This Diploma Work defines and describes the Internal Control System applied in the Provincial Delegation of the MAC in Las Tunas following the indications of Resolution No. 297-03 of the MFP.
It contains the five components of control applied in the Delegation, their definitions, standards and objectives.
The usefulness of this work can be verified through the procedures referred to and which have been implemented and maintained in the Provincial Delegation of the MAC.
Development
Chapter 1. Definitions of Internal Control. Contents of the Components and their Standards.
Background
In Cuba, the Economic Resolution of the V Congress of the Communist Party of Cuba states: “… In the new conditions in which the economy operates, with a greater degree of decentralization and more linked to the demands of international competition, timely control and efficient economic activity is essential for management at any level… ”and later it will be specified“… An indispensable condition in this entire process of transformation of the business system will be the implementation of strong financial restrictions that make the control of the efficient use of resources is internal to the management mechanism and does not depend solely on external verifications… "
Internal Control has been the concern of the entities, to a greater or lesser degree, with different approaches and terminologies, which has allowed that over time different conceptions have been raised about Internal Control, its principles and elements that must be known and to implement in the current Cuban entity.
Need and importance of the topic
- Internal control is an effective instrument to achieve efficiency and effectiveness in the work of entities. Development of new terms related to Internal Control, unlike what has been identified until now, that is, only accounting. The introduction of new Issues that provide generalizing elements for the development of the Internal Control Systems in each entity Obligation The Internal Control Systems of each entity, based on the study of their characteristics, must establish their actions and internal control measures and must be complied with by all the people involved and responsible for its operation. It is applicable to the entire Business System of the country, the budgeted units, the National Banking System and the Cooperative Sector, hereinafter entities.Procedures manuals must be drawn up taking into account the criteria established in the General Standards of Internal Control.
Definition of Internal Control
It is the process integrated into the operations carried out by the management and the rest of the personnel of an entity to provide reasonable assurance in achieving the following objectives:
- Reliability of information Efficiency and effectiveness of operations Compliance with established laws, regulations and policies Control of resources of all kinds available to the entity.
General characteristics of Internal Control
- It is a process, that is, a means to an end and not an end in itself. It is carried out by people who act at all levels and it is not only about organization manuals and procedures. In each area of the organization, the person in charge of directing it is responsible for Internal Control before his immediate boss in accordance with the levels of authority established in its fulfillment, all the entity's workers participate regardless of their occupational category. It must facilitate the achievement of objectives in a or more of the areas or operations in the company Provides a reasonable degree of security, although not total, in relation to the achievement of the set objectives It must tend to achieve self-control, leadership and strengthening of the authority and responsibility of the groups labor.
The Internal Control System in small entities, establishments and base units, should be simple, with the use of few employees who handle and process little information, providing that the top manager or someone designated by him, is responsible for the review and supervision of operations.
Limitations of internal control
- The concept of REASONABLE SAFETY is related to the explicit recognition of the existence of inherent limitations of Internal Control. In the performance of controls, errors can be made as a result of misinterpretation of instructions, errors of judgment, carelessness, distraction and fatigue. control dependent on the separation of duties, can be circumvented by collusion between employees, that is, agreeing to harm third parties.The extent of the controls adopted in an organization is also limited by cost considerations, therefore, it is not It is feasible to establish controls that provide absolute protection from fraud and waste, but to establish controls that ensure reasonable security from the point of view of costs.
Components and Definition of Internal Control and its Standards
The process characteristic, awarded in the concept of internal control, indicates that its elements are integrated with each other and implemented in an interrelated way, influenced by the management style.
The adoption of more advanced and rigorous systems, assimilable by the economy of the entities, will also influence the management style, taking into account that our entities are not subordinated to a single owner or a small group of them and that, therefore, it is obliged to a necessary feedback from the internal control systems and the provisions and regulations established by the competent State bodies and agencies.
The components of the control are:
- Control Environment, Risk Assessment, Control Activities, Information and Communication, Supervision or Monitoring.
These definitions of the Internal Control components, with a strategic focus on the development of the entities, must include general standards or procedures to be considered in the design of the Internal Control Systems in each entity, accompanied by control criteria and evaluation in some areas of the organization.
Control Environment
The environment or control environment constitutes the scaffolding for the development of actions and reflects the attitude assumed by senior management in relation to the importance of internal control and its impact on the entity's activities and results, so it must be borne in mind all provisions, policies and regulations that are considered necessary for its successful implementation and development.
The Control Environment sets the tone of the organization by influencing the awareness of the staff.
This can be seen as the basis for the other components of internal control.
The entity's management and the internal auditor, if any, can create an adequate environment if:
- There is an effective organizational structure. Sound management policies are applied. Compliance with laws and policies that will be better assimilated if the staff has it in writing.
The Control Environment is, of all the components, the basis for the development of the rest of them and is based on other key fundamentals, such as:
- The philosophy and management style The structure, the organizational plan, the regulations and the procedures manuals The integrity, ethical values, professional competence and commitment of all the components of the organization, as well as their adherence to the Policies and objectives established The forms of assignment of responsibilities and administration and development of personnel The degree of documentation of policies and decisions, and the formulation of programs that contain goals, objectives and performance indicators In organizations that justify it, the existence of Internal Audit Units with a sufficient degree of independence and professional qualification.
Standards for the Control Environment
Integrity and ethical values
The highest authority of the body must endeavor to promote, disseminate and monitor the observance of ethical values and the Regulations for accepted State and Government Tables, which constitute a solid moral foundation for their conduct and operation.
Such values must frame the conduct of leaders and other workers, guiding their integrity, personal commitment and their sense of belonging to their entity.
Ethical values are essential to the Control Environment. The Internal Control System is based on ethical values, which define the conduct of those who operate it. These ethical values belong to a moral dimension and, therefore, go beyond mere compliance with Laws, Decrees, Regulations and other legal provisions.
Behavior and moral integrity find their support network in the culture of the organism, which determines, to a large extent, how things are done, what rules and regulations are observed, and whether they are misrepresented or circumvented. The senior management of the entity, in the creation of an appropriate culture for these purposes, the senior management of the entity plays a main role, since by its example it will contribute to the daily development or destruction of this internal control requirement.
Professional competence
The leaders, officials and other workers must be characterized by having a level of competence that allows them to understand the importance of the development, implementation and maintenance of appropriate internal controls, for this purpose they must:
- Have a level of professional competence in relation to their responsibilities Sufficiently understand the importance, objectives and procedures of internal control Ensure the qualification and competence of all managers and other workers.
Management must specify the level of competence required for the various tasks and translate it into knowledge and skill requirements.
The methods of hiring personnel must ensure that the candidate has the level of preparation and experience, adjusted to the requirements of the position. Once incorporated, the entity must receive the necessary orientation, training and training in a practical and methodical way.
The Internal Control System will operate more effectively to the extent that there are competent personnel who understand the principles of this atmosphere of mutual trust
An atmosphere of mutual trust must be fostered to consolidate the flow of information between people and their effective performance towards the achievement of the objectives. objectives of the entity.
For control, a level of mutual trust between people is essential, which helps the flow of information that people need to make decisions and take action.
It also encourages the cooperation and delegation that are required for effective performance aimed at achieving the entity's objectives. Trust is based on security regarding the integrity and competence of the other person or group.
Open communication creates and depends on trust within the entity. A high level of trust encourages you to ensure that any topic of importance is known to more than one person. Sharing such information strengthens control, reducing reliance on judgment, ability, and the presence of a single person. Sharing such information strengthens control by reducing reliance on judgment, ability, and the presence of a single person.
