Saturday, June 23, 2007



Credit control
Credit occurs when the company grants its client to use its services or products before he compensates the company for this usage.

Elements of the credit control process
- Company strategy.
- Client credit worithness.
- Credit control function.

Overall company strategy/business plan determines the company intent regarding the credit policy, it might use a tight credit control policy or it might go for loss one. However, the clients' segmentation mechanism will affect the credit department functionality in the company.



Customer credit worthiness included many activities which depended on the size of the credit and the company services/product.

Function of the credit control
Following is an example of the credit control in the telecom industry

Telecom Credit Control Process main functions:-
A. Credit policy
B. Monitoring
C. Action
D. Credit control system

Credit policy
1. Credit control policy should be documented and approved by the senior management;

2. Credit control policy should include the concept of classifying the customers into sub segments or categories such as (Individual, Corporate, usage, method of payment, VIP, etc); and the justification behind such classification.

3. Monitoring concept should be determined in the policy:
- Whether it is based on prescribed credit limit or based upon the usage;
- Virtual credit limit (changed based on a certain criteria),
- If there is no credit limit is used, another concept should be applaied for example, the limit or risk of the customer is based on his usage behavior and payments history)

4. Action techniques that are used to monitor the credit policy should be documented, and it should include the disconnection process, timeframe of executions for the disconnection, type of disconnection, and whether it is e manual or automated.

5. Reconnection process. (threshold to reconnect the line).

6. Authority to override the credit control policy.

7. Credit control system business rules should be in line with the credit policy


Risks in the credit control policy
1. No credit control policy and procedures.
2. Credit control policy is not inline with over all company strategy (tight credit control policy or wide credit control policy)
3. No proper segregation of credit control function in the company (management conflict)
4. No credit limit or any concept to monitor customer. Or inaccurate/proper credit limit/concept.
5. Customer life value are not considered in the credit control mechanism
6. Customer are being monitored manually
7. Authority for credit policy override is not determined.
8. Customer exceeded their predetermined credit limit/concept without being disconnected.
9. No proper customer classification into segment, and no justification for current segmentation.
10. System business rule are not inline with credit policy. The following general control should be applied which included:
- User access right to the system;
- Segregation of duties;
- Business rule update mechanism
11. Management reporting in the credit is not comprehensive.

Saturday, May 12, 2007

Certified Internal Auditor

IIA has designed an examination to grant the designation of CIA (Certified Internal Auditor), covering the following topics:

Part I - The Internal Audit Activity's Role in Governance, Risk, and ControlGovernance is the overall elements that affect the company decision making process including how to achieve the established objectives and determine the relations with all related parties such as senior management, shareholder, employee and others.
Risk is the threats that might affect the company of not being able to achieve its objectives. Controls are the activities established by the management to ensure that the objectives will be achieved with respect to the accepted amount of risk.
Internal audit role is to provide reasonable assurance that the company objectives will be met. However, this role should be defined and communicated to the related party through the audit charter.
The importance of this topic for the internal auditor is come from the fact that the internal auditor is part of the governance process through the audit charter, provide opinion in the company risk assessment process, and ensure that the control activities have been established and being followed.

Part II - Conducting the Internal Audit EngagementThe role of the Internal audit Department will be defined in the governance process, thereafter the Department should move to next stage which is to established and execute the internal audit activities.
The importance of this topic is that the internal auditor should conduct the engagement based on the "The International Standards for the Professional Practice of Internal Auditing".

Part III - Business Analysis and Information Technology
This topic describes the business skills and technical knowledge required by the internal auditor in order to be able to execute the internal audit engagement.

For example, the internal auditor should have considerable knowledge in the accounting where as he might be required to have only awareness in other field such as environmental control aspect.

The importance of this topic to the internal auditor is to obtain the required business skill and knowledge to be able to perform the required level of business analysis to understand the industry that he is auditing.

Part IV - Business Management Skills.This topic covers different subjects in the management filed such as marketing strategies, conflict management, international business and several management terminologies. Further, it explores a sort of managerial skills that required for the internal auditor to help him in different managerial aspects.

The importance of this topic for the internal auditor is that, he should have the awareness about the subject raised in this topic.

Internal control

Internal control
It is the process of providing reasonable assurance on that the organization goals and objectives will be achieved.
The COSO definition of internal control:
"Internal control is a process, affected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives".
The IIA's definition of internal control:
"Any action taken by the management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved."
It obvious that Internal control is affected by three main elements;
1- People;
2- Activities; and
3- Reasonable assurance.

1- People are the most important element in the control foundation. People may directly or indirectly affect the control process.
Direct affect such as managemnet and employee. However, management is responsible to establish the mechanisms and activities for an effective internal control, employees in the organization are responsible to ensure applying the management control. Indirect people included suppliers and customers.

2. Management activities of effective internal controls range from operational to financial activities it might included:
  • safeguard the company resources;
  • produce reliable financial reports;
  • comply with laws and regulations;
  • reduces the possibility of significant errors and irregularities and;
  • assists in their timely detection when they do occur.

3. Reasonable assurance: Internal Control Provides Reasonable Assurance, Not Absolute Assurance. It is also a high of confidence by management that the objective of the company will be met.
Reasonable assurance is affected by:-
cost and benefits
Factors outside the control or influence of management can affect the entity’s ability to achieve all of its goals
Materiality

Thursday, January 18, 2007

This Blog designed for the purpose of Internal Auditing. One objective is to have material and the know how about applying the risk based methodology in the filed of internal audit. Including audit program, risk matrix and sample of audit reports
Special attention will be made to the telecom industry auditing.