INTERNAL

CONTROL
for
Cooperatives
A lecture delivered by Christine Leal-Estender
 Internal Control
Comprises the plan of organization
and all coordinated methods and
measures adopted within a business
to safeguard its assets, check the
accuracy and reliability of its
accounting data, promote operational
efficiency and encourage adherence
to prescribed managerial policies.

2
 Internal Control
Internal Control – is the systems, policies,
procedures and processes effected by the BOD,
management and other personnel to safeguard
the assets, limit or control risk and achieve the
objectives of the entity.

while

Internal Audit – provides an objective,

independent review of the entity’s activities,
internal control, and management information
system to help the board and management 3
 PURPOSE OF INTERNAL
CONTROL
1. Ensure that the business of
the Coop is conducted in a
prudent manner in
accordance with policies and
strategies established by the
board of directors;
2. That transactions are only
entered into with appropriate
authority
3. That assets are safeguarded
and liabilities controlled;

4
PURPOSE OF INTERNAL
CONTROL
4. That accounting and
other records provide
complete accurate
and timely information
5. That management is
able to identify, assess,
manage and control the
risks of the
business.
5
 PRIMARY AREAS OF
INTERNAL CONTROLS
1. Organizational
structures (definitions
of duties and
responsibilities,
discretionary limits
for loan approval, and
decision-making
procedures).
2. Accounting
procedures
(reconciliation of
account, control lists, 6
 PRIMARY AREAS OF INTERNAL
CONTROLS
3. The “four eyes”
principles (segregation
of various functions,
cross-checking, dual
control of assets, double
signatures, etc).

4. Physical control over

assets and investments
7
 Internal Audit – What is it?

■ A systematic and independent

review
of the operations and controls of the
organization
- Systematic: the work is done
according to pre-designed plans and
programs
- Independent: the work is done
independent of management
8
 Internal Audit –
Why do it?
■ To fulfill a key link in the risk
management process
■ Primary Goals are:
-to ensure that internal policies
and procedures are being followed
-to ensure that financial and
operating information is accurate
- To identify previously unrecognized
9
 Internal Audit –

should do it?

■ Chief Internal Auditor

-Banking and Accounting Professional usually
CPA with credit background of financial institution
-Maintains membership and/or ties
with professional associations
■ Staff
- Qualified candidates from within the Coop or
through recruitment 10
 Personal Qualities
■ Focused, well organized
■ Attentive to details
■ Exercises good judgment – knows what’s
important
■ Excellent written and verbal
skills
communication
■ Trustworthy – will do the right thing
■ Pleasant personality – can manage and train
staff
■ Creative and independent thinker – can draw
sound conclusions and form relevant
recommendations

11
 Auditor
Independence
■ Reports directly to the board
of directors
■ Maintains appropriate

communication with the general

manager/CEO
■ Manages the budget and schedule

for the department

■ Works in a separate and secure

space 12
 Components of Internal
Control
■ Control environment
■ Risk Assessment

■ Control Activities

■ Accounting, information

and communication
system
■ Self-assessment or

monitoring

13
Assessing the Control
Environment
■Control Environment – sets the tone of the
Coop, influencing control consciousness of its
people. It is the foundation for all other
component of internal controls

■ Points of Focus
• Organizational structure assignment of
authority and responsibility
• Human resource policies and procedures
• Integrity and ethical values
• Commitment to competence
• Management philosophy and operating style

■ An effective Control Environment is one that

establishes and promotes collective positive
attitude toward achieving effective internal
control over the unit’s business
14
 Evaluating Risk Assessment
Process
■ Risk Assessment – is the process of identifying
and analyzing relevant risks to the achievement
of the Coop’s objectives and determining the
appropriate response

■ Point of Focus
• Risk identification
• Risk analysis and prioritization
• Risk management

■ An effective Risk Assessment establishes

maintains
and process to identify, analyze, and
manage risk relevant to achieving a unit’s
goals and objectives.

