Presented by: Nirajan Simkhada, FCA

Introduction
Internal Policies such as Accounting Manual, Financial Rules, Staff Rules etc in each organization aimed towards implementation of Strong Control System and Compliance. Rule 95 of Financial Procedures Rule 2064 provides that each Ministry/Department shall prepare and implement an internal control system commensurate with the nature of operations to accomplish the work in an economical, efficient and effective manner; make financial reporting system more reliable and to accomplish the function in accordance with the prevailing laws. Control system varies in accordance with nature of operations and size of the organization. However, the bottom line is it should be adequately designed and effectively implemented.

Definition
A sound internal control system facilitates smooth functioning of activities under the budgetary framework. It is the plan of organization and all methods/procedures adopted to assist in achieving management objectives of ensuring: Safeguarding of assets Prevention and detection of fraud and error Accuracy and completeness of accounting records Timely preparation of reliable financial statements.

Definitions .contd
Alternatively, Internal Control is a Series Of Procedures designed to promote and protect sound management practices. Adherence to sound internal control procedures will significantly increase the likelihood that: Operations of organization is conducted effectively and efficiently; Financial information is reliable, so that managers and the board can depend on accurate information to make programmatic and other decisions; Assets and records of the organization are not stolen, misused, or accidentally destroyed ; The organizations policies are followed and Government regulations are met.

Level of Assurance
Internal Control process designed by management provides REASONABLE ASSURANCE regarding the achievement of objectives in the following categories: Effectiveness and Efficiency of Operations Reliability of Financial Reporting Compliance with applicable laws and regulations Understanding Internal Controls provides an additional reference tool for the personnel to: Identify and assess operating controls, financial reporting, and legal/regulatory compliance. Processes and to take action to strengthen controls where needed.

Level of Assurance.Contd
An effective control system provides REASONABLE, but not ABSOLUTE assurance for the safeguarding of assets, reliability of financial information, and compliance with laws and regulations. Reasonable Assurance is to provide management with the appropriate BALANCE BETWEEN RISK and the LEVEL OF CONTROLS to meet the objectives. The COST of a control should not exceed the BENEFIT to be derived from it.

Balancing Risk and Control

Balancing Risk and Control : Risk is the probability that an event or action will adversely affect the organization. The primary categories of risk are errors, omissions, delay and fraud. Control procedures shall decrease risk to a level where management can accept the exposure to that risk. Being out of balance can cause the following problems: Excessive Risk Loss of Assets, Donor or Grants Excessive Controls Increased Bureaucracy

Poor Business Decisions Noncompliance

Increased Regulations Public Scandals

Reduced Productivity Increased Complexity

Increased Cycle Time Increase of No-Value Activities

In order to achieve a balance between risk and controls, internal controls should be proactive, value-added, cost-effective and addresses the exposure to risk.

Characteristics of Fraud
Characteristics for Fraud : Motivation, Opportunity and Personal Characteristics Motivation is usually situational pressures in the form of a need for money, personal satisfaction, or to alleviate a fear of failure. Opportunity is access to a situation where fraud can be perpetrated, such as weaknesses in internal controls, necessities of an operating environment, management styles and corporate culture. Personal characteristics include a willingness to commit fraud. Personal integrity and moral standards need to be flexible enough to justify the fraud, perhaps out of a need to feed their children or pay for a family illness. Controls: It is difficult to have an effect on an individuals motivation for fraud. Personal characteristics can sometimes be changed through training and awareness programs. Opportunity is the easiest and most effective requirement to address to reduce the probability of fraud. By developing effective systems of internal control, you can remove opportunities to commit fraud.

Components of Internal Control

5 components divided in 2 broad groups:

1. Control Environment
2. Control Procedures : 2.1 2.2 2.3 2.4 Risk Assessment; Control Activity; Information & Communication; and Monitoring

Components of Internal ControlContd

Control (or Operating) Environment
Overall attitude, awareness and actions of executors and management regarding the internal control system and its importance in the entity. It is the control consciousness of an organization and atmosphere in which people conduct their activities and carry out their control responsibilities. Factors reflected in the control environment include
The function of the executive board and its sub-committee Managements philosophy and operating style The entitys organizational structure and methods of assigning authority and responsibility Managements control system including internal audit function, personnel policies and procedures and segregation of duties.

Control Environmentcontd
Effective Control Environment
Competent people knowledgeable, mindful Understanding of responsibilities, limits to their authority, and Committed to doing right thing in right way. Committed to follow an organization's policies and procedures and its ethical and behavioral standards.

The governing board and management enhance an organization's control environment when they establish and effectively communicate written policies and procedures, a code of ethics, and standards of conduct. Management is responsible for "setting the tone" for their organization that encourages highest levels of integrity, personal and professional standards, and assignment of authority and responsibility.

Control Environmentcontd
Control Environment Tips The control environment is greatly influenced by the extent to which individuals recognize that they will be held accountable. Listed below are some tips, not all inclusive, to enhance a department's control environment.
Written Policies and Procedures clearly mentioning employee responsibilities, limits to authority, performance standards, control procedures, and reporting relationships. Discussion of ethical issues with employees. Compliance with Conflict of Interest policy and disclose potential conflicts of interest. Adequate job descriptions exist, department has an adequate training program for employees. Employee performance evaluations are conducted periodically. Appropriate disciplinary action is taken when an employee does not comply with policies and procedures or behavioral standards.

