MFI Internal Audit And Controls Trainer’s Manual
Website: www.MicroSave.orgWebsite: www.meda.orgMFI Internal Audit and ControlsTrainer’s ManualAugust 2007Mennonite Economic Development AssociatesRuth Dueck MbebaMicroSave – Market-led solutions for financial services
AcknowledgementsMEDA acknowledges the contribution and input of Ruth Dueck Mbeba, Joyce Lehman, L.B.Prakash, Praveesh Kunam, Madhurantika Moulick and Jasper Vet in writing and development ofthe overall toolkit. Special thanks to Graham A.N. Wright for support and contributions to thedevelopment of the materials. Much of the content and learning is based on industry bestpractices and on MEDA’s work in microfinance over the past years.Many thanks to the helpful input and support from MEDA staff in making this effort possible.A learning toolkit is never “final” as new techniques, tools and resources become available andare shared with one another. Participant feedback and comments will assist to continuallyimprove this toolkit and its resources.MicroSave – Market-led solutions for financial services
MFI Internal Audit and Controls Trainer’s Manualpage iTable of Contents1.SETTING THE CONTEXT: RISK AND RISK MANAGEMENT . 1Session Overview. 1What are the Key Risks in Microfinance? . 3What are the Key Issues of Operational Risks? . 6What are the Key Issues of Managing Operational Risks?. 7Risk Management: Whose Job is it? . 92.OVERVIEW OF INTERNAL CONTROL SYSTEMS . 11Session Overview. 11What do we mean by “Internal Controls?” . 12a.Control Environment . 14b.Risk Assessment . 14c.The Control Activities: Systems, Policies and Procedures . 19d.Information and Communications . 19e.Monitoring. 20What are the Key Challenges for MFIs? . 243.PREVENTIVE CONTROL – HUMAN RESOURCES. 27Session Overview. 27What are the Factors Contributing to Commission of Fraud by Employees? . 29How do we Limit Opportunities? Effective Staff Motivation . 31Model for Sustainable Capacity Building . 384.PREVENTIVE CONTROL – POLICIES AND PROCEDURES . 41Session Overview. 41Accounting Controls . 43Segregation of Duties . 46Independent Checks and Verification . 46Procedures for Cash Receipts . 47Cash Receipts. 47MicroSave – Market-led solutions for financial services
MFI Internal Audit and Controls Trainer’s Manualpage iiProcedures for Cash Disbursements . 48Bank Reconciliations. 49Cash Reconciliations . 50Portfolio Reconciliations – The General Ledger and the Portfolio Tracking System (MIS). 51Document Controls . 515.PREVENTIVE CONTROL – INFORMATION SYSTEMS . 53Session Overview. 53Risks Associated with Lack of Information. 54Managing MFI Information. 54Loan Portfolio Information . 556.ROLE OF THE INTERNAL AUDIT. 61Session Overview. 61What is an Internal Audit?. 62Role of the Internal Audit in the Internal Control System. 62Role of the Audit in the Risk Management Feedback Loop. 63Creating the Internal Audit Team. 63Reporting Function of the Internal Audit. 647.IMPLEMENTING THE INTERNAL AUDIT FUNCTION. 67Session Overview. 67Planning the Internal Audit . 68Professionalism and Conduct. 73Reporting Audit Findings. 73Writing the Internal Audit Report and Making Recommendations . 74Follow up Previous Reports . 76Where Do We Go From Here?. 77Resource Bibliography. 79MicroSave – Market-led solutions for financial services
MFI Internal Audit and Controls Trainer’s Manualpage iiiFiguresFigure 1.1 - External and Internal Risks of HIV/AIDS to an MFI. 5Figure 1.2 - The Role of Internal Controls and Internal Audits in Operating Risk Management. 8Figure 1.3 - Risk Management: Whose Job is it? . 10Figure 2.1 - COSO Internal Control Framework . 13Figure 2.2 - The Risk Management Feedback Loop. 15Figure 2.3 - The Cycle Approach. 16Figure 2.4 - Illustration of Assessing Risk Events, Drivers and Strategies . 18Figure 2.5 - Steps to Evaluate Internal Controls . 22Figure 3.1 - The Fraud Triangle. 29Figure 3.2 - Maslow’s Hierarchy of Human Needs . 31Figure 3.3 - MFI Training Opportunities . 34Figure 3.4 - Model for Sustainable Capacity Building . 39Figure 4.1 - MFI Financial Management Information Systems. 44Figure 5.1 - Areas of Risk in Loan Information. 59Figure 6.1 - Differences Between Internal and External Auditors. 62Figure 6.2 – Sample Organisational Chart. 