Internal Control Evaluation (SIA-12)

192 Page Views
Internal Control Evaluation (SIA-12)
  • Object:
    • Establish Standards and provide guidance on procedures to be followed by Internal Auditor
    • Communication of weakness in Internal control.
    • Internal control system consists of interrelated components such as Risk assessment, Control (or Operating) environment, Monitoring, etc.
  • Control Environment:
    • Factors affecting internal controls
      • Entity organization Structure
      • Functioning of BOD/ Governing Body.
      • Management’s philosophy and operating style
      • Management’s control system.
      • Integrity and ethical values
      • Commitment to competence
      • Human resource policies and practices
    • Inherent Limitations of Internal Controls:
      • Cost benefit Analysis
      • Potentiality for Human Error
      • Circumvention of Internal controls by parties within/ outside the entity.
      • Misuse of Power
      • Manipulations by Management.
    • Role of Internal Auditor:
      • Evaluation of the efficiency and effectiveness of controls
      • Recommending new controls where needed – or discontinuing unnecessary controls
      • Using control frameworks
      • Developing control self-assessment
    • Areas of Review for Internal Auditor:
      • Mission, vision, ethical and organizational value-system of the entity
      • Personnel allocation, appraisal system, and development policies
      • Accounting and financial reporting policies and compliance with applicable legal and regulatory standards
      • Objective of measurement and key performance indicators
      • Documentation standards
      • Risk management structure
      • Operational framework
      • Processes and procedures followed
      • Degree of management supervision
      • Information systems, communication channels
      • Business Continuity and Disaster Recovery Procedures
    • Evaluation of Internal Control:
      • Verify mission statement and written goals and objectives.
      • Assessing risks at the entity level.
      • Assessing risks at the activity (or process) level.
      • Prepare Business Control Worksheet.
      • Ensure all risks to the entity are identified.
      • Ascertain those risks for which no controls exist or existing controls are inadequate.
    • System Driven Environment: Determine whether the entity uses
      • Encryption tools, protocols to protect confidential or sensitive information.
      • Back-up and restore features to reduce the risk of permanent loss of data.
      • Virus protection software and
      • Passwords that restrict user access to networks, data and applications.
    • Tests of Control: Performed to obtain effectiveness of the
      • Design of the internal control systems.
      • Operation of the internal controls throughout the period.
      • Cost Benefit analysis.
      • Includes Inspection of Documents, Inquiries and Observation, Re-performance , Reconciliations and Testing of Internal Controls.
    • Communication of Internal Control Weakness: In case of continuing internal control weaknesses, consider whether
      • Management has increased supervision and monitoring;
      • Additional or compensating controls have been instituted; and/or
      • Management accepts the risk inherent with the control weakness.

©2018 TaxGuruPRO

or

Log in with your credentials

or    

Forgot your details?

or

Create Account