Organization chart
Every entity must develop an organizational structure that meets the mission and objectives, which must be formalized in an organization chart.
The organizational structure, formalized in an organization chart, constitutes the formal framework of authority and responsibility in which the activities carried out in compliance with the objectives of the organization are planned, carried out and controlled.
The important thing is that its design fits your needs, providing the appropriate organizational framework to carry out the strategy designed to achieve the objectives set. The appropriateness of the organizational structure may depend, for example, on the size of the entity. Highly formal structures that fit the needs of a large entity may not be advisable in a small entity.
Assignment of authority and responsibility
Every entity must complement its organization chart with an organization and functions manual, in which responsibility, actions and positions must be assigned, as well as establishing the different hierarchical and functional relationships for each of these.
The Control Environment is strengthened to the extent that the members of an entity clearly know their duties and responsibilities. This encourages them to use initiative to face and solve problems, always acting within the limits of their competence.
There is a new tendency to derive authority to lower levels, so that decisions remain in the hands of those closest to the operation. A critical issue in this stream is the limit of delegation: you have to delegate as much as necessary, but only to improve the probability of achieving your objectives.
Any delegation of authority contributes to the need for bosses to review and approve, where appropriate, the work of their subordinates and for both to fulfill due accountability for their responsibilities and tasks.
It also requires that all personnel know and respond to the entity's objectives.. It is essential that each member of it knows how their action is interrelated and contributes to achieving the general objectives.
To be effective, an increase in the delegation of authority requires a high level of competence in the delegates, as well as a high degree of personal responsibility.
In addition, effective processes for monitoring the action and results by management must be applied.
Policies and practices in personnel
The management and treatment of the entity's personnel must be fair and equitable, clearly communicating the expected levels of integrity, ethical behavior and competence.
The procedures for hiring, induction, training and training, qualification, promotion and discipline, must correspond to the purposes stated in the policy.
Personnel are the most valuable asset that any entity possesses and must be treated and managed in such a way as to obtain their highest performance. His personal satisfaction must be sought in the work he performs, tending to consolidate himself as a person and enrich himself both humanly and technically. The management assumes its responsibility in this regard, at different times:
- Selection: by establishing adequate requirements of knowledge, experience and integrity for the incorporations to the entity Induction: by caring so that new employees are methodically familiar with the customs and procedures of the organization Training: by insisting that they be properly trained for the correct performance of their responsibilities Rotation and promotion: by ensuring that organizational mobility works that means the recognition and promotion of the most capable and innovative Sanction: by applying, when appropriate, disciplinary measures that rigorously convey that they will not be tolerated detours from the traced path.
Control Committee
An integrated control committee must be set up in each entity, at least by a top-level leader and the titular internal auditor, whenever conditions allow. Its general objective is to monitor the proper functioning of the Internal Control System and its continuous improvement.
The existence of a Committee for this purpose reinforces the Internal Control System and contributes positively to the Control Environment.
For its effective performance, it must be properly integrated with members who generate respect for its capacity and comprehensive trajectory, who exhibit an appropriate degree of knowledge and experience that allows them to support the management of the entity through their guidance and supervision.
Control Environment Assessment
Knowledge and conscious acceptance of the written standards (Codes of Conduct) and of Ethics established in the entity, which must include questions regarding generally accepted business practices, conflicts of interest and expected levels of ethical behavior.
Check that the responses are efficient and forceful in cases of actions that do not comply with the established rules, based on the provisions of current legislation. Verify that corrective measures are communicated so that they are known by the entire entity.
Compliance with the procedures for the selection, training, formation, evaluation and promotion of the necessary human resources in the entity, as well as that the contents of each job position and activities that are linked to it are clearly and explicitly defined.
Evaluate if the organizational structure is adequate to the size of the entity, type of activity and approved objectives, if the lines of responsibility and authority are defined, as well as the channels through which the information flows.
Assess the use of correct management styles at any of the hierarchical levels of the entity, with regard to respect for the internal control procedures implemented.
Verify that the control committee works properly and contributes to the continuous improvement of the Internal Control System implemented.
Risks evaluation
Internal control has been designed essentially to limit the risks that affect the activities of entities. Through the investigation and analysis of the relevant risks and the point to which the current control neutralizes them, the vulnerability of the system is evaluated. For this, a practical knowledge of the entity and its components must be acquired as a way to identify weak points, focusing on the risks of both the entity (internal and external) and the activity.
It should be remembered that the control objectives must be specific, as well as adequate, complete, reasonable and integrated into the overall objectives of the institution.
Once the risks are identified, your analysis will include:
- An estimate of their importance and significance An evaluation of the probability and frequency A definition of how they will be handled Changes in the environment Redefinition of institutional policy Internal reorganizations or restructurings New employee recruitment or rotation of existing ones. New systems, procedures and technologies Accelerating growth New products, activities or functions.
Standards for risk assessment
Risk identification
The relevant risks that an entity faces in the achievement of its objectives must be identified, whether of internal origin, that is, caused by the company taking into account the specific activity or its internal characteristics in the operation, such as external, which are the elements outside the organization that affect, to some extent, the fulfillment of its objectives
Risk identification is an iterative process, and generally integrated into strategy and planning. In this process it is convenient to "start from scratch", that is, not to rely on the scheme of risks identified in previous studies.
Its development must include carrying out a risk analysis, which includes the specification of the domains or key points of the organism, the identification of the general and particular objectives and the threats and risks that can be faced.
A domain or key point of the entity can be:
- A process that is critical for its survival; One or more activities that are responsible for part of important services provided to the citizenry; An area that is subject to strictly enforced laws, decrees or regulations, with threats of severe penalties for non-compliance; An area of vital strategic importance for the Government (Example: defense, advanced technological research).
When determining these key activities or processes, strongly linked to the entity's objectives, it should be taken into account that there may be some of these that are not formally expressed, which should not be an impediment to their consideration. The analysis is related to the criticality of the process or activity and to the importance of the objective, regardless of whether it is explicit or implicit.
There are many sources of risk, both internal and external. By way of illustration, the following can be mentioned, among the external:
- Technological developments that, if not adopted, would cause obsolescence of the organization Changes in the needs and expectations of the population; Modifications in legislation and regulations that lead to forced changes in strategy and procedures; Alterations in the economic-financial scenario that impact in the entity's budget, its sources of financing and its possibility of expansion.
Among the internal ones, we can cite:
- The organizational structure adopted, given the existence of typical inherent risks, both in a centralized and a decentralized model; The quality of the staff incorporated, as well as the methods for their instruction and motivation; The very nature of the entity's activities.
Once the risks have been identified at the entity level, a similar process should be practiced at the program and activity level. Consequently, a more limited field will be considered, focused on the components of the key areas and objectives identified in the global analysis of the entity.
Risk estimation
The frequency with which the identified risks will occur must be estimated, as well as the probable loss that they may cause to be quantified.
Once the risks at the institution and program or activity level have been identified, they must be analyzed. The methods used to determine the relative importance of risks can be diverse, and will include as a minimum:
- An estimate of its frequency, that is, the probability of occurrence. An assessment of the loss that could result.
In general, those risks whose realization is considered to be of low frequency do not justify major concerns, on the contrary, those that are considered to be of high frequency should deserve preferential attention. Between these extremes are cases that must be carefully analyzed, applying high doses of good judgment and common sense.
There are many risks that are difficult to quantify that, at most, lend themselves to ratings of 'large', 'moderate' or 'small'; but it must not give in to the widespread inclination to quickly conceptualize them as "unmeasured." In many cases, with reasonable effort, a satisfactory measurement can be achieved.
