{"id":173,"date":"2020-10-19T10:31:45","date_gmt":"2020-10-19T10:31:45","guid":{"rendered":"https:\/\/pkchopra.com\/blog\/?p=173"},"modified":"2024-03-12T10:16:46","modified_gmt":"2024-03-12T10:16:46","slug":"internal-controls-and-audit","status":"publish","type":"post","link":"https:\/\/pkchopra.com\/blog\/index.php\/internal-controls-and-audit\/","title":{"rendered":"Internal controls and Audit"},"content":{"rendered":"<p><strong>Internal Controls<\/strong>\u00a0are systematic and procedural steps adopted by an organization to mitigate risks, primarily in the areas of financial accounting and reporting, operational processing and compliance with laws and regulations.<\/p>\n<p>Internal Controls (ICs) are essentially risk mitigation steps taken to strengthen the organization\u2019s systems and processes, as well as help to prevent and detect errors and irregularities. The actual steps of mitigation (e.g., review, approval, physical count, segregation of duty, etc.) are referred to as \u2018Control Activities\u2019.<\/p>\n<p>When ICs mitigate the risk of financial exposure, they are also referred to as Internal Financial Controls (IFCs) and when they mitigate operational risks, they are also referred to as Operational Controls (OCs). ICs generally operate with human intervention (Manual Controls), but in an automated environment, computer controls are deployed to secure the systems and called IT General Controls (such as access controls) or check transaction processing at an application level and called Application Controls (such as sequential numbering of invoices, etc.).<\/p>\n<p>Internal Controls can be broad-based covering the whole entity (i.e., Code of Conduct), or focused to a specific process or area (such as Order processing or Payroll, etc.). In the former case they are generally referred to as \u201cEntity Level Controls (ELCs)\u201d as part of the \u201cControl Environment\u201d. In the case of latter, they are also referred to as \u201cProcess Level Controls (PLCs)\u201d.<\/p>\n<p>\u201c<strong>Internal Controls Framework<\/strong>\u201d is a pre-defined benchmark Internal Control System, based on suitable criteria, which can be used by management or auditors to assess the design, adequacy and operating effectiveness of the overall internal control system.<\/p>\n<p><strong>Responsibilities for internal control<br \/>\n<\/strong>As per\u00a0<strong>Companies Act, 2013<\/strong>, in a limited company, the\u00a0<strong>board of directors<\/strong>\u00a0are responsible for ensuring that appropriate internal controls are in place. Their accountability is to the shareholders, as the direct<img loading=\"lazy\" class=\"size-full wp-image-176 aligncenter\" src=\"https:\/\/pkchopra.com\/blog\/wp-content\/uploads\/2020\/10\/Untitled.png\" alt=\"\" width=\"600\" height=\"175\" srcset=\"https:\/\/pkchopra.com\/blog\/wp-content\/uploads\/2020\/10\/Untitled.png 600w, https:\/\/pkchopra.com\/blog\/wp-content\/uploads\/2020\/10\/Untitled-300x88.png 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/>ors act as their agents. In turn, the directors may consider it prudent to establish a dedicated internal control function. The point at which this decision is taken will depend on the extent to which the benefits of function will outweigh the costs.<\/p>\n<p>The directors must pay due attention to the\u00a0<strong>control environment<\/strong>. If internal controls are to be effective, it is necessary to create an appropriate culture and embed a commitment to robust controls throughout the organization.<\/p>\n<p><strong>Internal Control Procedures:<\/strong><\/p>\n<ul>\n<li>Physical controls on access to assets<\/li>\n<li>Authorization and approvals<\/li>\n<li>Segregation of Duties<\/li>\n<li>Management Controls<\/li>\n<li>Arithmetic and accounting controls<\/li>\n<li>Human Resources controls<\/li>\n<\/ul>\n<p><strong>Internal Audit<br \/>\n<\/strong>Internal audit testing\u00a0is the internal assessment of internal controls and as such is a management responsibility to ensure compliance and conformity of internal controls to pre-determined standards.<\/p>\n<p>Internal audit provides independent assurance on the effectiveness of internal controls and risk management processes to enhance governance and achieve organizational objectives.<\/p>\n<p>As per\u00a0<strong>SIA (Standards on Internal Audit) 210<\/strong>\u00a0issued by ICAI, the Internal Audit Function is the responsibility of the Chief Internal Auditor or the designated person. He performs a number of activities to achieve the objectives as outlined in Terms of Engagement. A few of the critical activities are as follows:<\/p>\n<ul>\n<li>Define the overall plan, scope and methodology of the Internal Audit Function on a periodic basis.