SlideShare ist ein Scribd-Unternehmen logo
1 von 22
Downloaden Sie, um offline zu lesen
Internal Auditing and
                   Internal Controls
By Leo Wachira
GOVERNANCE

                          OVERSIGHT – P li
                                      Policy
                          Setting


                     STEWARDSHIP - M   Managers i in
                     charge of full business units


             TACTICAL / OPERATIONAL – Includes Line /
             Supervisory management


                     ASSURANCE – Includes Internal Audit/
                     External Audit, M&E and Internal Affairs
AGENDA OF PRESENTATION

 What is Internal Auditing?
 Why and How is Internal Auditing carried out in
  the Government of Liberia?
 What are Internal Controls?

 What are Some Common irregularities resulting
  from a failure in Internal Controls?
 Question & Answers
WHAT IS INTERNAL AUDITING?
Some Definitions:
 is an independent, objective assurance and consulting activity
  designed to add value and improve an organization's
  operations.
  operations It helps an organization accomplish its objectives
  by bringing a systematic, disciplined approach to evaluate and
  improve the effectiveness of risk management, control, and
  governance processes……The IIA Definition
 An appraisal activity established or provided as a service to the
  entity.
  entity Its functions include, amongst other things, examining,
                       include                things examining
  evaluating and monitoring the adequacy and effectiveness of
  internal control. …………The ISA 610 and ISSAI 1003 Definition
INTERNAL AUDITING IN GOL
   The Auditor-General is the is the principal
    responsible for conducting comprehensive post
    audits, special Financial investigations,
    reconciliation s
    reconciliation's and analyses, and continuous
    audits on a routine basis…… Section 53.3 of the Executive
    Law of 1972.
   The function, reporting responsibilities and
         function
    activities of internal auditors shall be prescribed in
    regulations under this Act, supplemented by
    instructions and guidelines issued by the Minister
    in Collaboration with the Auditor General….Section
    38, PFM Act (2009)
INTERNATIONAL BEST PRACTICE
   Internal auditing is conducted in diverse legal and
    cultural environments; within organizations that
    vary in purpose, size, complexity, and structure;
    and by persons within or outside the organization.
    While differences may affect the practice of
    internal auditing in each environment,
    conformance with The IIA's International
    Standards for the Professional Practice of Internal
    Auditing (Standards) is essential in meeting the
    responsibilities of internal auditors and the
    internal audit activity.
GOL INTERNAL AUDIT STRATEGY 1/3
   Adopted by the Cabinet as a structural benchmark (2008)
   Identified as a key support to the newly adopted Medium Term
    Id ifi d        k               h     l d       d M di      T
    Framework (2010/ 2011) – Part of PFM Reform
   Proposed a Two phase approach of Consolidating existing capacity
    and Expanding this after one year (Institutions Identified through
    Portion of National Budget, Residual Risk, PRS importance and donor
    expectations (risk)
   Proposed Consolidation begins at Ministries of Finance, Health,
        p                      g                             ,       ,
    Education, Public Works and Lands Mines & Energy
   Proposes an Institutional Framework covering a Governance Board,
    Secretariat and Audit Committees in Line Ministries
   Proposes the Governance board establishes Common Audit Priorities
    for the M&As
   Proposes adoption of a 5 level IA Capability Maturity framework
GOL INTERNAL AUDIT STRATEGY -2/3
                             2/3

   Risks facing the GOL IA Strategy
     Appointment   of a Board
        The Governance board consisting 5 members, including
         the GAC, MoF, CSA, PPCC and a Private Sector Member is
         currently being formulated and could be in place soon.
    A  lack of demand for IA functions
     Limited capacity to undertake Internal Audits

     Failure of External Audit/ GAC to coordinate with IA

     Failure to include IA in objective setting
GOL INTERNAL AUDIT STRATEGY -3/3
                             3/3