This can be expressed mathematically in the so-called Exposure Equation:
PE = F x V
where:
PE = Expected Loss or Exposure, expressed in pesos and annually.
F = Frequency, probable times that the risk will materialize in the year.
V = Estimated loss for each case in which the risk materializes, expressed in pesos
Determination of control objectives
After identifying, estimating and quantifying the risks, senior management and those responsible for other areas must determine the specific control objectives and, in relation to them, establish the most suitable control procedures.
Once top management and those responsible for other areas have identified and estimated the level of risk, measures must be taken to deal with it in the most efficient and economical way possible.
The entity's specific control objectives must be established, which will be adequately articulated with its own global and sectoral objectives.
Based on the control objectives determined, the measures or safeguards that are deemed most effective at the lowest cost will be selected to minimize exposure.
Change detection
Every entity must have procedures capable of capturing and timely reporting registered or imminent changes in the internal and external environment, which may conspire against the possibility of achieving its objectives in the desired conditions.
A fundamental stage of the Risk Assessment process is the identification of changes in the environmental conditions in which the entity develops its action. A control system can become ineffective by changing the conditions in which it operates.
An information system is required to capture, process and transmit information related to the facts, events, activities and conditions that cause changes to which the entity must react.
By way of example, some conditions are listed that should deserve particular attention:
- Changes in the external context: legislation, regulations, adjustment programs, technology, changes of authorities, etc. Accelerated growth: an entity that grows too fast is subject to many internal tensions and external pressures New product or service lines: investment in the production of new goods or services generally causes imbalances in the Internal Control System, which must be reviewed Reorganizations: generally mean reductions in personnel that cause, if not rationally practiced, alterations in the separation of functions and at the supervisory level. Creation of the information system or its reorganization: it can generate a period of excess or defect in the information issued, causing in both cases the probability of the adoption of incorrect decisions.
Evaluation of the Risk Assessment component
Check the existence of suitable procedures to anticipate risks, identify them, estimate their importance, evaluate their probability or frequency and react to events or changes (routine or not) that influence the achievement of the planned objectives, both from internal and external sources, as well as at the company level and the most important units or functions (sales, production, finance, human resources, etc.).
At the company level
External factors
- New technologies, products, services or activities Changes in the needs and expectations of the population Modification of legislation and regulations Alterations in the economic and financial scenario of the country or in the international context.
Internal factors
Existing organizational structure.
- Quality of the incorporated personnel, as well as the methods for their instruction and motivation Internal restructuring Information systems The very nature of the company's activities.
Verify the existence of policies and action criteria defined by management and communicated at the corresponding levels within the entity, referring to:
- Authorization of transactions Approval of transactions Process and recording of operations Classification of operations Verification and evaluation of the accounting record Physical safeguard of assets
Control Activities
Control activities are procedures that help ensure that management policies are carried out, and must be related to the risks that management has identified and assumes.
The control activities are carried out at all levels of the organization and in each of the management stages, starting from the preparation of a risk map, knowing the risks, and having the controls designed to avoid or minimize them, in many In some cases, control activities designed for one objective usually help others as well: operational activities can contribute to those related to the reliability of financial information, these to regulatory compliance and so on.
In turn, in each category there are various types of control:
- Preventive and corrective. Automated or computerized manuals. Managerial or directive.
At all levels of the entity there are control responsibilities and it is necessary for the agents to know individually which are those that concern them, for this such functions must be clearly explained to them.
The following questions show the comprehensive breadth of control activities, seen in their most general sense, although they do not constitute all of them.
- Analysis carried out by management Monitoring and review by those responsible for the various functions or activities Verification of transactions regarding their accuracy, completeness, pertinent authorization: approvals, reviews, collations, recalculations, consistency analysis, pre-numbering Physical controls assets: cash counts, reconciliations, counts, security devices to restrict access to assets and records, segregation of duties, application of performance indicators.
We consider that this component should include all the regulations in force in the country regarding Internal Control Subsystems. Below is a set of minimum activities to be included in an Internal Control Procedures Manual to be drawn up in the entities, respecting the general rule that the specific characteristics of the entity must be taken into account.
Control Activities Standards
Separation of tasks and responsibilities
The essential tasks and responsibilities related to the treatment, authorization, registration and review of transactions and events, must be assigned to different people.
The purpose of this standard is to seek a suitable balance of authority and responsibility within the organizational structure.
By avoiding that the fundamental issues of a transaction or operation remain concentrated in the same person or sector, the risk of errors, waste or illegal acts is significantly reduced and the probability that, if they occur, they will be detected.
In small entities, it is necessary to establish a balance between this separation of tasks and responsibilities and the benefit that can be obtained from them, without neglecting what it would cost us to divide functions, for which the supervision and monitoring activity should be reinforced.
Coordination between areas
Each area or subarea of the entity must operate coordinated and interrelated with the remaining areas or subareas. In an entity, the decisions and actions of each of the areas that comprise it, require coordination. For the result to be effective, it is not enough that the units that compose it achieve their own objectives; rather, they must work together so that those of the entity are achieved in the first place.
Coordination improves integration, consistency and responsibility and limits autonomy. Sometimes a unit must sacrifice its effectiveness to some extent to contribute to that of the entity as a whole.
Consequently, it is essential that officers and employees consider the implications and repercussions of their actions in relation to the entity. This involves consultations within and between entities.
Documentation
The internal control structure and all significant transactions and events must be clearly documented, and the documentation must be available for verification.
Every entity must have the documentation referring to its Internal Control System and the pertinent questions of the transactions and significant events.
Information on the Internal Control System may appear in its policy formulation and, basically, in the referred manual. It will include data on objectives, structure and control procedures.
Defined levels of authorization
Relevant acts and transactions can only be authorized and executed by leaders, officials and other workers who act within the scope of their powers.
Authorization is the ideal way to ensure that only acts and transactions are carried out that have the approval of the management. This conformity supposes its adjustment to the mission, strategy, plans, programs and budgets.
The authorization must be documented and explicitly communicated to the authorized persons or sectors. They must carry out the tasks assigned to them, in accordance with the guidelines, and within the scope of competence established by the regulations.
Timely and adequate record of transactions and events
Transactions and events that affect an entity must be recorded immediately and duly classified.
Transactions or events must be recorded, at the time of their materialization or as immediately as possible, to guarantee their relevance and usefulness. This is valid for the entire process or cycle of the transaction or event, from its beginning to its conclusion.
Likewise, they must be properly classified so that, once processed, they can be presented in reports and financial statements with reasonable balances, facilitating decision-making by directors and managers.
Restricted access to resources, assets and records
Access to resources, assets, records and vouchers must be protected by security mechanisms and limited to authorized persons, who are obliged to sign the Acts of Responsibility to account for their custody and use.
All valuable assets must be assigned to a person responsible for their custody and have adequate protections, through insurance, storage, alarm systems, access passes, etc.
In addition, they must be duly registered, and periodically, the physical stocks will be checked against the accounting records to verify their coincidence. The frequency of the comparison depends on the vulnerability level of the asset.
These protection mechanisms cost time and money, therefore, in determining the desired level of security, the emerging risks, including theft, waste, misuse, destruction, must be weighed against the costs that may arise from the control.
Staff turnover on key tasks
No employee should be in charge, for a long time, of the tasks that present a greater probability of committing irregularities. The employees in charge of these tasks must, periodically, be employed in other functions.
Although the Internal Control System must operate in an environment of ethical soundness, it is necessary to adopt certain protections to avoid events that may lead to acts that conflict with the agency's code of conduct.
In this sense, the rotation in the performance of key tasks for security and control is a mechanism of proven effectiveness and many times not used by the mistaken concept of the "essential man".
