in touch progress through sharing - iia malaysia · progress through sharing career talks at...

An exclusive publication for Members of The Institute of Internal Auditors Malaysiawww.iiam.com.my

progress through sharing

Career Talks At Universiti Kebangsaan Malaysia And Universiti Teknologi Mara, Johor 2

Swinburne Careers Fair 2013 4

18th Annual General Meeting 5

Plantations Audit Forum 13

2013 Corporate Fraud - Fraud Risk Management: Make it Count 1 5

COSO - 2013 Internal Control – Integrated Framework 1 7

At a

IN TOUCH

Glance

NewsletterNewsletter

ISSUE 02/2013APR – JUN 2013

KDN PP 7705/04/2013(032230)

2013

President Ranjit SinghMBA (UK), CRMA, CMIIA, CA (M), CPA (M)

Vice Presidents Philip Satish RaoCMIIA, CPA (AUST), CPA (M), CA (M)

Shabaruddin IbrahimMIA, MICPA, FCA, CFIIA

Hon. Secretary Lucy Wong Kam YangMBA (AUST), CIA, CMIIA, CRMA, FCMA, CGMA, CA(M)

Hon. Treasurer Mohamed Farook NasarMBA(USM), CIA, CRMA, CMIIA, ICSA (UK)

Immediate Past President Datin Josephine Low Suet MoiBCM, MBA (UK), CIA, CRMA CMIIA, CFE, CISA

Governors Christine Ong May Ee,B.ACC (HONS) (SG), CIA, CRMA, CMIIA, FCA (AUST), CA (M)

Nickson Choo Wei SinB.ACC (HONS), CMIIA, CISA, CFE, CA (M)

Devanesan EvansonLLB (HONS) (UK), CFIIA, CA (M), FCCA (UK)

Mohd Khaidzir Bin ShahariBACC (HONS), CIA, CMIIA, CA (M)

Dr Nurmazilah Dato’ MahzanPHD (UK), CIA, CRMA, CMIIA, CA (M), CPA (M)

Zahran Bin TaslimanB.ACC (HONS), CIA, CCSA, CMIIA

Alan Chang Kong ChongB.ECONOMICS (AUST), CIA, CFSA, CPA (AUST), CCP (IBBM)

Nik Hasnan Nik Abd KadirBSC (HON), CIA, CMIIA

CHAIRMAN Sabah District Society Sarawak District Society Maria Lee Siao Ling AIIA Auditor Baker Tilly Monteiro HengSolicitor KC Lim & Co

STAFFActing Executive Director / Nur Hayati BaharuddinTechnical Director MBA, CIA, CCSA, CFSA, CGAP, CRMA, CMIIA,

FCPA, CA (M) Senior Membership Manager Tey Tai Sin BA(Hons) Senior Certification Manager Zaimah Ismail BBA(Hons) Senior Technical Manager Sivamalar Thuraisingam

BA(Hons)(UK), CIA, CCSA,CMIIA Senior Finance Manager Lee Fook Sun MAcc(Aust), CMIIA, CA(M), CRMA Technical Manager Tengku Idreena Tuan Ismail BA(Hons) Assistant Manager Corporate Services Jess Liu Shiak Peng B.Com(Aust) Assistant Manager Membership Siti Rohani Umar BA(Hons) Assistant Manager Professional Development Irwan Noor Hadi Bin Dahili B.Comn(Hons) Accounts Executive Jessie Liew Siau Yan BA(Hons) Certification Executive Siti Arafah Abdul Aziz BSc(Hons) Training Executive Veronica Justin B.COMP.SC Training Executive Josie R. Omilda Membership Executive Nor Shazwani Bt Mohamad Shafiee

BMgt(Hons) Membership Executive Noor Adiha Abu Bakar BBA(Hons) Administrative Executive Raja Nur Aina Raja Mohammad Noordin

B.Econ(Hons) Admin Officer Nur Zuhairah Binti Zamberi BSc(Hons) Admin Officer Yusliza Binti Md Yusof Admin Officer Syazana Binti Dzulkefli BBA(Hons) Training Officer Ahmad Farouk Rosman Despatch Cum Office Assistant Hamdani Mohd Sahit Mashud

EDITORIAL BOARDPSC Chairman Christine Ong May Ee

B.Acc(Hons)(SG),CMIIA,FCA(AUST), CA(M)Deputy Chairman Affeiz Abdul Razak BBA (Hons) Finance, CFSA(US), CMIIA Zahran Bin Tasliman B.Acc(Hons), CIA,CCSA, CMIIA

Chief Editor Dr Suresh Kannan PHD, MBA, BA (Hons) Acc, CMIIACommittee Members P. Shanthi Palaniappan CIA, CMIIA Wendy Low B.ACC (RMIT, AUST), CMIIA Sky Chan Kin Kwan B.ACC (Hons), AIIA

Production & Circulation Tey Tai Sin BA (Hons) Siti Rohani Umar BA (Hons) Nor Shazwani Mohamad Shafiee BMGT (Hons) Noor Adiha Binti Abu Bakar BBA (Hons)

BOARD OF GOVERNORSAND STAFF2013/14

THE INSTITUTE OF INTERNAL AUDITORS MALAYSIA160-3-3 Kompleks Maluri, Jalan Jejaka,Taman Maluri, 55100 Kuala Lumpur, Malaysia.Tel: (603) 9282 1148 Fax: (603) 9282 1241E-mail: [email protected] Website: www.iiam.com.my

1 KEEPING IN TOUCH • Issue 2 Apr – Jun 2013

VISIONTo be the national voice of the internal audit profession: Advocating its value, promoting best practices, and providing exceptional service to its members.

MISSIONTo provide dynamic leadership for the global profession of internal auditing. Activities in support of this mission will include: • Advocating and promoting the value that internal audit professionals add to their organisations; • Providing comprehensive professional educational and development opportunities; standards and

other professional practice guidance; and certification programmes; • Researching, disseminating, and promoting to practitioners and stakeholders knowledge concerning

internal auditing and its appropriate role in control, risk management, and governance; • Educating practitioners and other relevant audiences on best practices in internal auditing; and • Bringing together internal auditors to share information and experiences.

OBJECTIVES1. To be the recognised voice for the internal audit profession;2. To develop and sustain the internal audit profession in Malaysia through appropriate infrastructure,

coordination, support and communication; and3. To provide exceptional service to IIA Malaysia’s members.

MOTTO : “PROGRESS THROUGH SHARING”The Institute maintains its motto “Progress Through Sharing” and share with our members information on new trends, latest internal audit techniques, regulatory and statutory requirements and the emerging issues affecting the profession.

contentsAcademic Relations 2Membership 3New Release 9Events 11Technical 17

editor says

Editor says

First and foremost, congratulations and welcome on-board to all the newly

appointed Board of Governors. A thank you note is also extended to the

retiring Board of Governors, for the untiring efforts in managing the affairs of

the Institute.

Featured in this newsletter are the 2013 Corporate Fraud Conference and

many of the other regular activities such as Member’s networking sessions,

career talks and seminars.

The technical column is worth noting as it is close to the heart and mind of

any internal auditor; the COSO Internal Control Framework. The 2013 update

of the internal control framework is featured in the technical column. Do spare

the time to read this section for the update on the framework.

Dr Suresh Kannan

Chief Editor

Issue 2 Apr – June 2013 • KEEPING IN TOUCH 2

academic relations

IIA Malaysia was invited by Universiti Kebangsaan Malaysia (UKM) to present a talk on “Career as an Internal Auditor” to its students who are pursuing the Bachelor in Accounting. The talk was held on 9 May 2013 for students from the second and third year.

Zahran Tasliman, General Manager/Chief Audit Executive of QSR Brands (M) Holdings Sdn Bhd, who is also a member of the Board of Governors of IIA Malaysia delivered the talk with the objective of creating awareness on the profession of internal auditing. The students were briefed on the roles and responsibilities of internal auditors in control, risk and governance; differences between internal and external auditing; skills required of an internal auditor at different level of positions and challenges of the profession.

