internal control & review
DESCRIPTION
Internal auditTRANSCRIPT
1
Management control systems in corporate governance
4
2
Objectives/learning outcomes
Define and explain internal management control [2] Explain and explore the importance of internal
control and risk management in CG [3] Describe objectives of ICS [2] Identify, explain and evaluate the CG and executive
management roles in risk management [3] Identify and assess the importance of the
components of ICS Explore and evaluate the effectiveness of ICS [3] Describe and assess the need to report on ICS to
shareholders [3]
3
Internal management control
Control means: Ensuring what the organisation intends to
happen happens Happens in the way it's supposed to happen Happens when it's supposed to happen.
Internal control – magt action to manage risks & ensure objectives are met
4
Internal control system - definition
Comprises
Control Environmen
t
Control Procedures
Magt style, attitudes to ICs
Necessary for ICs
Policies & procedures to achieve objectives
Corporate culture and values of employees
5
Objectives of internal control systems
Objectives
Achievement of objectives
Safeguard assets
Compliance with laws & regulations
Reliable financial & magt reports
Risk management
6
ICS and risk management ICS should be designed to counter the risks Factors to consider in setting up an ICS:
The nature and extent of risks facing the company Acceptable and unacceptable risks The likelihood of the risks concerned materialising Company’s ability to reduce the incidence and
impact on the business of risks that do materialise The costs and benefits of operating particular
controls
7
Key features of a ‘sound’ system of internal controls - Turnbull
Characteristics
Quick response to environmental change
Immediate reporting of weaknesses
Embedded in operations & systems
8
Components of an internal control system – COSO model
Elements
Information & communication e.g. of risks, weaknesses
Control policies & procedures – specific actions (ACCAMAPS)
Control environment
Risk assessment – controllable & uncontrollable risks
Monitoring of controls – e.g. by internal audit
9
Control procedures (ACCAMAPS)
Authorisation (e.g. of purchases and stock issues) Computer controls (e.g. passwords, range checks) Comparison controls (e.g. stock records with actual
stocks) Accounting recons (e.g. bank & supplier recon) Maintain TB and control accounts (e.g. debtors’
control) Accuracy or arithmetic controls (e.g. re-
computation) Physical controls (e.g. limiting access to computers) Segregation of duties (between ordering, custody of
stock and authorising payments)
10
Executive magt role in ICS
Responsibility
Board
Snr executive magt
Business unit heads
Employees
Role
Ensure adequacy & effectiveness of ICS
Set IC policy; monitor ICS
Establish specific IC policies & procedures
Operate & adhere to ICs
ICS are everyone’s business
11
Limitations/weaknesses of internal control systems
Human error Magt overriding controls Collusion to circumvent controls Failure to deal with new & un-usual
situations Internal control systems can only
provide reasonable (not absolute) assurance
12
Reporting on internal controls to shareholders
Board should review effectiveness of internal controls & report to shareholders
Benefits of reporting: Increased shareholder satisfaction Audit committee forced to consider their
work seriously Company open to additional scrutiny Fulfills CG requirements
13
Conclusion – ICS
Main points Importance of control environment to
ICS effectiveness ICS should be ‘sound’ Effective ICS reduces risk, improves
CG ICS is not ‘fool proof’, has weaknesses ICS are everyone’s business
14
Internal audit (IA) in corporate governance
5
15
Objectives/learning outcomes
Describe the function and importance of internal audit [1] Explain, and discuss the importance of, auditor
independence in all client audit situations (including internal audit) [3]
Explain, and assess the nature and sources of risks, to auditor independence [3].
Explain and evaluate the importance of compliance and the role of the internal audit committee in internal control [3]
Explain and explore the importance and characteristics of, the audit committee’s relationship with external auditors [2]
Describe and analyse the work of the internal audit committee in overseeing the internal audit function [2]
16
Internal audit - definition
Independent appraisal activity within an entity as a service to it
Control over other controls Improves CG by strengthening
internal control
17
Types of audits
Transaction audits – audit of individual transactions
Systems audits – audit of internal controls within a system e.g.: Design of internal controls Operation of internal controls
Risk-based audits – concentrates audit effort (staff & time) on risky areas of business
18
• Audit of accounting systems
• Operational audits – adequacy & effectiveness
• Value for money audits – on 3 Es
• Management audits – on magt and org structure
• Social & environmental audits
Internal auditing – a range of areas
19
Organisational structure of internal audit
Separate dept in large entities
Responsibility of specific individuals in smaller entities
May be outsourced to accounting firms
Head IA
Manager IT auditsManager Financial
auditsManager Forensic
audits
20
Need for IA function Contingent factors that determine the
need for an internal audit function include: Complexity of operations Size of organisation Internal control systems problems Cost-benefit issues Unexplained or unacceptable events Changes in structures, processes, and
systems
21
Functions/roles of IA
Reviewing accounting & internal control systems
Risk identification Carry out value for money audits (VFM) Reviewing compliance with laws Carry out special investigations e.g. into
suspected frauds Examine financial & operating
information
22
Intimidation
Advocacy Self review
Familiarity
Threats
Self interest
Threats to independence of IA
23
Sources of threats to independence of IA Conflicts of interest resulting in lack of
impartiality and bias (self interest) Reporting to executive management
(intimidation) Interference in determining the scope of
their work, performing the audit, and communicating results (intimidation, familiarity)
Assessing specific operations for which they may have responsibility (self review/interest)
24
• Professional proficiency
• Scope of work
• Performance of work (planning, supervision, review)
• Independence
• Authority
• Effective Management of dept
Factors to consider in measuring or improving effectiveness of IA Dept
25
INTERNAL EXTERNAL
Appointed by & reports to
Appointed by directors
Shareholders, via AGM
Responsible for
Internal controls mainly
Both internal and external factors
Required by Companies articles
Statute
Scope of work
Limited to Directors/ magtment instruction
Unlimited, determined by auditor
Internal v External Audit
26
Internal audit reporting IA report has no prescribed
format Contents may include:
Objectives of audit work Summary of process undertaken Audit opinion Recommendations (should be
practical, cost-effective & reduce risk to tolerable level)
27
Internal Audit Committee
• Sub-committee of board of directors
• To comprise at least 3 NEDs, one with financial knowledge
• Must have written terms of reference
• Must be provided with sufficient resources
28
The Role of Audit Committee
Review financial & management reports & systems
Liaise with external auditors Review of internal audit Review of internal control Review of risk management Review results of one-off
investigations
29
Audit committee & internal audit
Ensure recommendations are actioned
Monitor & assess effectiveness
Appoint/dismiss IA head
Check efficiency of IA e.g. plan Vs actual costs
Role in overseeing IA function
Review annual work plan
Help preserve independence
Ensure accountable to audit committee
30
Audit committee & external auditors
Assess possible other services
Review scope of audit work
Carry out post completion review (errors, adjustments)
Role in overseeing external auditors
Recommend appointment
Help preserve independence
Agree contract terms & perks
31
Audit committee & internal control
Review auditors reports on ICs Review
statement on ICs
Review magt reports on ICs
Role in IC delegated by board
Review internal financial controls
Review risk magt systems
32
Conclusion – internal audit Main points
Role of internal audit Enhancing effectiveness of IA Importance of auditor independence Threats to auditor independence Role of audit committee in IA Role of audit committee in ICS Role of audit committee in external
audit