CHAPTER ONE 1.0 INTRODUCTION 1.1 Background of the study We are in an era of considerable demands on public finances at all levels worldwide. As never before, public authorities are required to ensure that common resources are used in the most effective and efficient manner and that, essentials are targeted in the usage of resources, organizational planning and management (E.U Commission 2012). Besides, the growth in size and complexity of many companies in recent years, coupled with today’s numerous risk situations and public expectation of healthy risk assessment and evaluation have led to a corresponding increase in the need to establish effective internal control procedures. Additionally, new legal directives assert themselves in the domain of corporate governance of companies to control management decisions, define the role of independent committees, improve principles of corporate governance and set up and control internal control systems that are really effective in order to limit failures (Woolf, 1990). 1
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
CHAPTER ONE
1.0 INTRODUCTION
1.1 Background of the study
We are in an era of considerable demands on public finances at
all levels worldwide. As never before, public authorities are
required to ensure that common resources are used in the most
effective and efficient manner and that, essentials are targeted
in the usage of resources, organizational planning and management
(E.U Commission 2012).
Besides, the growth in size and complexity of many companies in
recent years, coupled with today’s numerous risk situations and
public expectation of healthy risk assessment and evaluation
have led to a corresponding increase in the need to establish
effective internal control procedures. Additionally, new legal
directives assert themselves in the domain of corporate
governance of companies to control management decisions, define
the role of independent committees, improve principles of
corporate governance and set up and control internal control
systems that are really effective in order to limit failures
(Woolf, 1990).
1
The myriads of needs of the citizenry have led to the undertaking
and funding of several projects and programmes by government
through the Ministries, Departments, Agencies and Metropolitan
and district assemblies. This has led to much expenditures being
incurred in the Public Sector which warrants the need to ensure
economy, efficiency, effective and judicious use of public funds.
Treadway Commission (1994) defined internal control as a process,
effected by an entity’s board of directors, management and other
personnel, designed to provide reasonable assurance regarding the
achievement of objectives in effectiveness and efficiency of
operations, reliability of financial reporting and compliance
with applicable laws and regulations. The International
Organisation of Supreme Audit Institutions (2004) on the other
hand defined internal controls as an integral process that is
affected by an entity’s management and personnel and is designed
to address risks and to provide reasonable assurance that in
pursuit of the entity’s mission, the following general objectives
are being achieved: (1) executing orderly, ethical, economical,
efficient and effective operations; (2) fulfilling accountability
2
obligations; (3) complying with applicable laws and regulations;
and (4) safeguarding resources against loss, misuse and damage.
Effective Internal controls are series of actions that permeate
an entity’s activities. These actions are pervasive, and inherent
in the way management runs the business of an entity. It can
directly affect an entity’s ability to reach its goals and also
supports businesses’ quality initiatives. (Sarens De Visscher and
Van Gils, 2010)
1.2 Statement of the problem
In an era in which management and control of public finances
attracts national and international attention and scrutiny, it is
imperative that adequate and effective internal control and audit
systems are designed in such a way that they could contribute to
good governance and transparency (European commission PIC 2012).
Lots of funds from Donors and Government of Ghana (GOG) sources
as well as those generated internally by public institutions are
expended yearly by Public Institutions to finance Government
activities and projects. To ensure accountability, economy,
effectiveness, efficiency and also to evaluate organizational and
3
managerial performance, managers of state institutions account
for their stewardships to the citizens of Ghana, through Members
of Parliament who represent the citizenry through the Public
Accounts Committee (PAC) of parliament (The 1992 constitution of
Ghana).
Startling revelations of misapplication and misappropriation from
the sittings of the PAC of Parliament on the Auditor-General’s
report on Public Accounts are clear indication of existence of
weaknesses in controls and monitoring. The absence of, or weak
internal controls had been recognized as the primary cause of
various incidence of fraudulent entity financial reporting
(Treadway Commission Report 1987).
