Internal Control

Definition of Internal Control: Internal control is the process, effected by an entity's Board of Trustees, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: a. Reliability of financial reporting, b. Effectiveness and efficiency of operations, and c. Compliance with applicable laws and regulations. Types of Internal Controls: 1. Detective: Designed to detect errors or irregularities that may have occurred. 2. Corrective: Designed to correct errors or irregularities that have been detected. 3. Preventive: Designed to keep errors or irregularities from occurring in the first place. Limitations of Internal Controls: No matter how well internal controls are designed, they can only provide reasonable assurance that objectives have been achieved. Some limitations are inherent in all internal control systems. These include: 1. Judgment: The effectiveness of controls will be limited by decisions made with human judgment under pressures to conduct business based on the information at hand. 2. Breakdowns: Even well designed internal controls can break down. Employees sometimes misunderstand instructions or simply make mistakes. Errors may also result from new technology and the complexity of computerized information systems. 3. Management Override: High level personnel may be able to override prescribed policies and procedures for personal gain or advantage. This should not be confused with management intervention, which represents management actions to depart from prescribed policies and procedures for legitimate purposes. 4. Collusion: Control systems can be circumvented by employee collusion. Individuals acting collectively can alter financial data or other management information in a manner that cannot be identified by control systems. Internal Control Objectives Internal Control objectives are desired goals or conditions for a specific event cycle which, if achieved, minimize the potential that waste, loss, unauthorized use or misappropriation will occur. They are conditions which we want the system of internal control to satisfy. For a control objective to be effective, compliance with it must be measurable and observable. Internal Audit evaluates Mercer's system of internal control by accessing the ability of individual process controls to achieve seven pre-defined control objectives. The control objectives include authorization, completeness, accuracy, validity, physical safeguards and security, error handling and segregation of duties.

Authorization

The objective is to ensure that all transactions are approved by responsible personnel in accordance with specific or general authority before the transaction is recorded.

Completeness

The objective is to ensure that no valid transactions have been omitted from the accounting records.

Accuracy

The objective is to ensure that all valid transactions are accurate, consistent with the originating transaction data and information is recorded in a timely manner.

Validity

The objective is to ensure that all recorded transactions fairly represent the economic events that actually occurred, are lawful in nature, and have been executed in accordance with management's general authorization.

Physical Safeguards & Security

The objective is to ensure that access to physical assets and information systems are controlled and properly restricted to authorized personnel.

Error handling

The objective is to ensure that errors detected at any stage of processing receive prompt corrective action and are reported to the appropriate level of management.

Segregation of Duties

The objective is to ensure that duties are assigned to individuals in a manner that ensures that no one individual can control both the recording function and the procedures relative to processing the transaction. A well designed process with appropriate internal controls should meet most, if not all of these control objectives. Major Components: 1. Control environment: Factors that set the tone of the organization, influencing the control consciousness of its people. The seven factors are (ICHAMPBO): I - Integrity and ethical values, C - Commitment to competence, H - Human resource policies and practices, A - Assignment of authority and responsibility, M - Management's philosophy and operating style, B - Board of Director's or Audit Committee participation, and O - Organizational structure. 2. Risk Assessment

Risks that may affect an entity's ability to properly record, process, summarize and report financial data: Changes in the Operating Environment (e.g. Increased Competition) New Personnel New Information Systems Rapid Growth New Technology New Lines, Products, or Activities Corporate Restructuring Foreign Operations Accounting Pronouncements 3. Control Activities Various policies and procedures that help ensure those necessary actions are taken to address risks affecting achievement of entity's objectives (PIPS): P - Performance reviews (review of actual against budgets, forecasts) I - Information processing (checks for accuracy, completeness, authorization) P - Physical controls (physical security) S - Segregation of duties 4. Information and communication Methods and records established to record, process, summarize, and report transactions and to maintain accountability of related assets and liabilities. Must accomplish: a. Identify and record all valid transactions. b. Describe on a timely basis. c. Measure the value properly. d. Record in the proper time period. e. Properly present and disclose. f. Communicate responsibilities to employees. 5. Monitoring Assessment of the quality of internal control performance over time. What can happen when Internal Controls are weak or non-existent? When we recommend improving controls within a department, we often hear three basic arguments for not implementing our recommendations: 1. There is not enough staff to have adequate segregation of duties. 2. It is too expensive. 3. The employees are trusted and controls are not necessary. These arguments represent pitfalls to unsuspecting management. Each argument is in itself a problem that needs to be resolved. 1. The problem of not having enough staff or other resources should be discussed with your supervisor. In most cases, compensating controls can be implemented in situations where one person has to do all of the business-related transactions for a department. 2. If implementing a recommended control seems too expensive, be sure to consider the full cost of a fraud that could occur because of the missing control. In addition to any