15
 6. Revise
1. Identify
policies
risks

5. Test effectiveness 2. Develop strategies and

and monitor results procedures to prioritize risks

4. Implement policies 3. Design policies

and assign responsibility to mitigate risks

16
■ Is the potential
for realization
of the
RISK
unwanted
negative
consequences
of an event
■ The possibility of loss,
injury, disadvantage or
destruction
17
 Types of Major
Risks for
Coops
■ Liquidity Risks

■ Operations Risk
■ Credit Risk

18
 Assessing Control
Activities
■ Control Activities – are the policies and
procedures established and implemented
to address the risks and to achieve the
Coop’s objectives.

■ Point of Focus
• Severity and frequency of audit findings, specifically
on the :
■ Design of the control
■ Operating effectiveness of the control

■ An effective Control Activity is one that is

properly designed and implemented
to mitigate the risks
19
Assessing Control Activities
(Attributes)
■ Design of the controls
• Existence of Appropriate policies and
procedures necessary with respect to each
of the entity’s activities

■ Operating effectiveness of the

controls
• Identified control activities in place are being
applied properly

■ • Documentation
Examples of Control Activities
• Approval and authorization
• Verification
• Supervision
• Segregation of Duties
• Safeguarding of Asset
• Reporting
• IT Controls 20
 Assessing the
Information and
Communication
■ Information and Communication – encompasses the
System
methods for identifying, capturing, and
communicating pertinent information in a time
frame that enables people to carry out their
responsibilities
■ Points of Focus
• Information
• Communication

■ An effective Information and Communication System

ensures that information relevant to operating the
business and the maintenance of internal control and
records are identifies, captured, and communicated
to appropriate individual on a timely basis
21
 ■ Monitoring – Assessing the
quality of internal control
system performance over
time

■ Points of Focus
• Ongoing Monitoring Activities
• Separate Evaluation*
• Reporting Deficiencies

Assessing ■ An effective Monitoring

the System detects and
remedies control
Monitoring deficiencies throughout the
System entire internal control
system
22
 Minimum
Internal Control
Standards

23
 Proper Accounting

Records
■ Accounting records should satisfy the
needs of a particular financial
intermediary
■ These should contain sufficient

details to meet management

and supervisory needs and
should be properly and currently
24
 Division of Duties
and
Responsibilities
■ Duties must be segregated to allow
the proper functioning of automatic
checks.
■ No one person should be in complete

charge of business transactions

■ Operating instructions for each
position should be reduced in writing
25
 Signing
■ Authorities
Different levels of officers to sign for
and in behalf of the institution should
be approved by the Board of
Directors
■ Extent of authority should

be clearly defined

26
 Dual ■ Routine of each
transaction
Contr should be so
designed that at
ol least two or more
individuals are
involved in the
completion of
every
transaction
27
 Independent
■
Balancing
This means that someone runs and
balances records that are normally
posted by another person, or that
someone counts
held by another
person

28
 Joint Custody
■ Two or more persons are involved in
the safekeeping of physical
properties including documents

29
Physical
Control
■Safeguarding and housing
of assets demand
adequate
physical protection. Physical
control includes the vault gate keys
of equipment, alarms and other
physical devices to protect the
premises.
30
 NUMBE
CONTRO
R
L
Sequence number controls
incorporated in the accounting
system serves two purposed: (a) to
control processing and (b) to identify
individual transactions

31
 Knowledge of
Outside
Activities of
Employees
■ Periodic submission of statement of assets
and liabilities ascertains the financial
status of officers and employees
■ Any immediate or sudden change
appearance
in or habits of officers and
employees may be indicative of
misconduct, particularly when the change
reflect spending habits that go beyond the
limit of their income
32
 Rotation of Duties

■ Rotation reduces the opportunity for

fraud points to the adaptability of an
employee and often results in new
ideas for the organization

