Financial systems controls audit

Effective financial controls – assuring business success

‘Internal control is defined asa process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations

Committee of Sponsoring Organisations of the Treadway Commission (COSO)

Effective internal controls are required to support achievement of an institution’s objectives. The complexity and range of an institution’s business processes and systems means that there is a need to ensure that internal controls are designed effectively, are proportionate, and are operationally effective.  

We can help by carrying out a Financial System Controls Review (FSCR):

Within the context of the business and the environment within which it operates, financial system internal controls need to be effective so that key risks are being appropriately mitigated to assure the success of the business. The principal objective is to ensure there is an effective internal control regime for financial information and it is consistent with the standards established for accounting assertions.  For example, assurances that financial transactions are properly authorised, financial records are properly maintained, assets are safeguarded, and that applicable legislation and policies are complied with.

Where possible, key controls over financial information and account balances should be automated but where this is not possible, manual procedures, such as reconciliations and management reviews, may be necessary. Both, automated and manual control processes, are covered by our FSCR. We tailor the scope of the work to suit your particular circumstances and concerns.

Assessment

Key risk areas are identified and assessed along with the associated controls established to mitigate risks. The assessment that follows determines whether the internal controls designed to mitigate risk are adequately designed. We test controls to provide assurance that the controls are operationally effective.

The following internal control areas are considered:

  • Business process controlsThe scope of a FSCR addresses material classes of financial transactions, account balances and summary financial information. For example, we review the monetary value of material transactions and the complexity of the accounting policies, or susceptibility of the process to error and fraud to determine the significance of the application/system and control objectives. The key accounting assertions covered by our business process controls work are:
    • Occurrence: recorded transactions actually occurred
    • Completeness: all transactions that should be recorded are
    • Valuation/Accuracy: correct transaction values are recorded
    • Classification: transactions are recorded in the proper account
    • Authorisation: recorded transactions are valid
    • Cut-off: transactions are recorded in the correct accounting period
  • General computer controls – Include controls for system development, changes, access to programs and data, and continuity of operations, specifically business continuity, disaster and back-up recovery plans. In addition, the overall governance of the financial system and the definition and assignment of roles and responsibilities, including segregation of duties are considered.

Report & Approval

The control objectives, assessed risks, key controls, residual risk and final assessment are documented, in matrix form, to support our review. We draw out key strengths and positive aspects of control and good practice. We provide clear opinions at the conclusion of our work and make recommendations that are practical and which are framed within the context of your institution and the environment within which you operate.

In agreement with you, we will feedback to you either using a standard report template, or we can do so as a formal presentation. All findings from our work are agreed with you in advance.

What you can expect

The KCG internal audit team is highly experienced in working with institutions to provide assurance on their systems and controls. The team’s experience with a wide range of organisations and industry sectors means they are well placed to provide real insight about effective internal control and also about what needs to be done where controls fall short of what is required.

institutional risk management framework diagram