Students were also briefed on membership benefits, special discount for CIA programme and internship opportunities.

On 6 June 2013 IIA Malaysia was invited by Universiti Teknologi MARA (UITM) Johor to present a similar talk to its third and final year students. The talk took place in UITM Johor Campus in Segamat. More than 100 students attended the talk which was presented by Nur Hayati Baharuddin, Acting Executive Director of IIA Malaysia. During her presentation, Nur Hayati posed some questions to the students to encourage them to participate actively. Students who answered the questions as well as those who asked questions were given prizes.

IIA Malaysia has begun accepting registrations for the new 3-part CIA exam and CRMA exam. Candidates who have yet to enrol their examination parts may do so by filling up the Part Registration Form. Please do drop an email to [email protected] to request for the form.

Candidates who are interested to sit for the CRMA exam can email [email protected] to request for the Application Form. The CRMA comprises two papers, i.e. CIA part 1 and the CRMA core paper. Candidates who have passed Part 1 of the CIA exam may advance directly to the CRMA core exam.

The CRMA exam core content covers four domains: Domain I : Organizational governance related to risk

management (25-30%) Domain II : Principles of risk management processes (25-30%) Domain III : Assurance role of the Internal Auditor (20-25%) Domain IV : Consulting role of the Internal Auditor (20-25%)

There are 100 multiple-choice questions to be completed in two hours.

Registration OpenWith effect from 1 July 2013, the fee structure for all

certification programmes is changed as follows:

Notes:

1. The Registration Fee is inclusive of processing, administration, study materials and graduation ceremony.

2. The total cost for CRMA is excluding the exam fee for CIA Part 1

3. All fees are subject to change without notice

New Certification Fees

Career Talks At Universiti Kebangsaan Malaysia And Universiti Teknologi Mara, Johor

Universiti Kebangsaan Malaysia (UKM) Universiti Teknologi MARA (UITM) Johor

Type of fee CIA Specialty Programme

(CCSA/CFSA/CGAP/CRMA)

(RM)

Registration 3,000 850

Exam 600 per part 1,120

Total cost 4,800 1,970


membership

Professional MembersNgoi Soon Hong 209773 Cheok Chin Beng 209774 Yusri Suhaimi Mohd 209775 Belinda Quek Hui Cheng 209808 Ng Pit Ying 209809 Anthony Wong Chiew Wu 209827 Associate MembersYap Anak Anding 209776 Nur Ashikin Radzali 209777 Tang Yunn Ru 209778 Yee Yoke Seng 209779 Lim Meng Yah 209780 Tiong Yien Ngo 209781 Mohamed Mazri Mohamed 209782

Azrizul Mizlan 209783Kamalunizam Mohd Maamor 209784Mohd Fadirul Hisyam Abdul Hamed 209785Jasvinder Kaur A/P Teja Singh 209786Leong Miew Mun 209787Shasha Idayu Saharom 209788 Shawn Mckenzie 209789 Razanif Rizuwan 209790 Kubendran A/L Sukumaran 209791 Lee Chee Ming 209792 Norfarahdina Haezah Abdul Rahim 209793 Fan Kok Hong 209794 Noorazlinda Zainul 209795 Fadly Ismail 209796Mohd Taufik Zainal 209797 Zainudin Selamat 209798 Mah Wei Leng 209799 Aniza Zakaria 209800 Loon Peng Wai 209801 Hasna' Haji Mohamad Taib 209802 Othman Sabu 209803 Teh Sek Hong 209804 Au Mei Chen 209805 Wong Xiuxuan 209806 Muhammad Luqman Hashim 209807 Nik Nornissa Nadia Nordin 209810 Foong Hew Mei 209811 Kwong Fung Len 209812 Mohd Aidil Shah Mohd Rashid 209813

Fakhrul Faiz Zaidi 209814Shukri Zamridin 209815Amir Hamzah Omar 209816Shirley Biujin 209817Mohd Firdaus Md Sakri 209818Immanuel Vikram Raj 209819Dewi Kasomah Abidin 209820Nik Haslina Nik Man 209821Tuan Hasnah Tuan Yusoff 209822Loo Chan Foong 209823Mohd Sazali Mohd Salleh 209824Mohd Azmir Abu Bakar 209825Najlah Sulaiman 209826 Student Member Ummul Masakin Md Arif 209772

Upgraded Members Tan Hwei Peng 207813Adrina Lim Sien Im 208134Nor Amalina Shafiee 208241Ong Poh Soon 208439Desmond Chang Kuok Lim 208476Ong Lay Peng 208804Ekhwan Nazli Ibrahim 209109Neoh Mii Tze 209530Yeo Pang Sheen 209591Ishak Sahar 209723

Welcome

Members’ Corner – CONTRIBUTIONS WELCOMED!

New Membersfrom April –May 2013

Have you renewed your membership for 2013?

4 easy ways to renew your membership:

• Cheque or bank draft made payable to:THE INSTITUTE OF INTERNAL AUDITORS MALAYSIA

• Direct bank-in / Online transfer to the Malayan Banking account no: 5144 0450 1825(please fax the bank-in slip to 603 9282 1241 with your name and telephone number written on it or scan and email to [email protected] / [email protected] / [email protected] )

• Credit card (please download the authorisation form from the website or request from the Secretariat)

• Online banking: http://www.maybank2u.com.my(please fax a copy of your online transaction with your name and telephone number written on it or scan and email to [email protected] / [email protected] / [email protected] )

Renew Your Membership!Renew Your Membership!

Members with writing talent, here’s the

opportunity to share your thoughts with

your friends in the internal audit fraternity.

The Editorial Board welcomes contributions

from members. We accept articles, short

stories, jokes, tips, etc.

We encourage submission of fraud findings

and audit stories that reflect the new age of

internal auditing – those that emphasise

best practices, use of technology and

value-added results. If your article is

published, you will be awarded a token

from IIA Malaysia.

For enquiry, kindly contact Cik Adiha or Pn Shazwani or Pn Siti at (603) 9282 1148 Ext 110 or e-mail to [email protected] / [email protected] / [email protected]

Rejoining fee of RM100 will be charged to members who failed to renew their membership in 2013

Issue 2 Apr – Jun 2013 • KEEPING IN TOUCH 4

membership

Members’ Networking Session In PenangIIA Malaysia organised a members’ networking session for

members in the Northern Region at the Vistana Hotel,

Penang on 4 April 2013. The networking session saw 31

participants attending the event. The highlight of this

networking was the informative and interesting talk on

“An Introduction To The Statement On Risk Management

& Internal Control: Guidelines For Directors Of Listed

Issuers” by Lee Min On, Partner of KPMG Malaysia &

Executive Director of KPMG Management & Risk

Consulting Sdn Bhd. After the talk and the question and

answer session, the session

continued with an ice-breaking

game. Members enjoyed

themselves and won prizes in game

which tested on their observation

and memory skills. While members

enjoyed the refreshment, they also

had an opportune time to mingle

and catch up with one another.

The Swinburne Careers Fair 2013 was held on 24 April 2013 at their Sarawak Campus, Kuching with the theme, “A dazzling

personality wins a dazzling career”. The Institute of Internal Auditors Malaysia was honoured to be invited as one of the

participants of such event. Members of IIA Sarawak District Society and IIA Malaysia’s KL representatives jointly set up a booth

to promote Internal Audit as a profession. This career fair attracted participants who were largely final year students and fresh

graduates. The Institute’s booth was also visited by many who wanted more information on the Certified Internal Auditor

(CIA) examination and clarifying the role of Internal Auditors.

Article Contributed By: Sarawak District Society

Lee Min On elaborating on the Statement on Risk Management & Internal Control

Participants listening to the presentation with interest

A lot of enquiries on the CIA certification

Chancellor visiting our booth Visitors finding out more information about IIA Malaysia

Teamwork counts a lot during the ice-breaking session

Swinburne Careers Fair 2013


membership

The Institute’s 18th Annual General Meeting (AGM) was held on 4 May 2013 at the Concorde Hotel Kuala Lumpur. A total of 102 members of IIA Malaysia attended the AGM.

