PART C – INTERNAL CONTROL

SESSION 11
 Internal Control System
 Five Components of Internal Control
 Documenting Internal Control System
 Internal Control Deficiencies
 Test of Control Procedures
 Limitations of an Internal Control System
 IT controls

SESSION 12
 Revenue System
 Purchase System
 Payroll System
 Inventory System
 Cash & Bank
 Capital Expenditure – Non Current Assets

SESSION 13
 Internal Control Reporting
 ISA 265 - Communicating Deficiencies in Internal Controls to
TCWG
 Significant Deficiency
 Internal Audit
 External Audit v/s Internal Audit
 Need for Internal Audits
 Internal Audit Assignments
 Outsourcing Internal Audit
 Minimizing / Managing Risks of Outsourcing
 Reporting by Internal Auditors

Fintram Global | Ph: +91 8882677955 | www.fintram.com

Page 1 of 11
 SESSION 13 – INTERNAL AUDIT

INTERNAL CONTROL REPORTING

The auditors will inform management about the internal control

weaknesses though a document known as the management letter.
The management letter emphasis the fact that the document only
contains the weaknesses that has come to the auditor’s attention, rather
than all the weaknesses in the systems.
The management letter will state that it should not be shown to third
parties. These are for management purpose only.

ISA 265 - COMMUNICATING DEFECIENCIES IN INTERNAL

CONTROLS TO TCWG

The auditor shall communicate any material deficiency in the design,

implementation and operating effectiveness of IC which have come to
their attention during the course of the audit with TCWG on a timely
basis (interim audits\final audits) in a letter to management or
management letter or letter of weakness or letter on Internal Controls.
This letter or report can be said to be a by-product of the audit
The content of the management letter is actually the deficiencies, the
impact of the deficiencies, as well as some recommendations that the
company can adapt.

Factors to consider:

● The report isn’t a comprehensive list of deficiencies but only those

that have come to light during the audit process

● Report is for the sole use of the management

Fintram Global | Ph: +91 8882677955 | www.fintram.com

Page 2 of 11
 ● No disclosure should be made to the third party without the written
agreement of the auditor

● No responsibility is assumed to any other parties

SIGNIFICANT DEFICIENCY

Deficiency or combination of deficiencies in Internal Controls, which are

in the Auditor’s professional judgment, is of sufficient importance to merit
the attention of TCWG.

Significant deficiencies Other deficiencies

Communicated in writing
In a report to management or Orally communicated to the
management letter, at the end of appropriate level of management
audit process. Communicated to
TCWG.

The standard provides some examples as to what should be considered

as matters that indicate a significant deficiency.
The likelihood of the deficiencies leading to material misstatements in
the financial statements in the future.

● The susceptibility to loss or fraud of the related asset or liability.

● The subjectivity and complexity of determining estimated amounts.

● The financial statement amounts exposed to the deficiencies.

Fintram Global | Ph: +91 8882677955 | www.fintram.com

Page 3 of 11
 ● The volume of activity that has occurred or could occur in the
account balance or class of transactions exposed to the deficiency
or deficiencies.

● The importance of the controls to the financial reporting process.

● The cause and frequency of the exceptions detected as a result of

the deficiencies in the controls.

● The interaction of the deficiency with other deficiencies in internal

control.

INTERNAL AUDIT

A function of an entity that performs assurance and consulting activities

designed to evaluate and improve the effectiveness of the entity's
governance, risk management and internal control processes

UK Corporate Governance highlight the need for business to maintain

good system of Internal Control to manage the risk the company faces.
The presence of an internal audit function can ensure this

Internal Control is a system of control whereas internal audit team

evaluates this control system

Fintram Global | Ph: +91 8882677955 | www.fintram.com

Page 4 of 11
 EXTERNAL AUDIT v/s INTERNAL AUDIT

EXTERNAL AUDIT INTERNAL AUDIT

Scope depends on
Verification of the FS’s Management
Scope of work
truth & fairness requirements. Wider
than of an External Audit

Improve company
Express an independent
operations by reviewing
opinion as to whether
the operating
Objective the financial statements
effectiveness of the
provide a true and fair
internal controls.
view

Relationship Independent to Employees Within the

with Co Company company or Outsourced

Appointments & Audit committee or

Shareholders
removal Board of Directors

Reporting Shareholder TCWG or Management

Availability of Made available to the Only for the use of

report public management & TCWG

NEED FOR INTERNAL AUDITS

The need of internal Audit depends on the following aspects –

 Scale and diversity of activities

 Complexity of operations

Fintram Global | Ph: +91 8882677955 | www.fintram.com

Page 5 of 11
  Number of employees

 Cost/benefit considerations

 The desire of senior management to have assurance and advice

on risk and control.

 The current control environment and whether there is a history of

fraud or control deficiencies

The reason for the absence of an internal audit function should also be
explained in the annual report. If an internal audit function is not
currently present in an organization, then the need for one should be
considered annually. This recommendation should be made by the audit
committee to the Board of Directors.

