AUDIT OF INTERNAL CONTROL

1
AUDIT OF INTERNAL CONTROL

• Day V
• Sessions I II

2
Session Overview

• Periodical audit of existence of internal control
  in order to examine its effectiveness is
  necessary.
• Management may provide internal audit but
  external auditor must look at existence of
  internal control
• Existence of internal control reduces the risk of
  internal auditor.

3
Learning objective

• After this session participants will understand
  how to see the existence of internal control.
• Participants will also understand how to conduct
  the audit of various components of internal
  control.

4
Audit of control environment

• By looking and consulting organisational chart
  see that organisation has vertical and lateral
  channels of communication.
• Auditor should examine the documentation
  regarding delegation of authority and plans of
  succession.
• Auditor also should see the span of control.

5
Audit of control environment.

• Auditor should examine the number of vacancies in
  organisations management and how many persons
  are in acting capacity
• It should also be seen that whether any
  arrangements for ensuring continuity of
  operations in case of temporary absence of top
  management.

6
Continued from last slide.

• To examine integrity and ethical values
  demonstrated by management see that it is free
  from any pressure
• Adherence to the conduct rules may be seen
• Previous reports may be examined to see above
• Auditor may also see the kind of values reflected
  in the behaviour.

7
Continued from last slide

• Managements commitment to competence as well as
  its philosophy and operating style may examine
  with the help of managements approach towards
  human resource issues, way of decision making,
  way of problem solving and their active
  application.
• For this purpose auditor may examine human
  resource policies.

8
Continued..

• Following issues are also to be examined..
• Turnover in organisation
• Succession planning
• Procedsure of decision making
• Use of inputs received from subordinate
• Process of problem solving (Whether it is
  participative or directive or mixture of both)

9
Audit of Risk Assessment

• See the information supplied by branch offices of
  the organisation is reliable.
• Also see whether the coordinating units evaluate
  data supplied
• Examine the procedure for data verification. See
  whether procedures been adhered to
• Also see whether procedures adopted for remedy if
  the data tuened to be inaccurate.

10
Audit of risk continued..

• See the factors which has impact on the program.
• Examine the funding and see if the funds have
  been cut and what has been the impact on internal
  control.
• See the risk factor in respect of funding.
• See the controls instituted to ensure the
  appropriate use of funds.

11
Audit of information

• See that information available regarding
  management decision making is relevant, reliable
  and timely.
• Is it reliable for external reporting purposes.
• Examine the data use for decisions
• Examine whether crosschecks of data was carried
  out.
• See the documentary evidence for use of correct
  data and to see how it is used.

12
Audit of communication.

• See that effective and reliable internal
  communication beteeb management and stakeholder
  is available.
• See that staff is available for carrying out
  internal control.
• See whether organisation allow for easy flow of
  information back or forth.

13
Continued

• See what is a process for notifying the
  management of the problems.Examine the procedure.
  Examine documents to see if stated procedure
  adhered to .
• Examine documentary evidence to see if the
  problem reported are considered and acted upon.

14
Auditing internal control activities.

• Examine design and implementation of policies and
  procedures for managing the programme.
• See whether indices have been established to
  monitor performance of organisation.
• See that performance measures were reviewed. See
  the performance measures related to mission goals
  and objective.

15
Continued..

• See that performance data are continually
  monitored and analyzed.
• Examine whether policies to safeguard assets are
  known to all
• Examine whether the organisation has identified
  and ensured adequate protection for its critical
  issue.

16
Continued..

• Are assets like cash, assets of vulnerable losses
  theft are adequately guarded.
• See that stock verification procedures adequate
  and are they adhered to.
• See that police to safeguard programme resources
  and funds exists.
• Has the organisation has adequate protection to
  funds.,

17
Continued..

• See whether organisation established criteria foe
  identifying the grantees for aid, See the
  criteria.
• See whether risk assessments performed and
  documented when system are changed.
• See whether data sensitivity and integrity
  considered in risk assessments

18
Continued..

• See whether wide security programme is exists.
• See whether access to information software code
  suitable restricted.
• See whether contingency plan for ensuring
  continuity of service exists.
• See whether transactions are properly and
  promptly classified. Supporting records properly
  maintained.