​ADVANCE AUDITING

​ASSIGNMENT

​How risk factors affect the internal control system?

SUBMITTED TO: Ms Payal Goel

SUBMITTED BY: Pooja Miglani
ROLL NO: 22
COURSE: M.com(Hons), 3rd Sem
University Business School,
Panjab University, Chandigarh
Internal control​: ​Internal control is a system that is defined and implemented by the
company under its own responsibility. It encompasses a set of resources, behaviours, procedures
and actions which are adapted to the individual circumstances of each company that contribute to
control over its activities, the efficiency of its operations and efficient use of its resources, and
enable the company to assess all significant operational, financial and compliance risks
appropriately.
The system aims to ensure:
a) compliance with laws and regulations
b) implementation of the instructions and directions given by executive management or the
executive board
c) proper functioning of the company’s internal processes, especially those relating to the
protection of its assets
d) reliability of financial information.

Risk​: Risk-taking is an inherent trait of any enterprise. A Company can not grow and create a
value without risk-taking. If risks are not properly managed and controlled, they can affect the
company’s ability to attain its objectives. Risk management and internal control systems play a
key role in directing and guiding the company’s various activities by continually preventing and
managing risks.
Risk represents the possibility of an event occurring that could affect the company’s personnel,
assets, environment, objectives or reputation.

There are several risk factors that affect the internal control system of an organisation
which are explained as following :
1) Changes in Operating Environment​: Being aware of the environment an organisation
operates in is vitally important. The operating environment for organisations is
continually changing. This change may be in government policy or in social trends, it
may be legislative. ​For example:The coronavirus outbreak has forced companies to
reevaluate how contact centers are leveraged, how employees deliver relevant customer
experiences, where they work, and how digital channels can be used to support
business continuity through the crisis and beyond. The global COVID-19 pandemic
has forever changed our experiences―as customers, employees, citizens, humans―
and our attitudes and behaviors are changing as a result​.​The Management Committee
has a key role to play in ensuring that an organisation is aware of the environment. This
can be done through being well linked in with other organisations and individuals and
ensuring that committee members are keeping up to date with trends and changes in the
environment. New policies or services may need to be developed to keep the organisation
current and compliant with the legal and regulatory framework. Risks in the operating
environment need to be identified and managed. The Committee is responsible for
 leading the organisation through a changing environment and making sure it is fit for
purpose.

2) New Personnel​: If the employees are not provided with appropriate training and
guidance so that they have the knowledge necessary to carry out their job duties. Also, if
they are not provided with an appropriate level of direction and supervision, and are not
aware of the proper channels for reporting improprieties, it will affect the internal control
system of the company. Therefore, there should be clearly defined responsibilities and
powers that are granted to the right people according to the company’s objectives. They
can be formalised and communicated by means of task or job descriptions, staff and line
organisation charts, delegation of powers, in accordance with the principle of segregation
of duties. A human resource management policy that should be there to enable the
company to employ people with the appropriate knowledge and competencies to
discharge their responsibilities and to meet the current and future objectives of the
company. ​For Example: In this covid outbreak, employees of many companies are
working remotely from their homes and the organisations are defining the roles and
duties of employees by connecting with them virtually and making their employees
trained in working remotely with the enhanced productivity level in order to achieve
the objective of the organisation. There could have been chaos created if the
organisations failed to coordinate with their employees effectively, which may lead to
ineffectiveness and inefficiency in their performance.

3) New or revamped information systems​: Management of information systems mainly is

linked to information technology, which can be defined as the structural configuration of
integrated and interactive machinery, equipment, software and manpower. This ensures
data collection and processing in order to provide the necessary information (to the
beneficiaries, in terms of storage, updating and retrieval of information) at the right time,
with less cost and high quality for the internal environment of the organization and for
the surrounding environments. Conversely, this will facilitate the task of administrators at
all levels in the decision-making to complete all administrative functions. ​For Example:
Accounting information system contains components that include several software and
bank accounting information. Such systems are specifically designed to manage and
handle the financial data which are introduced through the accounting software in the
aim to extract and prepare reports, documents, financial transactions and other
necessary papers needed by all beneficiaries and stakeholders. ​Therefore, those
information systems should be adopted that are adapted to the current objectives of the
organisation and designed to be able to respond to its future objectives. The IT systems
on which these information systems depend must be effectively protected, both in terms
of physical and logical security, thereby ensuring that there is no loss of the information
 stored. Their operational continuity is guaranteed by back-up procedures. Information on
analyses, programming and processing functions must be documented.

4) Rapid Growth​: ​There is always a risk related to rapid growth and expansion which
affects the internal control system. For Example: ​Bondora Group has witnessed
significant growth and development in a relatively short period of time, and its business
may continue to grow substantially in the future. Because of this, Bondora Group faces
increased risks, uncertainties and expenses. Bondora Group will need to keep
improving its operational and financial systems and managerial controls and
procedures to keep pace with its expansion. It will have to maintain close coordination
among technical, accounting, finance, marketing and sales personnel. Managing
growth will require, among other things, the following: continued development of
financial and management controls and IT systems; increased marketing activities,
hiring and new employee training; and the ability to adapt to changes in the markets in
which Bondora Group operates, including new legislation, additional tax obligations,
increasing competition and shifts in demand for its services. If Bondora Group is
unable to allocate appropriate managerial resources and successfully manage its
expansion, it may have a material adverse effect on its business, financial condition,
operational results or prospects, or cash flow.