Information system control
The information system must be controlled in order to guarantee its correct operation and ensure the control of the process of the various types of transactions.
The quality of the decision-making process in an entity relies heavily on its information systems. An information system encompasses quantitative information, for example, performance reports using indicators, and qualitative, concerning opinions and comments.
The system must have security mechanisms that reach the entrances, processes, storage and exits.
The information system must be flexible and susceptible to rapid modifications to meet changing management needs, in a dynamic operating and reporting environment. The system helps to control all the activities of the entity, to record and monitor transactions and events as they occur, and to maintain financial data.
The application systems control activities are designed to control the processing of transactions within the application programs and include associated manual procedures.
Information technology control
Information technology resources must be controlled in order to guarantee compliance with the information system requirements that the entity needs to achieve its mission.
The information required by the entity's activities is provided through the use of information technology resources, which include: data, application systems, associated technology, facilities and personnel.
The administration of these resources should be carried out through naturally grouped information technology processes, in order to provide the necessary information that allows each worker to fulfill their responsibilities and monitor compliance with the policies. In order to ensure compliance with the information system requirements, appropriate control activities must be defined and implemented, monitored and evaluated.
Information system security is the control structure to protect the integrity, confidentiality, and availability of information technology data and resources.
Information technology general control activities apply to the entire information system, including all of its components, from the processing architecture of large computers, mini-computers, and networks, to end-user processing management. They also cover manual measures and procedures that ensure the continuous and correct operation of the information system.
Indicators of performance
Every entity must have performance measurement methods that allow the preparation of indicators for their supervision and evaluation.
The information obtained will be used to correct courses of action and improve performance.
The management of an entity, program, project or activity must know how it is progressing towards the objectives set in order to maintain control of the course, that is, to exercise control.
A system of indicators elaborated from the data emerging from a performance measurement mechanism will contribute to the support of the decisions.
The indicators should not be so numerous that they become unintelligible or confusing, nor so few that they do not allow to reveal the key issues and the profile of the situation examined.
Each entity must prepare a system of indicators adjusted to its characteristics, that is, size, production process, goods and services it provides, level of competence of its leaders and other elements that distinguish it. The system can be made up
of a combination of quantitative indicators, such as budgeted amounts, and qualitative ones, such as the level of user satisfaction.
Qualitative indicators must be expressed in a way that allows their objective and reasonable application. For example: an indirect measurement of the degree of user satisfaction can be obtained by the number of complaints.
Independent Internal Audit function
The internal audit unit of the entities must depend on the highest authority of these and its functions and activities must be kept separate from the operations subject to its examination.
Internal audit units must provide their services to the entire entity. They constitute a "security mechanism" with which the higher authority has to be informed, with reasonable certainty, about the reliability of the design and operation of its internal control system.
This internal audit unit, depending on the higher authority, can carry out the analyzes, inspections, verifications and tests that it deems necessary in the different sectors of the entity independently of these, since its functions and activities must be kept separate from the operations subject to your review.
Thus, the internal audit monitors, on behalf of the higher authority, the proper functioning of the system, timely informing that of its situation. For their part, the mechanisms and procedures of the Internal Control System protect specific operational issues to provide reasonable assurance of success in the effort to achieve the organizational objectives.
Evaluation of the Control Activities component
Verify that the responsibility for authorizing, executing, registering and verifying a transaction is duly segregated and differentiated (as far as rationally possible), taking into account the necessary coordination between the different areas of responsibility defined in the entity.
Verify the registration and timely classification of significant transactions and events, taking into account the importance, relevance and usefulness that this has for the fair presentation of the balances in the financial statements.
Check the performance of physical and periodic counts of the assets and their reconciliation with the accounting records.
Evaluate the quality and fulfillment of the rotation plans in the performance of the key tasks of the personnel involved.
Verify that the management carries out periodic and systematic analyzes of the results obtained, comparing them with previous periods, with the budgets and approved plans and other levels of analysis that are useful to them.
Evaluate the use of the performance indicator system implemented in the entity for the implementation of corrective actions that reduce or eliminate important deviations.
Assess the operation, use and respect for the results of the Internal Audit.
Check compliance with information technology controls regarding:
- Physical security of information equipment Access controls Software controls Controls data processing operations Controls development and maintenance of applications Controls of applications
Check that the prepared prevention plan has taken into account the diagnosis of internal risks or potential dangers, the analysis of the causes that provoke or propitiate them and the proposals for measures to prevent or counteract their occurrence.
Check that the prevention plan, in each of the actions, defines the time or moments of execution, the executors and those responsible for their control.
Information and communication
Relevant information must be captured, processed and transmitted in such a way that it reaches all sectors in a timely manner and allows individual responsibilities to be assumed.
Communication is inherent to information systems. People must know, in time, the issues related to their responsibility for management and control. Each function must be clearly specified, understanding as such the issues related to the responsibility of individuals within the Internal Control System.
The reports must be adequately transmitted through effective communication, including a multidirectional flow of information: ascending, descending and transversal.
The existence of open lines of communication and a clear willingness to listen on the part of the leaders are vital.
In addition to good internal communication, it is important to have effective external communication that favors the flow of all the necessary information and, in both cases, it is important to have effective means, such as policy manuals, reports, institutional dissemination, formal and informal channels, the attitude assumed by the management in dealing with their subordinates. An entity with a history built on integrity and a strong culture of control will not have communication difficulties. Action speaks louder than words.
Information and Communication Standards
Information and responsibility
The information must enable officers and employees to fulfill their obligations and responsibilities. The pertinent data must be identified, captured, recorded, structured in information and communicated, in a timely manner.
An entity must have a smooth flow and timely information regarding internal and external events. For example, you need to quickly become aware of user requirements to provide timely responses or changes in laws and regulations that affect you. Likewise, you must have constant knowledge of the state of your internal processes.
The risks faced by an entity are reduced to the extent that decision-making is based on relevant, reliable and timely information. The information is relevant to a user, insofar as it refers to matters within his responsibility and that he has sufficient capacity to appreciate its significance.
The supervision of the performance of the entity and its component parts, operates through information processes and demands of responsibilities of formal and informal types. The culture, size and structure of the organization significantly influence the type and reliability of these processes.
Information content and flow
The information must be clear and with a degree of detail adjusted to the level of decision-making. It should refer to both external and internal situations, financial and operational issues.
In the case of the directive and managerial levels, the reports must relate performance to the objectives and goals set.
The information flow must circulate in all directions: ascending, descending, horizontal and transversal.
It is essential for the management and control of the entity to have satisfactory information, in time and in the necessary place, and therefore, the design of the information flow and its subsequent proper functioning, must constitute central concerns for those responsible for the entity, for decision making, otherwise it would be of no use.
Quality of the information
The information available in the entity must meet the attributes of: appropriate content, timeliness, updating, accuracy and accessibility.
This standard raises the issues to consider in order to form judgments about the quality of the information used by an entity and makes its reliability essential.
It is the duty of the higher authority, responsible for internal control, to strive to obtain an adequate degree of compliance with each of the aforementioned attributes.
Flexibility to change
The information system must be reviewed and, if appropriate, redesigned when deficiencies are detected in its operation and products. When the entity changes its strategy, mission, policy, objectives, work program, etc., the impact on the information system must be considered and act accordingly.
If the information system is designed based on a strategy and a work program, it is natural that when changing these, it has to adapt, taking into account that the
information that is no longer relevant continues to flow to the detriment of another that did become relevant. taking care that the system is not artificially overloaded, a situation that is generated when the information, now necessary, is added without eliminating the one that lost importance.
