![Page 1: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/1.jpg)
1
The
Internal Control
Framework
CA. Rajkumar S Adukia
B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB ,Dip In
IFRS(UK)
www.caaa.in
9820061049/9323061049
To receive regular updates kindly send test email to
![Page 2: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/2.jpg)
2
What Is Internal Control ?
“A process effected by an entity‟s board of directors,management and
other personnel,designed to provide reasonable assurance regarding the
achievements of objectives in the following categories:
Effectiveness & efficiency of operations.
Reliability of financial reporting.
Compliance with applicable laws and regulations.”
![Page 3: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/3.jpg)
3
What is External Control?Various measures that affect a company's operations,
– which are not enacted by the company
– but rather by the government or other organizations.
External control includes any
– rule or regulation
– which has an effect on the actions of the company, and
– can include tax laws enacted by the government which affect the flow of money,
– a lease which restricts what a company can or can not do with their office space, and
– laws which prevent discrimination in the company's hiring procedure.
![Page 4: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/4.jpg)
4
Evolution of Internal Control
Chanakya – 300 BC
English Audit Specialist - Lawrence Dicksee – 1905
COSO – 1992
SOX - 2002
![Page 5: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/5.jpg)
5
Today‟s organizations are concerned
about:
Risk Management
Governance
Control
Assurance (and Consulting)
![Page 6: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/6.jpg)
6
Why Internal Control?
Management and control of risks
Safeguarding the assets of the company
Achievement of overall objectives of the organisation
Effective and efficient operations
Reliable and correct financial information (internal as well as external)
Prevention and detection of fraud and errors
![Page 7: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/7.jpg)
7
Internal control is a process.
It is a means to an end, not an end in itself.
Internal control is effected by people.
It’s not merely policy manuals and forms, but people at every level of an organization.
Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity’s management and board.
Internal control is geared to the achievement of objectivesin one or more separate but overlapping categories.
![Page 8: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/8.jpg)
8
The System of internal control
The control environment
Risk assessment
The control activities and procedures
Accounting, information and communication
Monitoring and self assessment
![Page 9: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/9.jpg)
9
Components Of Internal Control
Control Environment.
Risk Assessment.
Control Activities.
Information & Communication.
Monitoring.
![Page 10: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/10.jpg)
10
Limitations of Internal Control
Judgement.
Breakdowns.
Management override.
Collusion.
Costs Versus Benefits.
![Page 11: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/11.jpg)
11
![Page 12: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/12.jpg)
12
What Internal Control Can Do
It can
help achieve performance & profitability targets.
help prevent loss of resources.
help ensure reliable financial reporting.
help ensure compliance with laws.
It can help an entity get to where it wants to go,and avoid pitfalls and surprises along the
way.
![Page 13: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/13.jpg)
13
What Internal Control Cannot Do
It cannot
ensure success.
ensure the reliability of financial reporting.
ensure compliance with laws and regulations.
Internal controls ,no matter how well designed and operated,can
provide only reasonable assurance to management regarding
achievements of an entity’s objectives.
![Page 14: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/14.jpg)
14
Internal control and internal audit
Internal audit is a part of internal control
Internal audit provides an objective, independent review of the organisation’s activities, internal controls, and management information systems to help the board and management monitor and evaluate internal control adequacy and effectiveness.
![Page 15: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/15.jpg)
15
Who is accountable for assurance that appropriate
internal controls are in place?
Management!!!!
![Page 16: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/16.jpg)
16
Who’s responsible for the performance of internal control
activities?
Everyone!!!!!!
![Page 17: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/17.jpg)
17
Types of Internal Controls
Directive Controls – encourage good behavior, it‟s the
right thing to do
– Incentive plans
– Recognition awards
– Training
– Policies and Procedures
– Promotions
![Page 18: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/18.jpg)
18
Types of Internal Controls
Preventative Controls – prevent undesirable events from
occurring
– Knowledge that someone is reviewing your
work
– Segregation of duties
– Limited access
– Levels of authorization
– Security badges
– Business rule set-up in automated systems
![Page 19: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/19.jpg)
19
Types of Internal Controls
Detective Controls – detect and correct undesirable events
after they occur.