In order to address these weaknesses and ensure judicious and
economic use of funds for the intended purposes, it is imperative
that we examine and discuss whether existing internal controls
systems in the public sector are effective and are contributing
to good governance and transparency. It is in this light that
this study is being undertaken using Ashanti Regional Health
Directorate (ARHD) as a case study.
4
1.3 Objectives of the study
The general objective of this study is to ascertain the adequacy
and effectiveness of internal control systems in the Public
Sector taking the Ashanti Regional Health Directorate as a case
study. The specific objectives for the study are as follows:
1. To identify the types of internal controls in operations at
Ashanti Regional Health Directorate;
2. To examine the effectiveness of the internal controls at the
Regional Health Directorate
3. To examine the challenges in the internal control systems at
Ashanti Regional Health Directorate (ARHD).
1.4 Research Questions
In order to attain the above objectives drawn from the problem
statement, the research seeks to address the following main
questions:
5
1. What are the types of internal control in operations currently at
ARHD?
2. How effective are these types of internal controls in operations in
addressing Risk the organization is exposed to?
3. What are the challenges associated with the internal controls
at the ARHD?
1.5 Significance of the study
Although this study is limited to Ashanti Regional Health
Directorate, it is hoped that the study will be of immense
benefit to many similar public organizations. In addition, the
study will enable management to understand and appreciate the
need to put the necessary structures in place to ensure adequate
and effective internal controls.
Further, the study will contribute to the understanding of the
relationship existing among Internal control theoretical frame
work, adequate and effective working internal controls on the
ground and Management’s role and how the components of an
internal control systems can be integrated to ensure value for
money in the public sector. Finally, the research will add more
6
knowledge to the existing literature on the topic and serve as a
source of reference to researchers on the topic.
1.6 Brief Methodology
In this section, an over view of the research methodology is
presented. The study employed observations, interviews and
questionnaires as research tools for data collection. The
methodological framework for this study is based on
triangulation; thus both qualitative and quantitative analysis.
The population of this study comprises managerial positions and
lower staff ranks at Ashanti Regional Health Directorate. The
research on its outlook reflects the entire public sector in
Ghana but the survey will be limited to Ashanti Regional Health
Directorate.
Primary data will be collected in order to solicit responses
directly from the field. The data collected, will constitute the
basic information from which discussions and conclusions will be
drawn for decision making.
Data is hereafter entered into Statistical Package for Social
Sciences (SPSS) and a code book generated to help in the data
7
entry. Plausible checks are conducted and inconsistent data are
cleared as appropriate. Descriptive statistical tools such as
tables, frequencies, percentages are used. Linked questions are
matched out through crosstabs to see if they are internally
consistent and statistical test are also conducted. A linear
regression model is developed to establish the link between
effective internal control and effective use of public resources.
1.7 Scope of the Study
This study will cover and explore the adequacy and effectiveness
of internal control system at Ashanti Regional Health
Directorate. Critical look would be given to Managerial behaviour
towards effective integration of components of internal controls
to ensure adequate and effective internal control system to
address inherent risks both operational and financial within the
organizational risk appetite. However, all those issues which
are reasonably incidental to or consequential upon the attainment
of this objective shall be dealt with and discussed.
1.8 Limitation of the Study
8
The study is carried out in the Ashanti Regional Health
Directorate. The target institutions shall be Ashanti Regional
Health Directorate. Secondary data will be obtained from these
places for further studies and analysis.
In an environment such as ours where information is unduly
restricted and at times unavailable due to poor storage and
record keeping, the ability of the researcher under this
circumstance would be greatly limited since analysis can be made
into the extent of information derived.
This limitation is compounded by the time limit within which to
cover this important aspect of the accounting discipline.
However, the above mentioned limitations would not affect the
quality of information that would be gathered to any marked
degree.