The information system
The information system must be designed taking into account the strategy and operations program of the entity.
The information system qualification applies both to the one that covers the financial information of an entity and to the one intended to record other internal processes and operations.
Here it is explained in a broader sense because it also covers the treatment of events and events external to the entity, referring to the capture and timely processing of situations referring to, for example:
- Changes in the regulations, legal or regulatory, that reach the entity Know the opinion of users about the service that is provided Their claims, concerns and their emerging needs.
Such information system must be designed to support the strategy, mission, policy and objectives of the entity.
The entity needs information that allows it to achieve all categories of objectives: operational, financial and compliance. Each piece of information can help you achieve one or all of these categories of goals.
Management commitment
The interest and commitment of the entity's management with the information systems must be made explicit through an allocation of sufficient resources for their effective operation.
It is essential that the management of an entity have a full understanding of the important role that information systems play, for the correct performance of its duties and responsibilities and, in that sense, it must show a committed attitude towards them.
This attitude should be expressed in statements and actions that demonstrate the attention to the importance that is given to information systems.
Communication, organizational values and strategies
The entity's communication process must support the dissemination and support of its ethical values, as well as those of its mission, policies, objectives and results of its management.
For control to be effective, entities need an open, multi-directional communication process capable of transmitting relevant, reliable and timely information.
The communication process is used to convey a variety of topics, but we want to highlight, in this case, the communication of ethical values and the communication of the mission, policies and objectives. If all the employees of the entity are imbued with the ethical values that They must respect the mission to be fulfilled, the objectives pursued and the policies that frame them, the probability of an effective, efficient, economic performance, framed in legality and ethics, increases notably.
Communication channels
Communication channels must present a degree of openness and efficiency appropriate to internal and external information needs.
The system is structured in data and information transmission channels. To a large extent, the maintenance of the system lies in monitoring the opening and good condition of these channels, which connect different transmitters and receivers of varying importance.
Communication with employees, so that they can send their suggestions on improvements or possible changes that provide the fulfillment of tasks and goals.
Information and Communication Evaluation
There are mechanisms to obtain relevant external information on market conditions, competitor programs, new legislation or control bodies, and economic changes.
Directors and heads of departments are provided with the information they need to fulfill their responsibilities.
The information is available, in a timely manner, to allow effective control of events and activities, enabling rapid reaction to commercial economic factors and control issues.
A long-term IT plan has been developed, linked to the strategic initiatives.
Sufficient resources are provided, as needed, to improve or develop new information systems.
The means of communication, formal or informal training sessions, meetings and supervisions during the work, are sufficient to carry out such communication. There are established mechanisms for employees to provide their recommendations for improvement.
Supervision or Monitoring
It is the process that evaluates the quality of internal control over time. It is important to monitor internal control to determine if it is operating as expected and if modifications are necessary.
Permanent monitoring activities include supervision activities carried out permanently, directly by the various management structures.
Separate evaluations are monitoring activities that are performed on a non-routine basis, such as periodic audits by internal auditors.
Some of the issues to consider are:
- Constitution of the integrated control committee, at least, by a top-level leader and the internal auditor. Its objective would be to monitor the proper functioning of the Internal Control System and its continuous improvement. In the organizations that justify it, the existence of internal audit units with a sufficient degree of independence and professional qualification.
The objective is to ensure that internal control works properly, through two supervision modalities: continuous activities or specific evaluations.
The former are those incorporated into normal or recurring activities that, running in real time and rooted in management, generate dynamic responses to surviving circumstances.
Regarding specific evaluations, the following considerations apply:
- Their scope and frequency are determined by the nature and importance of the changes and risks that these entail, the competence and experience of those who control them, and the results of continuous supervision. They are carried out by those responsible for the management areas, the Internal audits included in the planning or requested especially by management and external auditors. They constitute a whole process within which, although the approaches and techniques vary, an appropriate discipline and unavoidable principles prevail. The task of the evaluator is to find out the real operation of the system: that the controls exist, are formalized, that they are applied daily as a routine incorporated into the habits and that they are suitable for the purposes pursued.They respond to a certain methodology with techniques and tools to measure effectiveness directly or through comparison with other proven good control systems. The level of documentation of controls varies according to the size and complexity of the entity. There are informal controls that, even if they are not documented, are applied correctly and are effective, although an adequate level of documentation usually increases the efficiency of the evaluation and is more useful by promoting the understanding of the system by the employees. The nature and level of documentation require greater rigor when it is necessary to demonstrate the strength of the system to third parties.The level of documentation of the controls varies according to the size and complexity of the entity. There are informal controls that, even if they are not documented, are applied correctly and are effective, although an adequate level of documentation usually increases the efficiency of the evaluation and is more useful by promoting the understanding of the system by the employees. The nature and level of documentation require greater rigor when it is necessary to demonstrate the strength of the system to third parties.The level of documentation of the controls varies according to the size and complexity of the entity. There are informal controls that, even if they are not documented, are applied correctly and are effective, although an adequate level of documentation usually increases the efficiency of the evaluation and is more useful by promoting the understanding of the system by the employees. The nature and level of documentation require greater rigor when it is necessary to demonstrate the strength of the system to third parties.The nature and level of documentation require greater rigor when it is necessary to demonstrate the strength of the system to third parties.The nature and level of documentation require greater rigor when it is necessary to demonstrate the strength of the system to third parties.
An action plan must be drawn up that includes:
- The scope of the assessment Existing ongoing supervision activities The tasks of the internal and external auditors Higher risk areas or matters Assessment program Assessors, methodology and control tools Presentation of conclusions and supporting documentation Monitoring so that the pertinent corrections are adopted.
Supervision or Monitoring Standards
Evaluation of the internal control system
The management of the entity and any official who is in charge of an organizational segment area, program, project or activity, must periodically evaluate the effectiveness of its Internal Control System and communicate the results to whoever is responsible.
A periodic analysis of the way in which this system is operating will provide the person in charge with the peace of mind of its proper functioning, or the opportunity to correct and strengthen it.
Efficiency of the Internal Control System
The Internal Control System is considered effective to the extent that the authority it supports has reasonable security in:
- Information about progress in achieving its objectives and goals and in the use of economy and efficiency criteria Reliability and validity of financial reports and statements Compliance with current legislation and regulations, including policies and procedures emanating from it This standard establishes the criteria to qualify the effectiveness of an Internal Control System, based on the three control matters: Operations, Financial information, Compliance with laws, decrees, regulations and any type of regulation
Internal Control System Audits
Audits must be performed, which will report on the effectiveness and efficiency of the Internal Control System, providing recommendations for its strengthening, if applicable.
In the interrelationship game of elements that configure and sustain the Internal Control System, Audits play an important role.
These examinations, carried out on the basis of generally accepted norms and procedures, allow obtaining a valid technical opinion on the state and operation of an Internal Control System.
The nature, extent and frequency of the evaluations of the Internal Control System must vary depending on the level of risk determined and the weighting of the importance of the control to reduce it.
The audit should follow an objective and systematic method that reasonably increases the probability of forming an accurate judgment.
Validation of the assumed assumptions
The assumptions that support the objectives of an organization must be validated periodically.
An entity's objectives and the control elements that support their achievement rest on fundamental assumptions about how its environment functions.
Assumptions about how the system works are often widely held in an organization, although they may not be understood by staff. Said unconscious assumptions can inhibit the ability to adapt to change, because they lead staff to discard all information that does not conform to their concepts. An open dialogue is needed to identify the assumptions. If the assumptions of an organization are not valid, the control can be ineffective, so the periodic revalidation of the assumptions of the organization is key to the effectiveness of the control.
