Thursday, 18 January 2018

Internal Controls elements




Internal control system operates at different levels of effectiveness. Determining whether a particular internal control system is effective is a judgment resulting from an assessment of whether the five components - Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring - are present and functioning. Effective controls provide reasonable assurance regarding the accomplishment of established objectives.

Control Environment
The control environment sets the tone of the organization and influences the control consciousness of its people. Leaders of each division, area or activity establish a local control environment. This is the foundation for all other components of internal control, providing discipline and structure.
Risk Assessment
The process of identifying and analyzing risk is an ongoing process and is a critical component of an effective internal control system. Attention must be focused on risks at all levels and necessary actions must be taken to manage. Risks can pertain to internal and external factors. After risks have been identified they must be evaluated.
Control Activities
Control activities are the policies and procedures that help ensure management directives are carried out. They help ensure that necessary actions are taken to address defined risks. Control activities occur throughout the organization, at all levels, and in all functions. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties.
Information & Communication
Relevant information must be identified, captured and communicated in a form and time frame that enables people to carry out their responsibilities. All personnel must receive a clear message on their control responsibilities. Direct Supervisor is obliged to train personnel on individual control activities relate to their work.
Monitoring
Internal control systems is monitored in three ways. Ongoing monitoring occurs in the ordinary course of operations. Separate evaluation is performed by Internal Control & Compliance on the selected processes or activities.
On annual bases independent audit is performed by Internal Audit. Internal control deficiencies should be reported upstream, with serious matters reported immediately to top administration and governing boards.
Posted by at No comments:
Labels: , ,

Monday, 8 January 2018

How secure you are?

You are as secure as careful you are.

Stay vigilant, watchful and attentive! Use your common sense and instincts.

If anything seems weird…, stop action, refuse to continue your work, raise your hand!



Watch out! Don't get hooked by an e-mail scam Watch how easy it is to loose your password, data, and ... security.



Don’t get hooked by an e-mail scam


Phishing email messages, websites, and phone calls are designed to steal money, data or information.

Whenever any suspicious e-mail or phone comes, follow 4 steps to make sure this is not phising:

SPOOFING: carefully check sender’s address. On mobile device click on the display name to show the address.

URGENCY: you should be worried if there is a call to actions? Always check the link first, where it really can drive you, instead simply quickly clicking on it.

VERIFY: in case you are not sure if the sender is the “safe”, contact the person by doing a forward or using other phone number. Do not simply reply to the e-mail.

ROBUST PROCESSES: first and foremost, ensure that you follow your processes. If sender is asking you for any deviation, it needs to have all valid steps and approvals. Never agree on doing anything without being sure.




Trust your instinct. If it doesn’t feel right, question it.



';--have you been pwned?


Carefully check the sender’s address – on mobile devices click on the display name to show the address.

Always hover over the links to display the URL. What appears to be the URL is a link, so it can be deceiving.

The content of the email will try to entice you to click on the link. It will call to action. You will feel a sense of urgency.


Do not forget to follow the security steps! Check your e-mail here: https://haveibeenpwned.com/



Invoice fraud – check twice, or pay the price


Invoice fraud occurs when a fraudster tricks an organisation into changing the bank account payee details for a payment.

Fraudsters pretend to be a regular supplier of the organisation.

As funds are often transferred quickly, this makes the recovery of the money difficult.

Look out for requests to:

  • Change payee account details for a regular payment already set up with a supplier, particularly if the request is for an immediate payment.
Take time to consider:
  • If a request to alter bank details or transfer money was expected or if it was received out of the blue from an existing supplier.
  • Is there a PO for the supply, can anyone confirm that goods / services were actually ordered and delivered?
Always verify requests to change bank details or set up new payment instructions by contacting the supplier directly. Use established contact details on file before implementing changes

Making fake statements is easy as 1-2-3. You can even find many instructions on youtube!


Inside job


Money and information are very often stolen by people within the organisation. There are many reasons why it happens. In many instances it is all because greed, however it is not only that.

To be safer always have eyes and ears open for the behaviours or activities of concern, and suspicious behaviour patterns that might indicate a potential insider risk:

  • Hostile attitudes and extremist views towards the company
  • Becoming withdrawn or appear vulnerable
  • Not eager to use vacations
  • Unauthorised handling of sensitive material
  • Being miserable, too nervous, etc.
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)