1
All that a company does internally to
protect its assets, ensure the proper
conduct of its affairs and accuracy of its
records.
Risk management is not just part of
“protecting the assets of a company”, it is
an essential feature of proper conduct of its
affairs.
2
� That the company pays only what should be
paid out.
That all incomes, expenses, assets and
liabilities are properly recorded
That the assets of the company are
protected.
That the company’s records are reliable
3
� Basic controls
Supervisory Controls
Internal Checks
Internal Audit
4
� Detailed procedures
Pre-numbering of documents
Cross checking of related documents
Regular physical verification: cash count,
etc.
Regular balancing of books
Proper custody of all assets, records,
unused documents
Right employee for the job.
5
� Authorization evidence
Final approval before final action
Review of basic controls applied in each
case.
Pre-audit of major expenditure or
disbursements
6
� Segregation of duties
Precise definition of limits and authority
Staff rotation
Annual leave must be taken
7
� A control that functions by examining and
evaluating the effectiveness of other
controls.
Includes checking, analyses, appraisals,
recommendations, advice and information.
Regular or Need based.
8
� Part of management; however does not
report to management.
Detects errors and frauds
Helps management correct errors and
minimize impact of frauds
Helps improve controls.
9
� Keeps workers alert
Timely detection of errors & frauds
Enhances reliability of accounting and
supporting records
Reduces external audit work
10
� Internal auditor is an employee, with
loyalties to the management.
His objective is not to report as he finds
things, but get them corrected as well.
11
� Extent of independence
Interests served
Scope of work undertaken
Reliance of external auditor on the work
done by internal auditor.
12
�Essentially it is about status of internal
controls, e.g.
There is an ongoing process for
identifying, evaluating and managing
significant risks.
That the process was there during the
year under report.
It is being regularly reviewed by the
Board.
It is in accordance with Turnbull Guidance
13
� Are control processes part of the normal
operational processes?
Special communication to the Board by
management
Monitoring of Management by Board
14
� Deliberate and non-obligatory disclosure
Made by a person who has privileged info
About non-trivial illegality or wrongdoing
Regardless of whether it has actually taken
place or is likely to take place or perceived
to be so
Made to an inside or outside party
15
� Tipsters
Squealers
Wtiness
Complainant
Watchdogs
Reporter
16
