Manipal University Jaipur

Internal Assignments
Name - SHARAD BHARDWAJ
Roll No - 2314108031
Course Code & Name - DFIN304 – INTERNAL AUDIT AND CONTROL
Semester- 3rd MBA

Q1 - Elaborate the various qualities required in an Internal Auditor.

Answer- An effective Internal Auditor needs a diverse set of qualities to perform their role
successfully. Here are key qualities required:

1. **Attention to Detail**: Internal auditors must be meticulous in examining financial records,

processes, and compliance to identify discrepancies or irregularities.

2. **Analytical Skills**: They need strong analytical abilities to assess complex data, identify
patterns, and understand the implications of their findings.

3. **Integrity**: Upholding ethical standards and maintaining objectivity is crucial. Auditors must
be honest and transparent in their evaluations and reports.

4. **Critical Thinking**: The ability to think critically and evaluate the effectiveness of internal
controls and risk management strategies is essential.

5. **Communication Skills**: Effective communication is necessary for presenting findings

clearly and persuasively to management and stakeholders.

6. **Problem-Solving Skills**: Internal auditors should be adept at identifying problems and

proposing practical solutions to improve processes and controls.

7. **Technical Proficiency**: Familiarity with auditing software, data analysis tools, and
understanding of accounting principles and standards is important.

8. **Organizational Skills**: Managing multiple tasks, deadlines, and documentation efficiently is

key to performing thorough audits.

9. **Professional Skepticism**: Maintaining a questioning mindset helps in evaluating the validity

of evidence and the reliability of information provided.

10. **Adaptability**: Being flexible and able to adjust to changing environments, regulations, and
technologies is important in the evolving field of internal auditing.

These qualities collectively contribute to the effectiveness and credibility of an internal auditor in
safeguarding an organization’s assets and ensuring compliance with relevant laws and policies.

Q2 - Discuss the key clauses of ISO 31000:2009.

Ans - ISO 31000:2009 provides guidelines for risk management and outlines key clauses that
organizations should follow to establish an effective risk management framework. The key
clauses are:

1. **Scope**: This clause defines the purpose of the standard and its applicability to any
organization regardless of size, type, or sector. It sets the stage for the overall objectives of
implementing a risk management framework.
2. **Normative References**: This clause lists any referenced documents essential for
understanding and implementing ISO 31000:2009. These references are not included in the
standard itself but are crucial for its proper application.

3. **Terms and Definitions**: This section provides definitions for key terms used throughout the
standard. It ensures a common understanding of terms related to risk management.

4. **Risk Management Framework**: This clause details the structure and components required
for an effective risk management framework. It includes:
- **Leadership and Commitment**: Emphasizes the role of top management in establishing and
maintaining a risk management framework.
- **Integration**: Highlights the need for integrating risk management into the organization’s
governance, strategic planning, and operational processes.
- **Framework Components**: Includes the roles, responsibilities, and the structure necessary
for effective risk management.

5. **Risk Management Process**: This clause outlines the process for managing risk, including:
- **Risk Identification**: Identifying risks that may affect the organization.
- **Risk Assessment**: Evaluating the identified risks in terms of their likelihood and impact.
- **Risk Treatment**: Developing and implementing strategies to mitigate or manage risks.
- **Monitoring and Review**: Continuously monitoring and reviewing the risk management
process to ensure its effectiveness.
- **Communication and Consultation**: Ensures ongoing communication and consultation with
stakeholders about the risk management process and its outcomes.

These clauses collectively provide a comprehensive approach to managing risks effectively,

ensuring that organizations can identify, assess, and address risks systematically and
consistently.

Q3 - State the features of Internal Audit. Also narrate the various types of Internal controls.

Ans - ### Features of Internal Audit

1. **Independence**: Internal auditors operate independently from the management and other
departments to provide unbiased assessments of internal controls and processes.
2. **Objectivity**: They must remain objective in their evaluations, avoiding conflicts of interest
to ensure their findings and recommendations are based on facts.

3. **Systematic Approach**: Internal audits follow a structured and systematic approach to

assess the effectiveness of internal controls, risk management, and governance processes.

4. **Risk-Based Focus**: The audit approach is often risk-based, focusing on areas with the
highest risk to the organization’s objectives and processes.