The meeting commenced with an opening speech by Datin Josephine Low, President of IIA Malaysia. Datin Josephine presented the major achievements of IIA Malaysia in 2012 that included membership growth, increase in training revenue certification and quality assurance. She also shared with the members the future plans for IIA Malaysia. Datin Josephine thanked the Board of Governors and Secretariat for their commitment and support, and congratulated the various committees for their efforts in achieving the Institute’s objectives. Datin Josephine expressed her appreciation to members for their support and looked forward to members’ continued participation.

The next item on the meeting’s agenda was to receive the Annual Report and Financial Statements for the financial year ended 31 December 2012. This was followed by the election of the Board of Governors. Nickson Choo Wei Sin, Mohd Khaidzir Bin Shahari, Ranjit Singh, Shabaruddin Ibrahim and Nik Hasnan Nik Abd Kadir were elected to the Board.

The meeting moved to appoint Messrs Baker Tilly Monteiro Heng as the Institute’s auditors. The final item on the agenda was to transact any other business for which due notice has been given in accordance with the Companies Act 1965 and the Institute’s Articles of Association. After the final agenda the AGM concluded with a note of thanks to all members for their attendance and making the event a success.

List of Governors Who Retired and Were Eligible for Re-ElectionNickson Choo Wei SinWalter SandosamMohd Khaidzir Bin Shahari

List of New Elected Governors 2013/2014Nickson Choo Wei Sin Mohd Khaidzir Bin Shahari Ranjit SinghShabaruddin Ibrahim Nik Hasnan Nik Abd Kadir

IIA Malaysia participated in the exhibition at the SSM

National Conference 2013 on Corporate Governance:

The New Global Language for Business held in The

Royale Chulan Hotel, Kuala Lumpur on 20-21 May

2013. Participants of the seminar thronged the IIA

Malaysia booth with queries on membership, training

and also certification.

18th Annual General Meeting

SSM National Conference 2013 on Corporate Governance: The New Global Language for Business

AGM in progress

Professional members casting their votes

Board of Governors for 2013-2014

Counting ballots

One of the conference participants finding out more information about IIA Malaysia


membership

Members’ Networking Session In Kota Kinabalu

IIA Malaysia hosted a members’ networking session

for members in Kota Kinabalu at Promenade Hotel on

25 June 2013. There were 14 participants attending

the event. The session was held primarily for

members to meet and share information regarding

the Internal Audit. Lee Min On, Partner of KPMG

Malaysia & Executive Director of KPMG Management

& Risk Consulting Sdn Bhd, gave a talk on “An

Introduction To The Statement On Risk Management

& Internal Control: Guidelines For Directors Of Listed

Issuers” to the audience. The talk was followed by a

question and answer session and continued with an

ice-breaking session. Teamwork was the main feature

in the ice breaking session games as participants

were split into groups to solve questions. The session

ended with refreshment and more networking

opportunities.

In appreciation of members’ continuous support, IIA Malaysia identifies and

recognises members who have been with the Institute for a long period. For

members who are affiliated with the Institute for 15, 25 and 35 years, the Institute

honours their loyalty with a certificate of appreciation and memento.

Did You Know…

Lee Min On delivering his talk

1st prize group winner of the ice-breaking sessionThe participants listening attentively to the speaker’s clarification

Each member in the group

working closely during the

ice-breaking session

List of Retiring Board of Governors and Working Committees for 2012/2013


membership

No. Name Working Committee Position

1 Walter Sandosam Board of Governor Governor

2 Affeiz Abdul Razak Board of Governor / Professional Services Committee Governor / Deputy Chairman

3 Nickson Choo Wei Sin Professional Development Committee Chairman

4 Alan Chang Kong Chong Professional Development Committee Deputy Chairman

5 Eddie Leng Siew Kheen Professional Development Committee Committee Member

6 Ryan Chong Chee Seng Professional Development Committee Committee Member

7 Frank Chin Suan Yong Professional Development Committee Committee Member

8 Christine Ong May Ee Professional Services Committee Chairman

9 Zahran Tasliman Professional Services Committee Deputy Chairman

10 Dr. Suresh N Kannan Professional Services Committee Committee Member

11 P. Shanthi Palaniappan Professional Services Committee Committee Member

12 Wendy Low Li Chet Professional Services Committee Committee Member

13 Sky Chan Kin Kwan Professional Services Committee Committee Member

14 Dr. Nurmazilah Dato' Mahzan Academic Relations Committee Chairman

15 Lucy Wong Kam Yang Academic Relations Committee Deputy Chairman

16 Mohd Khaidzir Bin Shahari Academic Relations Committee Committee Member

17 Lim Hooi Hoon Academic Relations Committee Committee Member

18 Dennis Mah Siew Hoong Academic Relations Committee Committee Member

19 Narayanan N. Annamalai Chettiar Academic Relations Committee Committee Member

20 Dr. Zakiah Muhammaddun Mohamed Academic Relations Committee Committee Member

21 Philip Satish Rao Research and Technical Advisory Committee Chairman

22 Mohamed Farook Nasar Research and Technical Advisory Committee Deputy Chairman

23 Nik Shahrizal Sulaiman Research and Technical Advisory Committee Committee Member

24 Renganathan Narasingham Research and Technical Advisory Committee Committee Member

25 Alina Osman Research and Technical Advisory Committee Committee Member

26 Amos Law Chih Chien Research and Technical Advisory Committee Committee Member

Members’ Networking Session in KuchingOn 20 June 2013, IIA Malaysia organised a members’

networking session for members in Kuching at the Riverside

Majestic Hotel with a turnout of 16 participants. The session

was held for members to meet and share information. Lee Min

On, Partner of KPMG Malaysia & Executive Director of KPMG

Management & Risk Consulting Sdn Bhd gave an informative

talk on “An Introduction To The Statement On Risk

Management & Internal Control: Guidelines For Directors Of

Listed Issuers”. After the talk and a Q & A

(questions and answers) session, the

participants were formed into groups for an

ice-breaking game. They enjoyed themselves

and won prizes in the game which tested on

general knowledge and team work. The

evening concluded with an opportunity for

the participants and speakers to network

while enjoying refreshments.

Lee Min On presenting his talk to participants in Kuching

Participants answering the ice-breaking questions

Interested individual please send your detailed resume with current and expected compensation package to [email protected] by quoting the position title and reference number on the subject line.

SWIFT, the financial messaging provider for more than 10,000 banking organisations, securities institutions and corporate customers in 212 countries and territories, opened this year its new Corporate Services Centre in Kuala Lumpur, Malaysia, accelerating its growth strategy for Asia Pacific.

The new centre is significantly strengthening SWIFT’s support to the growth of the Asia Pacific markets and ensuring that its global membership can benefit from the economic growth, innovation and resources emerging from this part of the world. Located in Bangsar South, in fantastic facilities, the SWIFT Kuala Lumpur Corporate Services Centre offers a wide range of services such as IT development, qualification testing, support, finance, human resources and operational and transactional functions.

It works closely with functional teams in the U.S. and Europe centres to serve SWIFT’s offices around the world and is part of a new corporate hub with SWIFT’s existing Singapore office. The centre currently employs more than 50 staff and is expected to grow to 100 positions over the next three years.

Come and Grow with us!

The SWIFT Internal Audit Department consists of a team of highly skilled, experienced, and dedicated professionals that provides Senior Management and Board of Directors with independent assessments of risks and control environment.

As a member of our international Audit Department spread among three different locations, you will be based in the Corporate Centre in Kuala Lumpur and reporting directly to the Chief Auditor based in the United States. You will be leading the local audit team of 2 people, combining financial and operational auditors as well as IT auditors.

This is a hands-on role where you will be in charge of the end-to-end coordination and delivery of audits. You will be strong in financial, operational and business oriented audits but also with knowledge of IT networks and technologies.

You will be following Internal Audit best practices and ensure compliance with our Internal Audit Methodology and quality standards as well as proposing and assessing appropriate solutions to control problems. You will also contribute to the Departments continuous improvement programme and enhance the risk based audit program, both annual and four year plans.