33
■ This policy is closely related to
rotation of duty as both result to a
forced absence from regular duties.
Vacation for those in position of trust
must be enforced

34
Direct Verification
■ This pertains to
confirmation of
accounts or
records by means
of direct
correspondence
with the coop’s
customers

35
 Sound Personnel
Policies
■ Recruitment – A formal
procedure must be followed when
employing new people. A check
of their previous employment and
credit references in mandatory in
order to hire individuals of
competence and integrity
■ Fair Salary Scale – To attract and
keep honest staff
■ Incentive and other Benefits – to
keep employees morale high
36
 Sound
Personnel
Policies

■ Code of Discipline. This should be

a code of discipline that serves as a
guide for the conduct expected of the
officers and employees in their day-to-
day pursuit of company objectives.
Code of discipline must also spell out
what constitutes violations and their
corresponding penalities.
37
 Internal Audit-
How is it done?
■ Develop a comprehensive annual work plan for
board approval, including time schedule, budgets
and scope
■ Design a generic audit work programs for each
area of Coop operation
■ Design work papers that clearly document
evidence of work performed, conclusions drawn,
the
and meets requirements
■ Prepare audit report for the board and
management on a timely basis, and provide
status updates at least on a quarterly bases
■ Follow up on status of implementing
recommendations 38
SAMPLE AUDIT PROGRAM
Office Audit Date:
Audit Period Reviewer:
Source Code: 1 Document, 2 – Interview, 3 -
Observation
TASK Y N SOURCES COMMENTS
N
E O F
S A
Verify Petty Cash
■ Count cash and agree to petty

cash balance
■ Confirm the cash is counted

periodically by a supervisor
■ Review paid transactions for

appropriate receipts and approval

■ Review replenishment vouchers for

the period
■ Confirm that cashbox is

reasonably safeguarded
■ Ensure segregation of duties in cash

handling (approval, disbursement, and

accounting)

39
 Audit
■ Report
Keep it short and to the point
■ Report on a timely basis
■ Include four parts, at a minimum:

1. Executive summary: bullet list items of

concern that require immediate attention
2. Describe the scope of work (period
covered, business process or funding
source, etc.)
3. List key findings of exception to policy,
risks and recommendations
4. Note any prior recommendations that
have not been implemented
40
 FRAUD TRIANGLE

Incentives/
Opportuni
Pressures ty

Attitude/
Integrity
41
 SITUATIONS THAT
OFFER OPPORTUNITY
FOR FRAUD
■ Ineffective internal controls
■ Too much trust placed on employees
■ Employees have detailed knowledge
of the accounting system and its
weakness
■ Management domination can
normal
subvert internal controls
■ Expected moral behavior is not
communicated to employees (no
code of ethics)
42
 SITUATIONS THAT OFFER
OPPORTUNITY FOR FRAUD

■ Unreasonable budgets and expectations

■ Related party transactions

■ Incomplete or out of date procedural

documentation
■ Management sets a bad example

■ Conflicts of interest

43
PROFILE OF A FRAUDSTER
■ Big spender (expensive hobbies, living
beyond means, high personal debt)
■ Under stress (suffering from personal
crisis such as financial problems or
■ bad evident
Has marriage)
financial needs (illness,
drugs,
gamblin
■ g)
Intelligent (challenged by a secured
bored by
system,
routines)

44
 PROFILE OF
A FRAUDSTER
■ Inquisitive (tempted by the discovery
of a computer vulnerability)
■ Risk taker (willing to bend the rules
and take chances)
■ Rule breaker (takes short cuts, self-
justifies, infractions of law)
■ Hard worker (first to arrive in the
morning and last to leave at night,
never absent)
45
 REMINDERS
ON FRAUD
■ Internal auditors are not expected
to be fraud specialists
■ Audit procedures, even if done

with due professional care, do not

guarantee fraud detection
■ Detection of Fraud is only a by-

product of the audit function, not

its main goal 46
Thank
You!