cima's official - gbv · 2008-11-26 · contents the cima learning system xv acknowledgements...

cimA

CIMA'S OfficialLearning System

Strategic Level

Paul M. CollierSam Agyei-Ampomah

ELSEVIERAMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORDPARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO

Contents

The CIMA Learning System xvAcknowledgements xvHow to use the CIMA Learning System xvGuide to the Icons used within this Text xviStudy technique xviiManagement Accounting - Risk and Control Strategy Syllabus xx

1 Introduction to Risk and Control 1Learning Outcomes 3

1.1 Introduction 31.2 The emergence of risk, governance and control 31.3 What is corporate governance?, 41.4 What is risk management? 51.5 What is internal control? 61.6 What is audit? .61.7 A model of governance, risk and control 71.8 Fraud, information systems and financial risk 71.9 Summary 7

2 Management Control Theory 9Learning Outcomes 11

2.1 Introduction 112.2 Organisation theory 112.3 Systems theory 112.4 Environmental change 122.5 Open and closed systems 122.6 Organisational control 13

2.6.1 Target-setting 132.6.2 Operations 132.6.3 Control 14

2.7 Corrective action 142.7.1 Feedback 142.7.2 Feedforward 152.7.3 Standards for control 15

2.8 Management control 152.8.1 Anthony's theory of control 162.8.2 Otley and Berry's model of control 172.8.3 Simon's strategy, control and learning 18

2.9 The example of low cost airlines 19

in

iv MANAGEMENT ACCOUNTING - RISK AND CONTROL STRATEGY

h2 2.10 Organisational structure 19^ 2.10.1 Functional structure 20Q 2.10.2 Divisionalised structure 20u 2.10.3 Matrix structures 21

2.10.4 Network structures 212.11 Responsibility centres 21

2.11.1 Divisional performance management 222.11.2 Controllability 22

2.12 Shareholder value and value-based management 222.13 Alternative perspectives on management control 23

2.13.1 The economic-rational perspective 242.13.2 Natural and non-rational perspectives 242.13.3 The interpretive perspective and socially constructed reality 252.13.4 Radical or critical perspective 252.13.5 Pluralist approaches to alternative perspectives 26

2.14 Alternative perspectives applied to CIMA students 262.15 Summary 27

Revision Questions 31

Solutions to Revision Questions 35

3 Accounting Control and BehaviouralConsequences

3.13.2

3.3

3.4

3.5

3.6

Learning OutcomesIntroductionAccounting controls3.2.1 Standard costing3.2.2 Capital investment appraisal3.2.3 Overhead allocation3.2.4 Transfer pricing3.2.5 Budgeting3.2.6 Beyond Budgeting3.2.7 Budgetary control and variance analysisNew manufacturing methods and the managementaccounting response3.3.1 Just in Time3.3.2 Total Quality Management3.3.3 Cost of qualityEmerging management accounting techniques3.4.1 Strategic management accounting3.4.2 Life cycle costing3.4.3 Target costing3.4.4 KaizenLean management accounting3.5.1 The impact of changes in business practices on

accounting controlsNon-financial performance measurement

3941414242424344454647

48484949505051515252

5354

MANAGEMENT ACCOUNTING - RISK AND CONTROL STRATEGY

3.7 Consequences of accounting control and dysfunctional behaviour 553.7.1 Dysfunctional consequences of budgeting 563.7.2 Dysfunctional consequences of non-financial

performance measures 573.8 The example of TNA 573.9 Summary 59



Corporate Governance and the Audit Committee 71Learning Outcomes 73

4.1 Introduction 734.2 Models of corporate governance 734.3 Governance, risk management and internal control 7'44.4 Historical perspective 744.5 Corporate governance developments in the UK 75

4.5.1 Review of the Combined Code 764.6 International developments 77

4.6.1 The United States 774.6.2 South Africa 784.6.3 Other international developments 784.6.4 Basel Committee 79

4.7 Corporate governance 794.8 Principles of corporate governance 80

4.8.1 Directors 804.8.2 Remuneration 814.8.3 Accountability and audit 814.8.4 Relations with shareholders 814.8.5 Institutional shareholders 814.8.6 Disclosure 81

