11/7/2013
Session Content
Internal control systems
Chapter 8
1. Development of CG regarding
accountability, audit and controls
Cadbury Report 1992
About corporate transparency and good communication
and disclosure with SH and Stakeholders
Illustration Barings Bank (page 168)
Turnbull Report 1999
- States the need for Dirs to review their systems of IC
and report on this to SH
- Attempt to formalise framework for establishing IC
- Framework acts as guidance on how to establish,
develop and maintain systems of IC
- Work done by COSO was referred to within this report
Smith Report 2003
- Relationship between auditor and the Cos
they audit
- Role and responsibilities of audit C/ee
Illustration 2: Societe Generale (page 169)
2. Internal control and risk
management in CG
Board C/ees have been established that are
responsible for each of these areas dealt by
the reports so that to meet the requirements
of the reports:
- For Cadbury and COSO and Turnbull Risk
Committee
- For Smith Audit C/ee
IC and Risk mgt fundamental components
of good CG
Good CG = board must identify and manage
all risks
�11/7/2013
Risk management and Cadbury:
- the board should maintain a sound system of
internal control to safeguard shareholders
interest and the Companys assets
- Risk mgt must be systematic and embedded in
company procedures
- Risk management was defined in the report as
the process by which executive management,
under board supervision, identifies the risk
arising from business and establishes the
priorities for control and particular objectives
IC and COSO (Committee of sponsoring
Organisations)
- IC Applies to three aspects of the business:
a. Effectiveness and efficiency of operations
b. Reliability of financial reporting
c. Compliance with laws and regulations
- Elements of effective control system
recommended by COSO dealt in Ch 9
3. Internal Control Definitions
IC and Turnbull
The overriding requirement in the report was
that Dirs should:
a. Implement as sound system of IC and
b. That this system should be checked on
regular basis
Controls attempt to ensure that risks are
minimised
Internal control system comprises the whole
network of systems established in an
organisation to provide reasonable assurance
that organisational objectives are achieved
Internal management control are systems
implemented by management in a company
to ensure that the Cos objectives are achieved
4. Objectives of IC systems
To ensure as far as practicable:
- Orderly and efficient conduct, including
adherence to internal policies
- Safeguarding assets
- Prevention / detection of fraud & error
- Accuracy and completeness of records
- Timely preparation of financial information
Benefits of an IC system are therefore:
Effectiveness and efficiency of operations
Reliability of financial reporting
Compliance with applicable laws and
regulations
�11/7/2013
5. Sound control Systems
Limitations of IC systems:
- Poor managers
- Reasonable assurance all IC systems have risk
of error
- Can be bypassed by mgt collusion
- Only designed to cope with routine transactions
- Resource contraints
Risks are minimised but can never be eliminated
Roles
6. Roles in risk management and IC
Responsibility not simply an executive mgt
role
All employees have some responsibility
Role starts from CEO that sets the tone at the
top for IC compliance to the external auditor
who reports on effectiveness of the system
7. Review effectiveness of internal
control
Review the normal responsibility of
management
Review itself is delegated to Audit C/ee
Board must provide the info on the IC system
and review the annual accounts at least
annually
COSO identifies 5 main elements of a control
system which the review should take place
The 5 elements of IC
Control environment
The tone at the top, the approach to internal
control set by the management
Includes commitment of Board to establish and
maintain a control system
Risk assessment
Determining the risk associated with each
objective of the Co and then how each risk
should be managed
�11/7/2013
Control activities
The policies and procedures in place to ensure
that instructions of management are carried out
Information and communication
Gathering the correct information and
communicating it to the correct people
Monitoring
Checking the IC system to ensure that it is
working
Segregation of duties
Physical
Authorization and approval
Management
Supervision
Organization
Arithmetic and accounting
Personnel
8. Information flows for management
To enable management to identify & manage
risks & monitor internal controls within an
organisation
Must be effective channels of communication
to allow the free flow of information
Information should be:
- Timely
- Relevant to the tasks and duties
- Provided regularly so that performance be
monitored (e.g. in achieving efficiency,
effectiveness, achieving targets, economy and
quality)
- Must be internal and external
- Info varies according to management level
(see below)
Information is provided through different
information systems
Levels of management
Strategic
Tactical
Operational
Information requirements of managers will vary
according to their level of management.
�11/7/2013
Strategic
- Monitoring and controlling the organisation as
a whole. Make decisions such as whether to
invest in a new market, opening new shops etc
Tactical
- Implement decisions of strategic managers
- Ensure different departments operating
correctly
Operational
- Controlling day to day operations
- Report queries or problems back to tactical
management
2. Two key activities of management:
a. Planning
- Setting the strategic direction of the Co risk
high as determine what Co does in a risky
external environment
b. Control
- Monitoring Cos activities (IC check that
those activities are being carried out
correctly)
- Control strategy set by strategic management
but implementation and monitoring is a more
junior activity
9. Information characteristics and
quality
Info must be of certain standard to be useful
Characteristics change depending on
management level using that information
Characteristics:
- Accurate
- Complete
- Cost-beneficial
- User targeted
- Relevant
- Authoritative
- Timely
- Easy to use
�11/7/2013
Management levels
The characteristics of that information will
change depending on the management level
using that information and the activity which
is needed (see diagram below)
Characteristic
Strategic
Operational
Time period
Forecast
Historical
Timeliness
Delayed
Immediately available
Objectivity
Subjective
Objective
Quantifiability
Qualitative
Quantitative
Accuracy
Approximate
Uncertain
Certainty
Uncertain
Certain
Completeness
Partial
Complete
Breadth
Broad
Specific
Detail
Little detail
Highly detailed
Case study ILT (pg. 462)
