GB S.

CO Internal audit Department

Internal control and Fraud

Awareness creation session for Newly on

Boarded staffs of Gadaa Bank S.co

Date 10/06/2024

Legesse Jada – CIA 09-12-18-87-76

Out lines of the discussion

Internal control

Internal Audit

Fraud
“It is impossible for a man to learn
what he thinks he already knows…’’

Epictetus
What is Internal Control?

Internal control is a process effected by people (an

entity's Board of directors, Management, and other
personnel), designed to provide reasonable assurance
regarding the achievement of objectives in the three
categories.
Source: Committee Of Sponsoring Organizations of the Tread way Commission
(COSO)
Effectiveness and efficiency of operation
 Reliability of reporting
Compliance with applicable laws and
regulation
Key Words from the definition
1.Process: it is not one event or
circumstance but a dynamic process, it is
a means to an end, not an end in itself.
2.Effected by People: it is not just about
policy manuals, systems, and forms, but
about people at every level of
organization that impact internal control.
3. Provide Reasonable Assurance:
Because, Limitation exist in all system of internal
control, and then uncertainty & risk may exist
which no one can predict confidently with
precision.
4.Geared to the achievement of objectives in the
form of:
• Operational Objectives
• Reporting Objectives
• Compliance objectives
 Components of Internal control

• Control Environment
Five • Risk Assessment
Components • Control Activities
of Internal • Information and
Control communication
• Monitoring Activities
 Types of internal controls

There are three

types of internal
controls.

Preventive Detective Corrective

internal control internal control internal control
1. Preventative Internal Controls
• Preventative internal controls are those
controls put in place to avert a negative
event from occurring.
• Preventive controls aim to decrease the
chance of errors and fraud before they
occur.
 Examples of preventive control practices in personal life

• Lock your house when you leave

• Placement of guards
• Placement of CCTV Cameras
• Setting password for your computer or cell
phone
• Keep your ATM card PIN number separate from
your card
 • Separation of duties,
some of • Pre-approval of actions and
transactions,
the • Access controls,(limit physically
preventive and digitally)
• Physical control over assets ( locks
actions of doors or a safe for
cash/checks);
include: • Employee screening and training.
 2. Detective Internal Controls
• Detective internal controls are those controls
that are used after irregularities happen.
• They are designed to find errors or problems
after the transaction has occurred and provide
evidence that preventive controls are
operating as intended, as well as offer an after-
the-fact chance to detect irregularities.
 • Make internal audit on time;
Some of • monthly reconciliations of
various transactions;
detective • physical inventories (inventory
controls count at some interval).
• Surprise cash count.
incudes; • Vouching of Daily tickets.
If any irregularities detected, ask the
following questions.
• What caused the event to occur?
• What process failed that allowed the event to
occur?
• Is there a policy that can be implemented to
prevent the event from happening again in
the future?
3. Corrective controls

Corrective controls come into play when a

problem or threat has been detected.

Aim to correct the problem or discipline

those responsible for it
 • Disciplinary action, from
Some of simple reprimand to
corrective dismissal
• Modifications, blocking
controls access
includes; • New policies prohibiting the
detected problems
 Limitations of internal control

Control activities, no matter how well designed

and executed, can provide only reasonable
assurance regarding achievement of objectives.

The likelihood of achievement is affected by

limitations inherent in all control systems.
Management should note when designing internal
control that:
 Excessive control is costly and counter productive.

 Too little control presents undue risk.