1.9 Organization of the Study
To enhance the orderly and systematic presentation of the ideas,
this research is grouped into five chapters. Chapter one will be
the introduction which explains the background, statement of the
problem, objectives of the study, research questions,
9
justification of the study, scope and limitations of the study.
Chapter two deals with the literature review where theoretical or
conceptual framework and empirical basis of the study is looked
at and it was devoted to a detailed literature review on the
subject area.
Chapter three outlines the methodology which describes the
procedures that will be adopted in conducting the research.
Chapter four presents results of the data gathered about the
subject matter. It comprises the organization, description,
analysis and interpretation of the results obtained, and Chapter
five summarizes the findings of study; and presents the
recommendations and conclusion with suggestions for further
study.
CHAPTER TWO
LITERATURE REVIEW
10
2.0 Introduction
This chapter provides the theoretical and conceptual framework of
the study upon which a firm understanding of effective internal
controls system is established and how the common elements of
internal controls are employed at the Regional Health Directorate
and similar public sector organizations to ensure efficiency and
effectiveness of operations. Relevant literature on internal
controls, common components of internal controls, risk
managements and objective of systems of internal controls are
reviewed.
The corporate objective and environment in which firms operate in
this contemporary business world are continuously changing.
Consequently, the risks that firms are encountering are
constantly evolving too. In order to ensure faster adaptation to
these changes, an effective internal control must necessarily be
reactive to changes. Successful risk management and internal
control therefore depends on regular appraisal of the nature and
extent of risk. (KPMG, 1999).
11
2.1 Internal Control System
Drawing from Statements of Standard Auditing Practices No. 6 (SAP
6) Gupta (2001) defines
Internal control as “the plan of organization and all the methods
and procedures adopted by the management of an entity to assist
in achieving management objectives of ensuring as far as
practicable, the orderly and efficient conduct of its business,
including adherence to management policies, the safeguarding of
assets, prevention and detection of fraud and error, the accuracy
and completeness of accounting records and the timely preparation
of reliable financial information”.
Control is made up of those elements of an organization that in
sum assist people to achieve the objectives of the organization.
Controls are said to be effective as far as they provide
reasonable assurance that the business objectives of the company
would be reliably achieved (KPMG, 1999).
2.1.1 Internal Controls Systems
An internal control system is made up of the policies, processes,
behaviors, tasks and/or activities of a company that collectively
12
help its effective and efficient function by enabling it to react
correctly to material business, operational, financial,
compliance and other risks to achieving the company’s objectives.
It involves the safeguarding of assets from unauthorized usage or
from loss and fraud, and making sure that liabilities are
recognized and managed. In addition it helps in ensuring the
quality of internal and external reporting. (ACCA- Audit and
Assurance Services)
2.1.2 COSO control Framework
The Committee of Sponsoring Organization of the Treadway
Commission (COSO) created the 1992 COSO-control framework with
the aim of providing broadly accepted criteria for establishing,
monitoring, evaluating and reporting on internal control (COSO,
1992). It defines internal control as:”a process, effected by an
entity’s board of directors, management and other personnel,
designed to provide reasonable assurance regarding the
achievement of objectives in the following categories: l)
Effectiveness and efficiency of operations, 2) Reliability of
financial reporting and 3) Compliance with applicable laws and
13
regulations. The COSO definition is seen as the most widely
accepted in practice. This assertion can be seen almost in all
similar conceptual definitions by other relevant groups around
the world (Kinney 2000).
2.1.3 CoCo definition of Internal Control
The Canadian Guidance on Control Board (CoCo) explains internal
control as “all the resources, processes, culture, structure, and
tasks that, taken together, support people in achieving those
objectives”. From a broader perspective, the CoCo definition
overtly mentions internal elements such as “internal reporting”,
“information within the organization”, and “internal policies” as
part of internal control. Whilst definition by The Institute of
Chartered Accountants in England and Wales (ICAEW) lay emphasizes
on the significance of responding to risk by stating that
internal control deals with “behaviors” (Pfister, 2009).
