Page 125 - DCOM204_AUDITING_THEORY
P. 125
Unit 7: Internal Control
In the coming years, internal auditors may be expected to expand their role to assume more Notes
responsibilities in improving risk management, reducing organizational complexity and costs,
and participating in developing strategic and governance processes.
Example: U.S. Securities and Exchange Commission’s (SEC’s) Proxy Disclosure
Enhancements rules released in December require companies listed on U.S. exchanges to disclose
their governance measures, including their board structure, the board’s oversight of risk
management, and its relationship with executive compensation policies and practices.
The proxy disclosure rules create opportunities for internal auditors to report on and provide
their opinions about their organization’s compliance with its own governance and risk assessment
requirements. In particular, auditors may need to express opinions in the areas of corporate
governance, risk management, and internal controls.
Fraud Detection
Small businesses lose millions of money every year to employee theft. Types of fraud committed
by employees include skimming payments from customers; check tampering, cash theft and
misuse of company credit cards, and improper payroll transactions. Many small-business owners
may believe they lack the staff to create an internal audit policy or carry out audits to combat
these problems. However, even with a small staff, a small business may create an effective
internal control system for monitoring employees and their behavior. A formal internal audit
policy, even if conducted part time by individuals normally assigned other duties, performs
other tasks besides detecting fraud. Examining policies and procedures on a regular basis ensures
that the company minimizes its exposure to fraud and other losses. Extension of credit to
customers provides one such area of loss prevention.
Internal Controls in a Computerised Environment
It includes:
General control and application controls in a computerised environment. The purpose of
application controls is to establish specific control procedures over the accounting
applications in order to provide reasonable assurance that all transactions are authorised
and recorded and are processed completely, accurately and on a timely basis.
Development of computer application, for example, standards over systems design,
programming and documentation; testing procedures using test data; approval by computer
users and management; segregation of duties from those who design and those who test;
installation procedures and training of staff, etc.
Prevention or detection of unauthorised changes to program, which include full records
of program changes, password protection, restricted access to central computer, virus
checks, backup copies of program or control copies.
Testing and documentation of program changes
Controls to prevent wrong programs or files being used
Controls to prevent unauthorised amendments to data files
Controls to ensure continuity of operation, for example, storing extra copies of programs
and data files off-site, protection of equipment against fire and other hazards, backup
power sources, disaster recover procedures or maintenance agreements and insurance.
LOVELY PROFESSIONAL UNIVERSITY 119
