4

Management control systems in corporate governance

Objectives/learning outcomes

Define and explain internal management control [2] Explain and explore the importance of internal control and risk management in CG [3] Describe objectives of ICS [2] Identify, explain and evaluate the CG and executive management roles in risk management [3] Identify and assess the importance of the components of ICS Explore and evaluate the effectiveness of ICS [3] Describe and assess the need to report on ICS to shareholders [3]
2

Internal management control

Control means:

Ensuring what the organisation intends to happen happens Happens in the way it's supposed to happen Happens when it's supposed to happen.

Internal control magt action to manage risks & ensure objectives are met
3

Internal control system definition

Control Environmen t
Magt style, attitudes to ICs Corporate culture and values of employees

Comprises
Control Procedures

Necessary for ICs Policies & procedures to achieve objectives

Objectives of internal control systems

Safeguard assets

Achievement of objectives
Reliable financial & magt reports

Objectives
Risk management

Compliance with laws & regulations

5

ICS and risk management

ICS should be designed to counter the risks Factors to consider in setting up an ICS:

The nature and extent of risks facing the company Acceptable and unacceptable risks The likelihood of the risks concerned materialising Companys ability to reduce the incidence and impact on the business of risks that do materialise The costs and benefits of operating particular controls
6

Key features of a sound system of internal controls - Turnbull

Quick response to environmental change
Embedded in operations & systems

Characteristics
Immediate reporting of weaknesses
7

Components of an internal control system COSO model

Information & communication e.g. of risks, weaknesses

Control policies & procedures specific actions (ACCAMAPS)

Elements

Risk assessment controllable & uncontrollable risks

Monitoring of controls e.g. by internal audit

Control environment
8

Control procedures (ACCAMAPS)

Authorisation (e.g. of purchases and stock issues) Computer controls (e.g. passwords, range checks) Comparison controls (e.g. stock records with actual stocks) Accounting recons (e.g. bank & supplier recon) Maintain TB and control accounts (e.g. debtors control) Accuracy or arithmetic controls (e.g. re-computation) Physical controls (e.g. limiting access to computers) Segregation of duties (between ordering, custody of stock and authorising payments)
9

Executive magt role in ICS

Responsibility Board Snr executive magt Business unit heads Role Ensure adequacy & effectiveness of ICS Set IC policy; monitor ICS Establish specific IC policies & procedures

Employees

Operate & adhere to ICs

ICS are everyones business

10

Limitations/weaknesses of internal control systems

Human error Magt overriding controls Collusion to circumvent controls Failure to deal with new & un-usual situations Internal control systems can only provide reasonable (not absolute) assurance
11

Reporting on internal controls to shareholders

Board should review effectiveness of internal controls & report to shareholders Benefits of reporting:

Increased shareholder satisfaction Audit committee forced to consider their work seriously Company open to additional scrutiny 12 Fulfills CG requirements

Conclusion ICS

Main points

Importance of control environment to ICS effectiveness ICS should be sound Effective ICS reduces risk, improves CG ICS is not fool proof, has weaknesses ICS are everyones business

13

Internal audit (IA) in corporate governance

14

Objectives/learning outcomes

Describe the function and importance of internal audit [1] Explain, and discuss the importance of, auditor independence in all client audit situations (including internal audit) [3] Explain, and assess the nature and sources of risks, to auditor independence [3]. Explain and evaluate the importance of compliance and the role of the internal audit committee in internal control [3] Explain and explore the importance and characteristics of, the audit committees relationship with external auditors [2] Describe and analyse the work of the internal audit committee in overseeing the internal audit function [2]
15

Internal audit - definition

Independent appraisal activity within an entity as a service to it Control over other controls Improves CG by strengthening internal control
16

Types of audits

Transaction audits audit of individual transactions Systems audits audit of internal controls within a system e.g.:

Design of internal controls Operation of internal controls

Risk-based audits concentrates audit effort (staff & time) on risky areas of business
17

Internal auditing a range of areas

Audit of accounting systems Operational audits adequacy & effectiveness Value for money audits on 3 Es

Management audits on magt and org structure

Social & environmental audits
18

Organisational structure of internal audit

Separate dept in large entities Responsibility of specific individuals in smaller entities May be outsourced to accounting firms

Head IA

Manager IT audits

Manager Financial audits

Manager Forensic audits

19

Need for IA function

Contingent factors that determine the need for an internal audit function include: Complexity of operations Size of organisation Internal control systems problems Cost-benefit issues Unexplained or unacceptable events Changes in structures, processes, and systems
20

Functions/roles of IA

Reviewing accounting & internal control systems Risk identification Carry out value for money audits (VFM) Reviewing compliance with laws Carry out special investigations e.g. into suspected frauds Examine financial & operating 21 information

Threats to independence of IA
Self interest

Advocacy

Threats

Self review

Intimidation

Familiarity

22

Sources of threats to independence of IA

Conflicts of interest resulting in lack of impartiality and bias (self interest) Reporting to executive management (intimidation) Interference in determining the scope of their work, performing the audit, and communicating results (intimidation, familiarity) Assessing specific operations for which they may have responsibility (self review/interest)
23

Factors to consider in measuring or improving effectiveness of IA Dept

Professional proficiency Scope of work Performance of work (planning, supervision, review) Independence Authority Effective Management of dept

24

Internal v External Audit

INTERNAL Appointed by & reports to Responsible for Required by Appointed by directors Internal controls mainly Companies articles EXTERNAL Shareholders, via AGM Both internal and external factors Statute Unlimited, determined by auditor
25

Scope of work Limited to Directors/ magtment instruction

Internal audit reporting

IA report has no prescribed format Contents may include:

Objectives of audit work Summary of process undertaken Audit opinion Recommendations (should be practical, cost-effective & reduce risk to tolerable level)
26

Internal Audit Committee

Sub-committee of board of directors
To comprise at least 3 NEDs, one with financial knowledge Must have written terms of reference

Must be provided with sufficient resources

27

The Role of Audit Committee

Review financial & management reports & systems Liaise with external auditors Review of internal audit Review of internal control Review of risk management Review results of one-off investigations
28

Audit committee & internal audit

Review annual work plan Monitor & assess effectiveness Role in overseeing IA function Ensure accountable to audit committee Appoint/dismiss IA head Check efficiency of IA e.g. plan Vs actual costs

Help preserve independence

Ensure recommendations are actioned

29

Audit committee & external auditors

Recommend appointment Help preserve independence Role in overseeing external auditors Agree contract terms & perks

Review scope of audit work

Assess possible other services

Carry out post completion review (errors, adjustments)

30

Audit committee & internal control

Review internal financial controls
Review auditors reports on ICs Role in IC delegated by board Review magt reports on ICs
31

Review risk magt systems

Review statement on ICs

Conclusion internal audit

Main points

Role of internal audit Enhancing effectiveness of IA Importance of auditor independence Threats to auditor independence Role of audit committee in IA Role of audit committee in ICS Role of audit committee in external audit
32