   Key Secretariat Deliverables outstanding
     Audit Manual
     Audit Committee Charter

     Annual Risk Assessment (Audit Priority)

     Audit Plan

     Audit Announcement letter

     A dit working papers
      Audit    ki g
     The Audit Report
WHAT IS INTERNAL CONTROL?
   internal control is defined as a process effected by an
    organization's structure, work and authority flows, people
      g i ti ' t t                k d th it fl                l
    and management information systems, designed to help the
    organization accomplish specific goals or objectives.
   The Control h ld be
    Th C t l should b capable of responding quickly t
                                 bl f         di      i kl to
    evolving risks to the business arising from factors within the
    company and to changes in the business environment.
   Internal Control consists of 5 i
    I      lC       l     i     f inter-related components
                                          l d
       Control Environment
       Risk Assessment
       Information and Communication Processes
       Monitoring
       Existing Control Activities
THE CONTROL ENVIRONMENT
                                                    g
    The control environment sets the tone of an organization,
    influencing the control consciousness of its people. It is the
    foundation for all other components of internal control,
    providing discipline and structure. Control environment factors
                              structure
    include the integrity, ethical values and competence of the
    entity’s people; management’s philosophy and operating style;
    the
    th way management assigns authority and responsibility, and
                           t    i       th it   d         ibilit   d
    organises and develops its people; and the attention and
    direction provided by the Oversight board.
RISKS ASSESSMENT                                 1/4
   Every entity faces a variety of risks from external and
    internal sources that must be assessed. A precondition to
    i t     l         th t     tb            d           diti t
    risk assessment is establishment of objectives, linked at
    different levels and internally consistent. Risk assessment is
    the identification and analysis of relevant risks to
    achievement of objectives, forming a basis for determining
    how the risks should be managed.
   Because economic industry regulatory and operating
              economic, industry,
    conditions will continue to change, mechanisms are needed
    to identify and deal with the special risks associated with
    change.
    change
   There are many techniques available for identifying risk.
    Some are detail based and offer quantification, others are
    scenario-based or qualitative
                        qualitative.
RISK ASSESSMENT   2/4
RISK ASSESSMENT                       3/4
   For those risks that are controllable, the company
    must decide whether to accept those risks or
    whether to mitigate the risk through control
    procedures. For those risks that cannot be
    controlled, the Board must decide whether to
    accept the risks or to withdraw from, or reduce the
    level of business activity concerned
                               concerned.

   Contingency plans should be considered where
    the Board elects to accept uncontrollable
    significant risks.
RISK ASSESSMENT - AFTER                4/4
RISK DECISION MAKING

