UNDERSTANDING INTERNAL CONTROLS

An Introduction To Theory And Practice In PHED

Table of Contents
• The Definition of Internal Controls.
• The Dichotomy between Internal Controls & Internal Audit.
• Internal Control Frameworks.
• COSO Internal Control Framework & Principles.

• The Scope of Internal Control and PHEDs risk universe.

• Basic Accounting, Internal Control Concepts you must know.
• The Qualities and Skills of an Internal Control Professional.
• Professional Qualifications for Internal Control Staff.
• Limitation of Internal Controls.
• Ways Internal Audit can assist the effectiveness of Internal Control.
• Exercises.
Definition of Internal Control
❖ Internal controls are policies and procedures implemented by an organization to
ensure their financial reports are reliable, operations are efficient, and activities are
compliant with applicable laws and regulations. (Gartner,2018).

❖ An accounting procedure or system designed to promote efficiency or assure the

implementation of a policy or safeguard assets or avoid fraud and error.
(Farlex,2020).

❖ A process, effected by an entity’s board of directors, management, and other

personnel, designed to provide reasonable assurance regarding the achievement
of objectives relating to operations, reporting, and compliance. (COSO,2013)
The Dichotomy between Internal Controls and Internal Audit
1. Their positions on the Lines of Defence.
The Dichotomy between Internal Controls and Internal Audit
Subject Matter Internal Control Internal Audit
Work Flow Internal Control is an ongoing Internal Audit is time bound, specific and
process(check) properly planned

Ownership & Reporting Lines Internal Control reports to the Internal Audit Reports to the Board of
Management. It is owned and managed by Directors and partially to the Management
the Senior Management of the Company

Timing of Activity Real Time Historical

Standards This is not governed by any Standard, just Internal Audit is governed by standards
frameworks (IIA, ISSPIA)

Independence Internal Control depends on the Internal Audit is Independent

Management(Mgt. tool)
Scope of work The Company’s Operational Risk The adequacy of Internal Controls in
managing the risk

Nature of Work Preventive Activity Detective Activity

Internal Control Frameworks
• Internal Control Integrated Framework COSO (Committee for Sponsoring Organizations of
the Thread way Commission), United States 2013.
• Guidance on Control (CoCo), The Canadian Institute of Chartered Accountants,
Canada, 1995.
• Guidance on Risk Management, Internal Control and Related Financial and Business
Reporting (FRC Internal Control Guidance), Financial Reporting Council (FRC),
England, 2014.
• COBIT 5, IT Governance Institute, United States, 2012.
 COSO Internal Control Framework & Principles
COSO is a voluntary private sector organization dedicated to improving the quality of financial
reporting through business ethics, effective internal controls and corporate governance.
COSO Elements of Internal COSO Principles(17) Performance Indicators
Control
Control Environment Demonstrates commitment to • Tone at the top
integrity and ethical values (M anagement’s Ethical
Disposition)
Exercises oversight responsibility • Company Culture

Establishes structure, authority, • Performance M anagement &

and responsibility Reward System
Demonstrates commitment to
competence
Enforces accountability

Risk Assessment Specifies clear objectives • Risk appetite & tolerance

Identifies and analyses risk • Quality and Service Excellence

COSO Internal Control Framework & Principles
COSO Elements of Internal COSO Principles(17) Performance Indicators
Control
Assesses fraud risk • Profitability, Stability, Liquidity

Identifies and analyses significant

changes
Control Activities Selects and develops control
activities to mitigate risks
Selects and develops
information technology general
controls
Deploys controls through policies
and procedures
Information and Uses relevant information • Frequency of data leakage
Communication Intrusion

Communicates internally
COSO Internal Control Framework & Principles
COSO Elements of Internal COSO Principles(17) Performance Indicators
Control

Communicates externally

Monitoring Conducts ongoing and/or

separate evaluations
Evaluates and communicates
deficiencies
Scope of Internal Control and PHEDs risk universe
Objectives of Internal Control.
➢ Operating Objectives—Effectiveness and Efficiency of Operations
Safeguard of Company Assets
Financial Performance Goals.

➢ Reporting Objectives—Reliability, Accuracy, timeliness and transparency

Entity’s reporting for
Regulators, Standard Setters, Entity’s Policies.
Financial Reports, Tax Returns, NERC Reports, MPR.
➢ Compliance Objective—Compliance to entity’s Policies& Procedure and Regulators
 Scope of Internal Control and PHEDs risk universe
Functions of Internal Control Unit(Global).
1. Ensure effectiveness and Efficiency of business operations.
2. Safeguard of Company’s assets
3. Prevention and detection of fraud and unlawful acts within the entity.
4. Ensure the completeness and accuracy of financial Records.
5. Ensure the timely preparation of Financial Statements, tax returns, other regulatory
obligations.
 Scope of Internal Control and PHEDs risk universe
PHEDs Internal Control IC Global Functional area Frequency IC status(PHED)
Activity.
Review of CAAD(Pre& Post Operational Risk mitigation Daily/Monthly Performed
Review)
Vetting of Payments Safeguard of Assets & Accuracy Daily Performed
(Approvals) of Financial Records
Prepayment Reviews

Review of PHED Financial Accuracy of Financial Monthly Not Performed

Statements Records/Fraud detection
Review of NERC USOA Accuracy of Financial Records & Monthly Performed
Reports Regulatory Compliance

Post-payment Reviews Accuracy of Financial Records Monthly Not Performed

(Transaction Call-Overs)

Sighting of Procured Items Safeguard of Assets Continuous Not Performed

and Spot Checks on the
Central Store
Review of Bank Accuracy of Financial Monthly Not Performed
Reconciliations Records
Scope of Internal Control and PHEDs risk universe
PHEDs Internal Control IC Global Functional Frequency IC status(PHED)
Activity. area