funds that may be lost, consider the cost of time that would have been spent by the department during the time of an investigation of the matter, and the cost of hiring a new employee. Fraud is always expensive and the prevention of fraud is worth the cost. 3. Finally consider the issue of trust. Most employees are trustworthy and responsible, which is an important factor in employee relations and departmental operations. However, it is also the responsibility of administrators to remain objective. Experience shows that it is often the most trusted employees who are involved in committing frauds. Departments conducting research are good examples of areas where sound internal controls are needed. Research departments that have grants and contracts with outside sponsors are at risk that inappropriate charges will be posted to the project account, perhaps affecting current or future funding. Each department not only has the responsibility to ensure that all of their transactions are have been processed properly, but also to ensure that other researchers are not "hiding" improper transactions in the department's accounts.

Internal control System can be described as any action taken by an organization to help enhance the
likelihood that the objectives of the organization will be achieved. The definition of internal control has evolved over recent years as different internal control models have been developed. This article will describe these models, present the definitions of internal control they provide, and indicate the components of internal control. Various parties responsible for and affected by internal control will also be discussed. THE COSO MODEL In the United States many organizations have adopted the internal control concepts presented in the report of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Published in 1992, the COSO report defines internal control as: a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.

COSO describes internal control as consisting of five essential components. These components, which are subdivided into seventeen factors, include: 1. 2. 3. 4. 5. The control environment Risk assessment Control activities Information and communication Monitoring

The COSO model is depicted as a pyramid, with control environment forming a base for control activities, risk assessment, and monitoring. Information and communication link the different levels of the pyramid. As the base of the pyramid, the control environment is arguably the most important component because it sets the tone for the organization. Factors of the control environment include employees' integrity, the organization's commitment to competence, management's philosophy and operating style, and the attention and direction of the board of directors and its audit committee. The control environment provides discipline and structure for the other components.

Risk assessment refers to the identification, analysis, and management of uncertainty facing the organization. Risk assessment focuses on the uncertainties in meeting the organization's financial, compliance, and operational objectives. Changes in personnel, new product lines, or rapid expansion could affect an organization's risks. Control activities include the policies and procedures maintained by an organization to address risk-prone areas. An example of a control activity is a policy requiring approval by the board of directors for all purchases exceeding a predetermined amount. Control activities were once thought to be the most important element of internal control, but COSO suggests that the control environment is more critical since the control environment fosters the best actions, while control activities provide safeguards to prevent wrong actions from occurring. Information and communication encompasses the identification, capture, and exchange of financial, operational, and compliance information in a timely manner. People within an organization who have timely, reliable information are better able to conduct, manage, and control the organization's operations. Monitoring refers to the assessment of the quality of internal control. Monitoring activities provide information about potential and actual breakdowns in a control system that could make it difficult for an organization to accomplish its goals. Informal monitoring activities might include management's checking with subordinates to see if objectives are being met. A more formal monitoring activity would be an assessment of the internal control system by the organization's internal auditors. OTHER CONTROL MODELS Some users of the COSO report have found it difficult to read and understand. A model that some believe overcomes this difficulty is found in a report from the Canadian Institute of Chartered Accountants, which was issued in 1995. The report, Guidance on Control, presents a control model referred to as Criteria of Control (CoCo). The CoCo model, which builds on COSO, is thought to be more concrete and userfriendly. CoCo describes internal control as actions that foster the best result for an organization. These actions, which contribute to the achievement of the organization's objectives, center around:

Effectiveness and efficiency of operations Reliability of internal and external reporting Compliance with applicable laws and regulations and internal policies.

