Sudanese Development Initiative (SUDIA)

Internal Control Framework

January 2022
Internal control Definition:
A process – effected by an entity board of directors, management, and other personnel – designed
to provide reasonable assurance regarding the achievement of objectives in the following
categories:

- Reliable financial reporting

- Effectiveness and efficiency of operations and
- Compliance with applicable laws and regulations

Objectives of Internal Control:

A well-designed system of internal control achieves the following objectives:

- Accurate reliable financial statements

- Safeguarding of assets
- Adherence with applicable laws & regulations
- Promotion of effective & efficient operations

5 Components of Internal Control – (CRIME)

 Control Activities
 Risk Assessment
 Information & Communication
 Monitoring
 Control Environment
 Control Environment
The first component, the control environment, is the most important of the five standards
because it impacts all the others. In fact, the control environment is the foundation. It has
five principles pertaining to setting the tone at the top, demonstrating a commitment to
competence, and establishing oversight, structure, responsibility, and enforcing
accountability.

 Risk Assessment
The second component, risk assessment, has four principles that address defining objectives,
identifying, analyzing, and responding to all types of risk and change. Managers have a
responsibility for not only identifying risk but establishing the level of risk they are willing to
accept.

 Control Activities
The control activities are the policies, procedures, and mechanisms put in place to
accomplish the organizations’ objectives.

 Information and Communication

The fourth component, information and communication, which processing data into quality
information and communicating to both internal and external parties.

 Monitoring
The final component, monitoring, has two principles outlining responsibilities for monitoring
and correcting deficiencies. An effective monitoring system requires one to establish a
baseline (identify your starting point) as well as periodic and recurring monitoring (daily,
weekly, monthly, quarterly, etc.) so that adjustments can be made along the way to reach
the established milestones and goals.
Control Environment:
 Responsibilities are defined and authority is assigned to specific individuals to permit
identification of whether persons are acting within the scope of their authority.

Management Philosophy and Operating Style:

 Management have cear objectives in terms of budget, fundraising, and other financial
and operating goals.

Policies and Procedures:

 Clearly written
 Communicated throughout the entity
 Actively monitored

Organizational Structure:
 The organization clearly defined in terms of lines of authority and responsibility in
current organization chart
 Policies and procedures for authorization of transactions established at adequately.
 Managing Director representing Board have an active role in overseeing the entity's
accounting and financial reporting policies and practices.

Board of Directors:
 Hold Annual meeting and minutes are taken
 Appoint members with adequate qualification
 Adequately ensure fiduciary responsibilities.
 Maintain direct line of communication with the external auditors

Methods of Assigning Authority and Responsibility:

 Code of conduct and conflict of interest requirements
 Employees given job descriptions, which delineate specific duties, reporting
 The organization developed computer systems to generate reports and documentation

Management Control Methods:

 The organization has in place planning “Budgets/Forecasts” and reporting systems
that identifies variances from planned performance.
 Communicate variances to the appropriate management level
 Adequately investigate variances
 Allow management to take appropriate and timely corrective action
 The organization established a records retention policy and planned for the storage of
the information

Internal Audit Function:

 The organization has an internal audit function
 The internal auditor should be independent of the activities he or she audits
 The internal audit function adequately staffed
 The internal auditor documents internal control and perform tests of control
 The internal auditor performs substantive tests of the details of transactions and
account balances
 The internal auditor document the planning and execution of his/her work
 The internal auditor render written reports on his/her findings and conclusions
  The internal auditor’s reports submitted to the Board of Directors
 Management take timely action to correct conditions reported by the internal auditor

Personnel Policies and Procedures:

 Employees adequately trained
 Performance systematically evaluated
 The organization dismisses employees on a timely basis for critical violations of
control policies
 Employees in positions of trust bonded
 Employees required to take mandatory vacation
 Access to records limited to authorized persons

Accounting System:
 Accounting policies and procedures are determined in accordance with management's
authorization.
 Access to the accounting and financial records are limited to minimize opportunity for
errors and fraud and provide reasonable protection from physical hazards.
 Accounting entries are initiated and approved in accordance with management's
authorization.
 Accounting entries are appropriately accumulated, classified, and summarized.
 The general ledger and related records permit preparation of financial statements in
conformity with IFRS.
 Financial statements with related disclosures are prepared and released in accordance
with management's authorization.
 Individuals at appropriate levels consider reliable information in making estimates
and judgments required for preparation of the financial statements and related
disclosures.

