1、Chapter 4,Internal control systems,Chapter Guide,Define and explain internal management control Explain and explore the importance of internal control and risk management in corporate governance Describe the objectives of internal control systems Identify and assess the importance of elements or com

2、ponents of internal control systems Define and explain risk in the context of corporate governance Describe and evaluate a framework for board level consideration of risk,Slide 164,Slide 165,Exam Context,This topic was examined in the compulsory section of the Dec 2007 exam. Candidates had to write

3、a letter from the company chairman explaining the importance of internal controls. This was to reassure investors after a major control failure. Good answers described the objectives of internal controls from the Turnbull report or from COSO.,Slide 166,Overview,Slide 167,Internal control definition,

4、Internal control is a process effected by an entitys board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives.,Slide 168,Plan, target, standard, objective,What the system is designed to achieve, eg budgeted revenues. Objecti

5、ves for the process being controlled must exist, for without an aim or purpose control has no meaning. Objectives and targets are set in response to environmental pressures such as customer demand,Slide 169,Source of internal control,The two main sources of guidance on internal controls COSO (The Co

6、mmittee of Sponsoring Organisations of the Treadway Commission) Turnbull (The Turnbull Report),Slide 170,Internal control system,Turnbull: Response to significant risks Achievement of strategic objectives Better quality financial reporting Safeguard assets Legal and regulatory compliance,Examined 12

7、/07,Slide 171,Characteristics of internal control system,The system of internal control should: 1. Be embeded in the operations of the company and form part of its culture 2. Be capable of responding quickly to envolving risks within the business 3. Include procedures for reporting immediately to ma

8、nagement significant control failings and weaknesses together with control action being taken.,Slide 172,Lecture example 1,Appendix B (Course Notes) gives some background information about high street retailer Marks and Spencer (M management of risk and opportunities; policies; plans and performance

9、 measures. The corporate purpose should drive control activities and ensure controls achieve objectives.,Slide 184,COCO - commitment,The framework stresses the importance of managers and staff making an active commitment to identify themselves with the organisation and its values, including ethical

10、values, authority, responsibility and trust.,Slide 185,COCO - capability,Managers and staff must be equipped with the resources and competence necessary to operate the control systems effectively. This includes not just knowledge and resources but also communication processes and co-ordination.,Slid

11、e 186,COCO - action,If employees are sure of the purpose, are committed to do their best for the organisation and have the ability to deal with problems and opportunities then the actions they take are more likely to be successful.,Slide 187,COCO monitoring and learning,Monitoring external environme

12、nts Monitoring performance Reappraising information systems Challenging assumptions Reassessing the effectiveness of internal controls,Slide 188,Limitation of internal controls,The costs of control not outweighing their benefits The potential for human error or fraud Collusion between employees The

13、possibility of controls being by-passed or overridden by management Routine and non-routine transactions Method of data processing,Slide 189,Elements of COSO,Slide 190,Elements of Turnbull,Slide 191,Characteristics of ERM,Linked to operational processes Matches risk with responsibility and authority

14、 Strategic planning tool Applicable at all levels Manages risk within appetite Provides assurance Focuses on achieving objectives,Slide 192,Enterprise risk management,Slide 193,Benefits of ERM,Aligns risk and strategy Links growth to risk and return Best response to risk or risks Reduces nasty surpr

15、ises Risk managed across the organisation Grasp good opportunities Better resource allocation,Slide 194,CIMAs risk management cycle,Slide 195,Cybernetic control system,Six key stages Identification of system objectives Setting targets for system objectives Measuring achievements/outputs of the syste

16、m Comparing achievements with targets Identifying what corrective action might be necessary Implementing corrective action,Slide 196,Importance of control system,Flexibility and ease of achievement of targets Relative importance of numerical and subjective performance measures Relative importance of

17、 short and long-term measures Consistency of measures used across organisation Whether management actively intervenes or intervenes by exception How automatic control mechanisms are Extent of participation below top management Extent of reliance on social relationships,Slide 197,Control environment,

18、Definition The control environment is the overall attitude, awareness and actions of directors and management regarding internal controls and their entity. The control environment encompasses the management style, and corporate culture and values shared by all employees. It provides the background a

19、gainst which the various other controls are operated,Slide 198,Control environment reflects following factors,The philosophy and operating style of the directors and management The entitys organisational structure and methods The dircetors methods of imposing control The integrity, ethical values an

20、d competence of directors and staff,Slide 199,Elements of a strong control environment,Clear strategies Culture, code of conduct, human resource policies and performance reward systems Competence, integrity and fostering a climate of trust Clear definition of authority, responsibility and accountabi

21、lity Communication Knowledge, skills and tools,Slide 200,Classification of control procedurs,Based on the idea of a pyramid of control Corporate controls Management controls Business process controls Transaction controls,Slide 201,Classification of control procedurs,Administrative control Establishi

22、ng a suitable organisation structure The division of managerial authority Reporting responsibilities Channels of communication,Accounting control The recording of transactions Establishing responsibilities for records, transactions and assets,Slide 202,Classification of control procedurs,Prevent con

23、trols Detect controls Correct controls,Slide 203,Classification of control procedurs,Discretionary controls: subject to human discretion Non-discretionary controls: provide automatically by the system and cannot be bypassed, ignored or overridden.,Slide 204,Types of procedurs,Approval and control of

24、 documents Computerised applications Checking the arithmetical accuracy Maintaining and reviewing control accounts and trial balances Reconciliations Comparing Comparing internal data with external sources Limiting direct physical access to assets and records,Slide 205,Types of procedurs,Segregation

25、 of duties Authorisation and approval Management Supervision Organisation Arithmetical and accounting Personnel,Slide 206,Benefits of internal controls,The benefits of internal control, even well-dirceted ones, are not limitless. Controls can provide reasonable, not absolute, assurance that the organisation is progressing towards