– Reconciliations
– Auditing
– Confirmations
– Exception reports
– Reviews done on a regular basis
![Page 20: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/20.jpg)
20
Types of Internal Control
Mitigating Controls – Mitigate for the lack of an expected control.
– Cash handling – lack of adequate staff for proper segregation of duties – sharing with another area
– Software security/access – regular monitoring of access for certain employees when software security is not adequate because of functional constraints.
![Page 21: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/21.jpg)
21
IT Access Limitation Controls
To create a record
To change a record
To approve a transaction
By allowing read-only
By requiring passwords
Requiring time out limits
By installing firewalls
![Page 22: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/22.jpg)
22
Control Tools (Partial Listing)
Formal Compliance programs
Checklists
Inspections
Exception reports (i.e. Performance appraisals not completed, excessive overtime, duplicate payments etc.)
Forms control (pre-numbered documents, filing by and verifying integrity of numerical sequence)
Performance standards
Physical safeguards (safes, locks, access cards, dual control over sensitive assets, cameras, alarms, guards, ID badges etc.)
Simulated disaster recovery drills
![Page 23: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/23.jpg)
23
Which of the following are examples of an internal
control?
Segregation of duties
Passwords
Bonus plans
Reconciliations
Staff Meetings
Training on a new system
Training in group dynamics
Directions on how to complete expense reports
Requiring original receipts for expense reports
Managers being scrupulous in completing their own expense reports
Managers telling employees to be scrupulous in completing their expense reports
Standard price lists, with sales people allowed a maximum of 10% variance for negotiation
![Page 24: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/24.jpg)
24
What happens when internal
controls are not in place or break
down?
![Page 25: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/25.jpg)
25
FRAUD!!!
![Page 26: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/26.jpg)
26
Internal Control Framework - Many
models to choose from……….
COSO
COCO
Cadbury Report
Deming Award
TQM
12 Attributes
Deep Learning Framework
ISO 9000
Kings Report
Treadway Commission
![Page 27: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/27.jpg)
27
Internal Control Frameworks and
Codes – International Scenario
Foreign Corrupt Practices Act (1977),
Report of the National Commission on Fraudulent
Financial Reporting (Treadway Commission Report,
1987);
The Report on „Internal Control – Integrated
Framework’, issued by the Committee of Sponsoring
Organizations of the Treadway Commission (COSO), in
1992
Internal control frameworks presented by the Cadbury
Committee Report (Cadbury Report, UK);
![Page 28: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/28.jpg)
28
Internal Control Frameworks and
Codes – International Scenario
Internal Control: Guidance for Directors on the Combined
Code (1999)
The Criteria of Control Committee (CoCo Report, Canada)
The King Committee (King Report, South Africa)
The Report on „Enterprise Risk Management – Integrated
Framework’, issued by the Committee of Sponsoring
Organizations of the Treadway Commission (COSO), in
2004
![Page 29: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/29.jpg)
29
Who Developed Models?
COSO: The major accounting and audit professional
organizations issued COSO in 1992.
12 Criteria: The Canadian Comprehensive Auditing
Foundation published Effectiveness Reporting and
Auditing in the Public Sector in 1987.
COCO: In November 1995, The Canadian Institute of
Chartered Accountants (CICA) published Guidance on
Control.
ISO 9000 developed by the International Organization
for Standardization (ISO)
![Page 30: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/30.jpg)
30
Different Frameworks: Same Goals
Frameworks provide a way of understanding our
organizations.
By having different groupings, each highlights some
aspects of control more than others.
The criteria in the frameworks provide a basis for
understanding control in an organization and for making
judgment about the effectiveness of control.
![Page 31: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/31.jpg)
31
Different Frameworks: Same Goals
Frameworks provide a systematic step by step method of evaluating and
addressing the adequacy of controls in multiple dimensions of a
business.
Frameworks provide a standard review process.
Frameworks provide a tool that helps management and audtiors evaluate
the adequacy of controls in multiple dimensions of the business. It helps
give a picture of how well all of the controls in all of the dimensions are
working.
![Page 32: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/32.jpg)
32
Using These Frameworks
Gives a picture that focuses on what is important to users,
that keeps things in perspective, and that is sensitive to
„shades of gray‟.
Flexibility is allowed and creativity is required.
