1. Presented by: Hafiz Muhammad Umer Farooq
ACCA registration number: 1918884
21st - january - 2013
2. Table of contents:
Purpose of Internal audit & controls
Concerned areas
Control environment & procedures
General controls
Types & stages of Internal audit
Controls for concerned departments
3. Internal Audit & Internal Controls
purpose:
Internal audit is a service function within an organisation. It reports to high-level
management or to the board of directors in order to remain independent and
objective. It performs periodic reviews, called operational audits, on each
department within the organization in order to evaluate the efficiency and
effectiveness of that particular department.
It is there to :
o Help the organisation to meet its objectives.
o For the promotion the alignment of resources.
o Safeguard the assets.
o Check the accuracy & reliability of data provided.
o Promote the operational efficiency.
o Encourage adherence to prescribed policies and procedures.
4. Concerned areas:
o Finance department
o General admin department
o Procurement department
o Payroll department
o Transport department
o Information technology department
o Revenue & capital expenditure
5. Control Environment & control
procedures
The Control Environment establishes the tone of a company,
influencing the control consciousness of its employees.
Its components are:
• Management philosophy and operating style
• Integrity and ethical values
• Commitment to competence
• The Board of Directors and the Audit Committee
• Organizational Structure
• Assignment of authority and responsibility
• Human resources policies and practices.
6. Control Environment & control
procedures (continue)
Control Procedures may be classified according to their
intended uses in a system:
Preventive Controls Detective Controls
Corrective controls Application controls
The Internal Control Structure should be fully auditable.
A cost-benefit analysis should be conducted.
An audit trail enables auditors and accountants within the
organization to follow the path of transaction data from
source documents to ultimate disposition in a financial
report.
7. General controls
o Management acts as a Force for Improving Controls.
o Sound Personnel Policies and Competent Employees
o Custody of information.
o Record keeping.
o Authorization of the transaction.
o Specific hiring procedures
o Supervision
o Proper training
o Rotation of duties
o Enforced vacations
o Regular performance reviews
8. Types & stages of Internal
Audit Projects
Financial
Operational or performance related.
Information systems related
Plan, Monitor & Report
Perform planning activities.
Understand process and controls
Perform testing
Develop conclusions
Draft report and distribute to auditee
Distribute final audit report
Follow up on issues raised in audit report.
9. Controls for finance department:
o Separation of duties.
o Use of pre-numbered receipts, cash log, register tape, etc to
document cash received.
o Reconcile revenues during the monthly reconciliations.
o Secure cash in a safe location until deposit.
o It is highly recommended for individual departments to get out of
the cash (includes currency and checks) collection business.
o Journals/ledgers must be maintained.
o Cash receipts must be deposited on a regular and timely basis in a
checking account & must be recorded in the checkbook for that
account.
10. Controls for finance department
(continue):
o Invoices/receipts & other important documentation should be
maintained on file and cancelled (Stamped “Paid”) to help
prevent duplicate payment.
o Limit access to authorized personnel
o Checks signed by two (2) authorized signatories
o Checks issued in sequential order
o Never pre-sign checks
o Monthly bank reconciliation
o Bank statements, cancelled checks and reconciliation must
be reviewed by someone other than the individual
responsible for preparing the reconciliation and
documentation
o Follow-up discrepancies if any.
11. Controls for General Admin
o Maintain a desk manual.
o Tasks to be completed daily, periodically, monthly with
recommended timelines.
o Periodic review.
12. Controls for Procurement
department
o There have to be a complete log record about the purchases.
o Entity can also introduce a specific procurement card for this
purpose.
o Limitations on the amount that can be purchased have to be there.
o Transactions should be reviewed for reasonableness and compared
to actual receipts.
o Document the purpose of unusual purchases, or vague receipts if
any.
o Reviewer must be knowledgeable about what should or shouldn’t
be
o purchased/charged on the card and question unusual purchases.
o Documentation must be maintained and be available for audits.
13. Controls for Procurement
department (continue)
Separate inventory record maintenance.
“ Logo ” must be stamped on all items.
Annual physical inventory count updation.
All discrepancies between inventory records and physical
inventory should be investigated and reported to the principal.
Physical Protection of Assets.
14. Controls for Payroll department
o Record of Hours.
o Leave balances should be updated when a school employee is
absent or late.
o Original time records for employees must be forwarded to the
payroll location, and must be maintained at the school/site
where the services are performed (copies at the service site).
o Proper segregation of duties. (The more duties are separated
the better the internal controls)
o Documentation exists to support that time sheets are reconciled
to Ledger Reports.
o Reconcile Payroll Vouchers to Ledger Reports.
15. Controls for Transport fleet
management
o Verify that only authorized personnel has the access to the usage of
vehicle which the entity owns/hires.
o User log should be maintained and should include user name,
signature, serial number and any replacement information.
o Vehicle mileage log should be maintained to record date of travel,
mileage and destination.
o Fuel statements should be reconciled to vehicle logs.
o Fuel statements should be reviewed and signed by the Department
Head.
o Look for unusual miles per gallon usage by the vehicle.
o Make sure listing of authorized personnel is current.
16. Controls for Information
Security
o Sensitive information have to be secured.
o Financial records about the funds received & spent have to be
stored properly.
o Access should be limited to only with those who have the authority.
o Physical (paper) documents should be kept safe and locked in
secure area.
o Employees should be reminded to shutdown or lock workstations
when computers are unattended.
o Local area networks should be properly secured.
17. Controls for revenue &
expenditure department
Reconcile the statements of comprehensive income &
financial position.
Expenditure should be authorished & approved.
Invoices should be marked with appropriate general ledger
code.
Classification have to be scrutined.
Register have to be reconciled regularly with the general
ledger & any differences should be investigated & resolved
promptly.