65List of HandoutsSection 1: Setting the Context: Risk and Risk Management1.1 Workshop AgendaSection 2: Overview of Internal Control Systems2.1 Risk Assessment Tool2.2 Internal Control Questionnaire2.3 Internal Control Diagnostic – TemplateSection 3: Preventive Control – Human Resources3.1 Sample Employee Code of ConductSection 4: Preventive Control – Policies and Procedures4.1 Sample Bank Reconciliation Format4.2 Sample Cash Count and Verification4.3 Sample Internal Control Checklist4.4 Sample Reconciliation Problems and TipsSection 6: Role of the Internal Audit6.1 Sample Internal Auditor Job DescriptionSection 7: Implementing the Internal Audit Function7.1 Sample Internal Audit Annual Work Plan7.2 Internal Audit Checklist – Cash7.3 Internal Audit Checklist – Loan7.4 Internal Audit Checklist – Financial Reports7.5 Internal Audit Checklist – Savings7.6 Internal Audit Checklist – Human Resources7.7 Internal Audit Checklist – Fixed Assets7.8 Internal Audit Checklist – Self Help Groups7.9 MicroSave Debriefing Note #577.10 Games that MFI Staff Play7.11 Sample Internal Audit Report Format7.12 Sample Loan Portfolio Audit Report7.13 Sample Internal Audit Report (Branch)7.14 Sample Internal Audit Report (Self Help Group)MicroSave – Market-led solutions for financial services
MFI Internal Audit and Controls Trainer’s Manual7.15 Management Response to Internal Audit Report7.16 Internal Audit Follow-up ToolList of ExercisesSection 1: Setting the Context: Risk and Risk ManagementSection 2: Overview of Internal Control Systems2.1 Follow the Money (Part I and II)2.2 Risk Assessment Exercise2.3 Internal Control Diagnostic Exercise2.4 Policy and Procedure Compliance and Incident WorksheetSection 3: Preventive Control – Human Resources3.1 Human Resource Policy DiscussionSection 4: Preventive Control – Policies and Procedures4.1 Policy and Procedure Worksheet4.2 Segregation of Duties - Distance Management4.3 Segregation of Duties - Loan Officers Handling Cash4.4 Segregation of Duties - Branch Personnel Problem4.5 Fraud Cases – Ineffective Policies and ProceduresSection 5: Preventive Control – Human Resource Policies5.1 Case – Assessing Preventive ControlsSection 6: Role of the Internal Audit6.1 Internal Audit Group DiscussionSection 7: Implementing the Internal Audit Function7.1 Internal Audit Reporting and Role Play7.2 Investigative Case Studies7.3 MFI Internal Audit Action PlanningMicroSave – Market-led solutions for financial servicespage iv
Setting the Context: Risk andRisk ManagementMennonite EconomicDevelopment AssociatesMicroSave – Market-led solutions for financial services
MicroSave – Market-led solutions for financial services
MFI Internal Audit and Controls Trainer’s Manual1.Section 1 - 1Setting the Context: Risk and Risk ManagementSession OverviewObjectives: Understand risk and risk management within the internal control context Recognize key risks in microfinance Appreciate everyone’s role in the risk management process!Time:1 hourMethods:Lecture, small group discussion and large group discussionMaterials:Flipcharts and pensSlide Show: Electronic PowerPoint presentations: Section 1: hard copy of the PowerPointpresentations and trainer’s notes.1.Risk and Risk ManagementTime: 15 minutes (lecture/discussion)Exercise: noneSlides: 3Handouts: none2.Key Operating Microfinance RisksTime: 20 minutes (lecture/large group brainstorming and discussion)Exercises: brainstorming discussionSlides: 6Handouts: none3.Risk Management: Whose Job is it?Time: 25 minutes (lecture/small group discussion)Exercise: Table group discussionSlides: 4Handouts: noneProcedure1.Risk and Risk ManagementTime: 15 minutes (lecture/discussion)Exercise: noneSlides: 3Handouts: noneMicroSave – Market-led solutions for financial services