General Accounting:
 The Organization has adequate written statements and explanations of its accounting
policies and procedures, such as:
 Chart of accounts
 Assignment of responsibilities and delegation of authority
 Explanation of documentation and approval requirements for various types of
transactions and journal entries
 Access to the general ledger and related records restricted to those who are assigned
general ledger responsibilities?
 No insurance coverage maintained (such as fidelity bonding of employees in positions
of trust) in accordance with management's authorization as the organization uses of
cash is very limited
 All journal entries reviewed and approved
 All journal entries explained and supported
 Individuals who review and approve journal entries independent of initiation of the
entries they are authorized to approve

Preparation of Financial Statements:

 The general ledger accounts arranged in orderly grouping which are conducive to
efficient statement preparation
  Accumulation of information disclosure “Financial Statements Notes”
 Estimates and adjustments to provide valuation allowances reviewed and approved by
appropriate levels in the organization independent of the persons originating the
estimates and adjustments
 Procedures adequate for the review and comparison of working papers to source data
and comparison of elimination and reclassification entries to those made in prior
periods
 Financial statements subjected to overall review and comparisons with the prior
period and budgeted amounts by appropriate levels of management

Transaction Cycle Processes’ internal Controls

Revenues and Receivables:

 The types of services provided, the manner in which they will be provided, and the
customers to which they will be provided are in accordance with management
authorization.
 The amounts and other terms of revenues are established in accordance with
management's authorization.
 Services provided have been approved.
 Deliveries of services result in preparation of accurate and timely invoicing are
unfilled
 Revenue commitments periodically reviewed information
 Project Budgets are communicated to the invoicing personnel
 Donors contract terms and deliverables are adhered to
 Due invoices are prepared timely as per contract
 Approved by responsible employee independent of the person preparing the credit
 Accounts Receivable aging schedule overdue accounts report are prepared monthly
 The documentation of review and analysis of accounts receivable balances for
determining valuation allowances and any specific balances to be written-off
valuation allowances and write- offs are approved

Cash Receipts:
 The access to cash receipts records, accounts receivable records, and billing and
invoicing records is controlled to prevent the taking of unrecorded cash receipts or
abstraction of recorded cash receipts.
 Detailed transaction and account balance records are reconciled with control accounts
and bank statements at least monthly for the timely detection and correction of errors.
 Cash receipts are recorded at the correct amount in the period in which received and
are properly classified and summarized.
 The person who receives cheques / Bank Transfer slip / Bank credit note
a) Place restrictive endorsements on all checks received so they are for deposit only
b) List all remittances and prepare totals daily
c) Forward all remittances to the person who prepares and makes a daily bank
deposit
 Cash & cheques receipts forwarded daily to the person who prepares the daily bank
deposit
 Summary listing of cash I cheques receipts forwarded to a person independent of
physical handling of remittances and accounts receivable
 Each day's receipts deposited intact immediately
  Does organization policy prohibit the cashing of any accommodation checks (payroll,
personal) out of collections
 Bank charge backs received directly from the bank and investigated by a person
independent of the physical handling of collections and posting of accounts receivable
subsidiary ledgers
 Entries to the cash receipts journal compared with:
a) Duplicate deposit slip authenticated by the bank
b) Deposits per the bank statement
c) Listings prepared when the cheques are received?
 Information from remittance (cash & Cheques) documentation adequate for the
accurate posting of credits to individual accounts receivable subsidiary records or
accounts such as investment income
 Details of collections posted to subsidiary accounts receivable records by a person
independent of the general ledger functions, physical handling of collections, and
receipt and investigation of bank charge backs

Purchases and Accounts Payable:

