Internal Control & Inv Mgmt

8/2/2019 Internal Control & Inv Mgmt

1/25

Presented by:

Nirajan Simkhada, FCA


2/25

Introduction Internal Policies such as Accounting Manual, Financial

Rules, Staff Rules etc in each organization aimed towards

implementation of Strong Control System and Compliance.

Rule 95 of Financial Procedures Rule 2064 provides that

each Ministry/Department shall prepare and implement an

internal control system commensurate with the nature ofoperations to accomplish the work in an economical,

efficient and effective manner; make financial reporting

system more reliable and to accomplish the function in

accordance with the prevailing laws. Control system varies in accordance with nature of

operations and size of the organization. However, the

bottom line is it should be adequately designed and

effectively implemented.


3/25

Definition

A sound internal control system facilitates smooth

functioning of activities under the budgetary

framework. It is the plan of organization and all

methods/procedures adopted to assist in achieving

management objectives of ensuring: Safeguarding of assets

Prevention and detection of fraud and error

Accuracy and completeness of accountingrecords

Timely preparation of reliable financial

statements.


4/25

Definitions .contd Alternatively, Internal Control is a Series Of Procedures

designed to promote and protect sound management

practices. Adherence to sound internal control procedures will

significantly increase the likelihood that:

Operations of organization is conducted effectively and

efficiently;

Financial information is reliable, so that managers and the

board can depend on accurate information to make

programmatic and other decisions;

Assets and records of the organization are not stolen,misused, or accidentally destroyed ;

The organizations policies are followed and

Government regulations are met.


5/25

Level of Assurance

Internal Control process designed by management provides

REASONABLE ASSURANCE regarding the achievement of

objectives in the following categories:

Effectiveness and Efficiency of Operations

Reliability of Financial Reporting

Compliance with applicable laws and regulations

Understanding Internal Controls provides an additional

reference tool for the personnel to: Identify and assess operating controls, financial reporting,

and legal/regulatory compliance.

Processes and to take action to strengthen controls where

needed.


6/25

Level of Assurance.Contd

An effective control system provides

REASONABLE, but not ABSOLUTE assurance

for the safeguarding of assets, reliability of

financial information, and compliance with laws

and regulations. Reasonable Assurance is to provide management

with the appropriate BALANCE BETWEEN RISK

and the LEVEL OF CONTROLS to meet the

objectives.

The COST of a control should not exceed the

BENEFIT to be derived from it.


7/25

Balancing Risk and ControlBalancing Risk and Control : Risk is the probability that an event or action will

adversely affect the organization. The primary categories of risk are errors,

omissions, delay and fraud.

Control procedures shall decrease risk to a level where management can accept

the exposure to that risk.

Being out of balance can cause the following problems:

In order to achieve a balance between risk and controls, internal controls should

be proactive, value-added, cost-effective and addresses the exposure to risk.

Excessive Risk Excessive Controls

Loss of Assets, Donor or Grants Increased Bureaucracy

Poor Business Decisions Reduced Productivity

Noncompliance Increased Complexity

Increased Regulations Increased Cycle Time

Public Scandals Increase of No-Value Activities


8/25

Characteristics of FraudCharacteristics for Fraud : Motivation, Opportunity and Personal Characteristics

Motivation is usually situational pressures in the form of a need for money, personalsatisfaction, or to alleviate a fear of failure.

Opportunity is access to a situation where fraud can be perpetrated, such as weaknesses

in internal controls, necessities of an operating environment, management styles and

corporate culture.

Personal characteristics include a willingness to commit fraud. Personal integrity and

moral standards need to be flexible enough to justify the fraud, perhaps out of a needto feed their children or pay for a family illness.

Controls:

It is difficult to have an effect on an individuals motivation for fraud.

Personal characteristics can sometimes be changed through training and awarenessprograms.

Opportunity is the easiest and most effective requirement to address to reduce the

probability of fraud. By developing effective systems of internal control, you can remove

opportunities to commit fraud.


