Common internal audit findings & how to avoid them
-
Upload
surajit-datta -
Category
Economy & Finance
-
view
108 -
download
2
Transcript of Common internal audit findings & how to avoid them
![Page 1: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/1.jpg)
Common Internal Audit Findings
& How to Avoid Them
April 6, 2016, 10:00 am – 12:00 pm
Workshop Conducted by: Surajit Datta
![Page 2: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/2.jpg)
1. Internal Audit
2. Internal Controls
3. Elements of Internal Controls
4. Audit Findings
5. Common Internal Audit Findings
6. Fraud Indicators
7. How to Avoid Audit Findings
TopicsIAD Workshop - 2016
![Page 3: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/3.jpg)
Internal Audit
The Institute of Internal Auditors defines Internal Auditing as…
"An independent, objective assurance and consulting activity designed to add value and improve and organization's operations.
It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes."
IAD Workshop - 2016
![Page 4: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/4.jpg)
• 2002 – Enron• Billions of dollars of market value erased. Thousands of jobs lost. Savings wiped out. The
Enron failure demonstrated a failure of corporate governance, in which internal control mechanisms were short-circuited by conflicts of interest that enriched certain managers at the expense of the shareholders.
• 2008 - $ 500 million loss by Merrill Lynch“several mitigating internal controls were not operating effectively and therefore failed to identify the intercompany difference that resulted in the huge loss” - Deloitte.
Effects of Internal Control FailuresIAD Workshop - 2016
![Page 5: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/5.jpg)
A process designed to provide reasonable assurance about the achievement of an entity’s objectives concerning:
Financial reporting Effectiveness of operations Compliance with laws and regulations
What are Internal ControlsIAD Workshop - 2016
![Page 6: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/6.jpg)
What are Internal ControlsIAD Workshop - 2016
FINANCIAL 1. Promotes integrity of
data used in making business decisions2. Assists in fraud
prevention and detection through the creation of
an auditable trail of evidence
COMPLIANCE
Helps maintain compliance with laws and
regulations through periodic monitoring
OPERATIONAL1. Promotes efficiency and effectiveness of operations through
standardized processes 2. Ensures the
safeguarding of assets through control activities
Effective internal controls prevent fraud, waste, and abuse
Develop internal controls to address the risks identified during your “risk assessment process”
Review and adjust your control activities to ensure they are working
![Page 7: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/7.jpg)
Control Environment Risk Assessment Control Activities Information and Communication Monitoring
5 Elements of Internal ControlsIAD Workshop - 2016
![Page 8: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/8.jpg)
Tone at the Top Commitment to Competence Management’s Philosophy/Integrity Management’s Direction/Assignment of Responsibility Human Resources Policies and Procedures
Control EnvironmentIAD Workshop - 2016
![Page 9: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/9.jpg)
Identify the Risks to Achievement of aswaaq’s Objectives in relation to:
Reporting Financial (Cash Management) Operational Compliance (with laws and regulations)
Prioritize them (Probability X Impact)
Develop a plan to manage them (Risk Response / Mitigation Action plans or BCPs)
Risk AssessmentIAD Workshop - 2016
![Page 10: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/10.jpg)
Specific to the company’s operation and may include the following: Policies and procedures to protect against fraud, waste, and abuse Authorizations and approvals (DOA) Verifications (Internal Checks, Checklists, etc.) Reconciliations Segregation of duties Review operational performance
Control ActivitiesIAD Workshop - 2016
![Page 11: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/11.jpg)
Financial Reporting Operational Reporting Accounting Manual Compliance Reporting Codes of Conduct Keep the communication lines open
Information & CommunicationIAD Workshop - 2016
![Page 12: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/12.jpg)
Budget to Actual Internal Audits Reconciliations to General Ledger Management review of controls Review of exception reports External Audit Audit Committee
MonitoringIAD Workshop - 2016
![Page 13: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/13.jpg)
Audit Findings Risk assessment
Corrective action required Audit recommendation
A management opportunity Risk response / risk mitigation action plans
Result of AuditsIAD Workshop - 2016
![Page 14: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/14.jpg)
Financial misstatement
Control weakness
Policy or other rule violations
Other issues identified during the audit
Audit findings – What are they?IAD Workshop - 2016
![Page 15: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/15.jpg)
Internal Control failure profileIAD Workshop - 2016
Error4% Weak
Monitor-ing &
Control25%
Non-compliance31%
Others27%
Process design
10%
SOD3% weaknesses which may put some of the
company objectives at risk that are primarily due to- compliance inconsistencies with
established policies and procedures ineffective process design, and weak monitoring
![Page 16: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/16.jpg)
1. Non-compliance of established company policy or statutes
2. Process execution not following the established DOA
3. Segregation of Duties (SOD) Conflict
Ensure tasks and process flows have a check and balance. For example: A person who is responsible for collecting payments should not be
responsible for creating the deposit and reconciling to source documents.