2.1.4 The European Federation of Accountants (FEE)
The European Federation of Accountants (FEE) on the other hand
looks at internal control in relation to governance and sees
14
internal control as going “beyond procedures” to includes
“elements such as corporate culture, systems, structure, policies
and tasks” Notwithstanding these differences in emphasis all the
concepts support that of COSO ( Pfister 2009).
In addition, recognition for the need to update the 1992
guidelines for Internal Control Standards for the Public Sector,
the 17th INCOSAI (Seoul, 2001) accepted that the COSO integrated
framework for internal control should be relied upon. Though the
guidelines also addresses ethical values and provide more
information on the general principles of control activities
related to information processing.
2.1.5 Functions of internal control Systems
According to Flick (2010), internal control system ensures correct
functioning of organizational processes, reliability of financial
information and compliance with relevant regulation. Through
internal controls organizations check fraud and abuse. Generally,
internal controls are used to describe the manner in which
management assures that financial and other objectives of an
Organization are met.
15
2.1.5.1 The INTOSAI framework
The need to emphasis the importance of safeguarding resources in
the public sector needs to be stressed. The resources in the
public sector are mainly made up of public funds and how these
funds are utilized in the interest of the public calls for
special attention (INTOSAI, 2004).
In the public sector the budgetary accounting are mainly on cash
basis and it does not provide enough assurance in respect
acquisition, use and disposition of resources. Consequently,
records on assets are not up to date and therefore susceptible to
misuse. For these reason, safeguarding resources is an important
internal control. The focus and/or objectives of public entities
determine their characteristics; therefore the internal controls
of differing entities should be understood in this context (EIU
Compendium 2012).
The definition that is more relevant to the study is that of
INTOSAI (2004). Internal control is defined as an integral
process that is effected by an entity’s management and personnel
and is designed to address risks and to provide reasonable
16
assurance that in pursuit of the entity’s mission, the following
general objectives are being achieved: (1) executing orderly,
ethical, economical, efficient and effective operations, (2)
fulfilling accountability obligations;
(3) Complying with applicable laws and regulations, and (4)
Safeguarding resources against loss, misuse and damage. From the
perspective of the INTOSAI definition, internal controls are
embedded in the operations of an entity. It is built into the
infrastructure of an entity and form part of its culture.
Control is affected by individuals working across the company,
including the Board of directors, management and personnel. Those
responsible, as individuals or teams, for achieving objectives
are also responsible for the effectiveness of controls that
supports the achievement of set objectives (Pfaff and Ruud 2007).
2.2 Role of Board of Directors in Internal Control
The Board of Directors and/or the governing council of an entity
are responsible for internal controls. As the organ responsible
for internal controls, the Board should formulate and implement
suitable policies on internal controls and ensure that
17
appropriate processes are working effectively to monitor the
risks to which the company is exposed (Verschoor, 1999).
In addition, the board should ensure that the system of internal
controls is effective in mitigating risks within the entity’s
risk appetite. It is therefore necessary that the appropriate
tone is set at the top most level and the seriousness attached to
control responsibilities must be effectively communicated. The
task of establishing and operating and monitoring the internal
control systems will however be delegated to management (KPMG,
1999).
2.3 Categories of internal control
Internal controls related with the management of large firms have
been categorized into two major types (1) strategic controls and
(2) financial controls. Strategic controls involve evaluation of
business-level managers' actions and performance by using
criteria that are strategically relevant in the long term (Hitt
et al, 1996).
The operation and monitoring of the strategic system of internal
control should be undertaken by individuals who collectively
18
possess the necessary skills, technical knowledge, objectivity,
and understanding of the entity and the industries and markets in
which it operates. It also requires a rich information exchange
between corporate and Divisional managers (Hoskisson et al.,
1994).
2.4 Elements of internal control
According to Hayes et al., (2005) the common elements of internal
controls are: (1) Control environment, (2) the entity’s risk
assessment process, (3) the information and communication
systems, (4) control activities and (5) the monitoring of
controls.