 Therefore make a conscious effort to strike an

appropriate balance.
 Internal Audit
• What is Internal Audit?
• Internal audit:- is an independent, objective
assurance and consulting activities designed
to add value and improve an organization’s
operations. It helps an organization to achieve
its objectives by introducing a systematic,
disciplined approach to evaluate and improve
the effectiveness of risk management, control
and governance. (IIA)
Key words
Assurance Services:
An objective examination of evidence for the
purpose of providing an independent assessment
on governance, risk management, and control
processes for the organization.
Examples may include financial, performance,
compliance, system security, and due diligence
engagements.
There are generally three parties involved in
assurance services:
1.The person or group directly involved with the
process, system or other subject matter- the
process owner.
2.The person or group making the assessment-
the internal auditor
3.The person or group using the assessment- the
user
Consulting Services:
Advisory and related client service activities, the
nature and scope of which are agreed with the
client, are intended to add value and improve an
organization’s governance, risk management,
and control processes without the internal
auditor assuming management responsibility.
Examples include counsel, advice, facilitation,
and training.
Consulting services generally involve two
parties.
1. The person or group offering the advice- the
internal auditor
2. The person or group seeking and receiving the
advice- the engagement client.
Add Value:
The internal audit activity adds value to the
organization (and its stakeholders) when it
provides objective and relevant assurance, and
contributes to the effectiveness and efficiency of
governance, risk management, and control
processes.
 Internal audit bench marks
The Department operates within the
parameter provided by:
 Internal Audit charter;
Internal working procedures of the Bank
 NBE Directives
 International Standard of Internal
Auditing.
 Why internal audit
1. It Provide Independent and Objective
assurance for board and management
whether the designed internal control system
is working as intended.
2. It is the requirement of NBE that every bank
shall establish Internal audit function directly
reporting to board of directors.
 Authority of Internal audit

The Internal Audit of the bank is authorized to

review all area of the Bank without any
limitation.
 Internal control v internal audit
• Internal control and Internal Audit are
sometimes seems the same and the terms are
used interchangeably.
• But, Internal audit is a function carried out by
internal auditors while internal control is a
system designed to make sure an organization
meets its objective and it is the responsibility
of Board and Management.
 Fraud
What is Fraud?

Although there is no universal definition, Fraud

is a deliberate misrepresentation to make
personal gain for oneself dishonestly and/or
create a loss for another.
(ACFE)
 Some negative impacts of Fraud on companies

 Loss of confidence by customers, lenders,

regulators, stockholders
 Loss of sales, market share, influence
 Loss of access to financing
 Withdrawal or refusal of licenses
 Bankruptcy/liquidation
 Loss of reputation
Some negative impacts of Fraud on employees (Fraudster)

• Loss of Job
• Send to prison
• Confiscation of other personal properties
 Some Factors Contributing to Fraud

 Too much trust in employees

 Lack of proper procedures for authorization
 Lack of integrity
 No independent checks on performance
 Non segregation of duties (Maker-checker)
 Lack of clear lines of authority
 Infrequent audit/review
 Inadequate documents and records.
 The fraud triangle model
Three conditions are necessary for fraud to
occur.
1. A pressure or motive
2. An opportunity
3. A rationalization
 What are some pressures?

• Living beyond one’s means (overspending)

• High personal debts
• Unexpected financial needs
• Addiction problems
• Need to meet productivity targets
 Opportunities

• An opportunity is the condition or situation

that allows a person to commit and conceal a
dishonest act.
• Opportunities often stem from a lack of
internal controls.
• However, the most prevalent opportunity for
fraud results from a company’s failure to
enforce its system of internal controls.
 Rationalizations

Most fraudsters have an excuse or a rationalization

that allows them to justify their illegal behavior.
What are some rationalizations?
• The fraudsters are just “borrowing” the stolen
assets.
• The organization can afford it.
• Nobody will get hurt.
• The company deserved it ( Unhappy over treatment)
• No one will ever know.
• Fraud can be committed by internal or
external fraudsters.
• Surveys show that 85% of fraud is committed
by internal fraudsters.
 Most Vulnerable areas to fraud in Banking industry.

Cash Procurements
Bank guarantees Now a days HR area
Credit areas
Collateral valuation
Customers accounts/dormant
accounts
Office rent
FCY allocations
 The end

Thank You!