  Tolerate / Accept risk; simply take the chance
  that the negative impact will be incurred
 Terminate/ Avoid risk; changing plans in order to
  prevent the problem from arising
 Transition/ Mitigate risk; lessening its impact
  through intermediate steps
        g                    p
 Transfer risk; outsource risk to a capable third
  party that can manage the outcome
INFORMATION AND COMMUNICATION
PROCESSES                  1/2
   Pertinent information must be identified, captured and
    communicated in a form and timeframe that enables
              i    di    f       d i f          h     bl
    people to carry out their responsibilities.
   Information systems produce reports, containing
                  y        p        p      ,        g
    operational, financial and compliance-related
    information, that make it possible to run and control the
    business. They deal not only with internally generated
                   y             y              yg
    data, but also information about external events,
    activities and conditions necessary to informed
    bus ess decision-making a d e te a reporting
    business dec s o      a g and external epo t g
    Effective communication must also occur in a broader
    sense, flowing down, across and up the organisation.
INFORMATION AND COMMUNICATION
PROCESSES                  2/2
 All personnel must receive a clear message from
  top management that control responsibilities must
  be taken seriously. They must understand their
  own role in the internal control system, as well as
  how individual activities relate to the work of
  others.
 Th
  They must have a means of communicating
              h                f          i i
  significant information upstream. There also
  needs to be effective communication with external
    eeds        e ect e co       u cat o    t e te a
  parties, such as customers, suppliers, regulators
  and shareholders.
MONITORING
   Internal control systems need to be monitored - a process
    that assesses the quality of the system’s performance over
    th t            th     lit f th      t ’     f
    time. This is accomplished through ongoing monitoring
    activities, separate evaluations or a combination of the two.
    On going monitoring occurs in the course of operations. It
                                                 operations
    includes regular management and supervisory activities,
    and other actions personnel take in performing their duties.
   The scope and frequency of separate evaluations will
    depend primarily on an assessment of risks and the
    effectiveness of ongoing monitoring procedures. Internal
    control deficiencies should be reported upstream, with
                                             upstream
    serious matters reported to top management and the Board.
EXISTING CONTROL ACTIVITIES
 Control activities are the policies and procedures
  that help ensure that management directives are
  carried out. They help ensure that necessary
  actions are taken to address risks to achievement
  of the entity’s objectives.
 Control activities occur throughout the
  organisation, at all l l and in all f
        i i          ll levels d i ll functions. Th
                                             i   They
  include a range of activities as diverse as
  app o a s, aut o sat o s, e cat o s,
  approvals, authorisations, verifications,
  reconciliations, reviews of operating performance,
  security of assets and segregation of duties.
CRIME


  Control           Risk        Information and
Environment
E i       t      Assessment
                 A        t     Communication
                                C        i ti



                       Existing Control
         Monitoring
                  g
                          Activities
INHERENT WEAKNESSES OF INTERNAL
CONTROLS
   Internal Control provide only reasonable
    assurance due to following inherent
    weaknesses
     Human   error which includes error in design and use
      of automated controls
     Deliberate circumvention of controls

     Management over ride

     Cost-benefit considerations
AUDIT RISK/ RESIDUAL RISK
   Audit risk (                                  )
                (also referred to as residual risk)
    refers to acceptable audit risk, i.e. it indicates
    the auditor's willingness to accept that the
    financial statements may be materially
    misstated after the audit is completed and an
    unqualified ( l
           lifi d (clean) opinion was i
                         ) i i         issued. If th
                                              d the
    auditor decides to lower audit risk, it means
    that he wants to be more certain that the
    financial statements are not materially
    misstated.

Weitere ähnliche Inhalte

Was ist angesagt?

An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditinggrifff
 
Evolving role of internal auditing function
Evolving role of internal auditing functionEvolving role of internal auditing function
Evolving role of internal auditing functionDebashis Gupta
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal AuditArmeniaFED
 
Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Nidhi Gupta
 
Basic internal auditing
Basic internal auditingBasic internal auditing
Basic internal auditingKhalid Aziz
 
Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditorsminkhollow
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO FrameworkJesús Gándara
 
MEASURING INTERNAL AUDIT PERFORMANCE
MEASURING INTERNAL AUDIT PERFORMANCEMEASURING INTERNAL AUDIT PERFORMANCE
MEASURING INTERNAL AUDIT PERFORMANCEbbongio
 
Financial Statements Audit
Financial Statements AuditFinancial Statements Audit
Financial Statements AuditSalih Islam
 
Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal AuditKaran Puri
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing PresentationVernon Benjamin
 
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...Taufir Alam
 
Risk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal AuditRisk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal AuditSmitesh Bhosale
 

Was ist angesagt? (20)

An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditing
 
Evolving role of internal auditing function
Evolving role of internal auditing functionEvolving role of internal auditing function
Evolving role of internal auditing function
 
Internal audit
Internal auditInternal audit
Internal audit
 
The Role of Internal Audit
The Role of Internal AuditThe Role of Internal Audit
The Role of Internal Audit
 
Internal audit
Internal auditInternal audit
Internal audit
 
Proposal risk based internal audit 2013
Proposal risk based internal audit 2013Proposal risk based internal audit 2013
Proposal risk based internal audit 2013
 
