Internal Audit And Internal Control Presentation Leo Wachira
-
Upload
jenard-wachira -
Category
Documents
-
view
1.473 -
download
0
description
Transcript of Internal Audit And Internal Control Presentation Leo Wachira
GOVERNANCEGOVERNANCE
OVERSIGHT P li OVERSIGHT – Policy Setting
STEWARDSHIP M i STEWARDSHIP - Managers in charge of full business units
TACTICAL / OPERATIONAL – Includes Line / Supervisory management
ASSURANCE – Includes Internal Audit/ External Audit, M&E and Internal Affairs
AGENDA OF PRESENTATIONAGENDA OF PRESENTATION
What is Internal Auditing? What is Internal Auditing? Why and How is Internal Auditing carried out in
the Government of Liberia?the Government of Liberia? What are Internal Controls? What are Some Common irregularities resulting
from a failure in Internal Controls? Question & Answers
WHAT IS INTERNAL AUDITING?WHAT IS INTERNAL AUDITING?
Some Definitions: is an independent, objective assurance and consulting activity
designed to add value and improve an organization's operations It helps an organization accomplish its objectives operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes……The IIA Definition
An appraisal activity established or provided as a service to the entity Its functions include amongst other things examining entity. Its functions include, amongst other things, examining, evaluating and monitoring the adequacy and effectiveness of internal control. …………The ISA 610 and ISSAI 1003 Definition
INTERNAL AUDITING IN GOLINTERNAL AUDITING IN GOL
The Auditor-General is the is the principal responsible for conducting comprehensive post audits, special Financial investigations, reconciliation's and analyses, and continuous reconciliation s and analyses, and continuous audits on a routine basis…… Section 53.3 of the Executive Law of 1972.
The function reporting responsibilities and The function, reporting responsibilities and activities of internal auditors shall be prescribed in regulations under this Act, supplemented by instructions and guidelines issued by the Minister in Collaboration with the Auditor General….Section 38, PFM Act (2009)
INTERNATIONAL BEST PRACTICEINTERNATIONAL BEST PRACTICE
Internal auditing is conducted in diverse legal and cultural environments; within organizations that vary in purpose, size, complexity, and structure; and by persons within or outside the organization. and by persons within or outside the organization. While differences may affect the practice of internal auditing in each environment, conformance with The IIA's International conformance with The IIA's International Standards for the Professional Practice of Internal Auditing (Standards) is essential in meeting the responsibilities of internal auditors and the internal audit activity.
GOL INTERNAL AUDIT STRATEGY 1/3GOL INTERNAL AUDIT STRATEGY 1/3
Adopted by the Cabinet as a structural benchmark (2008)Id ifi d k h l d d M di T Identified as a key support to the newly adopted Medium Term Framework (2010/ 2011) – Part of PFM Reform
Proposed a Two phase approach of Consolidating existing capacity and Expanding this after one year (Institutions Identified through and Expanding this after one year (Institutions Identified through Portion of National Budget, Residual Risk, PRS importance and donor expectations (risk)
Proposed Consolidation begins at Ministries of Finance, Health, p g , ,Education, Public Works and Lands Mines & Energy
Proposes an Institutional Framework covering a Governance Board, Secretariat and Audit Committees in Line Ministries
Proposes the Governance board establishes Common Audit Priorities for the M&As
Proposes adoption of a 5 level IA Capability Maturity framework
GOL INTERNAL AUDIT STRATEGY -2/3GOL INTERNAL AUDIT STRATEGY 2/3
Risks facing the GOL IA Strategy Risks facing the GOL IA Strategy Appointment of a Board
The Governance board consisting 5 members, including The Governance board consisting 5 members, including the GAC, MoF, CSA, PPCC and a Private Sector Member is currently being formulated and could be in place soon.
A lack of demand for IA functions Limited capacity to undertake Internal Audits Failure of External Audit/ GAC to coordinate with IA Failure to include IA in objective setting
GOL INTERNAL AUDIT STRATEGY -3/3GOL INTERNAL AUDIT STRATEGY 3/3
Key Secretariat Deliverables outstanding Key Secretariat Deliverables outstanding Audit Manual Audit Committee Charter Audit Committee Charter Annual Risk Assessment (Audit Priority) Audit Plan Audit Plan Audit Announcement letter
A dit ki g Audit working papers The Audit Report
WHAT IS INTERNAL CONTROL?WHAT IS INTERNAL CONTROL?
internal control is defined as a process effected by an g i ti ' t t k d th it fl l organization's structure, work and authority flows, people
and management information systems, designed to help the organization accomplish specific goals or objectives.Th C t l h ld b bl f di i kl t The Control should be capable of responding quickly to evolving risks to the business arising from factors within the company and to changes in the business environment.I l C l i f 5 i l d Internal Control consists of 5 inter-related components Control Environment Risk Assessment Information and Communication Processes Monitoring Existing Control Activities
THE CONTROL ENVIRONMENTTHE CONTROL ENVIRONMENT
The control environment sets the tone of an organization, ginfluencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure Control environment factors providing discipline and structure. Control environment factors include the integrity, ethical values and competence of the entity’s people; management’s philosophy and operating style; th t i th it d ibilit d the way management assigns authority and responsibility, and organises and develops its people; and the attention and direction provided by the Oversight board.