INTERNAL AUDIT ASSIGNMENTS

VALUE FOR MONEY AUDIT

The main aim of value for money is to obtain the best possible service
from the least resources. These audits are mainly conducted on Not-For-
Profit organisations as their performance cannot be assessed using the
conventional accounting techniques.
The performance is assessed using the 3Es. Which are –
 Economy- Getting the best resources at minimum cost
 Efficiency- Maximum output from minimum input
 Effectiveness- Achievement of goals and targets

IT AUDIT
The auditor ensures that the IT systems provide a reliable basis for the
preparation of the financial statements.

Fintram Global | Ph: +91 8882677955 | www.fintram.com

Page 6 of 11
 Internal audit will also consider this. They have a wider scope than the
external auditors as they also ensure the following –
 The company is getting value for money from their IT system
 The procurement process for the IT system was effective
 The system is maintained and monitored appropriately

FINANCIAL AUDIT
An internal financial audit ensures that the information produced is
reliable and was produced in an efficient and timely manner. This also
assesses the financial health of the business.
It also helps in the early identification of financial risks such as –
 Cost price inflation
 Adverse currency fluctuations
 Adverse interest fluctuations

REGULATORY COMPLIANCE
The purpose of a regulatory compliance audit is to assess the
effectiveness of the business's systems and processes that are
designed to ensure that the company complies with the relevant laws
and regulations.

FRAUD INVESTIGATIONS
It helps to ensure as to whether fraud risk management controls are
adequate. It also helps to determine whether a fraud has actually
occurred.

CUSTOMER EXPERIENCE AUDIT

It helps a business understand how it manages its customer
relationships and to maximise the potential value of its customers. This
is done by mystery shopper visits and fake enquiries.

Fintram Global | Ph: +91 8882677955 | www.fintram.com

Page 7 of 11
 OPERATIONAL AUDITS
Operational audits are audits of the operational processes of the
organisation. They are also known as management or efficiency audits.
Their prime objective is the monitoring of management's performance,
ensuring that company policy is adhered to.
How?
Read and discuss the adequacy of the policies
Observe and test the effectiveness of the policies

PROS & CONS OF HAVING AN INTERNAL AUDIT DEPARTMENT

PROS
 Contract audits

 Direct assistance to the external auditors (ISA 610)

 Decreases the audit fee as less work will be done by the auditors.
Unlikely to happen in the first year of audit.

 Assistance to financial accountant by providing assistance in the

compliance with financial reporting standards

 Monitors the Internal Control System

 Verify the assets on a regular basis\

 Corporate governance

CONS
 Cost/ Benefits
 Since there is no statutory requirement, it may be seen as a waste
of time and money
 Directors may see it as a threat to their authority

Fintram Global | Ph: +91 8882677955 | www.fintram.com

Page 8 of 11
  If the accounting system is not complex, then the directors may not
see the need for an internal audit function
 There is a possible familiarity threat
 Internal Auditors need not be professionally qualified, therefore they
might lack knowledge and expertise
 If it is a family business, there is no need to provide assurance to
the shareholders as the entire business is run by family

OUTSOURCING INTERNAL AUDIT

Outsourcing is when an audit client uses external expertise to perform its

internal audit function instead of using the staff within the company.
This external expertise can be another company who provides such
services. These companies are called service organizations as per ISA
402.
Service organizations can –
 Fully maintain all information and assets relating to the outsourced
function.

 The service organization executes transactions only at the request

of the entity, or acts as a custodian of assets. This means that the
company does not outsource the internal records.
A firm may decide to outsource its internal audit function as this may
seem cost effective and strategically reasonable to do so.

ADVANTAGES
 The service organization will have more specialist staff with the
appropriate qualification and expertise.

 Avoidance of cost of recruiting and training staff.

 Outsourcing can provide an immediate internal audit department.

Fintram Global | Ph: +91 8882677955 | www.fintram.com

Page 9 of 11
  They can be employed on a flexible basis, rather than a full time
employment which will prove to be cost effective.

 Independence may be improved.

 Management time is saved as they don’t have to administer an in-

house department.

DISADVANTAGES
 If the external and internal audit is done by the same firm, then
there is an ethical threat. This is prohibited in the UK.
 If outsourcing results in redundancies of the staff, then it will be
opposed by the staff.
 The outsourced staff may lack an understanding of firm’s culture,
objectives and attitudes.
 If cost of outsourcing is high, then the directors may not have an
internal audit function at all.
 The company will lose in house skills

MINIMIZING/MANAGING RISKS OF OUTSOURCING

 Setting performance measures and monitoring it

 Review of the work through quality reviews and working paper

reviews

 Clear agreement on scope, responsibilities and reporting

procedures

 Ensure external audit and internal audit are two separate functions
by putting controls and policies.

Fintram Global | Ph: +91 8882677955 | www.fintram.com

Page 10 of 11
 REPORTING BY INTERNAL AUDITORS

Report could be same as management letter (ISA 265). A typical Report

will contain the following –
 Terms of reference – The requirements of the assignment

 Executive Summary – Summary of risks and recommendations

that are stated in the body of the report

 Body of report – Detailed description of work performed and

results of work

 Appendix – Additional information not included in the body but

relevant to assignment

Fintram Global | Ph: +91 8882677955 | www.fintram.com

Page 11 of 11