25 C
Saturday, December 2, 2023

Internal Control and Competency

  • Mohammed Ziaullah Khan

Control is a primary goal-oriented function of management in an organisation. It is a process of comparing the actual performance with the set standards of the company to ensure that activities are being performed according to the plans and if not then taking corrective action.

An internal control is a procedure or policy put in place by management to safeguard assets, promote accountability, increase efficiency, and stop fraudulent behaviour.

An effective control system:

  1. Helps in achieving organizational goals;
  2. Facilitates optimum utilization of resources;
  • Evaluates the accuracy of the standard;
  1. Sets discipline and order;
  2. Motivates the employees and boosts employee morale;
  3. Ensures future planning by revising standards;
  • Improves overall performance of an organization;
  • Minimizes errors.

Internal Control can be defined as a system designed, introduced and maintained by the company’s management and top-level executives, to provide a substantial degree of assurance in achieving business objective, while complying with the policies and laws, safeguarding the assets, maintaining efficiency and effectiveness in regular operations and reliability of financial statements.

There are three main types of internal controls: preventative, corrective and detective.

A competency is the ability of an individual to perform a job or task properly, being a set of defined knowledge, skills, and behaviour.

The Framework provides a structured guide, enabling the identification, evaluation, and development of those competencies in individual internal auditors.

The Framework outlines the 10 core competencies recommended for each broad job level, namely internal audit staff, internal audit management, and the Head of Audit. Each core competency is supported by a list of more detailed competencies that further define the core competency statement. While the core competencies have been defined individually, it should be understood that there are connections and interdependencies among all of the competencies.

The Framework consists of 10 core competencies:

  1. Professional ethics: Promotes and applies professional ethics;
  2. Internal audit management: Develops and manages the internal audit function;
  3. Governance, risk and control: Applies a thorough understanding of governance, risk, and control appropriate to the organization;
  4. Business acumen: Maintains expertise of the business environment, industry practices, and specific organizational factors;
  5. Communication: Communicates with impact;
  6. Persuasion and collaboration: Persuades and motivates others through collaboration and cooperation;
  7. Critical thinking: Applies process analysis, business intelligence, and problem solving techniques;
  8. Internal audit delivery: Delivers internal audit engagements;
  9. Improvement and innovation: Embraces change and drives improvement and innovation;
  10. IPPF: Applies the International Professional Practices Framework (IPPF).

High level competencies required by financial controllers include:

  1. Corporate and Business Reporting
  2. Prepares financial statements, corporate financial and integrated reports for external stakeholders using appropriate technology.
  3. Leads effective decision making through analysing, evaluating and communicating performance and position of entities.
  • Prepares financial statements for groups of entities using appropriate technologies.
  1. Monitors, critically evaluates, and advises on the relevant accounting standards, regulation and conceptual and reporting frameworks.
  2. Governance, Risk & Control
  3. Evaluates organisational structures and governance to protect the long-term interests of stakeholders.
  4. Recommends appropriate strategies to ensure adherence to governance structures and application of best practice internal controls.
  • Identifies and manages risk appropriately.
  1. Uses risk management for the best interests of an organisation and its stakeholders.
  2. Monitors and applies relevant legislation, policies and procedures.
  3. Leadership and management
  4. Applies appropriate leadership strategies to effectively deliver business objectives.
  5. Leads, motivates and manages people to optimise performance and effectiveness.
  • Collaborates, supports and works to achieve the objectives of the organisation, harnessing appropriate digital technologies.
  1. Acts proactively and thinks strategically, in anticipating organisational needs, recognising the wider business environment and dynamics.
  2. Sustainable Management Accounting
  3. Applies development and performance management in the wider business and technological environment in the context of strategic planning and implementation.
  4. Directs organisational performance through the selection and measurement of financial and non-financial performance indicators.
  • Collaborates on the key tactical and organisational areas of budgeting and control, capital investments, people and resource management.
  1. Consults on the design and use of current and emerging technology and information systems to improve strategic decision-making and organisational performance.
  2. Ethics & Professionalism
  3. Develops advanced ethical values and professional skills in the promotion of public interest and the profession.
  4. Demonstrates personal effectiveness in fast changing environments.
  • Encourages innovative thinking within the context of professional scepticism.
  1. Thinks proactively about the future, applying professional judgement and commercial intelligence and seeks specialist input when needed.
  2. Communicates effectively and influences others

As an aspiring internal auditor, it is vital to understand the value of continually improving one’s skills and knowledge of various audit tools and techniques. These will help to adequately address the risks of that organization could be facing.

Core Skills and Competencies for Auditors

In an extensive survey with Head of Audit, internal audit staff and managers, the Institute for Internal Auditors it is identified the following knowledge areas and competencies as crucial in the execution of audit work:

  1. Communication skills, including oral communication, report writing, and presentation skills;
  2. Problem-solving skills (i.e., conceptual and analytical thinking);
  3. Ability to promote the value of internal audit among key employees within the organization;
  4. Keeping abreast with regulatory updates, changes and industry standards;
  5. Knowledge in auditing, internal audit standards, fraud awareness, and professional ethical standards;
  6. Knowledge in enterprise risk management (i.e., risk analysis and control assessment).

Other competencies that were identified in the survey were organizational skills, change management skills, critical thinking, teamwork, and conflict resolution and negotiation skills.

Following graphs shows the Control level considering Clarity & competency, assuming X axis as CLARITY and the Y axis as COMPETENCE. The point of intersect is the relative level of control:

Again, assuming X axis as COMPETENCE &CLARITY and the Y axis as CONTROL. The intersect gives a clear idea of the team members whether they are either living in frustration or in chaos.


The writer is the SEVP and Head of ICCD of United Commercial Bank limited. 


Related Articles


Cloud Computing Security Issues, Threats and Controls

Cloud Computing and service models  The official NIST definition (NIST 800-145) of cloud computing says, “Cloud Computing is a model for enabling ubiquitous, convenient, on-demand...
API and Open Banking

API and Open Banking: Way for New Service Innovation for Banks and FinTech Companies

The people who gathered at a hall room of a city hotel in last month had one thing in common—they all are working in...
ISO 2001

ISO 27002: 2022 Implementation vs Reality

After almost a decade, ISO27001: 2013 is going to publish its new iteration of ISO27001:2022 in second (2nd) Quarter this year1. But prior to...
Deepfakes: The Synthetic Media I want to believe

Deepfakes: The Synthetic Media I want to believe

What Are Deepfakes? A deepfake is a sort of "synthetic media," which refers to material (such as images, audio, and video) that has been modified...
The power of API platforms

The power of API platforms brings the open banking promise into sharper focus

Open banking is a global phenomenon whose merits are felt in virtually every time zone, including those in the Asia-Pacific region. In contrast to...
Blockchains Gaming and Collusion

“Blockchains: Gaming and Collusion- A Reading in Political Economy”:  Futuristic Exploration with Fact-based Analysis

In this digital age, it has become quite common for us to constantly remain mesmerized by fascinating technologies.  However, deeper thoughts about those technologies,...