You will also have experience in managing and leading teams, as well as being a strong communicator to sufficiently interface with senior internal stakeholders with different business profiles. You will be ready to travel to remote locations within Asia, Europe and Americas.

Your responsibilities will mainly be to: • Manage and coordinate the execution of assigned audits within pre-established budgets and scope statements, and ensuring

assigned team members remains productive throughout the audit by assigning and coaching work appropriate to their level• Develop a detailed test plan enabling adequate testing of the specified controls, as well as a time budget and allocation of tests to

assigned auditors• Perform audit fieldwork and validates findings while reviewing and taking responsibility for the timely execution and quality of

the work performed by team members during the audit• Clear audit exceptions raised during fieldwork and prepare audit reports with pragmatic and effective recommendations to

address control issues• Follow-up in a timely manner on assigned requests for recommendation closure• Contribute to establishing and/or maintaining professional, productive working relationships with line management and staff

Requirement:• Bachelor Degree in Accounting/Finance/Economics• Professional certifications such as CPA, CIA, CISA is a plus • A minimum of 8 years of 8 years of relevant professional experience in Internal and/or External Audit. Additional experience in the

area of marketing or consulting is a plus• Must have a good understanding of risks and controls with a good sense of sales and marketing business related processes• Maturity, resilience and excellent verbal and written communication skills in English are essential• Goal oriented, pro-active, team player, and adapting well to a diverse and multicultural environment• Must be willing travel to remote locations both within Asia and in other remote locations in Europe and Americas. (25% of time)

Society of Worldwide Interbank Financial Telecommunications

CAREER OPPORTUNITY : SENIOR FINANCIAL AUDITOR (RF#56427)


new releases

Internal Control over External Financial Reporting: A Compendium of Approaches and Examples

In 2013, the Committee of Sponsoring Organisations of the Treadway Commission (COSO) released an update to its Internal Control—Integrated Framework (Framework). The original framework, which was released in 1992, has gained broad acceptance and is widely used around the world. It is recognised as a leading framework for designing, implementing, and conducting internal control and for establishing requirements for an effective system of internal control. To help users apply the Framework to internal control over external financial reporting, COSO has released this companion publication, Internal Control over External Financial Reporting: A Compendium of Approaches and Examples (Compendium). More specifically, the Compendium provides approaches and examples to illustrate how entities may apply the principles set out in the Framework to a system of internal control over external financial reporting.

In the twenty years since the release of the original framework, business and operating environments have changed dramatically, becoming increasingly complex, technologically driven, and global. At the same time, stakeholders have become more engaged, seeking greater transparency and accountability for the integrity of systems of internal control that support business decisions and governance of the organisation. The Framework and the Compendium incorporate many of these changes including:• Expectations for Governance Oversight – Higher regulatory and stakeholder expectations require

the board of directors to oversee internal control over external financial reporting. Some jurisdictions require specific regulatory requirements for expertise and independence of board members of certain types of entities.

• Globalisation of Markets and Operations – Organisations expand beyond domestic markets in the pursuit of value, often entering into international markets and executing cross-border mergers and acquisitions.

• Changes and Greater Complexities in the Business – Organisations change business models and enter into complex transactions in pursuit of growth, greater quality, and productivity, and in response to changes in market and regulatory environments. These changes may include entering into strategic alliances, joint ventures, and other complex contractual arrangements with external parties, implementing shared services, and engaging outsourced service providers.

• Demands and Complexities in Laws, Rules, Regulations, and Standards – Regulators and policy makers promote greater investor protection and confidence in the financial reporting systems through changes in rules, regulations, and standards. Also, users of external financial reports seek greater amounts of information to better evaluate an entity's financial condition and operating results as businesses become more complex.

• Expectations for Competencies and Accountabilities – Demands for greater competence and accountability increase as organisations grow; acquire entities; introduce new products and services; comply with complex rules, regulations, and standards; and implement new processes and technologies. Organisations may flatten and shift management operating models and delegate greater authority or accountability to certain roles.

• Uses of, and Reliance on, Evolving Technologies – An increasingly mobile and interconnected world has made technology more essential for many organisations to improve performance, business processes, and decision making. Entities are investing in emerging technologies, such as cloud computing, mobile devices, and social media, and using enterprise resource planning (ERP) and other technologies to standardise, automate, and streamline business processes.

• Expectations Relating to Preventing or Detecting Material Omissions and Misstatements and Fraud – Stakeholders today have higher expectations for effective internal control over external financial reporting in preventing and detecting material omissions and misstatements due to error and fraud.

Each of these changes requires an organisation to periodically evaluate the implications on its system of internal control over external financial reporting and to design and implement appropriate responses so that the system of internal control adapts and remains effective over time.

The Compendium provides practical approaches and examples that illustrate how the components and principles set forth in the Framework can be applied in preparing external financial statements.

Get your copy of theInternational Professional Practices Framework (IPPF) 2013 Edition


new releases

It neither replaces nor modifies the Framework; rather, it is a supplemental document that can be used in concert with the Framework when considering internal control over external financial reporting.

The Internal Control – Integrated Framework sets forth three categories of objectives: operations, reporting, and compliance. The focus of the Compendium is the external financial reporting category of objectives, a subset of the reporting category. External financial reporting objectives address the preparation of financial reports for external parties, including:

• Financial statements for external purposes, and • Other external financial reporting derived from an entity’s financial and accounting books and records.

Users will find relevant approaches and examples of how organisations may apply the principles set forth in the Framework in the design, implementation and conduct of internal control over external financial reporting. The approaches and examples are samples of activities for management to consider, rather than a complete or authoritative list.

International Professional Practices Framework (IPPF) 2013The Institute of Internal Auditors' (IIA's) International Professional Practices Framework (IPPF) is the authoritative guidance on the internal audit profession. The IPPF presents current, relevant, internationally consistent information that is required by internal audit professionals worldwide.

The IPPF includes mandatory and strongly recommended guidance:• The official Definition of Internal Auditing.• The IIA's Code of Ethics.• New and revised International Standards for the Professional Practice of Internal Auditing with

interpretations that enhance the understanding of current requirements.• Practice Advisories that address internal audit approach, methodologies, and consideration.• Position Papers that assist in understanding significant governance, risk, or control issues and in

delineating the related roles and responsibilities of the internal audit profession.• Practice Guides that provide practical tools and techniques and step-by-step approaches such as those

presented in The IIA's Global Technology Audit Guides and Guides to the Assessment of IT Risk.

The IPPF 2013 edition features The IIA’s Definition of Internal Auditing, Code of Ethics, Standards, and Practice Advisories in hard copy and all IPPF elements on CD-ROM.

How to Order:

International Professional Member Non-Member Quantity Total

Practices Framework (IPPF) Price Price

Normal Price RM75 RM100

Introductory Offer PriceValid until 31 July 2013 RM55 RM80

TOTAL

Do not require delivery; will collect Delivery charges: RM15.00 x copies (Klang Valley only)* from IIA Malaysia. * For delivery out of Klang Valley, please contact us for delivery rates.

Payment: Cash

Cheque of RM payable to THE INSTITUTE OF INTERNAL AUDITORS MALAYSIA

Credit Card:

Issuing Bank: Expiry Date: Card Type: Visa Mastercard

Name: Email :

Organisation: Tel. No. :

Address:

Signature Date

THE INSTITUTE OF INTERNAL AUDITORS MALAYSIA160-3-3 Kompleks Maluri, Jalan Jejaka, Taman Maluri, 55100 Kuala Lumpur, MalaysiaTel : 603-92821148 Fax : 603-92821241E-mail : [email protected], [email protected] Website : www.iiam.com.myFor further inquiries, please contact Syazana & Arafah

Participants listening attentively to the speaker’s explanation


events

IIA Malaysia in collaboration with ACCA Malaysia organised a two-day workshop

on “Internal Controls for Accountants and Auditors” on 27-28 May 2013. The

workshop was conducted by Frank Yam and attended by 36 participants.