4.9 Board effectiveness 824.9.1 Roles of Chairman and Chief Executive 834.9.2 Non-executive directors 834.9.3 Remuneration committee 844.9.4 Nomination committee 84

4.10 Audit committees and the Combined Code 854.11 Smith Guidance 864.12 Review of Turnbull Guidance 874.13 Role of audit committee 87

4.13.1 Audit committees and internal control 884.13.2 Audit committees and the external auditor 89

4.14 Reviewing the effectiveness of internal control 904.14.1 Board responsibility 904.14.2 Board annual assessment 914.14.3 Checklist for Audit Committee's Assessment of

Internal Control 92

nOz

vi MANAGEMENT ACCOUNTING - RISK AND CONTROL STRATEGY

h2 4.15 Benefits of good corporate governance 93j±! 4.16 Enterprise governance 93O 4.17 Summary 94



5 Risk and Risk Management 105Learning Outcomes 107

5.1 Introduction 1075.2 Risk 1075.3 Types of risk 108

5.3.1 Business or operational risk 1095.3.2 Financial risk . 1095.3.3 Environmental risk 1095.3.4 Reputation risk 109

5.4 International risk 1105.4.1 Economic risk 1105.4.2 Political risk , 110

5.5 Threat, uncertainty and opportunity 1115.5.1 Risk as hazard or threat 1115.5.2 Risk as uncertainty 1115.5.3 Risk as opportunity 1115.5.4 Risk:.from threat to opportunity 111

5.6 Drivers of value and risk 1125.7 A wider view of risk 113

5.7.1 Managers and risk 1145.7.2 Risk and organisational culture 1145.7.3 Risk and national culture 1155.7.4 Risk and society 115

5.8 Implications for risk management 1165.8.1 Risk appetite 1175.8.2 Risk culture 1175.8.3 Risk thermostat 117

5.9 Risk management • 1185.9.1 Enterprise risk management 1195.9.2 Risk management and shareholder value 1205.9.3 Risk management in the public sector 121

5.10 Benefits of risk management 1215.11 Risk management strategy 122

5.11.1 Risk management roles and responsibilities 1225.11.2 Risk management cycle 122

5.12 Risk management process 1235.13 An approach to managing risk 1245.14 Risk assessment 124

5.14.1 Risk identification 1255.14.2 Methods of identifying risk 1255.14.3 Risk description 125

MANAGEMENT ACCOUNTING - RISK AND CONTROL STRATEGY vi i

5.14.4 Risk estimation5.14.5 Methods of estimating risk5.14.6 Critique of methods5.14.7 Risk mapping: the likelihood/consequences matrix5.14.8 The Risk Register5.14.9 Risk evaluation

5.15 Risk reporting5.16 Risk treatment (or risk response)

5.16.1 Risk mapping and risk response5.16.2 Portfolio5.16.3 Insurance5.16.4 Derivatives and hedging5.16.5 Disclosure

5.17 Residual risk reporting5.18 Summary

Appendix A: The case of Northen Rock — a failureof risk management

Appendix B: How risks are reported in annual reports: Threeinternational examples

Revision Questions

Solutions to Revision Questions

Internal ControlLearning Outcomes

6.1 Introduction6.2 Internal control6.3 Internal control system6.4 COSO model of internal control6.5 Internal control and the Combined Code

6.5.1 Internal control and Sarbanes-Oxley6.6 Role of the board in relation to internal control6.7 Classification of controls

6.7.1 Financial controls6.7.2 Non-financial quantitative controls6.7.3 Non-financial qualitative controls

6.8 The changing role of management accountants6.9 Accounting controls

6.9.1 Cash6.9.2 Debtors6.9.3 Inventory6.9.4 Investments and intangibles6.9.5 Fixed assets6.9.6 Creditors6.9.7 Loans6.9.8 Income and expenses6.9.9 Payroll controls6.9.10 Personnel-related expenses