2.4.1 Control environment
The control environment is the basic element in an organization
that influences the control awareness of its people. As the basic
element, the control environment is the fundamental component
upon which all other components of internal control system are
built by providing discipline and structure (Whittington and
Pany, 2001).
19
The control environment comprises of factors such as integrity,
ethical values and competence of the entity’s people;
organizational philosophy and operating style; the manner in
which authority and responsibility are assigned by management,
how its people are organized and developed; and the attention and
direction provided by the Board of directors (KPMG, 2009).
2.4.2 The entity’s risk assessment process
This involves identification and evaluation of risks and control
objectives. All entities encounter all sorts of risk from both
their external and internal environment that needs to be properly
assessed. Established objectives that must be linked at various
levels and internally consistent are the prerequisites for
25% of responses obtained. Besides, 25 respondents failed to
answer the question to this effect which represents 12.5%.
73
However, the results shows that majority of respondents agreed
with Hayes et al 2005 assertion that to ensure that people play
their assigned roles effectively and efficiently the relevant
information must be identified recorded and/or captured and
communicated within an appropriate time frame.
4.6.3 Information needs and related information systems re-
assessment
From the above table out of total number of 165 respondents, 130
representing 65% agreed that information needs and related
information systems are re-assessed. On the other hand 35
respondents representing 17.5% disagree to the fact that
information needs and related information systems are re-
assessed. Additionally, 35 respondents representing 17.5% were
not sure. The Ghana health service monitoring and evaluation plan
(MEP) that was review as part of this study confirms the
majority’s stand point that information needs and related
information systems are re-assessed. It states “in Ghana almost
all the yearly health sector reviews and aide memoirs have called
for an improvement in the existing health information systems for
74
better decision making”. Consequently the DHIMS software was
developed and successfully deployed in 2008.
4.6.4 Channels of communication
120 out of the 125 respondent agree that there are channels of
communication for reporting breaches of law and improprieties. 5
respondent according to the table responded “NO” to this effect.
However the number of respondents who miss out is rather on the
higher side. They represent 37.5% of the total sample size.
This is in line with Hitt et al, 2005 assertions that
information and communication process provide a source of
strategic flexibility. It enhances a firm’s ability to meet
customer’s expectation. Moreover effective information and
communication enhances understanding and flow of work among
employees in the organization as well as among those employees
and their counterparts such as suppliers and other stake holders.
4.7.0. Monitoring implementation of Internal Control system
In table10, the researcher set out to examine the monitoring,
supervision and the internal audit function as part of monitoring
and supervision component of the internal control system, as a
75
way of examining the effectiveness and functionality of the
internal control system.
The test statements were arranged in terms of their frequency and
percentages as a way of interpreting the results. The details of
the survey in this regards are discussed under the sub headings
of the corresponding statements tested as follows;
Table 10: Monitoring Implementation of Internal ControlMonitoring & supervision N YES % NO % MISSING %Monitoring and supervision processes integralpart of procedures
190 180 87.
5 15 7.5 5 2.5
Continuous monitoring process 50 40 20.0 10 5.0 150 75.
0Monitoring of effective application ofpolicies and related controls
160 140 70.
0 20 10.0 40 20.
0Ability to re-evaluate risk and adjustcontrols
190 175 87.
5 15 7.5 10 5.0
Internal audit unit 180 165 82.
5 15 7.5 20 10.0
Internal audit unit sufficiently staffed 165 130 65.
0 35 17.5 35 17.
5
Conduct of audit inspections 160 125 62.
5 35 17.5 40 20.
0
Internal audit reports produce regularly 180 155 77.