The Supervisory Board is closely monitoring growth and other developments at

Bondora Group to ensure that the necessary steps are taken and adequate controls are
maintained. PricewaterhouseCoopers is responsible for the internal audit of Bondora
that is intended to ensure compliance; KPMG is the external auditor. Bondora is
regulated by authorities in the countries in which it operates, which serves to provide
an additional layer of oversight.

5) New Technology​: Emerging technologies are altering the financial reporting

environment substantially, and this change is accelerating. ​For example, artificial
intelligence (AI), robotic process automation, and blockchain are changing the way
business gets done, and auditors are leading by transforming their own processes.I​ n
this evolving environment, it is more important than ever for the key players in financial
reporting—auditors, audit committees, and management—to have a strong grasp of roles
and responsibilities.

Examples of technology risk includes:

● Reliance on systems or programs that are inaccurately processing data, processing

inaccurate data.
● Unauthorized access to data that might result in destruction of data or improper changes
to data, including the recording of unauthorized or nonexistent transactions or inaccurate
recording of transactions.
● The possibility of information technology personnel gaining access privileges beyond
those necessary to perform their assigned duties, thereby leading to insufficient
segregation of duties.
● Unauthorized or erroneous changes to data in master files.
● Unauthorized changes to systems or programs.
● Failure to make necessary or appropriate changes to systems or programs.
● Inappropriate manual intervention.
● Potential loss of data or inability to access data as required.
● Risks introduced when using third-party service providers.
● Cybersecurity risks applicable to the audit.

As emerging technologies can bring about great opportunities and efficiencies for a
business, they also bring with them new challenges. An understanding of these emerging
technologies and an awareness of the benefits and risks they present to financial reporting
is essential for auditors, management, and audit committees to discharge their respective
responsibilities.

6) New Business Models, Products or activities​: ​In the digital economy, change is rapid
and often unexpected. Technological and business-model innovations are disrupting
market dynamics, while economic and geopolitical uncertainty injects a whole new level
of volatility into the business environment. As a result, internal control functions
mutually exclusive challenges:
1. They have to adjust to a riskier environment but not hinder their companies’ ability to
keep up with the speed of change.

Companies that fail to address both challenges risk the erosion of their competitive
advantage.

7) Corporate Restructuring​: ​With great organizational change comes great responsibility.

Therefore, in order to create a sustainable growth, companies must learn strategies on
how to manage the risks in restructuring. Such risks involve an impact on ROI that may
occur when applying new changes to business practices. In the midst of restructuring,
there is also a risk of siloed teams not being aligned with enterprise wide strategy.
Furthermore, goals and objectives have the danger of not aligning with overall
organizational goals, which in turn leads to a risk that team members may not understand
their new roles in the changing company. Finally, with restructuring, businesses must
 face the possibility of morale loss during this process. A closer look at these risks shows
how restructuring takes a toll on businesses. ​For Example: The U.S. economy began to
slow between the fourth quarter of 2007 and the first quarter of 2008 as businesses felt
the effects of reduced demand for their products and services. In response to sluggish
demand, businesses reacted by reducing their workforces including professionals and
educated employees. The unemployment rate of management, professional, and related
occupations more than doubled between 2007 and 2010 going from 2.1% in 2007 to
4.7% by November 2010. When businesses downsize, the remaining staff and
management are frequently tasked with additional job functions or responsibilities
outside of their scope of expertise as a result of re-aligning work flow. Such
restructuring can create stresses or even weaknesses within a company’s internal
control structure.

8) Expanded Foreign Operations​: ​Privately held companies operating internationally face

risks that require a well-designed system of internal control to counteract. The system is
contingent on general ledger applications, inventory, import/export restrictions and
cost-to-benefit considerations. Detective, corrective and preventive controls are used to
improve the accuracy of financial reporting, the efficiency of operations and compliance
with applicable laws.

9) New Accounting Pronouncements​: ​The accounting processes at the heart of internal

control of accounting and financial information are a set of uniform activities that
transform business transactions – all the basic events that make up the company's
business into accounting and financial information by putting them through the
“accounting mechanism”, composed of accounting policies and ground rules. They
include an accounting production system, preparation of financial statements and
communications. ​For Example: Revenue recognition is one of the most common issues
triggering an ICFR material weakness, primarily due to accounting and financial
reporting complexity and subjectivity and the elevated risk of financial statement fraud
and management override. For issuer entities subject to an assessment and reporting
on ICFR, documentation of the design, implementation and operating effectiveness of
ICFR controls should be considered as important as accurately understanding the
standard’s new measurement, recognition, presentation and disclosure requirements.

Therefore, above were the factors of risk which affects the internal control systems of the
organisations and It is up to each company to create a risk management system that is
appropriate to its specific circumstances.
REFERENCES

The control environment of a company | ACCA Qualification | Students | ACCA Global

https://www.amf-france.org/sites/default/files/contenu_simple/rapports_groupes_travail/
Risk management and internal control system - Reference framework.pdf

Operating Environment | DIY Committee Guide

Coronavirus (COVID-19) Business Impact | Accenture

Understanding Internal Controls - SUNY

Risks related to rapid growth and expansion – Bondora

Emerging Technologies, Risk, and the Auditor’s Focus

The Effects Of Digital Transformation On Internal Controls

What are the top risks in Organizational Restructuring?

The Perfect Storm: The Effect of Corporate Downsizing on Internal Controls and
Occupational Fraud | Stout

What Types of Controls Are in an International Company? | Small Business - Chron.com

​*THANKYOU*