5. **Reporting**: Internal auditors document their findings and provide detailed reports to
management and the board, highlighting areas of concern and suggesting improvements.

6. **Follow-Up**: They monitor and review the implementation of their recommendations to

ensure that corrective actions are taken and are effective.

7. **Compliance**: Internal audits help ensure that the organization complies with laws,
regulations, and internal policies and procedures.

### Types of Internal Controls

1. **Preventive Controls**: Designed to prevent errors or irregularities from occurring. Examples

include:
- **Segregation of Duties**: Dividing responsibilities among different individuals to reduce the
risk of fraud or error.
- **Authorization Procedures**: Requiring approval before transactions or activities are
executed.

2. **Detective Controls**: Aimed at identifying and detecting errors or irregularities that have
already occurred. Examples include:
- **Reconciliation Procedures**: Regularly comparing records to identify discrepancies.
- **Physical Audits**: Conducting inventory counts or asset inspections to detect
discrepancies.

3. **Corrective Controls**: Implemented to correct issues identified by preventive or detective

controls. Examples include:
- **Error Correction**: Fixing inaccuracies found during audits or reviews.
- **Policy Updates**: Revising procedures or policies in response to identified weaknesses.

4. **Directive Controls**: Establish policies and procedures to guide employees' actions and
ensure adherence to organizational goals. Examples include:
- **Standard Operating Procedures (SOPs)**: Documented processes that guide employees on
how to perform their tasks consistently.
- **Training Programs**: Providing education and training to employees on compliance and
operational procedures.

Each type of control plays a crucial role in maintaining the integrity and efficiency of an
organization’s operations, helping to mitigate risks and ensure compliance with regulations and
policies.

Q4 - Describe Internal control procedure for Inventory.

Ans - An internal control procedure for inventory aims to safeguard assets, ensure accuracy in
reporting, and prevent theft or mismanagement. Key procedures typically include:

1. **Segregation of Duties**: Divide responsibilities among different employees to prevent any

one individual from having control over all aspects of inventory management. For example, one
person may be responsible for ordering inventory, while another handles receiving and recording.

2. **Authorization and Approval**: Implement controls that require approval for inventory
purchases, adjustments, and disposals. This ensures that all inventory transactions are
authorized by appropriate management levels.

3. **Physical Inventory Counts**: Conduct regular physical counts of inventory and reconcile
them with recorded amounts. This helps detect discrepancies and ensures that records reflect
the actual inventory on hand.

4. **Inventory Records**: Maintain accurate and up-to-date records of inventory levels,

movements, and valuations. Use inventory management software to track quantities, locations,
and costs.
5. **Access Controls**: Restrict access to inventory storage areas to authorized personnel only.
Use physical barriers, such as locked storage rooms, and electronic access controls to prevent
unauthorized access.

6. **Receiving Procedures**: Establish procedures for verifying and recording inventory upon
receipt. Check that deliveries match purchase orders and inspect goods for damage or
discrepancies before acceptance.

7. **Issue and Usage Controls**: Track inventory issues and usage to ensure that items are used
for their intended purposes. Implement controls to monitor and authorize inventory withdrawals.

8. **Documentation and Record-Keeping**: Maintain thorough documentation of all inventory

transactions, including purchase orders, receiving reports, and inventory adjustments. This
provides a clear audit trail and supports accurate financial reporting.

9. **Regular Audits**: Perform periodic internal and external audits of inventory management
processes and controls. Audits help identify weaknesses and ensure compliance with internal
policies and external regulations.

10. **Reconciliation and Reporting**: Reconcile inventory records with financial statements
regularly to ensure accuracy. Prepare reports that provide insights into inventory levels, turnover
rates, and potential issues.

By implementing these procedures, organizations can enhance the accuracy of their inventory
records, prevent loss or misappropriation, and ensure effective inventory management.

Q5 - Explain the various Internal control schemes.

Answer- Internal control schemes are systematic processes and procedures designed to ensure
the integrity of financial reporting, compliance with laws and regulations, and effective
operational management. Here’s an overview of various internal control schemes:

1. **Control Environment**: This foundational scheme encompasses the organizational culture,

governance structures, and ethical values that influence the effectiveness of internal controls. It
includes:
- **Leadership Commitment**: Demonstrating top management’s commitment to internal
controls.
- **Code of Conduct**: Establishing ethical guidelines and compliance standards for
employees.