Internal audit ppt
Internal audit  pptInternal audit  ppt
Internal audit ppt
 
Basic internal auditing
Basic internal auditingBasic internal auditing
Basic internal auditing
 
Risk based internal auditing
 Risk based internal auditing Risk based internal auditing
Risk based internal auditing
 
Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditors
 
Internal Audit COSO Framework
Internal Audit COSO FrameworkInternal Audit COSO Framework
Internal Audit COSO Framework
 
MEASURING INTERNAL AUDIT PERFORMANCE
MEASURING INTERNAL AUDIT PERFORMANCEMEASURING INTERNAL AUDIT PERFORMANCE
MEASURING INTERNAL AUDIT PERFORMANCE
 
Financial Statements Audit
Financial Statements AuditFinancial Statements Audit
Financial Statements Audit
 
Internal Audit Manual
Internal Audit ManualInternal Audit Manual
Internal Audit Manual
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 
Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal Audit
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing Presentation
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
 
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...
Audit of Internal Financial Control over Financial Reporting (IFCR) A complet...
 
Risk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal AuditRisk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal Audit
 

Andere mochten auch

Audit Documentation Presentation
Audit Documentation PresentationAudit Documentation Presentation
Audit Documentation PresentationKarim70
 
Analytical procedures presentation
Analytical procedures presentationAnalytical procedures presentation
Analytical procedures presentationDarryl Woolley
 
Type of auditing
Type of auditingType of auditing
Type of auditingDharmik
 
management letter
management lettermanagement letter
management letter19970116
 
Audit Programme: Concept, Types, Functions, Advantages & Disadvantages
Audit Programme: Concept, Types, Functions, Advantages & DisadvantagesAudit Programme: Concept, Types, Functions, Advantages & Disadvantages
Audit Programme: Concept, Types, Functions, Advantages & DisadvantagesJagriti Gupta
 
External audit plan
External audit planExternal audit plan
External audit planaleja234
 
The 7 Keys to an Effective Audit Programme
The 7 Keys to an Effective Audit ProgrammeThe 7 Keys to an Effective Audit Programme
The 7 Keys to an Effective Audit ProgrammeCraig Thornton
 
Topik 8 Audit Sampling
Topik 8 Audit SamplingTopik 8 Audit Sampling
Topik 8 Audit SamplingDania Johan
 
Topic 2 objectives and scope of financial statement audit
Topic 2 objectives and scope of financial statement auditTopic 2 objectives and scope of financial statement audit
Topic 2 objectives and scope of financial statement auditsakura rena
 
audit sampling notes
audit sampling notesaudit sampling notes
audit sampling notesstudent
 
Internal control system
Internal control systemInternal control system
Internal control systemMadiha Hassan
 
Audit planning- Review Questionnaire.
Audit planning- Review Questionnaire.Audit planning- Review Questionnaire.
Audit planning- Review Questionnaire.Magnolia Raz
 
Audit programme
Audit programmeAudit programme
Audit programmeKumandan
 
BMC Remedy ITSM 8.0 What's New
BMC Remedy ITSM 8.0 What's NewBMC Remedy ITSM 8.0 What's New
BMC Remedy ITSM 8.0 What's NewBMC Software
 

Andere mochten auch (20)

Audit Documentation Presentation
Audit Documentation PresentationAudit Documentation Presentation
Audit Documentation Presentation
 
Analytical procedures presentation
Analytical procedures presentationAnalytical procedures presentation
Analytical procedures presentation
 
Audit procedures
Audit proceduresAudit procedures
Audit procedures
 
Type of auditing
Type of auditingType of auditing
Type of auditing
 
management letter
management lettermanagement letter
management letter
 
Audit Programme: Concept, Types, Functions, Advantages & Disadvantages
Audit Programme: Concept, Types, Functions, Advantages & DisadvantagesAudit Programme: Concept, Types, Functions, Advantages & Disadvantages
Audit Programme: Concept, Types, Functions, Advantages & Disadvantages
 
Audit documentation
Audit documentationAudit documentation
Audit documentation
 
External audit plan
External audit planExternal audit plan
External audit plan
 
Workshop presentation on internal control and internal audit by Jose Viegas R...
Workshop presentation on internal control and internal audit by Jose Viegas R...Workshop presentation on internal control and internal audit by Jose Viegas R...
Workshop presentation on internal control and internal audit by Jose Viegas R...
 