MFI Internal Audit and Controls Trainer’s ManualSection 1 - 2The Big PictureMicrofinance institutions exist to fulfill a dual mission – financial sustainability andpositive social impact on the urban and rural poor in urban of the communities thatthey serve. However, too many MFIs are pre-occupied with expansion, out-smartingtheir competition, or reducing their operational costs to take time to look at riskmanagement in their institutions. Others operate without proper systems that helpreduce exposure to risk.The underlying premise of both risk management and effective internal control is that the business –in our case – the MFI, is on a path towards growth, profitability and sustainability, that itactually achieves its mission, and minimizes the risk of loss or failure in the process ofconducting business.To fulfill their mission, MFI risks must be managed! Risk management is key to control thelikelihood and severity of an adverse event.The primary purpose of this toolkit is to look at risk, risk management and internal controls froman operational perspective in the MFI. It provides practical ways for MFIs to approach andimplement effective internal control systems and internal audit functions within their institutions –whether large or small.Risk is the potential that current and future events, expected or unanticipated may have an adverseor harmful impact on the institution’s capital, earnings or achievement of its objectives.Risk management is the process of balancing risk-taking and capital against a well-designedcontrol environment. Managing risks includes identifying, prioritizing and selecting responses torisk. Managing risks effectively reduces the likelihood that a loss will occur and minimizes the scaleof the loss should it occur. Risk management includes both the prevention of potential problems,the early detection of actual problems when they occur, and the correction of the policies andprocedures that permitted the occurrence.Simply put, both the function and activities of “internal audits” and “internal controls” aremitigation strategies for operating risks in MFIs. Internal controls are systems and procedures thatseek to prevent problems and institutional loss. The internal audit function may meet externalregulatory requirements for MFIs. More than that, it is a management tool to monitor theimplementation of internal controls. Internal audits seek to detect problems before they becomelarge and destructive, and they provide assurance and communication to management that itssystems are in place, are functioning and are building the MFI’s capacity to deliver its products andservices sustainably to the community.Risk management is an on-going process because internal and external vulnerabilities keepchanging.A June 2003 publication by the Institute of Internal Auditors wrote that “ .risk and control arevirtually inseparable – like two sides of a coin – meaning that risks first must be identified andassessed; then managed and mitigated by the implementation of a strong system of internalcontrol.” 11Tone at the Top Issue 18, June 2003 pg 2.MicroSave – Market-led solutions for financial services
MFI Internal Audit and Controls Trainer’s ManualSection 1 - 3In today’s business world, risk management takes a comprehensive perspective of risk, risk toleranceand risk management throughout the organisation. It looks at the role of Board governance andmanagement in leading the risk management process, and in setting the tone forstrong internal control systems. 2 The leading internal control model widely adaptedand implemented throughout businesses in the world is summarized in ExecutiveSummary of Internal Control – Integrated Framework 3 . The framework is widelyused as a standard by which to measure and evaluate internal control systems.The traditional view of internal audits has also shifted in recent years from a focus onfinancial transactions and past events, to a pro-active risk-based approach that notonly looks at compliance to policy and procedure, but the effectiveness of riskidentification and assessment, and management’s risk mitigation strategy,implementation and monitoring of risks.This toolkit is built on the key concepts of risk management and internal control from thesecommonly accepted frameworks and from the MicroSave “Institutional and Product DevelopmentRisk Management Toolkit” (Pkholz, 2005). It also references resources and samples fromMicroSave’s “Toolkit for Process Mapping for MFIs” (Champagne 2006) and the “Toolkit for LoanPortfolio Audit of Micro Finance Institutions” (Wright 2006).Is risk management important to MFIs? Of course it is! It is critical for bothgrowth and sustainability. But it is up to you and your MFI to address the issues.Ignore at your own risk!Procedure2.Key Operating