Co Co indicates that control comprises: Those elements of an organization (including its resources, systems, processes, culture, structure and tasks) that, taken together, support people in the achievement of the organization's objectives. CoCo model recognizes four interrelated elements of internal control, including purpose, capability, commitment, and monitoring and learning. An organization that performs a task is guided by an understanding of the purpose (the objective to be achieved) of the task and supported by capability (information, resources, supplies, and skills). To perform the task well over time, the organization needs a sense of commitment. Finally, the organization must monitor task performance to improve the task process. These elements of control, which include twenty specific control criteria, are seen as the steps an organization takes to foster the right action. In addition to the COSO and CoCo models, two other reports provide internal control models. One is the Institute of Internal Auditors Research Foundation's Systems Auditability and Control (SAC), which was issued in 1991 and revised in 1994. The other is the Information Systems Audit and Control Foundation's COBIT (Control Objectives for Information and Related Technology), which was issued in 1996.

The Institute of Internal Auditors issued SAC to provide guidance to internal auditors on internal controls related to information systems and information technology (IT). The definition of internal control included in SAC is: a set of processes, functions, activities, sub-systems, and people who are grouped together or consciously segregated to ensure the effective achievement of objective and goals. COBIT focuses primarily on efficiently and effectively monitoring information systems. The report emphasizes the role and impact of IT control as it relates to business processes. This control model can be used by management to develop clear policy and good practice for control of IT. The following COBIT definition of internal control was adapted from COSO: The policies, procedures, practices, and organizational structures are designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected. While the specific definition of internal control differs across the various models, a number of concepts are very similar across these models. In particular, the models emphasize that internal control is not only policies and procedures to help an organization accomplish its objectives but also a process or system affected by people. In these models, people are perceived to be central to adequate internal control. These models also stress the concept of reasonable assurance as it relates to internal control. Internal control systems cannot guarantee that an organization will meet its objectives. Instead, internal control can only be expected to provide reasonable assurance that a company's objectives will be met. The effectiveness of internal controls depends on the competency and dependability of the organization's people. Limitations of internal control include faulty human judgment, misunderstanding of instructions, errors, management override of controls, and collusion. Further, be cause of cost-benefit considerations, not all possible controls will be implemented. Because of these inherent limitations, internal controls can not guarantee that an organization will meet its objectives. PARTIES RESPONSIBLE FOR AND AFFECTED BY INTERNAL CONTROL While all of an organization's people are an integral part of internal control, certain parties merit special mention. These include management, the board of directors (including the audit commit tee), internal auditors, and external auditors. The primary responsibility for the development and maintenance of internal control rests with an organization's management. With increased significance placed on the control environment, the focus of internal control has changed from policies and procedures to an overriding philosophy and operating style within the organization. Emphasis on these intangible aspects highlights the importance of top management's involvement in the internal control system. If internal control is not a priority for management, then it will not be one for people within the organization either. As an indication of management's responsibility, top management at a publicly owned organization will include in the organization's annual financial report to the shareholders a statement indicating that management has established a system of internal control that management believes is effective. The statement may also provide specific details about the organization's internal control system. Internal control must be evaluated in order to provide management with some assurance regarding its effectiveness. Internal control evaluation involves everything management does to control the organization in the effort to achieve its objectives. Internal control would be judged as effective if its components are present and function effectively for operations, financial reporting, and compliance. The board of directors

and its audit committee have responsibility for making sure the internal control system within the organization is adequate. This responsibility includes determining the extent to which internal controls are evaluated. Two parties involved in the evaluation of internal control are the organization's internal auditors and their external auditors. Internal auditors' responsibilities typically include ensuring the adequacy of the system of internal control, the reliability of data, and the efficient use of the organization's resources. Internal auditors identify control problems and develop solutions for improving and strengthening internal controls. Internal auditors are concerned with the entire range of an organization's internal controls, including operational, financial, and compliance controls. Internal control will also be evaluated by the external auditors. External auditors assess the effectiveness of internal control within an organization to plan the financial statement audit. In contrast to internal auditors, external auditors focus primarily on controls that affect financial reporting. External auditors have a responsibility to report internal control weaknesses (as well as reportable conditions about internal control) to the audit committee of the board of directors TYPES OF AUDITS The California State University, Northridge Office of The Internal Auditor follows Standards set forth by for the Institute of Internal Auditors, and generally accepted governmental auditing standards. A variety of audits are performed in the review of campus programs and resources. These audits include: Operational Audits: These audits examine the use of resources to determine if resources are being used in the most effective and efficient manner to fulfill the University's mission and objectives. An operational audit includes elements of the other audit types listed below. Financial Audits: These audits review accounting and financial transactions to determine if commitments, authorizations, and receipt and disbursement of funds are properly and accurately recorded and reported. This type of audit also determines if there are sufficient controls over cash and other assets and that adequate process controls exist over the acquisition and use of resources. Unlike external financial audits, internal financial audits do not prepare or express professional opinions on the financial statements fairness. Compliance Audits: These audits determine if entities are complying with applicable laws, regulations, policies and procedures. Examples include federal and state laws, Trustee policies, Chancellor's Office directives, and CSUN policies and procedures. Recommendations usually require improvements in processes and controls used to ensure compliance with regulations.

