Embed Size (px)
Citation preview
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
meaning• Internal control, as defined in accounting and auditing, is a
process for assuring achievement of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies.
• It is a means by which an organization's resources are directed, monitored, and measured. It plays an important role in detecting and preventing fraud and protecting the organization's resources, both physical (e.g., machinery and property) and intangible (e.g., reputation or intellectual property such as trademarks).
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
Steps to evaluate internal control system
Organize the process
Segment the company
Develop a schedule for vulnerability
Conduct vulnerability assessments
Establish plans for subsequent actions
Conduct internal reviews
Take corrective action
Prepare summary reports on internal control
Periodical test internal controls of high risk areas
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
Objectives of internal control• To evaluate the efficiency of performance in the various of the
business.• To ensure orderly, efficient and economic conduct of the business• To see that access to and use of assets are made only with proper
authorization.• To safe guard the assets of the organization by preventing frauds
wastes and inefficiency• To ensure that there is periodical verification and comparison of
assets in existence with those of accounting records and appropriate action taken.
• To ensure that transactions are recorded in the proper books of accounts regularly, correctly and systematically.
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
Types of internal controls• A Vulnerability is a defect in a process, system, application or other asset that creates the potential for
loss or harm. Vulnerabilities are measured primarily through the identification of control deficiencies (defects or weaknesses) to determine a system's or process' propensity for fIn terms of taxonomy, there are three, commonly accepted forms of Controls:
• Administrative - These are the laws, regulations, policies, practices and guidelines that govern the overall requirements and controls for an Information Security or other operational risk program. For example, a law or regulation may require merchants and financial institutions to protect and implement controls for customer account data to prevent identity theft. The business, in order to comply with the law or regulation, may adopt policies and procedures laying out the internal requirements for protecting this data, which requirements are a form of control.
• Logical - These are the virtual, application and technical controls (systems and software), such as firewalls, anti virus software, encryption and maker/checker application routines.
• Physical - Whereas a firewall provides a "logical" key to obtain access to a network, a "physical" key to a door can be used to gain access to an office space or storage room. Other examples of physical controls are video surveillance systems, gates and barricades, the use of guards or other personnel to govern access to an office, and remote backup facilities
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
Types of internal controls
Detective
preventive
corrective
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
• All three of these elements are critical to the creation of an effective control environment. However, these elements do not provide clear guidance on measuring the degree to which the controls mitigate the risk. Instead, the Simple Risk Model utilizes an alternative set of elements that provide a better means of weighting the level of mitigation:
• Preventive - These are controls that prevent the loss or harm from occurring. For example, a control that enforces segregation of responsibilities (one person can submit a payment request, but a second person must authorize it), minimizes the chance an employee can issue fraudulent payments.
• Detective - These controls monitor activity to identify instances where practices or procedures were not followed. For example, a business might reconcile the general ledger or review payment request audit logs to identify fraudulent payments.
• Corrective - Corrective controls restore the system or process back to the state prior to a harmful event. For example, a business may implement a full restoration of a system from backup tapes after evidence is found that someone has improperly altered the payment data.
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
Detective Controls • Detective Controls are designed to find errors or irregularities
after they have occurred. Examples of detective controls are:• Reviews of Performance: Management compares information
about current performance to budgets, forecasts, prior periods, or other benchmarks to measure the extent to which goals and objectives are being achieved and to identify unexpected results or unusual conditions that require follow-up.
• Reconciliations: An employee relates different sets of data to one another, identifies and investigates differences, and takes corrective action, when necessary.
• Physical Inventories• Audits
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
Preventive Controls• Preventive Controls are designed to discourage errors or irregularities from occurring.
They are proactive controls that help to ensure departmental objectives are being met. Examples of preventive controls are:
• Segregation of Duties: Duties are segregated among different people to reduce the risk of error or inappropriate action. Normally, responsibilities for authorizing transactions (approval), recording transactions (accounting) and handling the related asset (custody) are divided.
• Approvals, Authorizations, and Verifications: Management authorizes employees to perform certain activities and to execute certain transactions within limited parameters. In addition, management specifies those activities or transactions that need supervisory approval before they are performed or executed by employees. A supervisor’s approval (manual or electronic) implies that he or she has verified and validated that the activity or transaction conforms to established policies and procedures.
• Security of Assets (Preventive and Detective): Access to equipment, inventories, securities, cash and other assets is restricted; assets are periodically counted and compared to amounts shown on control records.
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
Corrective controlsCorrective — Coupled with preventive and detective controls,
corrective controls help mitigate damage once a risk has materialized. An organization can document its policies and procedures, enforcing them by means of warnings and employee termination when appropriate. When managers wisely back up data they can restore a functioning system in the event of a crash. If a disaster strikes, business recovery can take place when an effective continuity and disaster management plan is in place and followed.
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
limitationsLimitations of Internal Controls:
• No matter how well internal controls are designed, they can only provide reasonable assurance that objectives have been achieved. Some limitations are inherent in all internal control systems. These include:
• Judgment: The effectiveness of controls will be limited by decisions made with human judgment under pressures to conduct business based on the information at hand.
• Breakdowns: Even well designed internal controls can break down. Employees sometimes misunderstand instructions or simply make mistakes. Errors may also result from new technology and the complexity of computerized information systems.