<\/li>\n<li>Oversee and monitor various audit assignments, their proper planning, execution, reporting of findings and subsequent closure of reported observations.<\/li>\n<li>Plan, acquire, engage and review the performance, training and development of professional staff, talent and other resources to achieve its objectives.<\/li>\n<li>Identify, source, engage and manage external experts and technical solutions, if required.<\/li>\n<li>Communicate and engage with all key stakeholders regarding progress and achievement of objectives.<\/li>\n<li>Develop and maintain a quality evaluation and improvement program<\/li>\n<\/ul>\n<p><strong>Responsibility of Internal Auditor<\/strong><\/p>\n<ul>\n<li>The Internal Auditor shall ensure that the entity has designed, implemented and maintains effective and efficient Internal Controls. The audit procedures shall be sufficient to allow the Internal Auditor to check the design, proper implementation and operating effectiveness of the Internal Controls.<\/li>\n<li>Any shortcoming shall result in recommendations for improvement and suggestions on how to make the Internal Controls more efficient and effective in line with the objectives.<\/li>\n<li>Where the Internal Auditor is required to provide an independent opinion over the presence, design, implementation and\/or operating effectiveness over Internal Controls, this shall be consistent with the requirements of\u00a0<strong>SIA 110, \u201cNature of Assurance<\/strong>\u201d, especially with regard to the need to have a clear understanding of the Internal Controls Framework which shall form the basis of the assurance.<\/li>\n<\/ul>\n<p><strong>Key risks<br \/>\n<\/strong>The internal auditor shall review and reports on internal controls in relation to key risks affecting the organization. The objective should be to test the extent to which the controls will manage the risk if it crystallizes. The conclusions of these reports should enable management to reconsider the controls and modify or redesign them if appropriate.<\/p>\n<p><strong>Compliance<br \/>\n<\/strong>Organizations have to implement performance standards in relation to compliance. This may be to satisfy the demands of external regulators, or to operate to pre-determined internal standards. Internal audit should review operations for compliance with such standards. In this respect, the work of internal auditors has broadened, as organizations increasingly pursue compliance not only with industry standards for products and service provision, but also with criteria relevant to environmental standards.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Internal Controls\u00a0are systematic and procedural steps adopted by an organization to mitigate risks, primarily in the areas of financial accounting and reporting, operational processing and compliance with laws and regulations. Internal Controls (ICs) are essentially risk mitigation steps taken to strengthen the organization\u2019s systems and processes, as well as help to prevent and detect errors &hellip;<\/p>\n","protected":false},"author":1,"featured_media":174,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":""},"categories":[3],"tags":[103,104,101,100,105,102],"_links":{"self":[{"href":"https:\/\/pkchopra.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/173"}],"collection":[{"href":"https:\/\/pkchopra.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pkchopra.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pkchopra.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pkchopra.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=173"}],"version-history":[{"count":3,"href":"https:\/\/pkchopra.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/173\/revisions"}],"predecessor-version":[{"id":206,"href":"https:\/\/pkchopra.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/173\/revisions\/206"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pkchopra.com\/blog\/index.php\/wp-json\/wp\/v2\/media\/174"}],"wp:attachment":[{"href":"https:\/\/pkchopra.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=173"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pkchopra.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=173"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pkchopra.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=173"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}