Upload
surajit-datta
View
106
Download
2
Embed Size (px)
Citation preview
Common Internal Audit Findings
& How to Avoid Them
April 6, 2016, 10:00 am – 12:00 pm
Workshop Conducted by: Surajit Datta
1. Internal Audit
2. Internal Controls
3. Elements of Internal Controls
4. Audit Findings
5. Common Internal Audit Findings
6. Fraud Indicators
7. How to Avoid Audit Findings
TopicsIAD Workshop - 2016
Internal Audit
The Institute of Internal Auditors defines Internal Auditing as…
"An independent, objective assurance and consulting activity designed to add value and improve and organization's operations.
It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes."
IAD Workshop - 2016
• 2002 – Enron• Billions of dollars of market value erased. Thousands of jobs lost. Savings wiped out. The
Enron failure demonstrated a failure of corporate governance, in which internal control mechanisms were short-circuited by conflicts of interest that enriched certain managers at the expense of the shareholders.
• 2008 - $ 500 million loss by Merrill Lynch“several mitigating internal controls were not operating effectively and therefore failed to identify the intercompany difference that resulted in the huge loss” - Deloitte.
Effects of Internal Control FailuresIAD Workshop - 2016
A process designed to provide reasonable assurance about the achievement of an entity’s objectives concerning:
Financial reporting Effectiveness of operations Compliance with laws and regulations
What are Internal ControlsIAD Workshop - 2016
What are Internal ControlsIAD Workshop - 2016
FINANCIAL 1. Promotes integrity of
data used in making business decisions2. Assists in fraud
prevention and detection through the creation of
an auditable trail of evidence
COMPLIANCE
Helps maintain compliance with laws and
regulations through periodic monitoring
OPERATIONAL1. Promotes efficiency and effectiveness of operations through
standardized processes 2. Ensures the
safeguarding of assets through control activities
Effective internal controls prevent fraud, waste, and abuse
Develop internal controls to address the risks identified during your “risk assessment process”
Review and adjust your control activities to ensure they are working
Control Environment Risk Assessment Control Activities Information and Communication Monitoring
5 Elements of Internal ControlsIAD Workshop - 2016
Tone at the Top Commitment to Competence Management’s Philosophy/Integrity Management’s Direction/Assignment of Responsibility Human Resources Policies and Procedures
Control EnvironmentIAD Workshop - 2016
Identify the Risks to Achievement of aswaaq’s Objectives in relation to:
Reporting Financial (Cash Management) Operational Compliance (with laws and regulations)
Prioritize them (Probability X Impact)
Develop a plan to manage them (Risk Response / Mitigation Action plans or BCPs)
Risk AssessmentIAD Workshop - 2016
Specific to the company’s operation and may include the following: Policies and procedures to protect against fraud, waste, and abuse Authorizations and approvals (DOA) Verifications (Internal Checks, Checklists, etc.) Reconciliations Segregation of duties Review operational performance
Control ActivitiesIAD Workshop - 2016
Financial Reporting Operational Reporting Accounting Manual Compliance Reporting Codes of Conduct Keep the communication lines open
Information & CommunicationIAD Workshop - 2016
Budget to Actual Internal Audits Reconciliations to General Ledger Management review of controls Review of exception reports External Audit Audit Committee
MonitoringIAD Workshop - 2016
Audit Findings Risk assessment
Corrective action required Audit recommendation
A management opportunity Risk response / risk mitigation action plans
Result of AuditsIAD Workshop - 2016
Financial misstatement
Control weakness
Policy or other rule violations
Other issues identified during the audit
Audit findings – What are they?IAD Workshop - 2016
Internal Control failure profileIAD Workshop - 2016
Error4% Weak
Monitor-ing &
Control25%
Non-compliance31%
Others27%
Process design
10%
SOD3% weaknesses which may put some of the
company objectives at risk that are primarily due to- compliance inconsistencies with
established policies and procedures ineffective process design, and weak monitoring
1. Non-compliance of established company policy or statutes
2. Process execution not following the established DOA
3. Segregation of Duties (SOD) Conflict
Ensure tasks and process flows have a check and balance. For example: A person who is responsible for collecting payments should not be
responsible for creating the deposit and reconciling to source documents.
4. Lack of sufficient supervision / monitoring
5. Lack of Awareness of Company Policies
Common Internal Audit FindingsIAD Workshop - 2016
6. Lack of Written Policies and Procedures (Departmental) Major business transactions and related internal controls of a department's operations
should be clearly documented, periodically reviewed and updated.
7. Lack of Formally Documented Approvals
Evidence should be maintained to document independent approvals (e.g. reconciliations, departmental financial statements, etc.)
8. Unbudgeted expense
9. Absence of Supporting Documentation Transactions should be appropriately supported by documentation. For example:
Journal Entries: Purpose, related source documents, approvals Purchases: Requisition, competitive bidding, purchase order, invoice, approvals
Common Internal Audit FindingsIAD Workshop - 2016
10.Lack of Proper Safeguarding of Assets
11.Inappropriate Information Security Access
Critical or sensitive information should be appropriately restricted based on job duties.
12.Inaccurate Financial Reporting
Examples include: Expenses:
Invoices Not recorded as a liability upon commitment Overtime Not approved timely
Revenues: Receivables Not recorded in books (booked when cash is received) Income Recorded as an offset to an expense account rather than to an income account
Common Internal Audit FindingsIAD Workshop - 2016
1. One person in control
2. No separation of duties
3. High turnover of personnel
4. Unexplained entries in records
5. Unusually large amounts of payments for cash
6. Inadequate or missing documentation
7. Altered records (white-out, copies of documents, etc.)
8. Non-serial number transactions
9. Inventories and financial records not reconciled
Fraud IndicatorsIAD Workshop - 2016
Fraud IndicatorsIAD Workshop - 2016
10.Lack of internal controls/ignoring controls
11.Repeat audit findings
12.Unauthorized transactions
13.Ability to get around internal controls that prevent or detect fraud
14.Inability to judge quality of performance
15.Lack of an audit trail
16.Failure to discipline prior fraud perpetrators
Internal Audit Report
Read it and discuss with IAD Understand the problem Understand the recommended corrective action Plan the corrective action steps
Develop the overall corrective action plan Assign overall responsibility Assign specific action step responsibilities Establish a time line Follow up – sustained attention Verify completion and effectiveness Report to management
How to Avoid Audit FindingsIAD Workshop - 2016
Establish Policies and Procedures
• Write them• Follow them• Review and up-date them as needed
Establish Internal Controls
• Financial• Operational• Compliance• Cash Management
How to Avoid Audit FindingsIAD Workshop - 2016