Microfinance RisksTime: 20 minutes (20 minutes for lecture/discussion)Exercises: brainstorming discussionSlides: 6Handouts: noneWhat are the Key Risks in Microfinance?All MFIs are exposed to a great number of risks, both internal and external, that threaten effectiveservices to clients, financial stability, and future sustainability. As MFIs grow and become morecomplex, the need for periodic reviews of risk management systems becomes greater. The key risksfor microfinance are often categorized into the following main areas. The management and Board ofyour microfinance institution should consider each risk as a point of vulnerability. It is yourresponsibility to assess the institution’s level of exposure, to prioritize areas of greatest vulnerability,and to ensure that proper controls are in place to minimize your MFI’s exposure.Internal RisksInstitutional Risks:2The Enterprise Risk Management Framework Executive Summary is available at www.coso.org. It wasproduced by the Commission Committee of Sponsoring Organisations of the Treadway Commission (COSO).COSO is comprised of the American Institute of Certified Public Accountants, the American AccountingAssociation, Financial Executives International, The Institute of Internal Auditors, and the Institute ofManagement Accountants.3The Internal Control – Integrated Framework Executive Summary is available at www.coso.orgM
4.1 Sample Bank Reconciliation Format . 4.2 Sample Cash Count and Verification . 4.3 Sample Internal Control Checklist . 4.4 Sample Reconciliation Problems and Tips . Section 6: Role of the Internal Audit . 6.1 Sample Internal Auditor Job Description . Section 7: Implementing the Internal Audit Function . 7.1 Sample Internal Audit Annual Work Plan
CHAPTER 12 Internal Audit Charters and Building the Internal Audit Function 273 12.1 Establishing an Internal Audit Function 274 12.2 Audit Charter: Audit Committee and Management Authority 274 12.3 Building the Internal Audit Staff 275 (a) Role of the CAE 277 (b) Internal Audit Management Responsibilities 278 (c) Internal Audit Staff .
GTAG Global Technology Audit Guides HoA Head of Agency HoIA Head of Internal Audit IA Internal Audit / Internal Auditor IA-CM Internal Audit Capability Model IAS Internal Audit Service . Audit, the Code of Ethics for Internal Auditors and the Auditing Standards. The only way
INTERNAL AUDIT Example –Internal audit report [Short Client Name] Internal Audit Report Rev. [Rev Number] STEP ONE: Audit Plan Process to Audit (Audit Scope): Audit Date(s): Lead Auditor: Audit #: Auditor(s): Site(s) to Audit: Applicable Clauses of [ISO 9001 or AS9100] S
audit committee and internal audit is fundamental to internal audit's success. 1.2. Securing the appropriate resources for internal audit to meet expectations In many organisations, the audit committee is responsible for approving the internal audit budget, and this approval is typically based on management's recommendation.
An internal audit must be planned in advance and a schedule created for each internal audit process. The Management Meetings can be used to plan the audit and to record the results of each internal audit process. When planning the internal audit, consideration to following criteria shall be included when planning an internal audit:
6. QMS 9001:2015 internal Audit It covers internal audit process, audit question techniques and guidelines for internal audit as well as auditor criteria. 7. Steps for QMS Internal Audit It covers steps to carry out Quality management system internal audit
The quality audit system is mainly classified in three different categories: i Internal Audit ii. External Audits iii. Regulatory Audit . Types Of Quality Audit. In food industries all three audit system may be used to carry out 1. Product manufacturing audit 2. Plant sanitation/GMP audit 3. Product Quality audit 4. HACCP audit
Wei Yang Introduction to Mean field games and applications. Introduction Our results and applications Mean field game Methodology consider an N-playerstochastic dynamic game study amean field game(a limit for N !1) which can be expressed bya system of coupled equations: Fokker-Planck equation Hamilton-Jacobi-Bellman equation any solution to the mean field game is an -equilibriumto the N .