RISKS ASSESSMENT 1/4RISKS ASSESSMENT 1/4
Every entity faces a variety of risks from external and i t l th t t b d A diti t internal sources that must be assessed. A precondition to risk assessment is establishment of objectives, linked at different levels and internally consistent. Risk assessment is the identification and analysis of relevant risks to the identification and analysis of relevant risks to achievement of objectives, forming a basis for determining how the risks should be managed.
Because economic industry regulatory and operating Because economic, industry, regulatory and operating conditions will continue to change, mechanisms are needed to identify and deal with the special risks associated with changechange.
There are many techniques available for identifying risk. Some are detail based and offer quantification, others are scenario-based or qualitativescenario-based or qualitative.
RISK ASSESSMENT 3/4RISK ASSESSMENT 3/4
For those risks that are controllable, the company must decide whether to accept those risks or whether to mitigate the risk through control procedures. For those risks that cannot be procedures. For those risks that cannot be controlled, the Board must decide whether to accept the risks or to withdraw from, or reduce the level of business activity concernedlevel of business activity concerned.
Contingency plans should be considered where Contingency plans should be considered where the Board elects to accept uncontrollable significant risks.
RISK ASSESSMENT - AFTER 4/4RISK ASSESSMENT AFTER 4/4
RISK DECISION MAKING
Tolerate / Accept risk; simply take the chance that the negative impact will be incurred
Terminate/ Avoid risk; changing plans in order to prevent the problem from arisingprevent the problem from arising
Transition/ Mitigate risk; lessening its impact through intermediate stepsg p
Transfer risk; outsource risk to a capable third party that can manage the outcome
INFORMATION AND COMMUNICATION PROCESSES 1/2
Pertinent information must be identified, captured and i d i f d i f h bl communicated in a form and timeframe that enables
people to carry out their responsibilities. Information systems produce reports, containing y p p , g
operational, financial and compliance-related information, that make it possible to run and control the business. They deal not only with internally generated y y y gdata, but also information about external events, activities and conditions necessary to informed business decision-making and external reporting bus ess dec s o a g a d e te a epo t gEffective communication must also occur in a broader sense, flowing down, across and up the organisation.
INFORMATION AND COMMUNICATION PROCESSES 2/2
All personnel must receive a clear message from top management that control responsibilities must be taken seriously. They must understand their own role in the internal control system, as well as own role in the internal control system, as well as how individual activities relate to the work of others. Th h f i i They must have a means of communicating significant information upstream. There also needs to be effective communication with external eeds to be e ect e co u cat o t e te aparties, such as customers, suppliers, regulators and shareholders.
MONITORINGMONITORING
Internal control systems need to be monitored - a process th t th lit f th t ’ f that assesses the quality of the system’s performance over time. This is accomplished through ongoing monitoring activities, separate evaluations or a combination of the two. On going monitoring occurs in the course of operations It On going monitoring occurs in the course of operations. It includes regular management and supervisory activities, and other actions personnel take in performing their duties.
The scope and frequency of separate evaluations will The scope and frequency of separate evaluations will depend primarily on an assessment of risks and the effectiveness of ongoing monitoring procedures. Internal control deficiencies should be reported upstream with control deficiencies should be reported upstream, with serious matters reported to top management and the Board.
EXISTING CONTROL ACTIVITIESEXISTING CONTROL ACTIVITIES
Control activities are the policies and procedures that help ensure that management directives are carried out. They help ensure that necessary actions are taken to address risks to achievement actions are taken to address risks to achievement of the entity’s objectives.
Control activities occur throughout the i i ll l l d i ll f i Th organisation, at all levels and in all functions. They
include a range of activities as diverse as approvals, authorisations, verifications, app o a s, aut o sat o s, e cat o s,reconciliations, reviews of operating performance, security of assets and segregation of duties.
CRIMECRIME
Control E i t
Risk A t
Information and C i tiEnvironment Assessment Communication
Monitoring Existing Control Activitiesg Activities
INHERENT WEAKNESSES OF INTERNAL CONTROLS
Internal Control provide only reasonable Internal Control provide only reasonable assurance due to following inherent weaknessesweaknessesHuman error which includes error in design and use
of automated controlsof automated controlsDeliberate circumvention of controlsManagement over rideManagement over ride Cost-benefit considerations
AUDIT RISK/ RESIDUAL RISKAUDIT RISK/ RESIDUAL RISK
Audit risk (also referred to as residual risk) ( )refers to acceptable audit risk, i.e. it indicates the auditor's willingness to accept that the financial statements may be materially misstated after the audit is completed and an
lifi d ( l ) i i i d If th unqualified (clean) opinion was issued. If the auditor decides to lower audit risk, it means that he wants to be more certain that the that he wants to be more certain that the financial statements are not materially misstated.misstated.