Question

1. Using the definition of Internal Control, discuss what is understood by the term ‘Internal Control’. What are management’s and internal auditor’s responsibilities with respect to internal controls? What are suitable examples.

2. COSO Internal Control Framework is organized as comprising of Objectives, Components and Organizational Structure (Entity). What are the 'Components' of COSO Internal Control Framework in details. Any personal experiences or something that have read about. ( this can help - https://aaahq.org/Login?returnurl=%2f to do research on the component selected).

3. What is understood by the term IT Governance? (COBIT 5 Framework http://www.qualified-audit-partners.be/user_files/QECB_GLC_COBIT_5_ISACA_s_new_framework_201303.pdf. might help) Why is it important for Internal Auditors to consider IT Controls in assessing a firm’s control environment?  ( https://aaahq.org/Login?returnurl=%2f - this can help)

4. What business process other than internal audit or payroll can be outsourced. What are the potential benefits of outsourcing this business process? What are the significant risks? What key controls need to be in place? What role can internal auditing play in assisting management both prior to signing the outsourcing contract and after the process has been outsourced?  

Answer 1

1. Definition and examples Internal control is a management based practice or program designed to protect assets, encourage transparency, increase performance and end fraud. That is to say, internal control is a mechanism that is developed to avoid that workers steal assets or commit fraud. Since the accounting scandals of the early 2000s, internal controls at every level of the organization have become increasingly important. In addition, the Sarbanes Oxley Act provides for management to design, enforce and assess the efficacy of internal controls within the company personally. Managers found guilty of not handling their businesses ' internal control systems properly can now face fines and prison time.

Internal controls are, of course, very important. They protect the assets of the company and also help to streamline business.

Here are a few examples:

a. The top managers devote themselves to the extremely thorough execution of key internal inspection procedures. The character of management forms the atmosphere of control (especially in a smaller firm).

b. An ERP system which reduces error or fraud risk will generate better and better financial reports. The accounting software should include common reporting formats, passwords and access controls.

2. Components of COSO:

Control Environment: This includes your leadership, mission, goals and expected outcomes. This is all part of your ethics policy and integrity commitment, your commitment to excellence and the way you structure your hierarchy.

Risk evaluation:

Risk evaluation includes an in-depth dive into your business goals, how your processes work and, above all, where and how things can go wrong.You might be faced with external danger, including cyber attacks, data theft, loss of proprietary information, formulas and processes, depending on your business model and your industry. You could also face significant legal and regulatory risk; health care, production and development companies are all subject to industry-specific risks.

Information and communication: How does management express what they expect to their internal and external users? How do you guarantee that those people recognize that they appreciate what you are asking them to do?

Monitoring activities: The conditions you want to work in, and the policies that your team needs to use, are an ideal start, but you will not be able to keep up with changes without monitoring and evaluating your processes. Continued tracking will assist you in detecting shortcomings and shortcomings and encourage you to take action and manage the company.

Control activities: Policies and procedures are necessary to help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out.

3. IT Governance:

To order to ensure that IT projects meet business needs, it is possible to define IT governance as a formal structure. Your governance system is basically what helps certain users to do certain activities while blocking certain users.

Auditors shall review each annual configuration of the audit based financial reporting controls to assess whether they have been correctly carried out. That needs more than simply asking the staff of the company. In order to gain an understanding of relevant checks, auditors should use additional procedures, such as observations, inspections or tracing operations via the information system

4. Processes that can be outsourced:

Accounting and book keeping services, Call centres and Customer service, Sales and sales generation.

Potential benefits are:

a. Lowered costs

b. Able to focus on core business

c. Increase global presence

Risks are:

a. Hidden costs and time waste

b. Possibility of a less efficient management

c. Inexperienced staff

Key Controls:

a. Effective top management

b. Good financial reporting system.

c. Regular training of the employees

How internal audit can support boards in relation to outsourced services:

a. The Board (Audit Committee) and senior management should want assurance that the possibility of outsourcing is handled adequately to guarantee that its corporate goals are not undermined by the organization.

b. Internal auditing may add value by assessing the efficiency and effectiveness of procedures for both the overall public procurement process and at the contract stage.