2. **Risk Assessment**: Involves identifying and evaluating risks that could impact the
organization’s objectives and implementing controls to mitigate those risks. Key aspects include:
- **Risk Identification**: Recognizing potential risks in operations, financial reporting, and
compliance.
- **Risk Analysis**: Assessing the likelihood and impact of identified risks.

3. **Control Activities**: These are specific policies and procedures designed to address risks
and achieve objectives. Examples include:
- **Segregation of Duties**: Dividing responsibilities among different employees to reduce the
risk of error or fraud.
- **Authorization and Approval**: Requiring management approval for significant transactions
and decisions.
- **Physical Controls**: Implementing safeguards such as locked storage and access controls
to protect assets.

4. **Information and Communication**: Ensures that relevant information is communicated

effectively within the organization. This includes:
- **Reporting Mechanisms**: Providing clear channels for reporting issues and concerns.
- **Information Systems**: Ensuring that information systems support accurate and timely data
processing and reporting.

5. **Monitoring Activities**: Ongoing evaluation of the effectiveness of internal controls to

ensure they are functioning as intended. This includes:
- **Internal Audits**: Conducting periodic audits to review control effectiveness and
compliance.
- **Continuous Monitoring**: Using automated systems to continuously monitor transactions
and controls.

6. **Compliance Controls**: Focused on ensuring adherence to laws, regulations, and internal

policies. Key elements include:
- **Regulatory Compliance**: Implementing controls to comply with industry regulations and
standards.
- **Internal Policies**: Establishing and enforcing policies that align with legal and regulatory
requirements.

7. **Financial Controls**: Specific controls designed to ensure the accuracy and reliability of
financial reporting. These include:
- **Reconciliation Procedures**: Regularly reconciling accounts to ensure accuracy.
- **Expense Controls**: Monitoring and approving expenses to prevent unauthorized
expenditures.

Each internal control scheme plays a vital role in ensuring that an organization operates
efficiently, accurately reports financial information, and complies with applicable regulations and
policies.

Q6 - Narrate the scope of Audit in computerized environment.

Ans - The scope of auditing in a computerized environment encompasses a range of activities
tailored to the complexities of digital systems and technology. Key aspects include:

1. **System and Application Controls**: Auditors examine controls embedded within computer
systems and applications. This involves evaluating the effectiveness of security features, data
integrity checks, and transaction processing controls to ensure they protect against
unauthorized access and errors.

2. **IT Governance and Management**: The audit assesses the organization’s IT governance
framework and management practices. This includes reviewing policies and procedures related
to IT strategy, risk management, and compliance with regulatory requirements.

3. **Data Integrity and Accuracy**: Auditors verify that data processed and stored by computer
systems is accurate and complete. They assess controls over data input, processing, and output
to ensure the reliability of financial reporting and operational data.

4. **Access Controls**: Evaluating access controls is crucial in a computerized environment.

Auditors review user access management, including authentication, authorization, and password
controls, to prevent unauthorized access to sensitive systems and data.
5. **Backup and Recovery Procedures**: Auditors examine the organization’s backup and
recovery procedures to ensure that data can be restored in case of loss, corruption, or system
failure. This includes reviewing backup schedules, storage, and testing of recovery plans.

6. **System Development and Maintenance**: The scope includes assessing controls over the
development, implementation, and maintenance of computer systems. Auditors evaluate whether
proper procedures are followed for system changes, testing, and documentation.

7. **Automated Controls Testing**: In a computerized environment, many controls are automated.

Auditors test these automated controls to ensure they function correctly and as intended. This
may involve using data analytics and specialized audit software.

8. **Information Security**: Auditors assess the organization’s information security measures,

including encryption, firewall protections, and intrusion detection systems, to safeguard against
data breaches and cyber threats.

9. **Compliance with IT Standards**: The audit includes evaluating adherence to relevant IT

standards and best practices, such as those outlined by ISO, COBIT, or ITIL, to ensure alignment
with industry benchmarks.

10. **End-User Computing**: Assessing controls related to end-user computing involves

reviewing how users interact with systems, including spreadsheets and databases, to ensure that
such tools are used in a controlled and secure manner.

The scope of auditing in a computerized environment is broad and involves evaluating both
traditional and technology-specific controls to ensure that systems support accurate, secure,
and efficient operations.