 The types of good and services to be obtained, the manner in which they are obtained,
the vendors from which they are obtained, the quantities to be obtained, and prices
and terms initiated and executed are in accordance with management with
management's authorization.
 Adjustments to vendor "Supplier" accounts are made in accordance with
management's authorization.
 All goods and services received are accurately accounted for on a timely basis.
 Only authorized goods and services are accepted and paid for.
 Amount payable for goods and services received are accurately recorded at the correct
amounts in the appropriate period and properly classified
 Access to purchasing, receiving, and accounts payable records is controlled to prevent
or detect duplicate or improper payments.
 Written purchase orders used for all commitments and do those orders include the
vendor description quantity, quality, price, terms, and delivery requirements for the
goods or services ordered.
 There a record of open purchase commitments
 Open purchase orders periodically reviewed and investigated
 Goods received inspected for condition and independently counted, for comparison
with the applicable purchase order
 Receiving reports prepared promptly for all goods received
 Receiving reports provide for recording of:
a) Description, quantity, and acceptability of goods
b) Date on which the goods or services arc received
c) Signature of the individual approving the receipt
 Are copies of receiving reports submitted to Accountants
 Timely matching with purchase orders and vendor invoices
 ls control established over all invoices received
 Duplicate invoices stamped or destroyed as a precaution against duplicate payment
 Vendors' invoices, prior to payment, compared in detail to purchase orders and
receiving reports
 All available discounts taken
  There is procedures for periodic review and investigation of unprocessed invoices,
unmatched purchase orders and receiving reports to provide for follow-up and proper
accruals and to result in proper cut-off for financial reporting purposes/
 Are vendors' statements reviewed for, and proper follow-up made of, overdue items?

Payroll:
 Employees are hired and retained only at rates and benefits determined by
management authorization.
 Payroll withholding and deductions are based on evidence of appropriate
authorization.
 Gross pay, withholdings, deductions, and net pay are correctly computed using
authorized rates and properly authorized withholding exemptions and deductions.
 Payroll costs and related liabilities are correctly accumulated, classified, and
summarized in the accounts in the proper period.
 Comparisons are made of personnel, payroll, and work records at reasonable intervals
for timely detection and correction of errors.
 Net pay and related withholdings and deductions are remitted to the appropriate
employees when due.
 Functions are assigned so that no single individual is in a position to both perpetrate
and conceal errors and fraud in the normal course of their duties.
 Access to personnel and payroll records is limited.
 Are all new hires, rates of pay and changes thereto, change in position, and
terminations based on written authorization by management's criteria?
 Employees for all payroll deductions and withholding are paid timely
 Personnel files maintained on individual employees include Pay slip stating
appropriately written rates of pay, payroll deductions, and withholding exemptions
 Methods for determining pay rates for matters such as overtime, night shift work, and
employee benefits determining in accordance with management's authorizations.
 Employees who perform the payroll processing function receive timely notification of
wage and salary rate changes, new hires, changes in position, terminations, and
changes in authorized deductions and withholding exemption
 Adequate chart of accounts for determining account distributions for wages and
related taxes and controlling liabilities for payroll deductions and taxes withheld
 Clerical operations in the preparation of payrolls verified by re-performance or
reconciliation with independent controls over source data?
 Consultants are paid as per contract terms
 Payroll are transferred to employee bank account and sign pay slip
 Responsibility for custody and follow-up of unclaimed wages assigned to a
responsible person independent of personnel, payroll processing, and cash
disbursement functions
 5 steps payroll procedures is adequate to result in timely and accurate preparation and
filling of payroll, Social insurance and personal income tax payment
 Personnel and payroll records reasonably safeguarded (locked file cabinets, work
areas with limited access)