Another workshop conducted by Frank Yam “Audit and

Control – From Theory to Practice” at Parkroyal, Kuala

Lumpur on 29-31 May 2013, and attended by 38

participants. The workshop was created to develop practical

skills for IT control, security and audit professionals.

Workshop on Internal Controls for Accountants and Auditors

Workshop on Audit and Control – From Theory to Practice

Donald Espersen touching on effective external assesment

IIA Malaysia organised a two-day workshop on “Performing an Effective Quality

Assessment” on 10-11 June to 35 participants at Prince Hotel & Residence,

Kuala Lumpur. The workshop was conducted by Donald Espersen and was

designed to help the participants to learn how to perform an effective external

assessment and/or periodic internal assessment of an internal audit activity.

Workshop on Performing an Effective Quality Assessment (Previously known as Performing an Internal Audit Quality Assessment)

IIA Malaysia organised a two-day workshop on “Essential Skills for Experienced

Internal Auditors” on 12-13 June to 34 participants at Prince Hotel & Residence,

Kuala Lumpur. The workshop was conducted by Donald Espersen and was

designed to help the participants to explore the essential skills that Internal

Auditors need to have in order to effectively carry out their responsibilities.

Workshop on Essential Skills for Experienced Internal Auditors

Participants listening to the presentation with interest

Donald outlining the key points on the topic


events

Workshop on Corporate Governance Review – Roadmap to Boardroom Presence

IIA Malaysia organised a workshop on “International Professional Practices

Framework (IPPF) Awareness/ Application” on 14 June to 19 participants at

Prince Hotel & Residence, Kuala Lumpur. The workshop was conducted by

Donald Espersen and was tailored to provide the participants with an

opportunity to develop, or reinforce, their awareness and application of the

essential guidance in IPPF. It included a discussion on new standards and

how to apply them to a variety of everyday internal audit activities.

On 19-20 June, IIA Malaysia organised a workshop on “Corporate

Governance Review – Roadmap to Boardroom Presence” to 26

participants at Prince Hotel & Residence, Kuala Lumpur. Presented by

Wee Hock Kee, the workshop was tailored to provide internal auditors,

middle managers and senior managers, with a set of practical tools

and techniques for conducting a corporate governance review within

their organisation.

Standards are explored in an interesting approach

Wee Hock Kee giving pointers on corporate governance review

Workshop on Internal Audit Report Writing: Improving Mindset, Clarity, Focus, and Brevity for Greater Impact to Clients

One of IIA Malaysia Speakers Steven Yee, presented a new two-day workshop on “Internal

Audit Report Writing: Improving Mindset, Clarity, Focus, and Brevity for Greater Impact to

Clients” (Previously known as Effective Audit Report Writing) to 34 participants. The

workshop which was held on 19-20 June at Seri Pacific Hotel, Kuala Lumpur aimed to

encourage participants to realise that it is vital to appreciate the larger picture of the audit

findings in relation to the business risk and governance practices before putting their

thoughts in systematic writings to convince their client to adopt changes to better the

business processes and risk management countermeasures.

Workshop on International Professional Practices Framework (IPPF) Awareness/ Application

A newly revived topic by Steven Yee

(Previously known as Performing an Internal Audit Quality Assessment)


events


SUGGESTION TO REALITY!The Plantation Audit Forum was definitely a challenge to the Organising Committee and was the first sector-specific audit forum organised by the Institute. The idea of the forum was mooted by a member during the Johor Working Group Meeting and meet-the-members session.

The forum was attended by participants of various organisations and from different levels ranging from Executive Directors to Internal auditors to Admin and Head Office Managers forming a good mix of crowd. The participation of non audit personnel in an internal audit forum is an interesting trend as it evidently shows the recognition of the importance of internal audit function. Organisations are indicating a keen interest to understand the work of the internal auditors.

The session started with the newly elected President of IIA Malaysia, Ranjit Singh’s welcome address. He stressed on the importance of internal auditors as the Third Line of Defence and on the importance of risk management in the plantations industry.

Session 1: Tang Men Kon, Head-In-Charge, Plantation Sustainability & Quality Management, Sime Darby Plantation Sdn Bhd Tang started the session by highlighting the major milestones achieved in Sime’s sustainability journey. He then shared some of their sustainability practices, achievements in certification and compliance and also on the carbon emission reduction strategy.

According to Tang, some of the sustainability practices by Sime are the industry’s best standards in plantation processes which are developed over the century and have been perfected through a combination of experience and, research and development.

He also shared that Sime, historically pioneered the good agricultural practices. Some of the good agricultural practices were zero burning replanting technique, soil and water management, adoption of no peatland new planting policy and adopted alternatives and stopped the use of paraquat in the early 2000s.

Session 2: Reports That Matter: Make A Difference Moderator: Tuan Hj Abd Razak bin Haron, Vice President, Special Administration Division, Johor Corporation

Panelists:John Edward Arkosi, Group Head, Group Corporate Assurance and Group Compliance Office, Sime Darby BerhadZalily Mohd Zaman Khan, Vice President & Head of Group Internal Audit, Felda Global Ventures Holdings BerhadFrank Chin Suan Yong, Head of Group Internal Audit, IOI Corporation Berhad

The distinguished panel comprised Chief Audit Executives from three big plantation companies. The panelists discussed on the importance of delivery, handling repetitive and recurring issues, effective summarisation of reports and power packaging the report.

Some of the tips given by the speakers on addressing repetitive and recurring issues were to determine the causes and categorising them, getting management involved in establishing action plans, analysing the statistics and trending of the issues, assist management in implementing CSA to improve management’s control awareness and accountability and also setting KPI’s on recurring issues for accountable staff.

Session 3: Governance in The Plantation Industry – Mohd Khaidzir bin Shahari, Executive Director, KPMG Management and Risk Consulting Sdn BhdMohd Khaidzir opened the session with the question on whether governance matter to estate workers. He also gave practical examples of governance audits which can be carried out in the plantation sector. The participants had many questions on this topic and gained a lot of insight on how to audit the governance process in plantations.

Master Class 1: Plantation Audit – A Value Proposition, Dr Muhammad Mohan, Managing Director, Oasis Revenue Sdn Bhd and Shanmugam M, Director, Fiscal Consultants Sdn BhdDr Muhammad Mohan started off the session by providing a general overview of the competitive environment faced by the palm oil industries currently and in the future. Shanmugam provided an in-sight of auditing in the plantation sector. The matters discussed in depth were issues and challenges faced from a management’s perspective of plantation audits were particularly valuable. Proposed means of narrowing the expectation gaps were suggested and how internal auditors should be working and thinking towards the higher scale of the value proposition.

The Master Class 2: Risk Based Internal Audit For Plantation Companies, Tan Yu Ming, Director, Ernst & Young Advisory Services Sdn BhdThe speaker covered the objectives and discussed the challenges and opportunities in enhancing the effectiveness and efficiency of internal audit for plantation companies. The participants gained understanding on the need to formulate risk based IA plans to achieve business objectives and optimise IA resources to focus areas with greater risks and understand that the IA report uses risk for effective communication of audit findings.

Most participants found the forum very interesting but would like the duration of the forum to be lengthened. There were even feedback on suggested venues and post forum events for future similar forums. Be sure to catch any of these forums in the future.

Contributed by: Subhash Chandran, Chairperson, Johor Working Group, The Institute of Internal Auditors Malaysia

Loh Yit Wei, Fiona Chin and Mohd Azwan Bin Adnan, Sharikat Kim Loong Sdn Bhd

Master Class 1 – Q & A session

Some questions from the floor

PLANTATIONS AUDIT FORUMSUSTAINABILITY IN BUSINESS17 JUNE 2013, MUTIARA HOTEL, JOHOR BAHRU

PLANTATIONS AUDIT FORUM

Welcome Address by IIA Malaysia President, Ranjit Singh

Plenary Session 1 by Tang Men Kon the Head-In-Charge, Plantation Sustainability & Quality

Management of Sime Darby Plantation Sdn Bhd

Plenary Session 2 (Panel Discussion)

Session by Mohd Khaidzir bin Shahari, Executive Director of KPMG Management and Risk

Consulting Sdn Bhd

Master Class 2 by Tan Yu Min the Director of Ernst & Young Advisory Services Sdn Bhd

Group activity and discussion


events


The Institute of Internal Auditors Malaysia was

proud to host its third conference on corporate

fraud, the 2013 Corporate Fraud Conference in

East Malaysia, on 22-23 April 2013 at Hilton

Kuching, Sarawak. The 2-day conference, themed

“Fraud Risk Management: Make it Count”, was

attended by approximately 70 delegates from

both the public and private sectors from

throughout the country.