Treatment of detected deficiencies
Any deficiency that affects or may affect the effectiveness of the Internal Control System must be reported.
Procedures must be established that determine on what matters, in what form and to whom such information will be presented.
Deficiencies in the functioning of the Internal Control System, given their importance, must be quickly detected and communicated. The term impairment should be understood broadly, that is, any "condition" within the system that is worthy of attention.
The identification of deficiencies can arise from different sources: internal control itself, supervision and evaluation. Also, through the relationship with third parties, through claims, demands, etc.
The communication of deficiencies should normally follow the path that leads to the immediate superior, but the general orientation should be that it eventually reaches the authority that can take corrective action. A case that can serve as an example is one in which the detected problem invades the organizational boundaries; here communication must be directed at a level high enough to ensure appropriate action.
Detected deficiencies that exceed a specified limit in terms of their relevance and impact must be reported.
Supervision and Monitoring Evaluation
The management, responsible for operations, compares production, stocks, sales or other information obtained in the course of its daily activities, with the information generated through the systems.
- Evaluate to what extent the communications received from third parties corroborate the information generated within the organization or indicate problems Periodic comparison of the amounts recorded by the accounting system with tangible assets Analyze the entity's response to the recommendations of the internal auditors and external to strengthen internal controls. It insists on compliance with the entity's code of ethics or conduct and whether essential control activities are regularly carried out. Assess the effectiveness of internal audit activities.
Chapter 2. Characterization of the MAC Provincial Delegation.
The MAC Provincial Delegation was constituted (see annex 1) on April 25, 2001, vertically subordinate to the Ministry of Audit and Control and independent of any local body, which is in charge, within its territory, of executing and controlling the State and Government policy regarding the Ministry, considered as a Center of Expenditures.
With legal address Calle 13 de Octubre N0. 100 between Vicente García and Colón Rimero district, Las Tunas municipality, Las Tunas province.
The Delegation is headed by a Delegate and is made up of the leaders, specialists and auxiliary personnel (see Annex 2) determined by the one that resolves, taking into account the characteristics and needs of the work, in correspondence with the approved staff.
The Organization thrives in a highly changing environment with both opportunities and threats. The province has a territorial extension of 6 587 km2, corresponding to 5.9% of the total area of the country and is made up of 8 municipalities.
Action planning is achieved through the preparation of the annual audit plan, special checks, exchange and control visits, supervision visits, which is prepared and then defended before the planning body of the ministry, constituting after its approval, the most important document and guide to the annual management of the delegation.
The workforce available reaches the figure of 26 workers, of which 2 are managers, 2 operators, 1 service and 20 technicians
Under these conditions, the Organization faces the challenge of applying and implementing its own internal control system, achieving an advanced position among the country's delegations and achieving leadership in the province.
Mission
Demand the correct application of the policy of the State and the Government in matters of Auditing, Inspection and Government Control, as well as governing the Audit System of the province, to prevent, detect and confront illegalities and acts of corruption.
View
They are an organization that is distinguished by its high ethical values, high professionalism and quality of work, committed to the Revolution in the prevention, detection and confrontation of illegalities and acts of administrative corruption, ensuring the correct use of State resources.
Control environment component
Standards for the control environment
Integrity and Ethical Values
The direction of the Delegation works for the maintenance of a culture of ethical values (see annex) with a solid moral foundation for the management and operation not only of its cadres but also of its workers with the aim of achieving commitment and a sense of belonging to with the entity and demonstrates it with the following actions:
100% of its cadres signed the Regulations for State and Government cadres in the presence of the working mass.
Compliance with the precepts of said code is analyzed on a quarterly basis at the Board Commission meeting.
The rendering of account of the tables before the commission specifies the fulfillment and implementation of each one of the precepts of the code.
The internal disciplinary regulation is approved by 100% of the staff
Professional competence
The Human Resources management at MAC ensures that the personnel working in this organization are competent based on appropriate education, training, skills and experience, having the following responsibilities:
Hire staff according to the different work profiles that exist in the entity, relying on the recommendations of the expert committee.
Prepare and carry out the training program for all personnel through the registry DRP-06-01-R04.
Prepare a training program for cadres and workers that allows them to reach a level of competence to achieve the proposed objectives of the entity (see annex 32).
The MAC identifies the necessary competence for each activity through the labor competence matrix and then, applying periodic evaluations, assesses whether the staff meets the requirements of the work performed in each job.
The human resources department maintains evidence of these evaluations in the performance evaluation registry.
Through the operating procedure DRP-06-01 “Training and Training”, it identifies and responds to the training needs of all its personnel, as corresponds to the job position and the performance reflected. The effectiveness of the training received will be reflected quarterly in the evaluation of the worker's performance, fundamentally in the functional progress indicator. (see annex 25)
Atmosphere of mutual trust
The Delegation defines and applies the necessary measures to ensure a protected work environment and gradually improve human conditions (creative work methods, safety rules and procedures) and physical conditions (noise, heat, light, hygiene, humidity, cleanliness, vibration, contamination) that are needed to carry out their main mission.
Organization chart
The MAC Provincial Delegation has the following organizational structure.
Assignment of authority and responsibility
The responsibilities of the staff of the MAC Delegation in charge of executing and controlling State and Government policy as regards the Ministry are defined in the different procedures and instructions adopted by the entity
The staff that is represented in the organization chart has been appointed by the Delegate, by resolution, having the organizational power and authority under his direction.
In the Delegation the objectives are defined and communicated and the staff knows how their actions contribute to their achievement.
Personnel policies and practices
The MAC management has implemented the Policies and practices, in which it defines its goals and purposes in correspondence with the needs of the entity and ensures that the expectations of its workers are met or exceeded, taking into account the following principles:
- All members of the organization know and understand this policy in order to achieve maximum participation as well as its correct application and maintenance. Management has managed to create an environment in which the staff becomes fully involved in the achievement of the organization's objectives Resources and related activities are managed as a process The effectiveness and efficiency of the organization are improved by identifying, understanding and managing a system of interrelated processes for a given objective Continuous improvement constitutes a permanent objective for the Delegation.
In accordance with the purposes stated in the policy, the MAC has and provides the appropriate infrastructure in terms of communications, transportation, means of work (software and hardware), workspaces and associated services, as well as maintenance programs with the aim of provide the worker with personal satisfaction and their consolidation in the Delegation. Similarly, it defines and applies the necessary measures to ensure a protected work environment and gradually improve human conditions (creative work methods, safety rules and procedures, ergonomics) and physical conditions (noise, heat, light, hygiene, humidity., cleanliness, vibration, contamination) that are needed to obtain high performance in all personnel.
The management assumes the responsibility in the aspects of selection, training.
New employees are familiar with the customs and procedures of the company (disciplinary regulations and initial instruction on occupational health and safety).
When a labor indiscipline occurs, it is rigorously processed. The immediate superior boss provides detailed written grounds for the events that occurred to the Legal Officer and the measure is assessed according to the lack of discipline.
Control Committee
In the Board of Directors of the month of July, the Internal Control Committee of the entity was created, with the president of the same being a leader of the highest level, and composed of personnel with capacity, comprehensive trajectory and sufficient knowledge and experience in the operation of the company. Delegation to support management in supervision and control.
Risk assessment component
Objectives of the Delegation.
To define the objectives of the Delegation, it is done through strategic planning, where an assessment of the general strategy is carried out in the Board of Directors of the same to define the objectives of the year (see annex 28).
Identification and evaluation of risks
The Delegation has established the Prevention Plan, where some vulnerable points have been defined, with their possible manifestations, the measures to be taken, the person responsible, the date of compliance and who executes it (see annex c-01). In the Boards of Directors every month some point of this plan is analyzed.