125125128128130131131131132134134134135135136

139

141

145

151

161163163163164165166167167169170170171173175175175176176176177177177177178

nOm

z

vi i i MANAGEMENT ACCOUNTING - RISK AND CONTROL STRATEGY

178178179

181

183

187189189189190192194195195196196198199199199200201201201

, 202204204205205206206207207208208209209210211213217

221


£ 6.10H 6.11§ 6.12u

Limitations of internal controlCost-benefit of internal controlSummary

Revision QuestionsSolutions to Revision Questions

7 Internal Audit and the Auditing Process

7.17.27.37.47.57.67.77.87.97.107.117.12

7.137.147.157.16

7.177.187.197.207.217.22

7.237.247.257.26

Learning OutcomesIntroductionAuditTypes of auditInternal auditingNeed for internal auditScope of internal auditHead of internal auditSystems-based auditingRisk-based internal auditingInternal audit and enterprise-wide risk managementDifferent types of risk in auditingRisk assessment in auditing7.12.1 Intuitive or judgemental risk assessment7.12.2 Risk assessment matrix7.12.3 Risk rankingRisk management in auditingAudit planningAudit testing and statistical samplingAnalytic review7.16.1 Ratio analysis7.16.2 BenchmarkingOther methods of internal auditInternal control questionnairesEvaluation of audit findingsAudit working papersInternal audit reportingProfessional ethics7.22.1 Fundamental principles7.22.2 Conceptual frameworkResolution of ethical conflictsCase study: Ethics and CIMAThe effectiveness of internal auditSummaryAppendix: Risk, control and internal audit: A case study of ABC

Revision Questions

MANAGEMENT ACCOUNTING - RISK AND CONTROL STRATEGY ix

8 Information Systems and Systems Development 227 8Learning Outcomes 229 p̂j

8.1 Introduction 229 58.2 Information and information systems 2298.3 Information strategies 230

8.3.1 Information systems strategy 2308.3.2 Information technology strategy 2308.3.3 Information management strategy 2308.3.4 Linking information strategies 230

8.4 Cost-benefit of information 2318.5 Methods of data collection 2318.6 Methods of presenting management information 232

8.6.1 Periodic reports 2328.6.2 Briefing book 233

8.7 Types of IS 2338.7.1 Transaction processing systems 2338.7.2 Management information systems 2338.7.3 Enterprise resource planning system 2348.7.4 Strategic enterprise management 2348.7.5 Decision support systems 2348.7.6 Executive information systems 2348.7.7 Expert systems 235

8.8 Information and the web 2358.8.1 Internet, 2358.8.2 Intranets and extranets 2358.8.3 E-commerce 236

8.9 IS outsourcing and facilities management 2368.9.1 IT and shared services centres 237

8.10 IS development • 2378.11 Systems design and approval 2388.12 Systems development controls 2388.13 Systems development auditing 2408.14 Systems implementation 2418.15 Post-implementation review 2418.16 IT structure and support services 2418.17 Information Technology Infrastructure Library 2428.18 Summary 243

Revision Questions 245Solutions to Revision Questions 247

9 Information Systems Control and Auditing 253Learning Outcomes 255

9.1 Introduction 2559.2 Information security 2559.3 Internal controls in an IT environment 256

9.3.1 CobiT 2569.3.2 SAC and eSAC 258

x MANAGEMENT ACCOUNTING - RISK AND CONTROL STRATEGY

£ 9.3.3 Comparing the models 258\±d 9.3.4 IT control objectives 259O 9.4 Control strategies and classifications 260u 9.5 General controls 260

9.5.1 Personnel controls 2609.5.2 Logical access controls 2619.5.3 Facility controls 2619.5.4 Business continuity 261

9.6 Application controls 2629.6.1 Input controls 2629.6.2 Processing controls 2639.6.3 Output controls 263

9.7 Software control and software piracy 2639.8 Network controls 264

9.8.1 Firewalls 2659.8.2 Data encryption 2659.8.3 Authorisation 2659.8.4 Virus protection 2659.8.5 Prevention and detection of hacking 266

9.9 Auditing in an information systems environment 2679.10 Auditing computer systems 2679.11 Computer assisted audit techniques 2689.12 Techniques used to review system controls 268