OPENING CEREMONYThe conference commenced with the welcome

address by YBhg Datin Josephine Low, President

of IIA Malaysia, touching on the importance of

establishing a professional internal audit activity

for all organisations, large and small, as they may

face equally complex environments and

ever-changing business needs. A good internal

audit function not only provides assurance but

also helps the organisation improve business

performance.

Datin Josephine pointed out that in a press statement released on 5

December 2012, Transparency International Malaysia ranked Malaysia in

the mid-range average at number 54 on the International Corruption

Perceptions Index out of 176 countries included in the study. Corruption

is nothing new and laws and regulations have been on the books for

decades. However, as more organisations have expanded globally, the

risks have also increased. In view of this, internal auditors should assess

opportunities for corruption at all levels, and consider corruption risks

when developing risk assessments for audit planning purposes.

YBhg Datuk IG Chandran FCA, Special Advisor to the Chief

Commissioner and Head of Forensic, Malaysian Anti-Corruption

Commission (MACC), delivered the keynote address. He stated that

according to the ACFE’s Report to the Nations on Occupational Fraud &

Abuse, 2012, the typical organisation loses 5% of its revenues to fraud

each year, translating to a potential projected global fraud loss including

corruption of more than $3.5 trillion.

Results of surveys have indicated that even in the largest of

multinationals, fraud is perpetrated in many forms and not the least is

corruption. Hence, there is no doubt that organisations need to put in

place a robust Fraud Risk Management framework, in full commitment

and in true spirit. The corporate/public sector culture, the tone from the

top and the perceived tolerance on fraud all play a pivotal role in the

management of fraud risks.

PLENARY SESSIONS AND MASTER CLASSESThere were a total of 5 plenary and concurrent sessions featuring 8 prominent speakers, panelists and moderators from Malaysia and abroad.

The three plenary sessions held on the first day encompassed the following topics:• Fraud Risk Management: Make it Count• Building a Corporate Ethical Culture• Dealing with Cybercrime

The second day of the conference featured two concurrent master classes focusing on the following topics:• Fraud within Supply Chain Management: Prevention is Cheaper than Cure• Preventing and Detecting Fraud

The wide array of topics led by the distinguished speakers was well received by the delegates.

In addition, delegates visited the IIA Malaysia book counter to view the latest IIA publications and enjoyed discounted prices for on-site purchases. The Institute also promoted the upcoming 2013 National Conference on Internal Auditing, which will be held on 23-24 September 2013 in Kuala Lumpur.

By: Lim Wei Hong, CIA, CCSA, CFSA, CRMA, CMIIA

Fraud Risk Management: Make it Count

2013 CORPORATE FRAUDCONFERENCE IN EAST MALAYSIA

FRAUD

Datuk IG

Chandran

delivering

his speech

Registration on Day 1

Opening speech by Datin Josephine Low, President of IIA Malaysia

Participants giving full attention to the conference session

Panel Session by Gladys Leong, Datin Josephine Low, Woo Yoke Meng (Moderator) and David Renny Gnanadass

Some questions from the floor

Shuhairoz binti Mohamed Shukeri

Stevie Heong

Wayne Soo Deon van der Westhuizen

17 KEEPING IN TOUCH • Issue 2 Apr – June 2013

technical

COSO - 2013 Internal Control – Integrated Framework

Issued by the Committee of Sponsoring Organisations of the Treadway Commission (COSO), the 2013 Internal Control – Integrated Framework (Framework) is expected to help organisations design and implement internal control in light of many changes in business and operating environments since the issuance of the original Framework in 1992. The new Framework retains the core definition of internal control and the five components of internal control, and it continues to emphasise the importance of management judgment in designing, implementing, and conducting a system of internal control, and in assessing its effectiveness. It broadens the application of internal control in addressing operations and reporting objectives, and clarifies the requirements for determining what constitutes effective internal control.

The Framework includes enhancements and clarifications that are intended to ease use and application. One of the more significant enhancements is the formalisation of fundamental concepts that were introduced in the original framework. In the updated Framework, these concepts are now principles, which are associated with the five components, and which provide clarity for the user in designing and implementing systems of internal control and for understanding requirements for effective internal control.

The Framework has been enhanced by expanding the financial reporting category of objectives to include other important forms of reporting, such as non-financial and internal reporting. Also, the Framework reflects considerations of many changes in the business and operating environments over the past several decades, including:• Expectations for governance oversight• Globalisation of markets and operations• Changes and greater complexities of business• Demands and complexities in laws, rules, regulations, and

standards • Expectations for competencies and accountabilities • Use of, and reliance on, evolving technologies• Expectations relating to preventing and detecting fraud

The Framework comprises three volumes and includes the following: Executive Summary – This provides a high-level overview intended for the board of directors, chief executive officer, and other senior management.

The Executive Summary: • Lays out the definition, and limitations, of internal control,

and the requirements for an effective system of internal control, including a description of the roles of components and principles.

• Highlights several important enhancements and clarifications that are intended to ease use and application of the Framework.

The Framework assists management, boards of directors, external stakeholders, and others interacting with the entity in their respective duties regarding internal control without being overly prescriptive. It does so by provided both understanding of what constitutes a system of internal control and insight into when internal control is being applied effectively.

For management and boards of directors, the Framework provides:• A means to apply internal control to any type of entity,

regardless of industry or legal structure, at the levels of entity, operating unit, or function

• A principles-based approach that provides flexibility and allows for judgment in designing, implementing, and conducting internal control – principles that can be applied at the entity, operating, and functional levels

• Requirements for an effective system of internal control by considering how components and principles are present and functioning and how components operate together

• A means to identify and analyse risks, and to develop and manage appropriate responses to risks within acceptable levels and with a greater focus on anti-fraud measures

• An opportunity to expand the application of internal control beyond financial reporting to other forms of reporting, operations, and compliance objectives

• An opportunity to eliminate ineffective, redundant, or inefficient controls that provide minimal value in reducing risks to the achievement of the entity's objectives

For external stakeholders of an entity and others that interact with the entity, application of this Framework provides:• Greater confidence in the board of directors' oversight of

internal control systems• Greater confidence regarding the achievement of entity

objectives• Greater confidence in the organisation's ability to identify,


technical

analyse, and respond to risk and changes in the business and operating environments

• Greater understanding of the requirement of an effective system of internal control

• Greater understanding that through the use of judgment, management may be able to eliminate ineffective, redundant, or inefficient controls

Internal control is not a serial process but a dynamic and integrated process. The Framework applies to all entities: large, mid-size, small, for-profit and not-for-profit, and government bodies. However, each organisation may choose to implement internal control differently. For instance, a smaller entity's system of internal control may be less formal and less structured, yet still have effective internal control.

Framework and Appendices – The Framework and Appendices sets forth the five components and seventeen principles of an effective system of internal control, illustrates many approaches and examples relating to entity objectives, and provides direction for all levels of management to use in designing, implementing and conducting a system of internal control, and in assessing its effectiveness.

The Framework includes:1. Definition of Internal Control

Internal control is defined as follows: Internal control is a process, effected by an entity's board of

directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.

This definition emphasises that internal control is: • Geared to the achievement of objectives in one or more

separate but overlapping categories – operations, reporting, and compliance

• A process consisting of ongoing tasks and activities – a means to an end, not an end in itself

• Effected by people – not merely about policy and procedure manuals, systems, and forms, but about people and the actions they take at every level of an organisation to effect internal control

• Able to provide reasonable assurance – but not absolute assurance, to an entity's senior management and board of directors

• Adaptable to the entity structure – flexible in application for the entire entity or for a particular subsidiary, division, operating unit, or business process

This definition of internal control is intentionally broad for two reasons. First, it captures important concepts that are fundamental to how organisations design, implement, and conduct internal control and assess effectiveness of their system of internal control, providing a basis for application across various types of organisations, industries, and geographic regions. Second, the definition accommodates subsets of internal control.