• Management Override: High level personnel may be able to override prescribed policies and procedures for personal gain or advantage. This should not be confused with management intervention, which represents management actions to depart from prescribed policies and procedures for legitimate purposes.
• Collusion: Control systems can be circumvented by employee collusion. Individuals acting collectively can alter financial data or other management information in a manner that cannot be identified by control systems.
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
Internal check • Internal check is the process of
arrangement of duties of various staffs of a business in such way that work is automatically checked by the next staff while performing their duties. Frauds which are committed by a staff are automatically detected and corrected by the another staff.
• A division of duties that does not permit one individual to carry out all stages of a transaction. An internal check is intended to prevent fraud and minimize errors.
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
Objectives Of Internal Check
Objectives Of Internal Check
Following are the objectives of internal check system:
• 1. To eliminate the frauds and errors which may be committed by the staffs.
• 2. To prevent misappropriation of cash or stock.
• 3. To ensure the reliability of information produced by the accounting system.
• 4. To detect errors and frauds promptly which helps to minimize their effects in long term.
• 5. To exercise moral pressure over the staffs.
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
Essential Characteristics Of Internal Check System
Essential Characteristics Of Internal Check SystemCertain qualities are needed to make an internal check system more effective and efficient. Such qualities are known as features of internal check system which are as follows:
• 1. Division Of WorkBefore applying test check it is necessary to divide the entire tasks among the staffs in such a way so that work can be checked automatically by the another staff. Like, when staff takes the responsibility of purchase, then another staff should make its payment.
• 2. Provision Of CheckAn organization should set up such provision, so that work can be checked by the another staff. An officer can check the work of one staff by transferring to the staffs and again.
• 3. Use Of DevicesIn this modern world, various devices can be used to do various function like use of time record machine, wage determination machine etc. An organization should use such machines which help to make work of internal check easier.
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
• 4. Self-balancing SystemAn organization can use self-balancing ledger accounts which helps to make the work of internal check easier. Its effectiveness depends on its management.
• 5. Change In WorkAn organization needs to transfer the staffs from one place to another place so that the work of previous staffs can be checked by the later staff which helps to make the internal check system effective.
• 6. SpecializationEvery staff may not have such specialized knowledge to maintain accounts properly. So, an organization should give training to increase their skill so that internal check can be made more effective.
• 7. ControlThere is more chance of frauds where there is direct contact of consumer or public. So, a manager can keep eyes in those works so that internal check system can be made more effectively.
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
Internal Check as regards to Cash• Receipts against cash• Rough Cash Book• Remittances – opened before officer• Automatic tills or cash register• Deposit all cash receipt every day• BRS prepared regularly• Issue of Cheque – authorized by the officer• Independent check of Castings of Cash
Book• Preparation of Wage sheet• Payment by cheques except petty• Collection by travellers
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
Internal Check as regard to PURCHASES
• Orders – 2 copies (Supplier & Reference)
• On Receipt – Goods Receipt Book• Invoice – Goods Receipt Book
Verified• Check Calculations in Invoice• Invoice Copy – Person in charge• Clerk – Purchases Book• Initial the invoice copy
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
Duty of an Auditor – CREDIT PURCHASES
• In clients name• Authorize person in charge• Date of Invoice – Period under review• Review of Verification• Goods on Invoice – Capital• Test Check – Purchases Book• Expenses Debited to Purchases
Account• Compare the Books• Stamp, Check Mark, Initial• Duplicates• Credit Conformation Statement
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
Internal Check as Regard to WAGES
• Check inclusion for Dummy Workers• Errors or Fraud – piece work records• Clerical Works• Dispensed Employees – Retained• Over Stating – Rates• Over Stating Hours/days of Work• Conversion of unpaid wages• Over footing of pay roll sheets• Understatement of deduction
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
Duties of an Auditor - WAGES• Check Loop hole• Wage Sheet or Wage Book• Calculation are Correct• Wages payable, paid & unpaid• Dummy Workers• Initialed• ID verification• Authorized Number of workers• Wage sheet – ESI Card, PF Account• Total wages – estimates of costing department• Duly signed - comparison• Leave register• Wage payment vs. advance payment• Employment of Casual Labourer• Test Check
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
Internal Check as regard to SALES
• Order – Order Received Book (Name, Particulars of Goods, Date & Mode of Transport)
• Copy – Dispatch Department• Clerk compares goods in order
packed by DD• Rate of charge – Responsible officer• Preparation of Invoice – 2/3 copies• One copy – clerk – sales book• One copy – gatekeeper – goods
outward book• Traveler Sales Man – 3 copies
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
Duties of an Auditor – CREDIT SALES
• Review Internal Check System in Place• Invoice – Sales Book Compare• Order Received Book, Goods Outward Book, Gatekeeper’s Outward
Book, Delivery Note etc• Sale of Asset – treated as a ordinary sale• Statement of accounts from client• Check sales during last days and weeks• Cancelled invoice – duplicates• Sales Tax & Insurance etc debited & credited into appropriate
accounts• Sales to sister concerns and associates• Different trade discounts - examined
MANU H NATESH MBA,M.Com. BMSEAC [email protected]