9.12.1 Test data 2689.12.2 Embedded audit facilities 268

9.13 Techniques used to review actual data 2699.13.1 Audit interrogation software 2699.13.2 Resident audit software 2699.13.3 Integrated audit monitors 2699.13.4 Simulation 269

9.14 Control self-assessment 2699.15 Auditing system's maintenance 2709.16 Summary 270



10 Fraud 277Learning Outcomes 279

10.1 Introduction 27910.2 Fraud 27910.3 The opportunity for fraud 28010.4 Indicators of fraud risk 28110.5 Fraud risk management strategy 28210.6 Fraud prevention 283

10.6.1 Anti-fraud culture 28310.6.2 Risk awareness 284

MANAGEMENT ACCOUNTING - RISK AND CONTROL STRATEGY x i

Q10.6.3 Whistle blowing 284 Q10.6.4 Sound internal control systems 284

10.7 Identifying fraud 28410.8 Responding to fraud 28510.9 Fraud using computer systems 28510.10 Management fraud 28610.11 Other types of fraud 28710.12 Summary 287



11 Introduction to Risk Management andDerivatives 293

Learning Outcomes 29511.1 Introduction 295

. 11.2 Recent developments in financial markets 29511.3 The treasury function 296

11.3.1 Cost centre or profit centre 29711.4 Overview of financial risk management 300

11.4.1 Why do companies manage financial risk? 30011.4.2 The financial risk management process 301

11.5 Introduction to derivatives 30711.5.1 Forward contracts 30711.5.2 Futures contracts 30911.5.3 Swaps 30911.5.4 Options 31011.5.5 Uses of derivatives 31311.5.6 Derivatives and financial reporting 314

11.6 Summary 314


12 Interest Rate Management 317Learning Outcomes 319

12.1 Introduction 31912.2 Sources of interest-rate risk 31912.3 Fixed versus floating interest rates 32112.4 Internal hedging techniques 32112.5 Derivatives (external) hedging techniques 322

12.5.1 Interest-rate swaps 32212.5.2 Forward-rate agreements 32512.5.3 Interest-rate futures 32612.5.4 Interest-rate options 32912.5.5 Swaptions 33112.5.6 Selecting a hedging method 331

x i i MANAGEMENT ACCOUNTING - RISK AND CONTROL STRATEGY

12.6 Summary 334

335

339

345347347347348350353354358359360360361361362362363364365366366

367

371

377379379379380380380382382383383383385388390391395396

zLUh -

ou


13 Foreign Exchange: Relationships and Risks

13.113.2

13.3

13.4

13.5

13.6

Learning OutcomesIntroductionThe foreign exchange market13.2.1 Exchange rates13.2.2 The meaning of spot and forward ratesTheoretical foreign exchange relationships13.3.1 Interest-rate parity13.3.2 Purchasing power parity13.3.3 The Fisher effect13.3.4 The international Fisher effect13.3.5 Expectations theory13.3.6 Implications of these theoriesForeign exchange risk exposure13.4.1 Transaction risk13.4.2 Economic risk13.4.3 Translation risk13.4.4 Attitudes to riskPolitical risk13.5.1 Managing political riskSummary


14 Foreign Exchange Risk Management

14.114.214.3

14.4

14.514.614.7

Learning OutcomesIntroductionHedging exchange-rate riskInternal hedging techniques14.3.1 Invoicing in the home currency14.3.2 Bilateral and multilateral netting14.3.3 Leading and lagging14.3.4 Matching14.3.5 RestructuringExternal hedging techniques14.4.1 Forward markets14.4.2 Money market hedge14.4.3 Futures14.4.4 OptionsSelecting a hedging methodCurrency swapsCross-currency hedging

MANAGEMENT ACCOUNTING - RISK AND CONTROL STRATEGY x i i i

14.8 Summary 396 g

Revision Questions 397 ?

Solutions to Revision Questions 405 Zn

Guidance on Examination Preparation 421Revision Questions 429


November 2007 Examinations 485

Index 519

cima's official - gbv · 2008-11-26 · contents the cima learning system xv acknowledgements...

Documents