4. Sarens G., De Visscher C. and Van Gils D (2010), “Risk Management and Internal Control in the Public Sector”, An In-Depth Analysis of Belgian Social Security Public Institutions, http://www.docufin.fgov.be/intersalgnl/thema/publicaties/documenta/2010/
5. INTOSAI (2004), “Guidelines for Internal Control Standardsfor the Public Sector”, International Organisation ofSupreme Audit Institutions.
6. EIU Compendium (2012) “Compendium of the public internalcontrol systems in EU member states”
7. ACCA (2009/2010) “Advanced Audit and Assurance” KaplanPublishing ACCA- Audit and Assurance Services Text book
8. Adams, M. B. (1994), “Agency theory and the internal audit”,Managerial Auditing Journal.
9. Anderson, D., Francis, J. R. and Stokes, D. J. (1993),“Auditing, directorships and the demand for Monitoring”:Journal of Accounting and Public Policy.
12. Brennan, N. M., and J. Soloman (2008). “Corporategovernance, accountability and mechanisms ofaccountability”: An overview. Accounting, Auditing &Accountability Journal
13. Committee of Sponsoring Organizations (COSO) (1985),“Organization background information” http://www.coso.org/.
14. Curtis C. Verschoor (1999) “Corporate Performance isClosely Linked to a Strong Ethical Commitment”
15. DeAngelo, L. (1981), “ Auditor size and audit quality”,Journal of Accounting and Economics, Vol. 3
16. Dittenhofer, M. (2001). Internal Auditing
Effectiveness. Vol. 16, No.10, 74
17. Ettredge, M. L., Sun L., and Li C.. (2006). “The impactof SOX Section 404 internal control quality assessment onaudit delay in the SOX era”. Auditing: A Journal of Practice& Theory
18.Garcia, B.M. A. (2004). Audit Reports on Financial Statements PreparedAccounting to IASB Standards. Vol. 8.
19. Gerrit S and Mohammad J. A (2010), “Monitoring Effectsof the Internal Audit Function”: Agency Theory versus otherExplanatory Variables. International Journal of Auditing.Blackwell Publishing Ltd
20. Jensen, M. C. and Meckling,W. H. (1976), Theory of thefirm: managerial behaviour, agency costs, and ownershipstructure’, Journal of Financial Economics.
21.John J. Morris (.2011), “The Impact of Enterprise ResourcePlanning (ERP) Systems on the Effectiveness of InternalControls over Financial Reporting”
22. Kochan, A. (1993). “Internal Evaluation”: TQM Magazine.Vol. 5.
23.Krishnan, J. (2005). “Audit committee quality and internalcontrol”: An empirical analysis. The Accounting Review
24. Hitt M.A et al (1996). “The Market for CorporateControl and Firm Innovation”
25. Millichamp, A.H. (1993). Auditing (6th ed.)
26.Whittington O.R and Pany K. (2001). “Principles of Auditingand Other Assurance Services”.
106
27. Ogneva, M, Subramanyam K.R, and Raghunandan K. 2007.“Internal control weakness and cost of equity”: Evidencefrom SOX Section 404 disclosures. The Accounting Review
28. Reid, K. & Ashelby, D. (2002). The Swansea InternalQuality Audit Processes Quality Assurance in Education. Vol.10,
29. Pearson Education Limited. SAP. (2005). “EnterpriseGovernance and Sarbanes-Oxley Compliance” Available at:http://www.sap.com/usa/solutions/business
30.Stephen Emasu (2007) public financial management – Concepts
& Practices
31. Watts, H. (1999). “A Conceptual Framework to FinancialReports and Internal Audits”. Vol. 20, Pp. 753-778.
107
QUESTIONNAIREDear Respondent, My name is Justice Ali Afful. I am currently
carrying out a study for the purpose of writing a dissertation as
a requirement for the award of Master of Business Administration
of Kwame Nkrumah University of Science and Technology (KNUST).
The topic of study is EFFECTIVENESS OF INTERNAL CONTROL SYSTEMS
IN THE PUBLIC SECTOR. You have been selected to participate in
this study due to the importance of your information in the
study. The information you provide will only be used for the
purpose of this study and will be treated with utmost
confidentiality. Please feel free and answer all the questions
truthfully.