The 7 Keys to an Effective Audit Programme
The 7 Keys to an Effective Audit ProgrammeThe 7 Keys to an Effective Audit Programme
The 7 Keys to an Effective Audit Programme
 
Topik 8 Audit Sampling
Topik 8 Audit SamplingTopik 8 Audit Sampling
Topik 8 Audit Sampling
 
Topic 2 objectives and scope of financial statement audit
Topic 2 objectives and scope of financial statement auditTopic 2 objectives and scope of financial statement audit
Topic 2 objectives and scope of financial statement audit
 
Bmc presentation
Bmc presentationBmc presentation
Bmc presentation
 
audit sampling notes
audit sampling notesaudit sampling notes
audit sampling notes
 
Internal control system
Internal control systemInternal control system
Internal control system
 
Audit planning- Review Questionnaire.
Audit planning- Review Questionnaire.Audit planning- Review Questionnaire.
Audit planning- Review Questionnaire.
 
Chapter 3
Chapter 3Chapter 3
Chapter 3
 
Audit programme
Audit programmeAudit programme
Audit programme
 
04 Audit documentation
04  Audit documentation 04  Audit documentation
04 Audit documentation
 
BMC Remedy ITSM 8.0 What's New
BMC Remedy ITSM 8.0 What's NewBMC Remedy ITSM 8.0 What's New
BMC Remedy ITSM 8.0 What's New
 

Ähnlich wie Internal Audit And Internal Control Presentation Leo Wachira

Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...Stephen G. Lynch
 
Internal Controls Topic 2.ppt
Internal Controls Topic 2.pptInternal Controls Topic 2.ppt
Internal Controls Topic 2.pptyahyamuthamia
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk ConsultingPrashant Jain
 
PART II INTERNAL AUDITING in local government.ppt
PART II  INTERNAL AUDITING in local government.pptPART II  INTERNAL AUDITING in local government.ppt
PART II INTERNAL AUDITING in local government.pptCamellaCandon
 
Assessing risks and internal controls training
Assessing  risks and internal controls   trainingAssessing  risks and internal controls   training
Assessing risks and internal controls trainingshifataraislam
 
Internal Audit in Post COVID Era.pdf
Internal Audit in Post COVID Era.pdfInternal Audit in Post COVID Era.pdf
Internal Audit in Post COVID Era.pdfFiyona Nourin
 
Designing Effective Financial Controls
Designing Effective Financial ControlsDesigning Effective Financial Controls
Designing Effective Financial ControlsStephen G. Lynch
 
Internal controls maturity and SME corporate governanance
Internal controls maturity and SME corporate governananceInternal controls maturity and SME corporate governanance
Internal controls maturity and SME corporate governananceBrowne & Mohan
 
Coso And Internal Audit
Coso And Internal AuditCoso And Internal Audit
Coso And Internal Auditijazurrehman
 
Advanced auditing Chapter Five.Internal control pptx
Advanced auditing Chapter Five.Internal control pptxAdvanced auditing Chapter Five.Internal control pptx
Advanced auditing Chapter Five.Internal control pptxseidIbrahim2
 
Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015Tim Leech
 
Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015Tim Leech
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controlstarunmallappa
 
Information system control and audit
Information system control and auditInformation system control and audit
Information system control and auditAstri Stiawaty
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKHaresh Lalwani
 
