Sie sind auf Seite 1von 6

[Type text]

1. Role of Internal Auditor


 Recommend improvements in controls.
 Assess compliance with policies and procedures and sound business
practices.
 Assess compliance with state and federal laws and contractual
obligations.
 Investigate reported occurrences of fraud, embezzlement, theft, waste,
etc.
 Evaluate the adequacy of the system of internal controls.
 Verify the existence of assets and recommend proper safeguards for their
protection.

2. Objectivity

It is one of the fundamental principles that must be observed by CPAs


when performing professional responsibilities. The principle of objectivity
imposes an obligation on all professional accountants not to compromise their
professional or business judgment because of bias, conflict of interest or the
undue influence of others.

A professional accountant may be exposed to situations that may impair


objectivity. It is impracticable to define and prescribe all such situations. A
professional accountant shall not perform a professional service if a
circumstance or relationship biases or unduly influences the accountant’s
professional judgment with respect to that service.

3. Situation underlies the role of internal auditors

In assessing the management of risk, the profession of internal audit is


fundamentally concerned with evaluating an organization’s management of risk.
All organizations face risks. For example, risks to the organization’s reputation if
it treats customers incorrectly, health and safety risks, risks of supplier failure,
risks associated with market failure, cyber security and financial risks to name
some key areas. The key to an organization’s success is to manage those risks
[Type text]

effectively - more effectively than competitors and as effectively as stakeholders


demand.

To evaluate how well risks are being managed the internal auditor will
assess the quality of risk management processes, systems of internal control and
corporate governance processes, across all parts of an organization and report
this directly and independently to the most senior level of executive management
and to the board’s audit committee.

Assisting management in the improvement of internal controls, an internal


auditor’s knowledge of the management of risk also enables him or her to act as
a consultant providing advice and acting as a catalyst for improvement in an
organization’s practices.

So, for example if a line manager is concerned about a particular area of


responsibility, working with the internal auditor could help to identify
improvements. Or perhaps a major new project is being undertaken – the internal
auditor can help to ensure that project risks are clearly identified and assessed
with action taken to manage them.

4. Segregation of duties

A segregation of duties is an example of control activities commonly


performed by personnel to help ensure that management directives identified as
necessary to address risk are carried out. It is a process of assigning different
people the responsibilities of authorizing transactions, recording transactions,
and maintaining custody of assets is intended to reduce the opportunities to allow
any person to be in a position to both perpetrate and conceal errors or fraud in
the normal course of the person’s duties. Example of segregation of duties
includes reporting, reviewing and approving reconciliations, and approval and
control of documents.

5. Empty shell

The empty shell or cold site plan is an arrangement wherein the company
buys or leases a building that will serve as a data center. In the event of a
[Type text]

disaster, the shell is available and ready to receive whatever hardware the
temporary user needs to run essential systems. This approach, however, has a
fundamental weakness. Recovery depends on the timely availability of the
necessary computer hardware to restore the data processing function.

6. Authorization of transaction; physical control and internal verification


Physical Control
These activities encompasses the physical securities of assets, including
adequate safeguards such as; secured facilities or electronic locks generated
over access to assets and records, authorization for access to computer
programs and data files, periodic counting and comparison with amounts shown
on control records (for example comparing the result of cash, inventory counts
with accounting records).
It intended to prevent theft of assets that are relevant to the reliability of
financial statement preparation, and therefore the audit, depends on
circumstances such as when assets are highly susceptible to misappropriation.

Internal Verification
It is to make sure that employees are following the rules and regulation
and not shortcutting internal controls. It analyzes internal accounting control. The
goals of these are to audit and, when necessary, modify and improve the
effectiveness of internal accounting controls and standard operating procedures.
The objective is to make sure accounting procedures support goals in your
financial risk management plan. The two-step process typically starts by
observing, reviewing and analyzing current standard operation procedures.

7. Five Internal Control Procedure


These are derived from the way management runs a business, and are
integrated with the management process. It provides a useful framework for
auditors to consider how different aspects of an entity’s internal control may
affect the audit.
1. Control Environment
[Type text]

It sets the tone of an organization influencing the control consciousness of


its people. It is the foundation for all other components of internal control,
providing discipline and structure. It includes the governance and
management functions and the attitudes, awareness, and actions of those
charged with governance and management concerning the entity’s internal
control and its importance in the entity.
The primary responsibility of control environment is for the prevention and
detection of fraud and error rests with both those charged with governance
and the management of an entity.

2. Risk Assessment Process


It is the identification and analysis of relevant risks to achievement of the
objectives, forming a basis for determining how the risks should be managed.
Because, economic, industry, regulatory and operating conditions will
continue to change, mechanisms are needed to identify and deal with the
special risks associated with change.

3. Control Activities
These are policies and procedures, which are the actions of people to
implement the policies, to help ensure that management directives identified
as necessary to address risks are carried out. They help ensure that
necessary actions are taken to address risks to achievement of the entity’s
objectives. They includes a range of activities as diverse as approvals,
authorizations, verifications, reconciliations, reviews of operating
performance, security of assets and segregation of duties.

4. Information System and Related Business Process Relevant to Financial


Reporting and Communication
[Type text]

It consists of infrastructure (physical and hardware components), software,


people, procedures, and data. Infrastructure and software will be absent, or
have less significance, in systems that are exclusively or primarily manual.
Information system is relevant to financial reporting objectives, which includes
the financial reporting system; consist of the procedures and records
established to initiate, record, process, and report entity transactions and to
maintain accountability for the related assets, liabilities, and equity.

5. Monitoring of Controls
It is a process to assess the quality of internal control performance over
time. It involves assessing the design and operation of controls on a timely
basis and taking necessary corrective actions. Monitoring is done to ensure
that controls continue to operate effectively. For example, if the timeliness
and accuracy of bank reconciliations are not monitored, personnel are likely
to stop preparing them.

8. Diagram with regards with evaluation of control


[Type text]

Preventive Controls
It reduces the frequency of occurrence of undesirable events. It forces
compliance with prescribed or desired actions and thus screen out abnormal
events. Preventing errors and fraud is far more cost-effective than detecting
and correcting problems after they occur. The vast majority of undesirable
events can be locked at this first level.

Detective Controls
It forms the second line of defense. The devices, techniques, and
procedures designed to identify and expose undesirable events that dodge
preventive controls. It reveals specific types of errors by comparing actual
occurrences to pre-established standards. When the detective control
identifies a departure from standard, it sounds an alarm to attract attention to
the problem.

Corrective Controls
These are actions taken to reverse the effects of errors detected in the
previous step. There is an important distinction between detective controls
and corrective controls. Detective controls identify anomalies and draw
attention to them; corrective controls actually fix the problem. For any
detected error, however, there may be more than one feasible corrective
action, but the best course of action may not always be obvious.

Das könnte Ihnen auch gefallen