INTERNAL

CONTROL
SYSTEM
Lecturer name :
Cik Nurul Safwanah Binti Muhammad Salleh
The Explanation
On The
Fundamental
Concept Of
Internal Control
 What Is Internal
Control ??
 The Management involve the process internal control system, effected by an entity's board
of directors, management, and other personnel, designed to provide reasonable assurance
regarding the achievement of objectives relating to operations, reporting, and compliance

 Internal controls are intended to prevent errors and irregularities, identify problems and
ensure that corrective action is taken

 Internal control is a process, effected by an entity’s board of directors, management and

other personnel, designed to provide reasonable assurance:

- That information is reliable, accurate and timely

- Of compliance with applicable laws, regulations, contracts,
policies and procedures
- Of the reliability of financial reporting
 Term

Inherent Risk Control Risk

- Nature risk that exist in business - Unclear policy & rules as a
operation, transaction and guideline
reporting
- Poor supervision
- Cause by human, process system
or technology
 Important Of Internal Control
 Internal control is a company shield from any risk and threat. It help to build up company growing
and survival in the market.

 Sometimes, there are weaknesses in internal controls occurring and causing problems. This
situation requires management to take action to detect and make corrections. If weaknesses in the
internal control system can be identified, then an improvement process needs to be undertaken.
 Objective Of Internal Control

 The orderly and efficient conduct of its business, including adherence to

internal policies

 The safeguarding of assets of the business.

 The prevention and detection of fraud and error.

 The accuracy and completeness of the accounting records,

 The timely preparation of financial information.

 TYPE OF INTERNAL CONTROLS

Preventive Detective
Controls Controls

Both type are important to create an effective

internal control system
Preventive Controls
Preventive controls are implemented to prevent errors or any irregularities from
happening. There are also know as proactive controls because they help to ensure the
company’s objective are achieved. There 2 example of preventive controls.

Segregation of duties – Duties and responsibilities are segregation to reduce risks

and errors for certain events. For example, there will be different persons in charge of
budget approvals and recording of transaction, and different persons responsibilities for
the approval of payments and release of payments to vendors

Safeguarding assets – different may have different security levels to gain access into
certain parts of building within the organization, or different levels of staff may have
different levels of access into the company’s information system.
Detective Controls

Detective controls – designed to find or allocate errors after they have

occurred. Detective controls are essential because they provide
evidence that preventive controls are operating as intended, as well as
offer an after-the-fact chance to detect irregularities..

Examples of detective controls include:

•Monthly reconciliations of departmental transactions
•Review organizational performance (such as a budget-to-actual
comparison to look for any unexpected differences)
•Physical inventories (such as a cash or inventory count)

Others example, management analyses on identifying unexpected

results or loses on production, or reconciliation on actual outcome and
forecasted results.
..
 Corrective Controls

 Corrective controls are designed to correct errors or irregularities that have been
detected. Preventive controls, on the other hand, are designed to keep errors and
irregularities from occurring in the first place.
 Principles of internal control

Control Risk Control

Environment Assessment Activities

Information
& Monitoring
Communication
• The control environment sets the tone of an
organization, influencing the control
consciousness of its people.

Principles of control environment :

1. Demonstrates commitment to integrity and Control
ethical values.
2. Exercises oversight responsibility.
3. Establishes structure, authority and
Environment :
responsibility.
4. Demonstrates commitment to competence.
5. Enforces accountability.
 Risk Assessment : Control Activities :

• The process of • The process which is helping in

identifying,evaluating and prevent or reduce the risks that can
dertimining how to manage the risk impede accomplishment of the
faced by the organization to achieve organization’s objectives and
the goals. mission.