Tyco Internal Audit Case Study
Tyco Internal Audit Case StudyTyco Internal Audit Case Study
Tyco Internal Audit Case StudyJessica Myers
 
INTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxINTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxHeldaMaryA
 
2016 - IQPC - Understanding and Assessing Corruption Risk
2016 - IQPC - Understanding and Assessing Corruption Risk2016 - IQPC - Understanding and Assessing Corruption Risk
2016 - IQPC - Understanding and Assessing Corruption RiskDr Darren O'Connell AGIA
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionDuncan O. Ogutu; CPA, CFE
 

Ähnlich wie Internal Audit And Internal Control Presentation Leo Wachira (20)

Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...
 
Internal Controls Topic 2.ppt
Internal Controls Topic 2.pptInternal Controls Topic 2.ppt
Internal Controls Topic 2.ppt
 
Spire Brief - Risk Consulting
Spire Brief - Risk ConsultingSpire Brief - Risk Consulting
Spire Brief - Risk Consulting
 
PART II INTERNAL AUDITING in local government.ppt
PART II  INTERNAL AUDITING in local government.pptPART II  INTERNAL AUDITING in local government.ppt
PART II INTERNAL AUDITING in local government.ppt
 
Assessing risks and internal controls training
Assessing  risks and internal controls   trainingAssessing  risks and internal controls   training
Assessing risks and internal controls training
 
Internal Audit in Post COVID Era.pdf
Internal Audit in Post COVID Era.pdfInternal Audit in Post COVID Era.pdf
Internal Audit in Post COVID Era.pdf
 
Designing Effective Financial Controls
Designing Effective Financial ControlsDesigning Effective Financial Controls
Designing Effective Financial Controls
 
Internal controls maturity and SME corporate governanance
Internal controls maturity and SME corporate governananceInternal controls maturity and SME corporate governanance
Internal controls maturity and SME corporate governanance
 
Coso And Internal Audit
Coso And Internal AuditCoso And Internal Audit
Coso And Internal Audit
 
Advanced auditing Chapter Five.Internal control pptx
Advanced auditing Chapter Five.Internal control pptxAdvanced auditing Chapter Five.Internal control pptx
Advanced auditing Chapter Five.Internal control pptx
 
Risk based auditing
Risk based auditingRisk based auditing
Risk based auditing
 
Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015
 
Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015
 
Internal Financial Controls
Internal Financial ControlsInternal Financial Controls
Internal Financial Controls
 
Information system control and audit
Information system control and auditInformation system control and audit
Information system control and audit
 
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORKPOSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
POSITION OF INTERNAL AUDIT IN THE CORPORATE FRAMEWORK
 
Tyco Internal Audit Case Study
Tyco Internal Audit Case StudyTyco Internal Audit Case Study
Tyco Internal Audit Case Study
 
INTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptxINTERNAL CONTROL-PPT.pptx
INTERNAL CONTROL-PPT.pptx
 
2016 - IQPC - Understanding and Assessing Corruption Risk
2016 - IQPC - Understanding and Assessing Corruption Risk2016 - IQPC - Understanding and Assessing Corruption Risk
2016 - IQPC - Understanding and Assessing Corruption Risk
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final Version
 