Cash Disbursement:
 Functions are assigned so that no single individual is in position to both perpetrate and
conceal errors or fraud in the normal course of their duties.
 Disbursements are made only for expenditures incurred in accordance with
management's authorization.
  Adjustments to cash accounts are made only in accordance with management's
authorizations.
 Disbursements are recorded at correct amounts in the appropriate period and are
properly classified in the accounts.
 Access to cash and disbursement records is restricted to minimize opportunities for
irregular or erroneous disbursements.
 Comparison of detail records, control accounts, and bank statements are made at
reasonable intervals for detection and appropriate disposition of errors or fraud.
 The board of directors authorize bank account and check signers
 Approved supporting documents presented with the checks to the check signer
 Mechanical check protector used to inscribe amounts on checks to protect against
alteration - No spaces between words & figures.
 Supporting documents for checks cancelled (stamped as paid) to avoid duplication of
payments?
 Signed checks delivered directly to vendor after signing without being returned to
persons involved in the invoice processing and check preparation functions
 All voided checks retained and mutilated
 There written policies that prohibit making checks payable to cash or bearer, and
signing blank checks
 Dual signatures obtained for all disbursements, and are the signers independent of one
another
 When a check- signing machine is used, the keys, signature plate, and operation of the
signing machine under control at all times of the official whose signature is on the
plate
 Employees who have custody of them independent of voucher and check preparation
functions, and are they denied access to blank checks
 Cash funds are maintained on the premises, they should be kept on an imprest basis:
and they kept in a safe place
 They reasonable in amount
 One custodian control them
 Disbursements supported by vouchers
 Vouchers approved with management's authorization
 Cash funds on a surprise basis counted by someone other than the custodian
 The custodian independent of cash receipts
 The custodian have no access to accounting records
 Reimbursements of the cash fund remitted by checks made payable to the order of the
custodian
 Old outstanding checks investigated, controlled, and their proper disposition arranged

Inventory:
 Organisation Stocks (Fuel, Kitchen supplies, Stationary etc..” are expensed when paid

Property and Equipment:

 Additions and related accumulation of depreciation retirements, and dispositions of
property and equipment is made in accordance with organization policy.
 Transactions involving property and equipment and depreciation within the
capitalized limit are accurately recorded, accumulated, and classified in detail and in
control accounts to maintain accountability for the assets.
 Property and equipment are reasonably safeguarded from loss.
 Capex order forms approved by management for property additions
  Contracts and agreements signed by individuals in accordance with appropriately
documented designation by the board of directors
 Detailed records maintained for property and equipment indica6ng a description of
the assets, their location, cost, acquisition date, date of service, depreciable life, and
method of depreciation used – “Assets verification sheet”
 Property and equipment insured and coverage reviewed periodically for additions,
disposals, and adequacy. Not insures as not material value
 There a written capitalization I expense policy for property and equipment purchases

Stockholders' Equity and Capital Accounts:

 Capital transactions are authorized and approved in conformity with the organization's
governing document (corporate charter, partnership agreement). Transactions and
obligation are promptly and accurately recorded.
 Access to records, agreements, and negotiable documents is permitted only in
accordance with management's authorization. Records, agreements, and documents
are subjected to adequate physical safeguards and custodial procedures. disbursed
accurately and in conformity with decisions of the board of directors.
 Authorization and approvals for specific capital transactions appropriately recorded
 Two officials authorized by the board required to sign and countersign stock
certificates
 All stock certificates prepared and approved before issuance within management’s
authorization
 Appropriate control records maintained for each class of stock on information such as
number of shares authorized, issued and outstanding, and the number of shares subject
to options, warrants, and conversion privileges
 Timely detailed records maintained on specific stock certificates issued and
outstanding for each class of capital stock and the identity of record and the number
of shares for each certificate?
 Detailed stock certificate records reconciled at reasonable intervals with the control
records and the general ledger?
 Reconciliations of detailed records with the control records and general ledger
performed by persons independent of custody of unissued stock certification,
maintenance of the detailed records, and cash functions
 Unissued stock certificates, reacquired certificates and detailed stockholder records
subject to reasonable physical safeguards
 Stock certificates pre- numbered so that all certificates (unissued, issued and retired)
may be accounted for
 Retired stock certificates examined for proper endorsement and effectively cancelled
by a person whose duties do not include maintenance of the detailed stockholder
records
 Treasury stock certificates registered in the name of the company and recorded to be
readily distinguished from other outstanding shares
 Dividends declared recorded in the minutes of the boards of directors meetings
 Procedures result in an accurate cut-off and accurate listing of stockholders as of the
record date
 Total dividends disbursed reconciled to total outstanding shares as of the record date
 Retirement approved by an appropriate level of management
 Physical control over assets to prevent theft
 Periodic physical inspection of plant and equipment by individual who are otherwise
independent of property, plant, and equipment (e.g., internal auditors)