Investigation of Fraud and Prevention and Detection of Continuous Performed

Infractions Fraud

Payroll Review (Pre & Post) Asset Protection Monthly Performed

&Accuracy of Financial
Records
Loss of Revenue (LOR) Asset Protection & Continuous Performed
Review Accuracy of financial
Records
Review of Third Party Operational Effectiveness & Continuous Performed
Contracts Efficiency

New Policy & Process Operational effectiveness & Continuous Performed

Review efficiency

Business Process Operational Effectiveness & Continuous Performed

Improvement Reviews Efficiency

Review of Requisitions, Asset Protection and Continuous Performed

Cash claims and Accuracy of Financial
Retirement Records
Basic Accounting and Internal Control Terminologies

Double entry Accounting Authorization of Risk Management

Transactions
Accrual Basis & Cash basis Cost-Benefit analysis Code of Ethics
of Accounting
Matching Concept IFRS,GAAP,CAATs Likelihood/Probability

Materiality Segregation of duties VAT, WHT, CIT, Stamp duty

Net-off Conflict of Interest SFOP, Income Statement,

Cashflow statement

Vetting & Vouching Fraud, Corruption, Bribery Depreciation, Impairment

Pro-rating, Financial Board, Charter, Corporate Inventory, Cash at Bank,
Analysis, Percentages Governance Policies and Procedures
Disclosure Principle Compliance, Control Spreadsheets
 Qualities of an Internal Control Professional
• Good Communications Skills
• Great ability to pay attention to details.
• Ability to work independently and in a Team.
• Avid Learner and adaptable.
• Integrity, Courage and firmness.
• Unyielding curiosity, ”willingness to ask why?”
• Integrity, Honesty, Accountability and Transparency.
• Confidentiality (Ability to keep Information)
• Good display of Emotional Intelligence.
Skills of an Internal Control Professional
• Good Mathematical (Quantitative) Skill
• Analytical and critical thinking skills
• Good Microsoft Skills (Word, Excel, PowerPoint)
• Financial Accounting & Analysis Skills
• Report Writing Skills
• Good Business Acumen and ability to grab business concepts fast.
• Technology Savvy (Ability to understand and use software)
• Investigation Skills
• Should be an Innovative Mind.
• Good Listening & Interviewing skills
 Professional Qualifications for Internal Control Personnel
1. Associate Chartered Accountant (ACA)-ICAN/ACCA
2. Designate Compliance Professional (DCP)-Compliance Institute
3. Certified Internal Auditor (CIA)-IIA US, Global
4. Certified Fraud Examiner (CFE) -ACFE (Association of Certified Fraud
Examiners) US
5. CISA-Certified Internal Systems Auditor -ISACA
6. Certified Internal Control Specialist (CICS)-Internal Control Institute
7. Certified Internal Control Professional (CICP)-Internal Control Institute
 Limitations of Internal Controls
Internal Control is implemented to mitigate the risk that threaten the achievement of an
organization’s objectives, to enable the Organization to successfully pursue opportunities.

However, Internal Controls has its own limitations:

• The Suitability of the Objectives a precondition for Internal Control. (Misalignment of

Objectives of Internal Control with that of the entity).
• Internal Control is mainly based on human judgement, subjective analysis which is prone
to error.
• Management override.
• Ability of management, third parties to circumvent controls
• External events beyond the organizations control
• Breakdowns due to human errors(Staffing).
Ways Internal Audit can assist the effectiveness of Internal Control
❖ Help the organization develop a comprehensive framework for assessing the adequate design and
effective operation of internal control.
❖ Help the organization develop a process for identifying, evaluating, and remediating internal control
deficiencies.
❖ Provide independent assurance on the adequate design and effective operation of internal control.
❖ Assist in post-mortem analysis when internal control deficiencies occur.
❖ Inform management of potential breakdowns in internal control that present increased risk to the
organization.
❖ Assist management in developing a culture of ethical behaviour ("tone at the top") and low
tolerance of ineffective internal control.
❖ Stay abreast and inform management of emerging issues, regulations, and laws related to the
effectiveness of internal control.
 Exercises
Category A -Questions.
How does COSO define internal control?
What are the three categories of objectives set by the COSO framework?
What does limitation of Internal Control mean? Provide practical cases of Internal
control limitations.
Category B –Cases
An Audit Report contains the following:
A . A service apartments location is not well suited to allow adequate service to other units.
B. Employees hired for sensitive positions are not subjected to background checks.
C. Managers do not have access to reports that profile overall performance in relation to other benchmarked operations.
D. Management has not taken corrective action to resolve past engagement observations relating to Inventory Controls.
Which of these observations are more likely to indicate the existence of control weaknesses over safeguarding of assets
and why?
 References
Urton Anderson et al(2017),Internal Auditing Assurance and Advisory Services,4 th
Edition Internal Audit Foundation 1035 Greenwood Blvd., Suite 401,USA.
Lynford Graham(2015),Internal Control Audit and Compliance, documentation and
testing under the new COSO framework, John Wiley & Sons, Inc., Hoboken, New
Jersey, USA.
Robert Moeller(2014),Executives Guide to COSO Internal Control, y John Wiley &
Sons, Inc., Hoboken, New Jersey
Hernan Murdock(2019) Auditor Essentials,100 Concepts, Tools and Techniques for
Success, Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300,USA.
Thanks for your Audience

Justice Egege, ACA,CFE

Lead Internal Auditor
Port-Harcourt Electricity Distribution Company(PHED).
08065122244