There is also the plan against Catastrophe, which establishes the policy and objectives to be followed in the event of an exceptional situation.
Monitoring and Risk Control
A permanent point is established in the Board of Directors for the review of the Prevention Plan and the action plan drawn up to avoid or minimize the impact of the risks determined in the matrix, as well as reviews are carried out in the Panel Committee and by part of the political organizations of the company and the Union in their meetings.
Once the risks of each process have been determined, the action plan prepared quarterly is monitored and measured by the Board of Directors, which is recorded in the minutes thereof.
Risk estimation
The MAC determined and estimated the frequency with which risks may occur in each of the processes, as well as the probable loss that each one may cause.
Control activities component
Generalities
The MAC has identified its key results areas and also has a program of actions to control the objectives in the year and the consolidation of management by objectives.
Separation of tasks and responsibilities
The Delegation has established and implemented as a policy that the worker who carries out the hiring, sets the category and the salary corresponding to the personnel but does not update the workers' labor file, in addition Human Resources only prepares the payment report, which they deliver to Accounting In order for it to prepare the payrolls, they are subsequently returned to Human Resources to be reviewed before making the payment.
In the same way, it is done with the purchasing process, which is regulated in the procedure.
The activities related to the treatment, authorization, registration and review of transactions and events are assigned to different people.
Coordination between areas
Mention interrelation between areas:
Audit, inspection, legal, IT.
Government control, audit, legal.
Attention to the citizenship, audit, inspection, government control commission.
Documentation
The Delegation has the Audit Manual, where the operation of the organization is established, it has an Accounting manual that the higher body keeps constantly updated. In addition to all the legal and financial provisions established in the country.
The Legal Advisor is in charge of updating all the legal part of the Delegation (licenses, contracts, appointments, etc.) as well as the availability of the updated documentation of the current legislation in the country.
The Delegation has established and put into operation the following regulations:
Auditor's
regulation MAC
regulation Disciplinary regulation
Code of ethics
Collective bargaining agreement
The application of the provisions of these regulations can be verified in the corresponding areas.
Defined levels of authorization
The levels of authorization are defined in the organizational structure adopted in the Delegation
All the executive personnel of the Delegation have been appointed by resolution of the Delegate, which establishes the authority assigned to carry out their functions.
Timely and adequate record of transactions and events
The Delegation duly maintains the documents related to the treatment of transactions and economic events, which are recorded at the time they occur and are later classified accordingly.
Restricted access to resources, assets and records
Staff turnover on key tasks
Regarding the trainees, the Delegation has carried out an analysis and has established a 6-month rotation cycle among the personnel of the key processes that will begin to be carried out as of July. The first semester of 2007 will be used to prepare the conditions and staff to meet this requirement.
Information system control
In the Delegation there is an effective information system that allows controlling all processes and making timely decisions. This system is flexible and can be modified according to the needs of the Delegation and / or dynamic changes in the environment
Control of information technology
The MAC Delegation has the facilities and the necessary personnel to collect and process the financial information of its accounting operations. Regarding the technology (hardware)
The Accounting and Finance process has set out to acquire the missing software to ensure faster and more efficient information.
The need for personnel and technology for the other processes are recorded as non-conformities and corrective actions in this regard are documented.
Indicators of performance
The delegation has regulations to measure the performance of its workers which is evaluated quarterly to determine the suitability and performance of the staff.
Independent internal audit function
The entity in its organizational structure does not have the internal audit function, so the inspections, audits and verifications established in its content are assumed by the established internal monitoring and audits and an annual audit that will be carried out by the Internal Control Committee established in the delegation.
Information and communication component
Information and responsibility
In order to establish the appropriate communication processes in the Delegation, it was decided to use the group meetings established in the organization (Boards of Directors), in the same way the entity's computer network is used to communicate what is related to the activities of the organization.
Also used are the assemblies of workers, morning, murals, etc. for:
- Communicate to all personnel the policies, objectives, mission and vision of the Delegation Communicate the responsibilities and authorities of the entire entity That the delegation know the results of the reviews and audits carried out on the company, as well as the analysis and evaluation of opportunities for improvement and the need for changes in established systems Ensure that staff are competent and aware of the relevance and importance of their activities and of how they contribute to the achievement of the entity's objectives Communicate to the entire Delegation The policy and objectives of Internal Control Communicate the responsibilities and authorities of all the Delegation's staff Report on the performance of the processes and improvement actions.
Information content and flow
The process files establish the design of the information flow that interacts between each process with the required acceptance criteria, adjusted to the degree of detail of the day, the form (personal, written, digital format, etc.), method, signature that must present the record.
Each process determines its work and quality objectives for the year, the Management checks quarterly in the Board of Directors compliance with them.
Quality of the information
The Delegation has established the necessary acceptance criteria for each information that interacts internally and externally between the determined processes.
Flexibility to change
The procedure is implemented in the organization. Control of documents, which details how and who can request the modification of any document.
The information system
The entity has established a system for updating and controlling legal or regulatory documentation, for documentation of external origin, to know the degree of satisfaction of the audited bodies, for the treatment of their complaints and claims.
Management commitment
The direction of the delegation is committed to the development and implementation of the SCI described in this work and demonstrates it:
- Establishing, maintaining, reviewing and promoting the objectives of Resolution 297/03 (see Annex A-04) at all levels of the organization, deciding on actions in relation to the policy and objectives of Internal Control and guaranteeing the relationship with the organizational objectives of the company Ensuring that the work of the entire Delegation is focused towards compliance with the requirements and objectives of Internal Control Ensuring that an effective Internal Control Manual is established, implemented and maintained, periodically reviewing it, implementing measures to compliance with the strict control of the means and resources made available to the company. MAC management ensures the implementation of the Internal Control Manual in order to comply with the components established in Resolution 297/03.The development of an implementation schedule, which includes the main activities and the date of completion of each of them (see annex A-17) The creation of an internal control committee with the aim of monitoring the proper functioning of the System of Internal Control and its continuous improvement. (see annex a-31) The preparation of leaders, cadres and workers. Analysis and permanent discussion of the implementation in the Board of Directors and with the workers. The continuous improvement of the implanted System.(See annex a-31) The preparation of leaders, cadres and workers. Analysis and permanent discussion of the implementation in the Board of Directors and with the workers. The continuous improvement of the implanted System.(See annex a-31) The preparation of leaders, cadres and workers. Analysis and permanent discussion of the implementation in the Board of Directors and with the workers. The continuous improvement of the implanted System.
Communication, organizational values and strategies
The entity communicates its policies, objectives, mission and the results of its management mainly in the morning and in assemblies with all workers.
Communication channels
In order to establish the appropriate communication processes in the entity, it was decided to use the meetings established in the entity to systematically analyze the development and application of the Manual. Similarly, the computer network of the Delegation will be used to communicate what is related to the activities of the system.
The Assemblies of Workers, Morning, Murals, Collective Agreement, etc. are also used. for:
Communicate to the entity the importance of compliance with the provisions of the Internal Control Manual.
That the Delegation know the results of the reviews and audits carried out, as well as the analysis and evaluation obtained and the action plan to be taken to eradicate the deficiencies detected, if any.
Supervision and monitoring component
Evaluation of the internal control system
The Directorate of the Provincial Delegation of the MAC evaluates (monthly, quarterly and semi-annually) as established, the effectiveness of each of the processes determined in the entity, according to the indicators and objectives indicated.
The result of this measurement will be reported to the Board of Directors as appropriate.