Information Systems (IS) Audits: These audits review the internal control environment of automated information processing systems and how people use these systems. The audits usually evaluate system input, output; processing controls; backup and recovery plans; system security; and computer facilities. These audits may review existing, as well as, developing systems. Internal Control Reviews: These audits focus on the components of the University's major business activities, such as payroll and benefits, cash handling, inventory and equipment, physical security, grants and contracts, and financial reporting.

I n t e r n a l A u d i t

I n t e r n a l a u

d i t i s a n e v a l u a t i o n a n d a n a l y s i s o f t h e b

u s i n e s s o p e r a t i o n c o n d u c t e d b y t h e i n t e r n a

l a u d i t s t a f f . ( w h o a r e e m p l o y e e o f t h e b u

s i n e s s ) . I t i s t h e p a r t o f o v e r a l l s y s t e m

o f i n t e r n a l c o n t r o l e s t a b l i s h e d i n a n o r g

a n i z a t i o n .

I n t e r n a l a u d i t i s t h e i n d e p e n

d e n t a p p r a i s a l o f a c t i v i t y w i t h i n a n o r g a

n i z a t i o n f o r t h e r e v i e w o f a c c o u n t i n g , f i n

a n c i a l a n d o t h e r b u s i n e s s p r a c t i c e s a s p r o

t e c t i v e a n d c o n s t r u c t i v e a r m s o f m a n a g e m e n

t . I t i s a t y p e o f c o n t r o l w h i c h f u n c t i o n s

b y m e a s u r i n g a n d e v a l u a t i n g t h e e f f e c t i v e

n e s s o f o t h e r t y p e o f c o n t r o l s .

P r o f e s s o

r W a l t e r B . M e i g s d e f i n e i n t e r n a l a u d i t

I n t e r n a l a u d i t i n g c o n s i s t o f a c o n t i n u o u s ,

c r i t i c a l r e v i e w o f f i n a n c i a l a n d o p e r a t i n

g a c t i v i t i e s b y a s t a f f o f a u d i t o r s f u n c t i

o n i n g a s f u l l t i m e s a l a r i e d e m p l o y e e s .

O b j e c t i v e s o f I n t e r n a l C o n

t r o l

1 . P r o p e r C o n t r o l

T h e p u r p o s e o f i n

t e r n a l c o n t r o l i s t o k e e p p r o p e r c o n t r o l o

v e r b u s i n e s s a c t i v i t i e s . W h e n t h e r e i s p r o

p e r c o n t r o l t h e r e i s m a x i m u m e f f i c i e n c y . T

h e i n t e r n a l c o n t r o l c a n d e t e r m i n e t h e d e g r

e e o f c o n t r o l o v e r w o r k .

2 . A c c o u n t i n g S

y s t e m

T h e p u r p o s e o f i n t e r n a l a u d i t i s t o

e v a l u a t e t h e a c c o u n t i n g s y s t e m . I t i s c o n

c e r n e d w i t h c h e c k i n g p r o p e r a u t h o r i t y f o r

t r a n s a c t i o n s l i k e p u r c h a s e , r e t i r e m e n t a n d

d i s p o s a l o f f i x e d a s s e t s . T h e v o u c h e r c a n

b e c o m p a r e d w i t h e n t r i e s o n o r d e r t o d e t e

r m i n e t h a t f i g u r e s a r e f a c t s .

3 . H e l p M a

n a g e m e n t

T h e p u r p o s e o f i n t e r n a l a u d i t i s

t o h e l p t h e m a n a g e m e n t . I n t e r n a l a u d i t o r

c a n p o i n t o u t t h e w e a k n e s s e s . T h e i n t e r n a l

a u d i t c a n b e u s e d a s a t o o l t o c o r r e c t t h e

s i t u a t i o n . T h e m a n a g e m e n t f u n c t i o n s c a n b

e p e r f o r m e d p r o p e r l y .