4. Lack of sufficient supervision / monitoring
5. Lack of Awareness of Company Policies
Common Internal Audit FindingsIAD Workshop - 2016
![Page 17: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/17.jpg)
6. Lack of Written Policies and Procedures (Departmental) Major business transactions and related internal controls of a department's operations
should be clearly documented, periodically reviewed and updated.
7. Lack of Formally Documented Approvals
Evidence should be maintained to document independent approvals (e.g. reconciliations, departmental financial statements, etc.)
8. Unbudgeted expense
9. Absence of Supporting Documentation Transactions should be appropriately supported by documentation. For example:
Journal Entries: Purpose, related source documents, approvals Purchases: Requisition, competitive bidding, purchase order, invoice, approvals
Common Internal Audit FindingsIAD Workshop - 2016
![Page 18: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/18.jpg)
10.Lack of Proper Safeguarding of Assets
11.Inappropriate Information Security Access
Critical or sensitive information should be appropriately restricted based on job duties.
12.Inaccurate Financial Reporting
Examples include: Expenses:
Invoices Not recorded as a liability upon commitment Overtime Not approved timely
Revenues: Receivables Not recorded in books (booked when cash is received) Income Recorded as an offset to an expense account rather than to an income account
Common Internal Audit FindingsIAD Workshop - 2016
![Page 19: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/19.jpg)
1. One person in control
2. No separation of duties
3. High turnover of personnel
4. Unexplained entries in records
5. Unusually large amounts of payments for cash
6. Inadequate or missing documentation
7. Altered records (white-out, copies of documents, etc.)
8. Non-serial number transactions
9. Inventories and financial records not reconciled
Fraud IndicatorsIAD Workshop - 2016
![Page 20: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/20.jpg)
Fraud IndicatorsIAD Workshop - 2016
10.Lack of internal controls/ignoring controls
11.Repeat audit findings
12.Unauthorized transactions
13.Ability to get around internal controls that prevent or detect fraud
14.Inability to judge quality of performance
15.Lack of an audit trail
16.Failure to discipline prior fraud perpetrators
![Page 21: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/21.jpg)
Internal Audit Report
Read it and discuss with IAD Understand the problem Understand the recommended corrective action Plan the corrective action steps
Develop the overall corrective action plan Assign overall responsibility Assign specific action step responsibilities Establish a time line Follow up – sustained attention Verify completion and effectiveness Report to management
How to Avoid Audit FindingsIAD Workshop - 2016
![Page 22: Common internal audit findings & how to avoid them](https://reader031.fdocuments.in/reader031/viewer/2022021506/588216ef1a28ab3f4c8b5a6b/html5/thumbnails/22.jpg)
Establish Policies and Procedures
• Write them• Follow them• Review and up-date them as needed
Establish Internal Controls
• Financial• Operational• Compliance• Cash Management
How to Avoid Audit FindingsIAD Workshop - 2016