PERANAN AUDIT

DALAMAN: KAWALAN
PERANAN AUDIT DALAMAN: KAWALAN

 Konsep asas kawalan

 Kawalan dalaman dan peranan
 Penglibatan juruaudit dalaman dalam penilaian kawalan
 Penilaian kendiri kawalan ‘CSA’
 Kerangka kerja untuk kawalan organisasi (COSO)
Konsep asas kawalan

 Definisi kawalan
 COSO – Proses yang dipengaruhi oleh ahli lembaga pengarah, pihak pengurusan dan
individu dalam entiti, yang dibentuk untuk memberikan jaminan munasabah kep
pencapaian objektif operasi, pelaporan dan pematuhan. Komponen
 Persekitaran kawalan
 Penilaian risiko
 Aktiviti kawalan
 Maklumat dan komunikasi
 Aktiviti kawalan
 COCO
 Turnbull
Kerangka kerja untuk kawalan organisasi (COSO)
Kawalan dalaman dan peranan

 Kawalan dalaman dan peranan:

 Pengurusan – Tanggungjawab utama. Tone at the top (etika dan integriti).
 BOD – mengawasi pihak pengurusan dan sistem kawalan dalaman.Tanggungjawab
mengawasi pihak pengurusan dalam mengadakan sistem kawalan dalaman yang
berkesan dan mengelak perlakuan tidak etika serta fraud.
 Juruaudit dalaman – Mengesahkan pihak pengurusan melaksanakan tanggungjawab
terhadap kawalan.
 Lain-lain - Mempunyai tanggungjawab membuat melaporkan sebarang masalah,
pelanggaran kod atau polisi atau aktiviti haram kepada pihak pengurusan atau
pihak berkuasa.
Penglibatan juruaudit dalaman dalam penilaian kawalan

 Peranan
 Ketua audit dalaman perlu memastikan
 Kelemahan yang ketara dapat dikenalpasti
 Tindakan pembetulan diambil
 Risiko kelemahan tersebut
 Jenis-jenis kawalan
 Entity-level – kawalan yang beroperasi diperingkat entiti, tidak berkaitan dengan proses
individu. Cth Tadbirurus dan pemantauan laporan oleh pihak pengurusan.
 Process-level - kawalan yang beroperasi di setiap proses. Cth Penyata Penyatuan Akaun,
pengesahan fizikal, penyeliaan,
 Transaction-level - kawalan yang beroperasi untuk mengurangkan risiko kepada suatu kumpulan
aktiviti. Cth agihan kuasa (authorisation), dokumentasi, pengasingan tugas, kawalan IT
Penilaian kendiri kawalan ‘CSA’

 A process whereby control owners provide a self-

assessment of the design adequacy and operating
effectiveness of controls of which they are responsible.
Auditors assist management in:
 Identifying
 Documenting
 Evaluating
 Communicating
 Mitigating potential risks
Principles of effective internal control
Control Environment 1.Demonstrates commitment to integrity and ethical values
2.Exercises oversight responsibility
3.Establishes structure, authority and responsibility
4.Demonstrates commitment to competence
5.Enforces accountability
6.Specifies suitable objectives
Risk Assessment 7.Identifies and analyzes risk
8.Assesses fraud risk
9.Identifies and analyzes significant change

Control Activities 10.Selects and develops control activities

11. Selects and develops general controls over technology
12.Deploys through policies and procedures

Information & 13.Uses relevant information

Communication 14.Communicates internally
15.Communicates externally

Monitoring Activities 16.Conducts ongoing and/or separate evaluations

17.Evaluates and communicates deficiencies
Persekitaran kawalan

 Sikap dan tindakan pihak lembaga dan pihak pengurusan berkenaan

kepentingan kawalan dalam organisasi. Persekitaran kawalan menyediakan
disiplin dan struktur bagi mencapai objektif utama sistem kawalan
dalaman. Persekitaran kawalan termasuk unsur berikut:
  Integriti dan nilai etika.
  Falsafah dan gaya operasi pihak pengurusan.
  Struktur organisasi.
  Pengagihan kuasa dan tanggungjawab.
  Dasar dan amalan sumber manusia.
  Kecekapan anggota pekerja.
Principles of effective internal control (continued)

Control Environment 1. The organization demonstrates a commitment to

integrity and ethical values.
2. The board of directors demonstrates
independence from management and exercises
oversight of the development and performance of
internal control.
3. Management establishes, with board oversight,
structures, reporting lines, and appropriate
authorities and responsibilities in the pursuit of
objectives.
4. The organization demonstrates a commitment to
attract, develop, and retain competent
individuals in alignment with objectives.
5. The organization holds individuals accountable for
their internal control responsibilities in the
pursuit of objectives.
Principles of effective internal control (continued)

Risk Assessment 6. The organization specifies objectives with

sufficient clarity to enable the identification and
assessment of risks relating to objectives.
7. The organization identifies risks to the
achievement of its objectives across the entity
and analyzes risks as a basis for determining
how the risks should be managed.
8. The organization considers the potential for
fraud in assessing risks to the achievement of
objectives.
9. The organization identifies and assesses
changes that could significantly impact the
system of internal control.
Principles of effective internal control (continued)

Control Activities 10. The organization selects and develops control

activities that contribute to the mitigation of risks
to the achievement of objectives to acceptable
levels.
11. The organization selects and develops general
control activities over technology to support the
achievement of objectives.
12. The organization deploys control activities
through policies that establish what is expected
and procedures that put policies into place.
Principles of effective internal control (continue)

Eg. Organisation structure, segregation of duties, integrity of

Control Activities people, LOA etc. Types of controls:
a) Directive controls (Kawalan untuk mencegah) – are designed
to establish desired outcomes. Eg. Policies and procedures,
laws and regulations, training seminars, job descriptions
and meetings
b) Preventive controls (Kawalan untuk menghalang) – are
designed to prevent errors. Eg. competent people,
segregation of duties, proper LOA, adequate documentation
and physical control
c) Detective controls (Kawalan untuk mengesan) - are
designed to detect and correct undesirable events which
have occurred. Eg. Reviews, comparisons, check for
performance, bank recon, confirmation
d) Mitigating/Corrective controls (Kawalan untuk
mengurangkan kesan negatif) - are designed to correct
improper outcomes. Eg. Investigation team, correcting and
reporting results to management.
Principles of effective internal control (continued)

Information & 13. The organization obtains or generates and uses

Communication relevant, quality information to support the
functioning of internal control.
14. The organization internally communicates
information, including objectives and
responsibilities for internal control, necessary to
support the functioning of internal control.
15. The organization communicates with external
parties regarding matters affecting the
functioning of internal control.
Principles of effective internal control (continued)

Monitoring Activities 16. The organization selects, develops, and

performs ongoing and/or separate evaluations to
ascertain whether the components of internal
control are present and functioning.
17. The organization evaluates and communicates
internal control deficiencies in a timely manner
to those parties responsible for taking corrective
action, including senior management and the
board of directors, as appropriate.
Had kawalan dalaman

 Bad decisions
 External events
Perbincangan

 Bincangkan keperluan mengadakan kawalan dalaman yang baik dalam

sesebuah organisasi.
 Bincangkan apakah polisi dan prosedur kawalan dalaman dalam organisasi
yang pernah anda ketahui bagi perniagaan
 F&B
 Peruncitan