Internal Control System Audits
The Delegation included the components of Internal Control in the audit program, and will annually audit all the components of the resolution. In the first case, the trained internal auditors will be used as auditors and in the second case, it will be carried out by the members of the Control Committee.
The Boards of Directors will carry out quarterly reviews of the application and compliance with Resolution 297/2003 to determine the improvement actions that may contribute to the effectiveness of the system.
Validation of the assumed assumptions
The Delegation has established that it will annually validate the assumptions assumed, referring mainly to: work objectives of each process, mission, established policies, work plans, indicators, results of the indicators established for monitoring and measuring the processes.
Treatment of detected deficiencies
The deficiencies detected in the Internal Control System will be treated as a non-conformity, as established in the procedure.
Conclusions
- Resolution No. 297 of the Ministry of Finance and Price was implemented in the MAC Provincial Delegation in Las Tunas. It has deepened in the new concepts of Internal Control already officially established in our country. It is a methodological material on how the new ones should be designed Internal control concepts. Chapter 3 provides all the information contained in the V components, which allows constant updating of the same.
recommendations
- That this implementation be used by the Ministry and serve as a guide to the rest of the country's Delegations That the methodology designed on the new forms of internal control be applied in the Ministry of Audit and Control That the information contained in the Chapter 3 and in this way will allow maintaining internal control.
Bibliography
- Executive Committee of the Council of Ministers / Agreement 4045 Functions, Specific Attributions and Structure of the Ministry of Audit and Control / 2001 / Cuba Executive Committee of the Council of Ministers / Agreement No. 4374 Regulation of the Decree Law of the Ministry of Audit and Control / Cuba. Council of State / Decree Law 219 Of the Ministry of Audit and Control / 2001 / Cuba Council of State / Decree Law No. 159 Of the Audit / 1995 / Cuba Collective of Authors / Institute of Economy / 1974 / Cuba Collective of Authors / Management Theory and Techniques. / Cuba.Coulter Davies, Ernest / Auditing / Editorial UTEHA / 1938 / México.Catácora, F. / Accounting Systems and Procedures / First Edition / Editorial McGrawHill / 1996 / Venezuela.Da Silva Serra, María de Fatima / A Study of Evidence in Internal Audit /www.monographies.com.Federation of the Association of Public Accountants of Venezuela / Generally Accepted Accounting Principles / 1994 / Venezuela.Fernández, Millán Wenceslao / Business Audit / Institute of Accounting and Auditing / 1993 / Spain.González, María / Sufficient Revelation / GestioPolis.com. Holmes, Arthur W. / Audit Principles and Procedures / Editorial UTEHA / 1957 / Mexico Holmes, Arthur W / Audits Principles and Procedures / Editorial Limusa / 1994 / Mexico Ibarra Martín, Francisco / Methodology of Social Research / Editorial Félix Varela / 2001 / Cuba. Mexican Institute of Public Accountants./. Standards and Procedures for System Audits./.1996./.México.Leonard, W. / Administrative Audit, Evaluation of Administrative Methods and Efficiency / Editorial Diana / 1990 / México López Calderón,Jorge / Course on Auditing and Quality Assurance / www.monogramas.com.Meigs, W. Larsen J. / Principles of Auditing / Second Edition / Editorial Diana./ 1994 / Mexico Ministry of Audit and Control / Auditor's Manual / 2002 / Cuba.Ministry of Finance and Prices / Resolution No. 297/2003 / Cuba.ANEC / Ministry of Finance and Prices./Guía de Control Interno /2005./CubaMeigs, W. Larsen J. / Principles of Audit / Second Edition / Editorial Diana./ 1994 / Mexico Ministry of Finance and Prices / General Accounting Standards / Cuba.National Audit Office / Resolution No. ONA-2/1997 / Cuba.Poch, R. / Manual of Internal Control / Editorial Gestión 2000 / Second Edition / 1992 / Barcelona / Spain.Workers Newspaper / November 1996 / CubaPeriódico El Economista de Cuba./.2005./.Cuba.Pinto Blanco Eduardo / Audit, Internal Control,Fiscal Control / Editorial Options Creativas./.2002./.Colombia.Redondo, A. / Practical Course on General Accounting / Tenth Edition / Editorial Centro Contable Venezolano / 1993 / Venezuela.Audit and Control Magazine / No. 4/2001 / Cuba.Audit and Control Magazine / Vol. 1/2002 / Cuba.Audit and Control Magazine / No. 7 / December 2002. /Cuba.Finance and Credit Magazine./. No.17./.1995./.CubaRivas, Catalina / The Audit in the Current Context / Cuba / www.monogramas.com.Taylor Donald H. and C. Glezen Wiliam / Audit, integration of concepts and knowledge./ sa / Audit Volume I / sa / se / Vérez Basanta, Alberto / Audit / Editorial of Books for Education / 1979 / Cuba / page. Brochure of the Computerized Audit Course./ Practical Course on General Accounting / Tenth Edition / Editorial Centro Contable Venezolano / 1993 / Venezuela.Audit and Control Magazine / No. 4/2001 / Cuba.Audit and Control Magazine / Vol. 1/2002 / Cuba.Audit and Control Magazine / No. 7 / December 2002. /Cuba.Revista de Finanzas y Creditos./. No.17./.1995./.CubaRivas, Catalina / The Audit in the Current Context / Cuba / www.monogramas.com.Taylor Donald H. and C. Glezen Wiliam / Audit, integration of concepts and knowledge / sa / Audit Volume I / sa / se / Vérez Basanta, Alberto / Audit / Editorial de Libros para la Educación / 1979 / Cuba / page. Computerized Audit./ Practical Course on General Accounting / Tenth Edition / Editorial Centro Contable Venezolano / 1993 / Venezuela.Audit and Control Magazine / No. 4/2001 / Cuba.Audit and Control Magazine / Vol. 1/2002 / Cuba.Audit and Control Magazine / No. 7 / December 2002. /Cuba.Revista de Finanzas y Creditos./. No.17./.1995./.CubaRivas, Catalina / The Audit in the Current Context / Cuba / www.monogramas.com.Taylor Donald H. and C. Glezen Wiliam / Audit, integration of concepts and knowledge / sa / Audit Volume I / sa / se / Vérez Basanta, Alberto / Audit / Editorial de Libros para la Educación / 1979 / Cuba / page. Computerized Audit.1/2002 / Cuba.Audit and Control Magazine / No. 7 / December 2002. /Cuba.Finance and Credit Magazine./. No.17./.1995./.CubaRivas, Catalina / Audit in the Current Context / Cuba / www.monogramas.com.Taylor Donald H. and C. Glezen Wiliam / Auditing, integration of concepts and knowledge./ sa / Audit Volume I / sa / se / Vérez Basanta, Alberto / Audit / Editorial de Libros para la Educación / 1979 / Cuba / page. Brochure of the Computerized Audit Course.1/2002 / Cuba.Audit and Control Magazine / No. 7 / December 2002. /Cuba.Finance and Credit Magazine./. No.17./.1995./.CubaRivas, Catalina / Audit in the Current Context / Cuba / www.monogramas.com.Taylor Donald H. and C. Glezen Wiliam / Auditing, integration of concepts and knowledge./ sa / Audit Volume I / sa / se / Vérez Basanta, Alberto / Audit / Editorial de Libros para la Educación / 1979 / Cuba / page. Brochure of the Computerized Audit Course.Alberto / Auditing / Editorial of Books for Education / 1979 / Cuba / page. Brochure of the Computer Auditing Course.Alberto / Auditing / Editorial of Books for Education / 1979 / Cuba / page. Brochure of the Computer Auditing Course.
