Internal Controls: Back to Basics

Focus & Features

Internal controls are necessary to effectively and efficiently carry out an organization's goals and objectives at all levels.

Designing and implementing an effective system of internal control can be challenging. Adaptability to rapidly changing business models, new technologies and globalization requires a system to be agile. An internal control system requires the use of judgment to monitor and assess its effectiveness and it must provide insight on the application of controls.

To become an effective Internal Auditor, the main objectives of this training are as follows:

• Define internal controls
• Understand the COSO Framework
• Identify Internal Controls, control categories and control tools
• Design control systems for business process by applying Risk Assessment thought process
• Document internal control systems
• Evaluate control systems to determine control adequacy and effectiveness

Through team exercises, group discussions, case studies and lectures, attendees will gain a foundation of knowledge that will allow Internal Auditors to define, identify, design and evaluate internal controls. A basic understanding of the roles of risks and internal controls will also be stressed, along with interpersonal and team-building skills.

What You Will Learn

I. Definition of Internal Controls

• Regulatory pressure towards reviewing the effectiveness of internal controls
• Primary objectives of internal controls
• Traditional definition of internal controls
• Internal control myths and realities
• Internal controls definition (based on COSO Framework)

II. The Committee of Sponsoring Organization (COSO) of the Treadway Commission Framework

• Definition and its key concepts
• The five components of internal controls
• Limitation of internal controls
• Roles and Responsibilities
• Case Studies about Internal Controls

III. Identifying Internal Controls

• Techniques to identify internal controls
• Control classifications (preventive, detective, directive and mitigating controls)
• Control activity types (manual, automated, specific, pervasive and monitoring)
• Concepts of key controls vs. other controls
• Concept of CAVR (Completeness, Accuracy, Validity and Restricted Access)
• Control Tools
• Case Studies about Identifying effective controls

IV. Designing Internal Controls

• International Professional Practices Framework (IPPF) standards about Internal Auditor responsibility on designing internal controls
• Identify well defined control objectives
• Identify risk to accomplishing objectives, given a situation.
• Determine the significance and likelihood of a risk.
• Identify possible ways to manage risk.

V. Baseline: Process and Control Documentation

• Identify the common forms used during process documentation.
• Techniques in documenting internal controls
• Documentation- what can go wrong?

VI. Evaluating Internal Controls

• Adequacy vs. Effectiveness
• Evaluation tools

narratives

internal control questionnaires

flowcharts

risk and control matrix

VII. Case Studies

VIII. Seminar Conclusion

• Plan for Action