Internal Audit And Internal Control Presentation Leo Wachira

  • 1. Internal Auditing and Internal Controls By Leo Wachira
  • 2. GOVERNANCE OVERSIGHT – P li Policy Setting STEWARDSHIP - M Managers i in charge of full business units TACTICAL / OPERATIONAL – Includes Line / Supervisory management ASSURANCE – Includes Internal Audit/ External Audit, M&E and Internal Affairs
  • 3. AGENDA OF PRESENTATION  What is Internal Auditing?  Why and How is Internal Auditing carried out in the Government of Liberia?  What are Internal Controls?  What are Some Common irregularities resulting from a failure in Internal Controls?  Question & Answers
  • 4. WHAT IS INTERNAL AUDITING? Some Definitions:  is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. operations It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes……The IIA Definition  An appraisal activity established or provided as a service to the entity. entity Its functions include, amongst other things, examining, include things examining evaluating and monitoring the adequacy and effectiveness of internal control. …………The ISA 610 and ISSAI 1003 Definition
  • 5. INTERNAL AUDITING IN GOL  The Auditor-General is the is the principal responsible for conducting comprehensive post audits, special Financial investigations, reconciliation s reconciliation's and analyses, and continuous audits on a routine basis…… Section 53.3 of the Executive Law of 1972.  The function, reporting responsibilities and function activities of internal auditors shall be prescribed in regulations under this Act, supplemented by instructions and guidelines issued by the Minister in Collaboration with the Auditor General….Section 38, PFM Act (2009)
  • 6. INTERNATIONAL BEST PRACTICE  Internal auditing is conducted in diverse legal and cultural environments; within organizations that vary in purpose, size, complexity, and structure; and by persons within or outside the organization. While differences may affect the practice of internal auditing in each environment, conformance with The IIA's International Standards for the Professional Practice of Internal Auditing (Standards) is essential in meeting the responsibilities of internal auditors and the internal audit activity.
  • 7. GOL INTERNAL AUDIT STRATEGY 1/3  Adopted by the Cabinet as a structural benchmark (2008)  Identified as a key support to the newly adopted Medium Term Id ifi d k h l d d M di T Framework (2010/ 2011) – Part of PFM Reform  Proposed a Two phase approach of Consolidating existing capacity and Expanding this after one year (Institutions Identified through Portion of National Budget, Residual Risk, PRS importance and donor expectations (risk)  Proposed Consolidation begins at Ministries of Finance, Health, p g , , Education, Public Works and Lands Mines & Energy  Proposes an Institutional Framework covering a Governance Board, Secretariat and Audit Committees in Line Ministries  Proposes the Governance board establishes Common Audit Priorities for the M&As  Proposes adoption of a 5 level IA Capability Maturity framework
  • 8. GOL INTERNAL AUDIT STRATEGY -2/3 2/3  Risks facing the GOL IA Strategy  Appointment of a Board  The Governance board consisting 5 members, including the GAC, MoF, CSA, PPCC and a Private Sector Member is currently being formulated and could be in place soon. A lack of demand for IA functions  Limited capacity to undertake Internal Audits  Failure of External Audit/ GAC to coordinate with IA  Failure to include IA in objective setting
  • 9. GOL INTERNAL AUDIT STRATEGY -3/3 3/3  Key Secretariat Deliverables outstanding  Audit Manual  Audit Committee Charter  Annual Risk Assessment (Audit Priority)  Audit Plan  Audit Announcement letter  A dit working papers Audit ki g  The Audit Report
  • 10. WHAT IS INTERNAL CONTROL?  internal control is defined as a process effected by an organization's structure, work and authority flows, people g i ti ' t t k d th it fl l and management information systems, designed to help the organization accomplish specific goals or objectives.  The Control h ld be Th C t l should b capable of responding quickly t bl f di i kl to evolving risks to the business arising from factors within the company and to changes in the business environment.  Internal Control consists of 5 i I lC l i f inter-related components l d  Control Environment  Risk Assessment  Information and Communication Processes  Monitoring  Existing Control Activities
  • 11. THE CONTROL ENVIRONMENT  g The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors structure include the integrity, ethical values and competence of the entity’s people; management’s philosophy and operating style; the th way management assigns authority and responsibility, and t i th it d ibilit d organises and develops its people; and the attention and direction provided by the Oversight board.