Components of Internal ControlContd

Control Procedures
Policies and Procedures in addition to the control environment which management has established to achieve the entitys goals and objectives.
Risk Assessment: (1) Identification, (2) Analysis and (2) Mitigation of Risk. How to Identify Risk? Ask the following questions What could go wrong? How could we fail? What must go right for us to succeed? Where are we vulnerable? What assets do we need to protect? Do we have liquid assets or assets with alternative uses? How could someone steal from the department? How could someone disrupt our operations? How do we know whether we are achieving our objectives?

Components of Internal ControlContd

Risk Identification On what information do we most rely? On what do we spend the most money? How do we bill and collect our revenue? What decisions require the most judgment? What activities are most complex? What activities are regulated? What is our greatest legal exposure? Instances of High risk transactions Petty cash (if high volumes are processed), Assets with Alternative Uses, Cash Receipts (continuing education programs, gifts, endowments, special events, bookstore, performances, etc.), Consultant Payments, Travel Expenditures, Payments to Non-Vendors, Payroll (rates, changes, terminations), Equipment, Equipment Moved Off-Location .

Components of Internal ControlContd

Risk Analysis: Prioritize those risks based on following: Assess the likelihood (or frequency) of the risk occurring. Estimate the potential impact if the risk were to occur; consider both quantitative and qualitative costs. Determine how the risk should be managed; decide what actions are necessary. Risk Assessment Tips Make sure the department has a mission statement and written goals and objectives. Assess risks at the department level. Assess risks at the activity (or process) level. Make sure that all risks identified at the department level are analyzed and proper resolution is sought in the organizational level.

Components of Internal ControlContd

Control Activity: These are actions, supported by policies and procedures that, when carried out properly and in a timely manner, manage or reduce risks. Preventive Control :
Determine or prevent undesirable events from occurring, Proactive controls that help to prevent a loss. Examples are segregation of duties, proper authorization, adequate documentation, and physical control over assets.

Detective Control:
Detect undesirable acts Reactive controls Examples of detective controls are reviews, analyses, variance analyses, reconciliations, physical inventories and audits.

Components of Internal ControlContd

Information & Communication: General Controls & Application Controls General Controls are practices designed to maintain the integrity and availability of information processing functions, networks, and associated application systems and includes: Access Security, Data & Program Security, Physical Security Software Development & Program Change Controls Data Center Operations Disaster Recovery Plan Application Controls are the computer programs and processes, including manual processes, that enable to conduct essential activities; buying products, paying people, accounting for expenses and forecasting and monitoring budgets and includes: Input controls (e.g., edit checks) Processing controls (e.g., record counts), and Output controls (e.g., error listings).

Components of Internal ControlContd

Monitoring Organizations may select from a wide variety of monitoring procedures, including but not limited to: Periodic evaluation and testing of controls by internal audit, Continuous monitoring programs built into information systems, Analysis of, and appropriate follow-up on, operating reports or metrics that might identify anomalies indicative of a control failure, Supervisory reviews of controls, such as reconciliation reviews as a normal part of processing, Self-assessments by boards and management regarding the tone they set in the organization and the effectiveness of their oversight functions, Audit Committee inquiries of internal and external auditors, and Quality assurance reviews of the internal audit department.

Non-Profit Organization Perspective

Following minimum internal control procedures shall be followed in case of non-profit making organizations. Segregation of duties (authorization, recording, control and payment), Written standard procedures covering major activities and operations, Examination of arithmetical accuracy of books of account, Preparation of various control accounts, Preparation of Trial balance, Reconciliation of balances (Banks, subsidiary accounts, debtors and creditors, etc.) and follow up for settlement, Authorization of various transactions, Control to access of books of account by unauthorized person,

Non-Profit Organization Perspectivecontd

System of protection given to various assets, Physical verification of various fixed assets, consumables and cash Preparation of budget and comparison with actual including investigation of unusual fluctuation, if any, Procedure of reporting fraud and handling the same, Transparency in disclosing activities and financials (public/social auditing, information to DAO, SWC, etc.), Independent and surprise verification, supervision and monitoring, and Internal Audit.

Conclusion: Maintaining Effective Controls

Segregation of duties by making every effort to apportion duty in such a manner that no one individual, including program coordinators, accountant, administrative assistants and other senior personnel, controls all aspects of transaction. The auditor's management letter is an important indicator of the adequacy of internal control structure, and the degree to which it is maintained. Cost benefit analysis Minimum controls standards shall be established

Inventory Management
Non-expendable Inventory Management: Permanent Record of Non-expendable Items: its cost, quantity, make, brand, identification code, date of acquisition, location and working condition. Assets Movement Register (Loan Register) Log Books of Vehicles:
Date of use, purpose of use and authority for use. Calculation of mileage, cost of maintenance and operation of vehicle shall be analysed Unrealistic and unreasonable fluctuations shall be investigated and reported to concerned higher authority.

Physical Verification: Periodic and Reconciliation Safeguarding (Insurance Cover): Comprehensive coverage

risk

Inventory Management
Expendable Inventory Management Processing and Payment: Requisition, GRN, PAID Stamp Expenses on consumption basis Issue : Requisition basis Periodic reconciliation Separate and Updated records Restricted Access Safeguarding of Balances in Store

Questions
Please

Thank you