2. Objectives, Components, and Principles

An organisation adopts a mission and vision, sets strategies, establishes objectives it wants to achieve, and formulates plans for achieving them. Objectives may be set for an entity as a whole or be targeted to specific activities within the entity. Though many objectives are specific to a particular entity, some are widely shared. For example, objectives common to most entities are sustaining organisational success, reporting to stakeholders, recruiting and retaining motivated and competent employees, achieving and maintaining a positive reputation, and complying with laws and regulations.

Supporting the organisation in its efforts to achieve objectives are five components of internal control:

• Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring Activities

The Framework sets out seventeen principles representing the fundamental concepts associated with each component. Because these principles are drawn directly from the components, an entity can achieve effective internal control by applying all principles. All principles apply to operations, reporting, and compliance objectives.

The principles supporting the components of internal control are listed below.

Control Environment 1. The organisation demonstrates a commitment to

integrity and ethical values. 2. The board of directors demonstrates independence

from management and exercises oversight of the development and performance of internal control.

3. Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.

4. The organisation demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.

5. The organisation holds individuals accountable for their internal control responsibilities in the pursuit of objectives.

Risk Assessment 6. The organisation specifies objectives with sufficient

clarity to enable the identification and assessment of risks relating to objectives.

7. The organisation identifies risks to the achievement of its objectives across the entity and analyses risks as a basis for determining how the risks should be managed.

8. The organisation considers the potential for fraud in assessing risks to the achievement of objectives.

9. The organisation identifies and assesses changes that could significantly impact the system of internal control.


technical

Control Activities 10. The organisation selects and develops control

activities that contribute to the mitigation of risks to

the achievement of objectives to acceptable levels.

11. The organisation selects and develops general control

activities over technology to support the achievement

of objectives.

12. The organisation deploys control activities through

policies that establish what is expected and

procedures that put policies into action.

Information and Communication 13. The organisation obtains or generates and uses

relevant, quality information to support the

functioning of internal control.

14. The organisation internally communicates information,

including objectives and responsibilities for internal

control, necessary to support the functioning of

internal control.

15. The organisation communicates with external parties

regarding matters affecting the functioning of internal

control.

Monitoring Activities 16. The organisation selects, develops, and performs

ongoing and/or separate evaluations to ascertain

whether the components of internal control are

present and functioning.

17. The organisation evaluates and communicates internal

control deficiencies in a timely manner to those parties

responsible for taking corrective action, including

senior management and the board of directors, as

appropriate.

3. Effective Internal Control

An effective system of internal control provides

reasonable assurance of achievement of an entity's

objectives. Because internal control is relevant both to

the entity and its subunits, an effective system of

internal control may relate to a specific part of the

organisational structure. An effective system of internal

control reduces, to an acceptable level, the risk of not

achieving an objective relating to one, two, or all three

categories. It requires that:

• Each of the five components of internal control and

relevant principles is present and functioning

• The five components are operating together in an

integrated manner

In determining whether a system of internal control is effective,

management exercises judgment in assessing whether each of

the components and relevant principles is present and

functioning and components are operating together.

When internal control is determined to be effective, senior

management and the board of directors have reasonable

assurance of the following categories of objectives:

• Operations — the organisation:

- achieves effective and efficient operations when

external events are considered unlikely to have a

significant impact on the achievement of objectives

or when the organisation can reasonably predict the

nature and timing of external events and mitigate

the impact to an acceptable level

- understands the extent to which operations are

managed effectively and efficiently when external

events may have a significant impact on the

achievement of objectives and the impact cannot

be mitigated to an acceptable level

• Reporting — the organisation prepares reports in

conformity with applicable laws, rules, regulations, and

standards established by legislators, regulators, and

standard setters, or with the entity's specified objectives

and related policies

• Compliance — the organisation complies with applicable

laws, rules, and regulations

The Framework sets forth that components and relevant

principles are requisite to an effective system of internal

control. It does not prescribe the process for how

management assesses its effectiveness.

4. Additional Considerations

• Judgment – the Framework requires judgment in

designing, implementing, and conducting internal

control and assessing its effectiveness.

• Points of Focus – the Framework describes points of

focus that are important characteristics of principles.

• Controls to Effect Principles – the Framework allows

judgment in assessing the potential impact of a control

deficiency on the presence and functioning of a

relevant principle.

• Organisational Boundaries – the Framework can be

applied to the entire entity regardless of what choices

management makes about how it will execute business

activities that support its objectives, either directly or

through external relationships.

• Technology – the principles presented in the Framework

do not change with the application of technology. As

this is a principles-based framework and technology is

continually evolving, the Framework does not address

specific technologies, such as cloud computing and

social media.

• Larger versus Smaller Entities – the principles

underlying components of internal control are just as

applicable for smaller entities as for larger ones.

However, implementation approaches may vary for

smaller entities.

• Benefits and Costs of Internal Control – Overall,

management considers a variety of cost factors in

relation to expected benefits when selecting and

developing internal controls.


technical

• Documentation – the extent of documentation supporting the presence and functioning of each of the components and relevant principles of internal control and components operating together is a matter of judgment, and should be done with cost-effectiveness in mind.

5. Control Environment

The control environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organisation. The board of directors and senior management establish the tone at the top regarding the importance of internal control including expected standards of conduct. Management reinforces expectations at the various levels of the organisation. The control environment comprises the integrity and ethical values of the organisation; the parameters enabling the board of directors to carry out its governance oversight responsibilities; the organisational structure and assignment of authority and responsibility; the process for attracting, developing, and retaining competent individuals; and the rigor around performance measures, incentives, and rewards to drive accountability for performance. The resulting control environment has a pervasive impact on the overall system of internal control.

6. Risk Assessment

Every entity faces a variety of risks from external and internal sources. Risk is defined as the possibility that an event will occur and adversely affect the achievement of objectives. Risk assessment involves a dynamic and iterative process for identifying and assessing risks to the achievement of objectives. Risks to the achievement of these objectives from across the entity are considered relative to established risk tolerances. Thus, risk assessment forms the basis for determining how risks will be managed.

A precondition to risk assessment is the establishment of objectives, linked at different levels of the entity. Management specifies objectives within categories relating to operations, reporting, and compliance with sufficient clarity to be able to identify and analyse risks to those objectives. Management also considers the suitability of the objectives for the entity. Risk assessment also requires management to consider the impact of possible changes in the external environment and within its own business model that may render internal control ineffective.

7. Control Activities

Control activities are the actions established through policies and procedures that help ensure that management's directives to mitigate risks to the achievement of objectives are carried out. Control activities are performed at all levels of the entity, at various stages within business processes, and over the technology environment. They may be preventive or detective in nature and may encompass a range of manual and automated activities such as authorisations and approvals, verifications, reconciliations, and business performance reviews. Segregation of duties is typically built into the selection and development of control activities. Where segregation of duties is not practical, management selects and develops alternative control activities.

8. Information and Communication

Information is necessary for the entity to carry out internal control responsibilities to support the achievement of its objectives. Management obtains or generates and uses relevant and quality information from both internal and external sources to support the functioning of other components of internal control. Communication is the continual, iterative process of providing, sharing, and obtaining necessary information. Internal communication is the means by which information is disseminated


technical

throughout the organisation, flowing up, down, and across the entity. It enables personnel to receive a clear message from senior management that control responsibilities must be taken seriously. External communication is twofold: it enables inbound communication of relevant external information, and it provides information to external parties in response to requirements and expectations.

