduce the opportunities to allow any person to be in a position © Mohamed Mugtaba to both perpetrate and conceal errors 2007

Examples:

12

Segregation of duties reduce the opportunities to allow any person to be in a position to both perpetrate and conceal errors or fraud in the normal course of his duties

Examples…Incompatible Functions
• Authorizing expenditure and payment • Bank reconciliation by disinterested parties (not involved in • • •
cash) HR and Payroll staff (authorise promotion/increment and payment) Payroll staff from general ledger staff Computer programmers from computer operations
© Mohamed Mugtaba 2007

13

Limitations of Internal Control

The costs of internal controls must not exceed their benefits.

Costs

Benefits

Examples: 1- Admin Buildings 2- Copper
© Mohamed Mugtaba 2007 14

Limitations of Internal Accounting Control
Human Error Human Fraud

Negligence Fatigue Misjudgment Confusion

Intent to defeat internal controls for personal gain

© Mohamed Mugtaba 2007

15

© Mohamed Mugtaba 2007

16

Enterprise Risk Management, (ERM) COSO Definition

Can You Read It ?

If your eye vision is > -1 Don’t worry – see next slide
Source: COSO Enterprise Risk Management – Integrated Framework. 2004.
© Mohamed Mugtaba 2007 17

Enterprise Risk Management, (ERM) COSO Definition

Breaking down the definition:

Process effected by board, management and personnel applied in strategy setting and across the enterprise designed to identify potential events that may affect the entity and manage risk to be within its risk appetite to provide reasonable assurance regarding the achievement of the entity objectives
© Mohamed Mugtaba 2007 18

ERM Encompasses:
Aligning risk appetite and strategy Enhancing risk response decisions Reducing operational surprises and losses Identifying and managing multiple and cross-enterprise risks  Seizing opportunities More Details  Improving deployment of capital    
ERM OBJECTIVES
STRATEGIC OPERATIONS REPORTING COMPLIANCE

© Mohamed Mugtaba 2007

19

The ERM Framework

The eight components of the framework are interrelated …

© Mohamed Mugtaba 2007

20

ERM ENCOMPASSES INTERNAL CONTROL

ERM IC
© Mohamed Mugtaba 2007 21

© Mohamed Mugtaba 2007

22

Sign up to vote on this title
UsefulNot useful