1

Management control systems in corporate governance

4

2

Objectives/learning outcomes

Define and explain internal management control [2] Explain and explore the importance of internal

control and risk management in CG [3] Describe objectives of ICS [2] Identify, explain and evaluate the CG and executive

management roles in risk management [3] Identify and assess the importance of the

components of ICS Explore and evaluate the effectiveness of ICS [3] Describe and assess the need to report on ICS to

shareholders [3]

3

Internal management control

Control means: Ensuring what the organisation intends to

happen happens Happens in the way it's supposed to happen Happens when it's supposed to happen.

Internal control – magt action to manage risks & ensure objectives are met

4

Internal control system - definition

Comprises

Control Environmen

t

Control Procedures

Magt style, attitudes to ICs

Necessary for ICs

Policies & procedures to achieve objectives

Corporate culture and values of employees

5

Objectives of internal control systems

Objectives

Achievement of objectives

Safeguard assets

Compliance with laws & regulations

Reliable financial & magt reports

Risk management

6

ICS and risk management ICS should be designed to counter the risks Factors to consider in setting up an ICS:

The nature and extent of risks facing the company Acceptable and unacceptable risks The likelihood of the risks concerned materialising Company’s ability to reduce the incidence and

impact on the business of risks that do materialise The costs and benefits of operating particular

controls

7

Key features of a ‘sound’ system of internal controls - Turnbull

Characteristics

Quick response to environmental change

Immediate reporting of weaknesses

Embedded in operations & systems

8

Components of an internal control system – COSO model

Elements

Information & communication e.g. of risks, weaknesses

Control policies & procedures – specific actions (ACCAMAPS)

Control environment

Risk assessment – controllable & uncontrollable risks

Monitoring of controls – e.g. by internal audit

9

Control procedures (ACCAMAPS)

Authorisation (e.g. of purchases and stock issues) Computer controls (e.g. passwords, range checks) Comparison controls (e.g. stock records with actual

stocks) Accounting recons (e.g. bank & supplier recon) Maintain TB and control accounts (e.g. debtors’

control) Accuracy or arithmetic controls (e.g. re-

computation) Physical controls (e.g. limiting access to computers) Segregation of duties (between ordering, custody of

stock and authorising payments)

10

Executive magt role in ICS

Responsibility

Board

Snr executive magt

Business unit heads

Employees

Role

Ensure adequacy & effectiveness of ICS

Set IC policy; monitor ICS

Establish specific IC policies & procedures

Operate & adhere to ICs

ICS are everyone’s business

11

Limitations/weaknesses of internal control systems

Human error Magt overriding controls Collusion to circumvent controls Failure to deal with new & un-usual

situations Internal control systems can only

provide reasonable (not absolute) assurance

12

Reporting on internal controls to shareholders

Board should review effectiveness of internal controls & report to shareholders

Benefits of reporting: Increased shareholder satisfaction Audit committee forced to consider their

work seriously Company open to additional scrutiny Fulfills CG requirements

13

Conclusion – ICS

Main points Importance of control environment to

ICS effectiveness ICS should be ‘sound’ Effective ICS reduces risk, improves

CG ICS is not ‘fool proof’, has weaknesses ICS are everyone’s business

14

Internal audit (IA) in corporate governance

5

15

Objectives/learning outcomes

Describe the function and importance of internal audit [1] Explain, and discuss the importance of, auditor

independence in all client audit situations (including internal audit) [3]

Explain, and assess the nature and sources of risks, to auditor independence [3].

Explain and evaluate the importance of compliance and the role of the internal audit committee in internal control [3]

Explain and explore the importance and characteristics of, the audit committee’s relationship with external auditors [2]

Describe and analyse the work of the internal audit committee in overseeing the internal audit function [2]

16

Internal audit - definition

Independent appraisal activity within an entity as a service to it

Control over other controls Improves CG by strengthening

internal control

17

Types of audits

Transaction audits – audit of individual transactions

Systems audits – audit of internal controls within a system e.g.: Design of internal controls Operation of internal controls

Risk-based audits – concentrates audit effort (staff & time) on risky areas of business

18

• Audit of accounting systems

• Operational audits – adequacy & effectiveness

• Value for money audits – on 3 Es

• Management audits – on magt and org structure

• Social & environmental audits

Internal auditing – a range of areas

19

Organisational structure of internal audit

Separate dept in large entities

Responsibility of specific individuals in smaller entities

May be outsourced to accounting firms

Head IA

Manager IT auditsManager Financial

auditsManager Forensic

audits

20

Need for IA function Contingent factors that determine the

need for an internal audit function include: Complexity of operations Size of organisation Internal control systems problems Cost-benefit issues Unexplained or unacceptable events Changes in structures, processes, and

systems

21

Functions/roles of IA

Reviewing accounting & internal control systems

Risk identification Carry out value for money audits (VFM) Reviewing compliance with laws Carry out special investigations e.g. into

suspected frauds Examine financial & operating

information

22

Intimidation

Advocacy Self review

Familiarity

Threats

Self interest

Threats to independence of IA

23

Sources of threats to independence of IA Conflicts of interest resulting in lack of

impartiality and bias (self interest) Reporting to executive management

(intimidation) Interference in determining the scope of

their work, performing the audit, and communicating results (intimidation, familiarity)

Assessing specific operations for which they may have responsibility (self review/interest)

24

• Professional proficiency

• Scope of work

• Performance of work (planning, supervision, review)

• Independence

• Authority

• Effective Management of dept

Factors to consider in measuring or improving effectiveness of IA Dept

25

INTERNAL EXTERNAL

Appointed by & reports to

Appointed by directors

Shareholders, via AGM

Responsible for

Internal controls mainly

Both internal and external factors

Required by Companies articles

Statute

Scope of work

Limited to Directors/ magtment instruction

Unlimited, determined by auditor

Internal v External Audit

26

Internal audit reporting IA report has no prescribed

format Contents may include:

Objectives of audit work Summary of process undertaken Audit opinion Recommendations (should be

practical, cost-effective & reduce risk to tolerable level)

27

Internal Audit Committee

• Sub-committee of board of directors

• To comprise at least 3 NEDs, one with financial knowledge

• Must have written terms of reference

• Must be provided with sufficient resources

28

The Role of Audit Committee

Review financial & management reports & systems

Liaise with external auditors Review of internal audit Review of internal control Review of risk management Review results of one-off

investigations

29

Audit committee & internal audit

Ensure recommendations are actioned

Monitor & assess effectiveness

Appoint/dismiss IA head

Check efficiency of IA e.g. plan Vs actual costs

Role in overseeing IA function

Review annual work plan

Help preserve independence

Ensure accountable to audit committee

30

Audit committee & external auditors

Assess possible other services

Review scope of audit work

Carry out post completion review (errors, adjustments)

Role in overseeing external auditors

Recommend appointment

Help preserve independence

Agree contract terms & perks

31

Audit committee & internal control

Review auditors reports on ICs Review

statement on ICs

Review magt reports on ICs

Role in IC delegated by board

Review internal financial controls

Review risk magt systems

32

Conclusion – internal audit Main points

Role of internal audit Enhancing effectiveness of IA Importance of auditor independence Threats to auditor independence Role of audit committee in IA Role of audit committee in ICS Role of audit committee in external

audit