4 . W o r k i n g R e v i e w

T h e p u r p o s e o f i n t e r n a l a u d i t i s t o r e v i e

w t h e w o r k i n g o f b u s i n e s s . T h e w o r k i n g o f

c u r r e n t y e a r c a n b e r e v i e w e d i n d e t a i l j u s

t t h e s u c c e s s f u l a r e a o f w o r k i n g . T h e r e i s

a n e e d t o l o c a t e t h e w e a k p o i n t s . T h e c o r

r e c t i v e m e a s u r e s c a n b e t a k e n f o r p r o p e r w

o r k i n g .

5 . A s s e t P r o t e c t i o n

T h e p u r p o s

e o f i n t e r n a l a u d i t i s t o p r o t e c t t h e a s s e

t s . T h e p r o p e r r e c o r d o f a s s e t s m u s t b e t h

e r e . I n t e r n a l a u d i t o r c a n e x a m i n e t h e v a l u

a t i o n , v e r i f i c a t i o n a n d p o s s e s s i o n . T h e p u

r c h a s e a n d s a l e o f a s s e t s m u s t b e m a d e u n d

e r p r o p e r l y a u t h o r i t y .

6 . I n t e r n a l C h e c k

T h e p u r p o s e o f i n t e r n a l a u d i t i s t o e v a l

u a t e t h e i n t e r n a l c h e c k s y s t e m . T h e r e i s d

i v i s i o n o f d u t i e s a m o n g t h e e m p i s t o l o y e

e s . W h e n a l l s t a f f m e m b e r a r e w o r k i n g p r o p

e r l y i t m e a n s t h e r e i s e f f e c t i v e i n t e r n a l

c h e c k s y s t e m . T h e w o r k o f a n a u d i t o r i s r e

d u c e d . H e c a n a p p l y t e s t c h e c k s t o c o m p l e t

e a u d i t d u t y .

7 . F a i r S t a t e m e n t s

T h e p u

r p o s e o f i n t e r n a l a u d i t i s t o d e t e c t t h e e

r r o r i n t h e a c c o u n t i n g r e c o r d s . T h e w o r k o

f i n t e r n a l a u d i t c a n h e l p t h e m a n a g e m e n t t

o s e e t h a t a c c o u n t i n g r e c o r d i s i n o r d e r .

8 . C h e c k E r r o r

T h e p u r p o s e o f i n t e r n a l

a u d i t i s t o d e t e c t t h e e r r o r s i n t h e a c c o u

n t i n g r e c o r d s . T h e w o r k o f i n t e r n a l a u d i t o

r g o e s s i d e b y s i d e t h e r e f o r e t h e r e a r e m

i n i m u m c h a n c e s o f e r r o r s . T h e a c c o u n t i n g s

t a f f c a n r e c t i f y m i s t a k e t o p r e p a r e a c c o u n

t s a t t h e e n d o f y e a r i n o r d e r t o h e l p t h e

e x t e r n a l a u d i t o r .

9 . D e t e c t F r a u d

T h e p

u r p o s e o f i n t e r n a l a u d i t i s t o d e t e c t f r a u

d s i n t h e b o o k s o f a c c o u n t i n g . A s t h e w o r k

o f a c c o u n t i n g s t a f f i s o v e r t h e i n t e r n a l

a u d i t i s s t a r t e d . A c c o u n t i n g s t a f f r e m a i n s

a l e r t b e c a u s e t h e r e i s n o t i m e g a p b e t w e e

n r e c o r d i n g a n d c h e c k i n g . T h u s d e t e c t i o n o

f f r a u d i s p o s s i b l e w i t h i t .

1 0 . D e t e r m i

n e L i a b i l i t y

T h e p u r p o s e o f i n t e r n a l a u d i

t i s t o d e t e r m i n e l i a b i l i t i e s o f e m p l o y e e s

. T h e d u t i e s a r e d i v i d e d a m o n g t h e s t a f f .

I t i s e a s y t o n o t e t h e n e g l i g e n c e o n t h e p

a r t o f e m p l o y e e s . T h e i n t e r n a l a u d i t c a n p

i n p o i n t t h e p e r s o n r e s p o n s i b l e f o r c a r e l e

s s n e s s .

1 1 . H e l p i n I n d e p e n d e n t A u d i t

h e p u r p o s e o f i n t e r n a l a u d i t i s t o h e l p a n

i n d e p e n d e n t a u d i t . T h e e x t e r n a l a u d i t o r c

a n r e l y o n i n t e r n a l a u d i t o r a n d t h e r e i s n

o n e e d o f c e n t p e r c e n t c h e c k i n g . I n t h i s w

a y t h e r e i s s a v i n g o f t i m e a n d m o n e y d u e t

o i n t e r n a l a u d i t .