SECTION A
RESPONDENT’S BACKGROUND
1. Gender (Please tick appropriately)
Male
108
Female
2. What is your highest level of education?
Certificate/Diploma
Bachelor
Masters
PhD
Other (PLEASE Specify)…………………………………………………………………...
3. What position do you currently hold in the
Organization/Institution that you work for?
Management Committee member
Unit head or head of BMC
Finance and Accounts staff
Internal audit staff
Health administration and support service
Public health staff
109
Clinical care
4. In what age bracket do you fall? (Circle where appropriate)
18-25
26-35
36-45
46-55
56+
5. For how long have you served in your organization/Institution?
1-3 years
4-6 years
7-10 years
10+ years
1. TYPES OF INTERNAL CONTROLS IN OPERATIONS AT ARHDORGANIZATIONAL STRUCTURE Ye
sNo
1) Do you have written policies and procedures?
2) If yes, do they include: Ye
s
No
110
a. Policies and procedures for major areas of
operations?
b. Financial and accounting systems?
c. Human resources policies and procedures?
3) Are policies and procedures consistent with
statutory Authority?
4) Are controls and control objective integrated into
policies and procedures?
5) If yes, what types of internal controls are in
operations?
Ye
s
No
a. Comprehensive controls (coordinated controls covering
all activities)
b. Focused controls (only financial and accounting
systems)
6) Does it ensures the following: Ye
s
No
a. Executing orderly, ethical, economical,
efficient and effective operations?
b. Complying with applicable laws and regulations?
c. Fulfilling accountability obligations?
111
d. Safeguarding resources against loss, misuse and
damage?
2. EFFECTIVENESS OF THE INTERNAL CONTROLS AT THE ARHD
RISK ASSESSMENT Yes No1. Do you have established objectives in a form of
mission statement? 2. If yes, are objectives of key areas in line with
mission statement?3. Do Objectives and related plans include measurable
performance targets and indicators?4. Are employees fully aware of objectives, targets
and indicators?5. Do Policies and procedures anticipate, identify and
react to risks?6. If yes, do they provide effective direction on risk
and control issues? 7. Is risk identification and assessment a continuous
process?8. If yes, is it embedded in the operations of the
entity?9. Is the acceptable level of risk well understood by
all?CONTROL ENVIRONMENT AND CONTROL ACTIVITIES Yes No
10. Are there Strategies for dealing withidentified risks?
112
11. Do Organization’s culture and ethical valuessupports risk management and internal controls?
12. Do Management actions and policies demonstratetheir Commitment to competence & integrity?
13. Is Authority, responsibility andaccountability clearly defined?
14. If yes, are decisions and actions taken by theappropriate people at all times?
15. If yes, are staffs aware of what is expectedof them and their scope of work?
16. If yes, does it ensure checks and balances?INFORMATION AND COMMUNICATION Ye
s No
17. Do management received Progress reports? 18. If yes, is it timely, relevant and reliable
for decision making?19. Are information needs and related information
systems reassessed? 20. Are there Channels of communication for
reporting breaches of law and improprieties? Monitoring and Supervision Yes No
21. Is monitoring and supervision processesintegral part of procedures?
22. If yes, is it a continuous process?23. Does monitoring process ensure effective
application of policies and related controls?24. Does the process monitor the ability to re-
valuate risk and adjust controls?25. Do you have an internal audit unit?26. If yes, is it sufficiently staffed?27. Does the unit conduct regular audit
inspections?28. If yes, does the unit produce reports
regularly?29. Do the reports address weaknesses in controls?
113
CHALLENGES IN THE INTERNAL CONTROL SYSTEMS AT THE ARHD30. Have there been instances where controls had to be
override? Yes No
31 Do you have challenges with implementation of controls? Yes No