  • 12. RISKS ASSESSMENT 1/4  Every entity faces a variety of risks from external and internal sources that must be assessed. A precondition to i t l th t tb d diti t risk assessment is establishment of objectives, linked at different levels and internally consistent. Risk assessment is the identification and analysis of relevant risks to achievement of objectives, forming a basis for determining how the risks should be managed.  Because economic industry regulatory and operating economic, industry, conditions will continue to change, mechanisms are needed to identify and deal with the special risks associated with change. change  There are many techniques available for identifying risk. Some are detail based and offer quantification, others are scenario-based or qualitative qualitative.
  • 14. RISK ASSESSMENT 3/4  For those risks that are controllable, the company must decide whether to accept those risks or whether to mitigate the risk through control procedures. For those risks that cannot be controlled, the Board must decide whether to accept the risks or to withdraw from, or reduce the level of business activity concerned concerned.  Contingency plans should be considered where the Board elects to accept uncontrollable significant risks.
  • 15. RISK ASSESSMENT - AFTER 4/4 RISK DECISION MAKING  Tolerate / Accept risk; simply take the chance that the negative impact will be incurred  Terminate/ Avoid risk; changing plans in order to prevent the problem from arising  Transition/ Mitigate risk; lessening its impact through intermediate steps g p  Transfer risk; outsource risk to a capable third party that can manage the outcome
  • 16. INFORMATION AND COMMUNICATION PROCESSES 1/2  Pertinent information must be identified, captured and communicated in a form and timeframe that enables i di f d i f h bl people to carry out their responsibilities.  Information systems produce reports, containing y p p , g operational, financial and compliance-related information, that make it possible to run and control the business. They deal not only with internally generated y y yg data, but also information about external events, activities and conditions necessary to informed bus ess decision-making a d e te a reporting business dec s o a g and external epo t g Effective communication must also occur in a broader sense, flowing down, across and up the organisation.
  • 17. INFORMATION AND COMMUNICATION PROCESSES 2/2  All personnel must receive a clear message from top management that control responsibilities must be taken seriously. They must understand their own role in the internal control system, as well as how individual activities relate to the work of others.  Th They must have a means of communicating h f i i significant information upstream. There also needs to be effective communication with external eeds e ect e co u cat o t e te a parties, such as customers, suppliers, regulators and shareholders.
  • 18. MONITORING  Internal control systems need to be monitored - a process that assesses the quality of the system’s performance over th t th lit f th t ’ f time. This is accomplished through ongoing monitoring activities, separate evaluations or a combination of the two. On going monitoring occurs in the course of operations. It operations includes regular management and supervisory activities, and other actions personnel take in performing their duties.  The scope and frequency of separate evaluations will depend primarily on an assessment of risks and the effectiveness of ongoing monitoring procedures. Internal control deficiencies should be reported upstream, with upstream serious matters reported to top management and the Board.
  • 19. EXISTING CONTROL ACTIVITIES  Control activities are the policies and procedures that help ensure that management directives are carried out. They help ensure that necessary actions are taken to address risks to achievement of the entity’s objectives.  Control activities occur throughout the organisation, at all l l and in all f i i ll levels d i ll functions. Th i They include a range of activities as diverse as app o a s, aut o sat o s, e cat o s, approvals, authorisations, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties.
  • 20. CRIME Control Risk Information and Environment E i t Assessment A t Communication C i ti Existing Control Monitoring g Activities
  • 21. INHERENT WEAKNESSES OF INTERNAL CONTROLS  Internal Control provide only reasonable assurance due to following inherent weaknesses  Human error which includes error in design and use of automated controls  Deliberate circumvention of controls  Management over ride  Cost-benefit considerations
  • 22. AUDIT RISK/ RESIDUAL RISK  Audit risk ( ) (also referred to as residual risk) refers to acceptable audit risk, i.e. it indicates the auditor's willingness to accept that the financial statements may be materially misstated after the audit is completed and an unqualified ( l lifi d (clean) opinion was i ) i i issued. If th d the auditor decides to lower audit risk, it means that he wants to be more certain that the financial statements are not materially misstated.