Nothing magical about them--but they can allow you to
have seemingly magical insights.
![Page 33: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/33.jpg)
33
One More Tool in the Tool box
CSA (Controlled Self Assessment)
Questionnaires
Unobtrusive Measures
Structure Interviews
Document Reviews
Regression Analysis
Integrated Control Frameworks And many more!
![Page 34: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/34.jpg)
34
Inform
ation an
d C
omm
unication
Mon
itor
ing
Activities
Risk
Assessment
Environment
COSO
![Page 35: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/35.jpg)
35
Coso ERM Framework
OH 3-19
![Page 36: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/36.jpg)
36
COSO - Cadbury
COSO
– Control Environment
– Risk Assessment
– Control Activities
– Information and
Communication
– Monitoring
Cadbury
– Control Environment
– Identification of Risks,
Control Priorities and
Objectives
– Control Activities
– Monitoring and
Corrective Action
![Page 37: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/37.jpg)
37
Control Environment
Provides an atmosphere in which people conduct their activities and
carry out their control responsibilities. It serves as the foundation for
the other components (COSO)
Management must send a clear message to all personnel that control
responsibilities are to be taken seriously, that each personal has a
particular role in the control system and that each role relates to the
role of others. (Cadbury)
![Page 38: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/38.jpg)
38
Risk Assessment
Management must assess risks to the achievement of
specified objectives. (COSO)
Is the process by which executive management identifies
the risks arising from the organization‟s business and,
since resources are always limited, establishes the
priorities for control and particular control objectives.
(Cadbury)
![Page 39: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/39.jpg)
39
Control Activities
Are implemented to help ensure that management directives to address
the risks are carried out. (COSO)
Are the detailed polices and procedures designed to achieve the
company‟s control objectives and to provide management with
reasonable assurance that their priorities for internal control are being
addressed. They operate throughout the organization, potentially
covering all levels. (Cadbury)
![Page 40: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/40.jpg)
40
Key Control Activities
Control
Environment
Control Over
Assets & Information
Systems
Monitoring
Authorization,
Approvals, Verifications
Segregation
of Duties
![Page 41: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/41.jpg)
41
Information & Communication
Relevant information must be identified , captured and communicated in a form & timeframe that enables people to carry out their responsibilities.
Information systems produce reports containing operational,financial and compliance –related information that make it possible to run and
control the business.
Effective communication must occur in a broader sense,flowing down,across and up the organization.
![Page 42: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/42.jpg)
42
Monitoring
The entire process is monitored and modified as conditions warrant.
(COSO)
Monitoring and corrective action should produce sufficient evidence
that the financial control system for which they are responsible is
effective in practice. Monitoring is performed at a higher level than
the routine checks built into the day-to-day routine and involves a
greater degree of independence from those who operate the
procedures. (Cadbury)
![Page 43: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/43.jpg)
43
CRIME
Control Activity
Risks
Information
Monitoring
Environment
![Page 44: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/44.jpg)
44
COSO Matrix
Operations Financial
Reporting
Compliance
With Laws and
Regulations
Control
Environment
Risk
Control Activities
Information and
Communication
Monitoring
![Page 45: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/45.jpg)
45
PurposeA sense of direction.
What are we here for?
CommitmentA sense of identity
and values.
Do we want to do
a good job?
CapabilityA sense of competence.
What action do we need to
take?
Monitoring and
LearningA sense of evolution.
What Progress?
What Next?
ACTION
COCO
![Page 46: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/46.jpg)
46
COCO Criteria:
Purpose Objectives should be established and communicated.
The significant internal and external risks faced by an organization in the achievement
of its objectives should be identified and assessed.
Policies designed to support the achievement of an organization‟s objectives and the
management of its risks should be established, communicated and practiced so that
people understand what is expected of them and the scope of their freedom to act.
Plans to guide efforts in achieving the organization‟s objectives should be established
and communicated.
Objectives and related plans should include measurable performance targets and
indicators.
![Page 47: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/47.jpg)
47
COCO Criteria:
Commitment Shared ethical values, including integrity, should be established, communicated and
practiced throughout the organization.
Human resource policies and practices should be consistent with an organization‟s
ethical values and with the achievement of its objectives.