9/25

Components of Internal Control

5 components divided in 2 broad groups:

1. Control Environment

2. Control Procedures :

2.1 Risk Assessment;

2.2 Control Activity;2.3 Information & Communication; and

2.4 Monitoring


10/25

Components of Internal ControlContd

Control (or Operating) Environment

Overall attitude, awareness and actions of executors and

management regarding the internal control system and its

importance in the entity.

It is the control consciousness of an organization and

atmosphere in which people conduct their activities and

carry out their control responsibilities.

Factors reflected in the control environment include

The function of the executive board and its sub-committee

Managements philosophy and operating style

The entitys organizational structure and methods of assigning

authority and responsibility

Managements control system including internal audit function,

personnel policies and procedures and segregation of duties.


11/25

Control Environmentcontd

Effective Control Environment

Competent peopleknowledgeable, mindful

Understanding of responsibilities, limits to their authority, and

Committed to doing right thing in right way.

Committed to follow an organization's policies and procedures and

its ethical and behavioral standards. The governing board and management enhance an

organization's control environment when they establish and

effectively communicate written policies and procedures, a code

of ethics, and standards of conduct.

Management is responsible for "setting the tone" for their

organization that encourages highest levels of integrity,

personal and professional standards, and assignment of

authority and responsibility.


12/25

Control Environmentcontd

Control Environment Tips

The control environment is greatly influenced by the extent to

which individuals recognize that they will be held accountable.

Listed below are some tips, not all inclusive, to enhance a

department's control environment.

Written Policies and Procedures clearly mentioning employee responsibilities,limits to authority, performance standards, control procedures, and reporting

relationships.

Discussion of ethical issues with employees.

Compliance with Conflict of Interest policy and disclose potential conflicts of

interest.

Adequate job descriptions exist, department has an adequate training program

for employees.

Employee performance evaluations are conducted periodically.

Appropriate disciplinary action is taken when an employee does not comply

with policies and procedures or behavioral standards.


13/25

Components of Internal ControlContd

Control Procedures

Policies and Procedures in addition to the controlenvironment which management has established to achieve

the entitys goals and objectives. Risk Assessment: (1) Identification, (2) Analysis and (2) Mitigation of Risk.

How to Identify Risk? Ask the following questions

What could go wrong?

How could we fail?

What must go right for us to succeed?

Where are we vulnerable?

What assets do we need to protect?

Do we have liquid assets or assets with alternative uses?

How could someone steal from the department?

How could someone disrupt our operations?

How do we know whether we are achieving our objectives?


14/25

Components of Internal ControlContdRisk Identification

On what information do we most rely?

On what do we spend the most money?

How do we bill and collect our revenue?

What decisions require the most judgment?

What activities are most complex?

What activities are regulated?

What is our greatest legal exposure?

Instances of High risk transactions

Petty cash (if high volumes are processed), Assets with Alternative Uses,

Cash Receipts (continuing education programs, gifts, endowments, special

events, bookstore, performances, etc.), Consultant Payments, Travel

Expenditures, Payments to Non-Vendors, Payroll (rates, changes,

terminations), Equipment, Equipment Moved Off-Location .


15/25

Components of Internal ControlContdRisk Analysis: Prioritize those risks based on following:

Assess the likelihood (or frequency) of the risk occurring. Estimate the potential impact if the risk were to occur; consider both

quantitative and qualitative costs.

Determine how the risk should be managed; decide what actions are necessary.

Risk Assessment Tips Make sure the department has a mission statement and written goals and

objectives.

Assess risks at the department level.

Assess risks at the activity (or process) level.

Make sure that all risks identified at the department level are analyzed andproper resolution is sought in the organizational level.


16/25

Components of Internal ControlContdControl Activity:

These are actions, supported by policies and procedures that, when carried outproperly and in a timely manner, manage or reduce risks.