1 2 . P e r f o r m a n c e A p p r a i

s a l

T h e p u r p o s e o f i n t e r n a l a u d i t i s t o c

h e c k t h e p e r f o r m a n c e a p p r a i s a l . T h e m a n a g e

m e n t m u s t a c h i e v e t h e t a r g e t s f i x e d i n b u d

g e t s a n d p l a n s . T h e i n t e r n a l a u d i t i s a t o

o l t o e v a l u a t e t h e w o r k i n g o f e a c h m a n a g e m

e n t f u n c t i o n .

1 3 . P r o v i d e S u g g e s t i o n s

T h e p u r p o s e o f i n t e r n a l a u d i t i s t o p r o v i d

e s u g g e s t i o n s f o r i m p r o v e m e n t o f b u s i n e s s

a c t i v i t i e s . T h e i n t e r n a l a u d i t s t a f f c a n s

u g g e s t t h e w a y s a n d m e a n s t o r e m o v e t h e d i

f f i c u l t i e s . A n y h o w t h e a u d i t c a n n o t c o m p e l

t h e m a n a g e m e n t t o i m p l e m e n t s u g g e s t i o n s .

1 4 . N e w I d e a s

T h e p u r p o s e o f i n t e r n a l a

u d i t i s t o s e e k n e w i d e a s r e l a t i n g t o p r o c

e d u r e s , m a r k e t i n g , f i n a n c i n g a n d o t h e r b u s

i n e s s m a t t e r s . T h e i n t e r n a l a u d i t s t a f f c a

n p r o v i d e n e w i d e a s a b o u t v a r i o u s b u s i n e s s

m a t t e r s . T h e v i a b l e i d e a s c a n b e p u t i n t

o p r a c t i c e f o r t h e b e n e f i t o f b u s i n e s s .

1 5 . U s e o f R e s o u r c e s

T h e p u r p o s e o f i n t e r

n a l a u d i t i s t o d e t e r m i n e t h e p r o p e r u s e o

f r e s o u r c e s . T h e m i s u s e o f r e s o u r c e s c a n i

n c r e a s e t h e c o s t o f d o i n g t h e b u s i n e s s . T h

e p r o p e r u s e o f r e s o u r c e s m e a n s t h e r e i s e

f f i c i e n c y o n t h e p a r t o f m a n a g e m e n t .

1 6 .

A c c o u n t i n g P o l i c i e s

T h e p u r p o s e o f i n t e r

n a l a u d i t i s t o e x a m i n e t h e a c c o u n t i n g p o l

i c i e s . T h e u n d e r s t a n d i n g o f a c c o u n t i n g s y s

t e m a n d p r o c e d u r e i s h e l p f u l t o d e v i c e t h e

e f f e c t i v e a u d i t p l a n s p r o c e d u r e s . T h e i n t

e r n a l a u d i t o r m a y f i n d a n y w e a k n e s s i n t h e

i n t e r n a l c o n t r o l . H e c a n c o m m e n t o n t h e a

c c o u n t i n g p o l i c i e s .

1 7 . S p e c i a l I n v e s t i

g a t i o n

T h e p u r p o s e o f i n t e r n a l a u d i t m a y

b e t o c o n d u c t s p e c i a l i n v e s t i g a t i o n a b o u t

a n y b u s i n e s s m a t t e r . I n t e r n a l a u d i t c a n b e

u s e d a s a t o o l t o n o t e t h e e f f e c t i v e n e s s

o f m a n a g e m e n t f u n c t i o n .

0 3 3 1 2 0 1 0 0 3 : 4 5 P M

T a n h a K a r i m
M i n d R e a d e r

J o i n D a t e :

M a y 2 0 0 9 L o c a t i o n : A g e : 2 7 P o s t s : 6 0 , 7 8 7 C o u n t r y :

R e a

d m o r e : I n t e r n a l A u d i t & I n t e r n a l C h e c k h t t p : / / w w w . f r i e n

d s m a n i a . n e t / f o r u m / b c o m p a r t 2 a u d i t i n g n o t e s / 2 8 4 3 2 . h t m # i

x z z 1 m U O t S C W c G e t p r i n t b o o k

Get prin t boo k