Authority, responsibility, and accountability should be clearly defined and consistent
with an organization‟s objectives so that decisions and actions are taken by the
appropriate people.
An atmosphere of mutual trust should be fostered to support the flow of information
between people and their effective performance toward achieving the organization‟s
objectives.
![Page 48: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/48.jpg)
48
COCO Criteria:
Capability People should have the necessary knowledge, skills and tools to support the achievement
of the organization‟s objectives.
Communication processes should support the organization‟s values and the achievement
of its objectives.
Sufficient and relevant information should be identified and communicated in a timely
manner to enable people to perform their assigned responsibilities.
The decisions and actions of different parts of the organization should be coordinated.
Control activities should be designed as an integral part of the organization, taking into
consideration its objectives, the risks to their achievement, the inter-relatedness of
control elements.
![Page 49: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/49.jpg)
49
COCO Criteria:
Monitoring and Learning Environment should be monitored to obtain information that may signal a need to re-evaluate the
organization‟s objectives or controls
Performance should be monitored against the targets and indicators identified in the organization‟s
objectives and plans.
The assumptions behind an organization‟s objectives should be periodically challenged.
Information needs and related information systems should be reassessed as objectives change or as
reporting deficiencies are identified.
Follow-up procedures should be established and performed to ensure appropriate change or action
occurs.
Management should periodically assess the effectiveness of control in its organization and
communicate the results to those to whom it is accountable.
![Page 50: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/50.jpg)
50
COCO:
Sample Assessment QuestionsPurpose
Do we understand our objectives?
Are our plans responsive and adequate to change?
Commitment
Are critical decisions made by people with the necessary expertise, knowledge and
authority?
Capability
Is there adequate information to allow us to perform our tasks?
Monitoring and Learning
Do we challenge the assumptions behind our objectives?
![Page 51: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/51.jpg)
51
COSO and COCO‟s Definition of
Internal ControlPer COSO, Internal Control is:
a process,
effected by an entity‟s board of directors, management, and other personnel,
designed to provide reasonable assurance regarding the achievement of objectives.
Per COCO, Internal Control is
those elements of an organization (including its resources, systems, processes, culture,
structure and tasks) that, taken together, support people in the achievement of the
objectives.
![Page 52: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/52.jpg)
52
Objectives of Internal Controls
Per COSO, organization‟s
effectiveness and efficiency of operations;
reliability of financial reporting; and
compliance with applicable laws and regulations.
Per COCO
effectiveness and efficiency of operations
reliability of internal and external reporting; and
compliance with applicable laws and regulations and internal
policies.
![Page 53: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/53.jpg)
53
Key COSO and COCO Concepts
Internal Control is a process.
Internal Control is effected by people.
Internal Control can be expected to provide only
reasonable assurance.
Internal Control is geared to the achievement of
objectives.
![Page 54: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/54.jpg)
54
Hard Controls - Soft Controls
Policy and Procedures
Organizational Structure
Bureaucracy
Restrictive formal processes
Competence
Trust
Shared Values
Leadership
Expectations
Commitment
![Page 55: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/55.jpg)
55
What‟s More Important?
Segregation of duties or ethical employees?
Well written and thorough policy and procedures manuals
or competent employees?
Clear delineation of roles and responsibilities or a group of
employees dedicated to accomplishing the organization‟s
mission?
![Page 56: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/56.jpg)
56
Soft Controls
In the past, auditors have focused exclusively on the
hard controls.
As the Savings and Loan crises demonstrated, this
has meant that auditors have often missed the really
important issues that will dictate whether an
organization succeeds and is operating at the most
efficient and effective manner. COSO, COCO,
Cadbury and the other control models highlight the
need to examine soft controls and provide the
analytical tools to do so.
![Page 57: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/57.jpg)
57
“Soft”Factors
lntegrity and ethical values
Commitment to competence
Management's philosophy and
operating style
Managing change
Communication
![Page 58: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/58.jpg)
58
Soft Control
a useful, though not precisely definable
term
best explained with common
characteristics and examples
![Page 59: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/59.jpg)
59
Common Characteristics
Hard controls Soft controls
tend to be: tend to be:
formal informal
objective subjective
Quantitatively intangible
measurable
the 'map" the real terrain
![Page 60: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/60.jpg)
60
Examples
Hard Controls Soft Controls
Policy/procedure Competence
Organizational Trust
structure
Shared Values
Bureaucracy Strong Leadership
Restrictive formal
processes High expectations
Openness
Centralized decision High ethical
making standards
![Page 61: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/61.jpg)
61
CARO provisions
Point 4 – matters to be included in auditor‟s report
“(iv) is there an adequate internal control procedure commensurate
with the size of the company and the nature of its business, for the
purchase of inventory and fixed assets and for the sale of goods.