Preventive Control :

Determine or prevent undesirable events from occurring,

Proactive controls that help to prevent a loss.Examples are segregation of duties, proper authorization, adequate documentation, and

physical control over assets.

Detective Control:

Detect undesirable acts

Reactive controlsExamples of detective controls are reviews, analyses, variance analyses, reconciliations,

physical inventories and audits.


17/25

Components of Internal ControlContdInformation & Communication: General Controls & Application Controls

General Controls are practices designed to maintain the integrity and availabilityof information processing functions, networks, and associated application systems

and includes:

Access Security, Data & Program Security, Physical Security

Software Development & Program Change Controls

Data Center Operations

Disaster Recovery Plan

Application Controls are the computer programs and processes, including manual

processes, that enable to conduct essential activities; buying products, paying

people, accounting for expenses and forecasting and monitoring budgets andincludes:

Input controls (e.g., edit checks)

Processing controls (e.g., record counts), and

Output controls (e.g., error listings).


18/25

Components of Internal ControlContdMonitoring

Organizations may select from a wide variety of monitoring procedures, includingbut not limited to:

Periodic evaluation and testing of controls by internal audit,

Continuous monitoring programs built into information systems,

Analysis of, and appropriate follow-up on, operating reports or metrics thatmight identify anomalies indicative of a control failure,

Supervisory reviews of controls, such as reconciliation reviews as a normal part

of processing,

Self-assessments by boards and management regarding the tone they set in the

organization and the effectiveness of their oversight functions, Audit Committee inquiries of internal and external auditors, and

Quality assurance reviews of the internal audit department.


19/25

Non-Profit Organization Perspective

Following minimum internal control procedures shall be followed

in case of non-profit making organizations.

Segregation of duties (authorization, recording, control and

payment),

Written standard procedures covering major activities and

operations, Examination of arithmetical accuracy of books of account,

Preparation of various control accounts,

Preparation of Trial balance,

Reconciliation of balances (Banks, subsidiary accounts, debtorsand creditors, etc.) and follow up for settlement,

Authorization of various transactions,

Control to access of books of account by unauthorized person,


20/25

Non-Profit Organization Perspectivecontd

System of protection given to various assets,

Physical verification of various fixed assets, consumables

and cash

Preparation of budget and comparison with actual

including investigation of unusual fluctuation, if any,

Procedure of reporting fraud and handling the same,

Transparency in disclosing activities and financials

(public/social auditing, information to DAO, SWC, etc.),

Independent and surprise verification, supervision and

monitoring, and

Internal Audit.


21/25

Conclusion: Maintaining Effective Controls

Segregation of duties by making every effort to apportion

duty in such a manner that no one individual, includingprogram coordinators, accountant, administrative assistants

and other senior personnel, controls all aspects of

transaction.

The auditor's management letter is an important indicatorof the adequacy of internal control structure, and the

degree to which it is maintained.

Cost benefit analysis

Minimum controls standards shall be established


22/25

Inventory Management

Non-expendable Inventory Management:

Permanent Record of Non-expendable Items: its cost,

quantity, make, brand, identification code, date of

acquisition, location and working condition.

Assets Movement Register (Loan Register)

Log Books of Vehicles:

Date of use, purpose of use and authority for use.

Calculation of mileage, cost of maintenance and operation of

vehicle shall be analysed

Unrealistic and unreasonable fluctuations shall be investigatedand reported to concerned higher authority.

Physical Verification: Periodic and Reconciliation

Safeguarding (Insurance Cover): Comprehensive risk

coverage


23/25

Inventory Management

Expendable Inventory Management

Processing and Payment: Requisition, GRN, PAID Stamp

Expenses on consumption basis

Issue : Requisition basis

Periodic reconciliation Separate and Updated records

Restricted Access

Safeguarding of Balances in Store


24/25

Questions

Please


25/25

Thank you

Documents

Internal Control & Inv Mgmt