Monday, 18 April 2016

Internal Control Framework - Part 2

software companies in India

Components and Principles:
The Framework sets out seventeen principles representing the fundamental concepts associated with each component. Because these principles are drawn directly from the components, an entity can achieve effective internal control by applying all principles. All principles apply to operations, reporting, and compliance objectives of software companies in India. The principles supporting the components of internal control are listed below:

Control Environment
  1.  Board Oversight: An executive board structure exists that demonstrates independence from management and exercises oversight for the development and performance of internal control
  2. Integrity and Ethical Values:  Standards of ethical behaviour exist and processes are in place to encourage staff to fulfil their duties with integrity.
  3. Structure, Authorities and Responsibilities: An organizational structure, including reporting relationships and assignment of responsibility and delegation of authorities, is defined and clearly communicated and the related policies are established in support of the Organization’s objectives.   
  4. Human Resources Policies and Practices: Policies and procedures are in place to attract, develop and retain talents in support of the Organization’s objectives including policies and practices for managing performance.     
  5. Accountability:   Policies and procedures are in place to hold individuals accountable for their internal control responsibilities, including delegation of authority. 
  6. Strategic Direction:  The strategic direction and priorities of the Organization are established and form the basis for the development of assessing risks and operational effectiveness.
Risk Assessment

  1. Specifying Objectives: Objectives are specified with sufficient clarity to enable the   identification and assessment of risks relating to objectives.
  2. Risk Identification: Risks to the achievement of objectives across the Organization are identified and analysed as a basis for determining how they should be managed, whether to accept, avoid, reduce, or share the risk.   
  3. Risk Assessment: The risks to the achievement of its objectives are assessed, including the potential for fraud or other misconduct or breach of rules.  
  4. Risk Response: Once the potential significance of the risk has been assessed management considers how the risk should be managed. 
Control Activities
  1. Selection and Development of Control Activities: Control activities that contribute to the management of risks to acceptable levels are selected and developed taking into consideration the operational environment.
  2. General Control Activities over Technology: General control activities using information technology are selected, developed or assessed to support the achievement of the Organization’s objectives.
  3. Policies and Procedures: Control activities include the development and use of policies that establish what is expected or required, and procedures that put the policies into action.  They are built into business processes and day-to-day activities. Compliance and the consequences of non-compliance are also contained within each policies and/or procedure. 
Information and Communication 
  1. Information and Reporting: Relevant and quality information is obtained or generated to support the functioning of internal controls, decision making and oversight.  
  2. Internal Communication: An efficient and effective system of internal communication exists to ensure that individual staff members have the information they require to carry out their duties, and to support the functioning of internal control.    
  3. External Communication: An efficient and effective system of external communication exists to ensure 1) necessary externally-sourced information is received; and 2) that external stakeholders, such as contributors, NGOs, Member States, governing bodies, donors and technical partners are provided with necessary relevant and quality information in response to requirements and expectations.    
Monitoring Activities
  1. On-going or Separate Monitoring: On-going and/or separate reviews are selected, developed and performed to ascertain that each of the components of internal control that are built into the business process are functioning effectively.  
  2. Reporting Internal Control Deficiencies: Deficiencies in the operation of internal control are systematically evaluated and reported to those parties responsible for taking corrective action.  Appropriate corrective action is taken in a timely manner to address the reported deficiencies. 
Roles and Responsibilities:
Everyone in an organization has responsibility for internal control.

The chief executive officer is ultimately responsible and should assume "ownership" of the system. More than any other individual, the chief executive sets the "tone at the top" that affects integrity and ethics and other factors of a positive control environment. In a large company, the chief executive fulfils this duty by providing leadership and direction to senior managers of software companies in India and reviewing the way they're controlling the business. Senior managers, in turn, assign responsibility for establishment of more specific internal control policies and procedures to personnel responsible for the unit's functions. In a smaller entity, the influence of the chief executive, often an owner-manager, is usually more direct. In any event, in a cascading responsibility, a manager is effectively a chief executive of his or her sphere of responsibility. Of particular significance are financial officers and their staffs, whose control activities cut across, as well as up and down, the operating and other units of an enterprise.

Board of Directors:
Management is accountable to the board of directors, which provides governance, guidance and oversight. Effective board members are objective, capable and inquisitive. They also have a knowledge of the entity's activities and environment, and commit the time necessary to fulfil their board responsibilities. Management may be in a position to override controls and ignore or stifle communications from subordinates, enabling a dishonest management which intentionally misrepresents results to cover its tracks. A strong, active board, particularly when coupled with effective upward communications channels and capable financial, legal and internal audit functions, is often best able to identify and correct such a problem.

Internal Auditors:
Internal auditors play an important role in evaluating the effectiveness of control systems, and contribute to ongoing effectiveness. Because of organizational position and authority in an entity, an internal audit function often plays a significant monitoring role.

Other Personnel:
Internal control is, to some degree, the responsibility of everyone in soft and therefore should be an explicit or implicit part of everyone's job description. Virtually all employees produce information used in the internal control system or take other actions needed to effect control. Also, all personnel should be responsible for communicating upward problems in operations, noncompliance with the code of conduct, or other policy violations or illegal actions.


This article helps to understand the direct relationship between objectives, which are what an entity strives to achieve, components, which represent what is required to achieve the objectives, and the organizational structure of the entity (the operating units, legal entities, and other). Here, the five components are also evaluated through principles and recommended points of focus. The article further highlights on the roles and responsibilities of the interested parties using internal control-integrated framework and which also focuses on internal governance and limitations of internal control framework.

Article Summary:

These article gives brief introduction about Internal Control—Integrated Framework that helps entities to achieve their goals and objectives and, to sustain and improve the performance at operational level by changing business and operating environments, mitigating risks to acceptable levels, and supporting sound decision making at higher level.

No comments:

Post a Comment