Whether there is a continuing failure to correct major weaknesses in
internal control.”
![Page 62: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/62.jpg)
62
The regulations
Clause 49 of the Listing Agreement in India
Sarbanes Oxley Act 2002 in US
The Combined Code on Corporate Governance 2003 in
UK
– Guidance for Directors on the Combined Code,
Turnbull Committee (C.2 and C.3)
![Page 63: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/63.jpg)
63
Clause 49 – Corporate Governance
Board of Directors
Audit Committee
Subsidiary Companies
Disclosure of Contingent Liabilities
Disclosures
CEO/CFO certification
Report on Corporate Governance
Compliance
![Page 64: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/64.jpg)
64
SOX
Focus only on
– Financial reporting
– Information filed with SEC
Section 404
Section 302
Setting up of independent audit committees
Codes of conduct, whistle blowing procedures
Greater involvement of the Board and the audit committees in control activities
![Page 65: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/65.jpg)
65
SOX – Section 404
Rules for reporting the evaluation of the internal controls relating to
financial reporting
Focus on compliance and accountability
Standard for attestation engagements issued by Public Company
Accounting Oversight Board (PCAOB)
– Audit standard 2 of June 2004, An Audit of Internal
Control Over Financial Reporting Performed in
Conjunction With an Audit of Financial Statements
![Page 66: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/66.jpg)
66
SOX - Section 302
Responsibility for financial reports filed with SEC on
„signing officers‟
Various certifications to be given by the „signing officers‟
![Page 67: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/67.jpg)
67
The Combined Code
Maintain a sound system of internal control to
safeguard shareholders‟ investment and the
company‟s assets. (Principle C.2)
![Page 68: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/68.jpg)
68
Provision C.2.1
At least annual review of the effectiveness of the system of internal control
Report to shareholders that review has been done.
Review to cover all material controls, including financial, operational and compliance controls and risk management systems.
![Page 69: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/69.jpg)
69
C.3
The board should establish formal and transparent
arrangements for considering how they should apply the
financial reporting and internal control principles and for
maintaining an appropriate relationship with the
company‟s auditors.
![Page 70: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/70.jpg)
70
C.3.2 Main Role of the Audit Committee
– Review the internal financial controls unless expressly addressed by a separate board committee
C.3.5 The audit committee should monitor and review the effectiveness of the internal
audit activities. Where there is no internal audit function, the audit committee should
consider annually whether there is a need for an internal audit function and make a
recommendation to the board, and the reasons for the absence of such a function should be
explained in the relevant section of the annual report.
![Page 71: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/71.jpg)
71
Guidance for Directors on Combined
Code
The Turnbull Guidance
Helps the directors to:
– assess how the Company has applied Code principle C.2
– implement the requirements of Code provisions C.2.1 and C.3.5
– report these matters to the shareholders in the annual report and accounts
![Page 72: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/72.jpg)
72
The European framework
The European Economic Reform White Paper of 2002 defines internal
controls as creating standards for five key control elements:
– Control environment
– Performance and risk management
– Information and communication
– Control activities
– Audit and evaluation
![Page 73: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/73.jpg)
73
The COSO framework of internal control
The control environment
Risk assessment
The control activities
Information and communication
Monitoring
![Page 74: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/74.jpg)
74
Questions/ Suggestions/ Comments???
![Page 75: The Internal Control Framework - caaa.in · 2014-10-04 · 1 The Internal Control Framework CA. Rajkumar S Adukia B.Com(Hons.) FCA, ACS,MBA, AICWA, LLB,Dip In IFRS(UK) rajkumarfca@gmail.com](https://reader030.vdocuments.site/reader030/viewer/2022040810/5e506b92b92a4e45895467e6/html5/thumbnails/75.jpg)
75