Principle for risk assessment is :

1. specifies suitable objectives. Principles for control activities :
2. Identifies and analyzes risk. 1. Selects and develops control
3. Assesses fraud risk. activities.
4. Identifies and analyzes significant 2. Selects and develops general
change. control over technology.
3. Deploys though policies and
procedures.
 Information Monitoring
& Communication
• Exchange of useful information • The review of an organization’s
betweem among people and activities to assess the quality of
organizations to support decisions performance over time and to
and coordinate activities. determine whether controls are
effective.
Principles for information &
communication : Principles for monitoring :
1. Uses relevant information 1. Conducts ongoing and/or separate
2. Communicates internally. evaluations.
3. Communicates externally. 2. Evaluates and communicates
deficiencies.
The Importance Of
An Internal Control
System
 Inspection

Reperformance Observation

Audit
procedures

Recalculation Confirmation
 MANAGEMENT AUDITOR

• Promote orderly, economical, efficient • Safeguard the asset & records

and effective operation.
• Produce quality product & services • Provide reasonable assurance of the
consistent with the department mission. financial statement as effective internal
control provides reliable information for
financial reporting
• Safeguard resource against loss due to • Enable auditor to determine the nature,
waste, abuse, mismanagement, error & timing & extent of substantive audit
fraud procedures to be carried out during the
audit
• Promote adherence to statutes, • Opportunities to commit unintentional
regulations, bulletins & procedures error & intentional fraud will be
minimised
• Develop & maintain reliable financial • Effective internal control will reduce the
and management data and accurately audit risk
report that data in a timely manner.
Documentation
of Internal
Control System
 UNDERSTANDING
CONTROLS
To document internal controls effectively, internal auditors must understand the
flow of transactions, including how transactions are initiated, recorded,
authorized, processed, and reported.

Internal auditors must be able to determine which controls are necessary to the
process, activity, or system under review based on the risk profile and desired
level of control.
 TYPES OF
DOCUMENTATION

INTERNAL
FLOWCHARTS CONTROL
QUESTIONNAIRES

NARRATIVE
DESCRIPTIONS
 Flowcharts

● Basically looks like a mind map

● Describe the flow of activities through a

process

● Easier to read and easier to update

● Helps auditors identify controls and the

deficiencies in the system

● Can helps auditor better understanding

business process and save time
 Narrative Descriptions

● Basically a story

● Describe process flows in written form,

without graphical representations

● They have all flowchart characteristic

● They can be lengthy and difficult to

review, and typically are not considered
user friendly
Internal Control Questionnaires
(ICQs)

● List answers to questions related to

the identification and evaluation of
internal controls

● Ask the client a many question and

they will say ‘yes’ or ‘no’

● Helps identify most common controls

that should be present

● Helps management and internal

auditors document processes and
highlight control gaps, strengths, and
weaknesses within a system
HOW TO DOCUMENTING INTERNAL CONTROL

1.Plan

2.Establish a
7.Remediate
control
& retest
framework

3.Document
6.Test control
control
effectiveness
activities

4.Identify
5.Evaluate
specific
control design
controls
Cyber Threats
 WHAT IS CYBER SECURITY?
Cracking

- Cyber security is the body of technologies,

Information
Hacktivism processes and practices designed to protect
Warfare
networks, computers, programs and data
from attacks, damage or unauthorized
Cyber access.
Threats
- The term "cyber security" refers to business
function and technology tools used to protect
Cyber Cyber information assets.
Terror Espionage
- Protecting this information is no longer a
priority but has become a necessity for most
Cyber companies and government agencies
crime
around the world.
Differentiate The
Strengths And
Weakness Of The
Internal Control
Strength Weakness

May manifest themselves as

Include simplicity, wide acceptance
inconsistent application, frequent
and effectiveness in making sure the
discrepancies and a lack of
company achieves its objectives
acceptance by employees

For example: Detection of errors and

fraud, operational efficiency, time For example: Human error, costly
saving for auditor
 The Example Of
The Management
Letter
Purpose of the management latter:
• Enable the auditor to provides
his/her comments on the relevant
accounting records, accounting
system and controls examined
during the audit.
• Auditors should also make
recommendations on ways to
improve the system
• To advise management. For
example, suggesting how resources
can be used more efficiently.
• To communicate matters that have
come to the attention of the auditors
that may affect future audits. For
example, the introduction of new
accounting standards.
THANK YOU