9. Monitoring Activities

Ongoing evaluations, separate evaluations, or some combination of the two are used to ascertain whether each of the five components of internal control, including controls to effect the principles within each component, is present and functioning. Ongoing evaluations, built into business processes at different levels of the entity, provide timely information. Separate evaluations, conducted periodically, will vary in scope and frequency depending on assessment of risks, effectiveness of ongoing evaluations, and other management considerations. Findings are evaluated against criteria established by regulators, recognised standard-setting bodies or management and the board of directors, and deficiencies are communicated to management and the board of directors as appropriate.

10. Limitations of Internal Control

The Framework recognises that while internal control provides reasonable assurance of achieving the entity's objectives, limitations do exist. Internal control cannot prevent bad judgment or decisions, or external events that can cause an organisation to fail to achieve its operational goals. In other words, even an effective system of internal control can experience a failure. Limitations may result from the:

• Suitability of objectives established as a precondition to internal control

• Reality that human judgment in decision making can be faulty and subject to bias

• Breakdowns that can occur because of human failures such as simple errors

• Ability of management to override internal control • Ability of management, other personnel, and/or third

parties to circumvent controls through collusion • External events beyond the organisation's control

These limitations preclude the board and management from having absolute assurance of the achievement of the entity's objectives – that is, internal control provides reasonable but not absolute assurance. Notwithstanding these inherent limitations, management should be aware of them when selecting, developing, and deploying controls that minimise, to the extent practical, these limitations.

The Appendices provide additional reference material, including:

• A glossary of key terminology, a discussion of roles and responsibilities of both responsible and external parties,

• A discussion of the methodology used for revising the Framework,

• A discussion of comment letters received during the public exposures of the proposed drafts of the Framework,

• A summary of changes to the COSO Internal Control-Integrated Framework (1992), and

• A comparison with the COSO Enterprise Risk Management-Integrated Framework.

Illustrative Tools for Assessing a System of Internal Control (Tools) – The Tools provide illustrative templates and scenarios that may be useful in applying the Framework. It can help management in assessing whether a system of internal control meets the requirements for effective internal control.

This publication is organised into two fundamental

sections: Templates and Scenarios. • The templates can support an assessment of the

effectiveness of a system of internal control and help to document such an assessment.

• The scenarios illustrate several practical examples of how the templates can be used to support an assessment of effectiveness of a system of internal control.

The templates and scenarios focus on evaluating components and relevant principles, not the underlying controls (e.g., transaction-level control activities) that affect the relevant principles. These tools are not designed to satisfy any criteria established through laws, rules, regulations, or external standards for evaluating the severity of internal control deficiencies associated with a particular entity objective, such as external financial reporting. As noted in the Framework, when regulators, standard-setting bodies, and other relevant third parties establish criteria for defining the severity of, evaluating, and reporting internal control deficiencies, management should use only those criteria.

The templates are designed to present only a summary of assessment results. They are not an integral part of the Framework, and they may not address all matters that need to be considered when assessing a system of internal control. Further, they do not represent a preferred method of conducting and documenting an assessment. Their purpose is limited to illustrating one possible assessment process based on the requirements for effective internal control, as set forth in the Framework.

The templates do not illustrate management's selection and deployment of controls to effect principles or its determination of scope, nature, timing, and extent of evaluating such controls embedded within the components. The facts and circumstances relevant to an assessment vary among different categories of objectives and among different entities and industries; therefore, the practical use of these tools also varies.

The scenarios present several practical examples of how the templates can be used to support an assessment of effectiveness of a system of internal control based on the requirements set forth in the Framework. Each scenario is designed to illustrate a particular aspect, or set of related aspects, of the assessment process, and consists of two parts:

• Background material to provide context for the scenario (e.g. company background, relevant paragraphs of the Framework, summary of key points)

• Completed templates Related links: http://www.coso.org/

https://na.theiia.org/standards-guidance/topics/Pages/COSO-Resource-Center.aspx

To order a copy of the COSO - 2013 Internal Control – Integrated Framework, submit your order to [email protected] or call 03-9282 1148 ext. 115 Syazana/Arafah

2013TRAINING CALENDAR

August

September

13 - 16 Audit Manager Tools and Techniques Kuala Lumpur19 - 20 Value-Added Business Controls : The Right Way to Manage Risks Kuala Lumpur19 - 22 Beginning Auditor Tools and Techniques Kuala Lumpur21 - 22 Changing Needs for Compliance Auditing : Improving Techniques, Skills and Reporting Style for Better Results and Assurance (COURSE ONLY FOR AUDITORS IN THE PUBLIC SECTOR / SEMI-GOVERNMENT / STATE OWNED / STATUTORY BODY ENTITIES) Kuala Lumpur21 - 22 Forensics for Investigators Kuala Lumpur26 - 27 Practical Operational Audit of Supply Chain Management Kuala Lumpur28 - 29 Consulting : Activities, Skills & Attitudes Kuala Lumpur28 - 29 Auditing Purchasing for Contemporary Businesses Kuala Lumpur29 Financial Statement Fraud* Johor Bharu

2 - 5 Beginning Auditor Tools and Techniques Kuching2 - 3 COSO-Based Internal Auditing Kuala Lumpur4 - 5 Fundamental Skills in Information Systems Auditing Kuala Lumpur9 – 12 Beginning Auditor Tools and Techniques Kuala Lumpur16 - 17 Technology Governance for the Auditor ** Kuala Lumpur18 - 19 Outsourcing Contract Management by the Client – Post-signature Kuala Lumpur20 IT Governance for Executive Directors & Board Members Kuala Lumpur23 - 24 National Conference Kuala Lumpur25 Dealing with Difficult People Kuala Lumpur25 - 26 Changing Needs for Compliance Auditing : Improving Techniques, Skills and Reporting Style for Better Results and Assurance (COURSE ONLY FOR AUDITORS IN THE PUBLIC SECTOR / SEMI-GOVERNMENT / STATE OWNED / STATUTORY BODY ENTITIES) Kuala Lumpur26 - 27 Process Mapping for Business Improvement and Profitability Kuala Lumpur

* This seminar/workshop is in collaboration with ACCA Malaysia. ** This workshop is in collaboration with ISACA Chapter Malaysia.

NEW

NEW

NEW

NEW

NEW

NEW

NEW

NEW

For further information on our training programmes, please visit our website: www.iiam.com.my

IIA MALAYSIA PROUDLY PRESENTS OUR ANNUAL PREMIER EVENT 2013 NATIONAL CONFERENCE ON INTERNAL AUDITING

NETWORKING DINNER

Don’t miss out on the Plenary Sessions with the Industry Leaders

Unwind the day with “A night with Jason Lo, Chief Executive Officer of Tune Talk Sdn Bhd”

SCALING GREATER HEIGHTS THROUGH LEADERSHIP• Why are some people more successful than others?• Why are some people more trusted than others?• Where does leadership credibility come from?The session will answer the above and other questions about how leadership drives superior performance both at the individual and organisational level.

By: RAJEEV PESHAWARIAChief Executive Officer, The Iclif

ADDING VALUE: OUR CUSTOMER’S PERSPECTIVE• The challenges our customers face, and their

expectations of internal audit.• What “adding value” means for our customers, and

tactics to achieve.• The impact that high customer expectations will

have on the profession, our teams, and on you

By: LAWRENCE (LARRY) HARRINGTON Vice Chairman, IIA Global, USAVice President Internal Audit, Raytheon Company, USA

When Jason Lo first helmed the controls of Tune Talk as CEO, it was his first foray into the telecommunications industry. He went through a steep learning curve in order to quickly understand how the Telco business worked.

Despite all the challenges, the company persevered and under his direction, went on to become the country’s fastest growing mobile prepaid service provider. Lo is instrumental in ensuring the Tune Talk brand stays fresh and relevant, making it attractive to the youth segment, the company’s core target market.

In 2011, the company won the Frost & Sullivan’s Malaysia Excellence Award as the ‘Most Promising Service Provider of the Year’. In the same year, Lo garnered his personal decoration, ‘The Most Promising Entrepreneurship’ award for ‘Outstanding & Exemplary Achievements in Entrepreneurship’ at the Asia Pacific Entrepreneurship Awards (APEA) 2011.

in touch progress through sharing - iia malaysia · progress through sharing career talks at...

Documents