P1 Chapters 4

Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Slide,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Slide,*,Chapter 4,Internal control systems,Chapter Guide,Define and explain internal management control,Explain and explore the importance of internal control and risk management in corporate governance,Describe the objectives of internal control systems,Identify and assess the importance of elements or components of internal control systems,Define and explain risk in the context of corporate governance,Describe and evaluate a framework for board level consideration of risk,Slide,164,Slide,165,Exam Context,This topic was examined in the compulsory section of the Dec 2007 exam. Candidates had to write a letter from the company chairman explaining the importance of internal controls. This was to reassure investors after a major control failure. Good answers described the objectives of internal controls from the Turnbull report or from COSO.,Slide,166,Overview,Internal control systems,Frameworks,Objectives,Elements,Slide,167,Internal control definition,Internal control is a process effected by an entitys board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives.,Slide,168,Plan, target, standard, objective,What the system is designed to achieve, eg budgeted revenues.,Objectives for the process being controlled must exist, for without an aim or purpose control has no meaning. Objectives and targets are set in response to environmental pressures such as customer demand,Slide,169,Source of internal control,The two main sources of guidance on internal controls,COSO,(The Committee of Sponsoring Organisations of the Treadway Commission),Turnbull,(The Turnbull Report),Slide,170,Internal control system,Turnbull:,Response to significant risks,Achievement of strategic objectives,Better quality financial reporting,Safeguard assets,Legal and regulatory compliance,Examined 12/07,Slide,171,Characteristics of internal control system,The system of internal control should:,1. Be embeded in the operations of the company and form part of its culture,2. Be capable of responding quickly to envolving risks within the business,3. Include procedures for reporting immediately to management significant control failings and weaknesses together with control action being taken.,Slide,172,Lecture example 1,Appendix B (Course Notes) gives some background information about high street retailer Marks and Spencer (M&S).,Required,Assess the importance of effective internal controls to different stakeholder groups for M&S.,Slide,173,COSO,COSO,has the support of the Securities and Exchange Commission (SEC) which is the body in charge of implementing and enforcing the Sarbanes Oxley (SOx) legislation in the USA. It is therefore most relevant to those companies following the SOx rules on internal controls,Slide,174,Turnbull,The UK,Turnbull,Report was commissioned in order to give guidance to companies following the principles of the UK,s Combined Code (CC06). Principle C2 of CC06 is that,“,The Board should maintain a sound system of internal control to safeguard shareholders,investment and the company,s assets,”,Slide,175,Internal control frame work,The internal control framework comprises the control environment and control procedures. It includes all the policies and procedures.,Slide,176,Control environment Vs. procedures,Control environment, the overall context of control, in particular the,culture,infrastructure,and,architecture,of control and attitude of directors and managers towards control,Control procedures, the detailed controls in place,Slide,177,Control frameworks,COSO,Strategic development,Compliance,Operations,Reporting,COCO,Resources and competences,Problems solving,Organisational values,Monitoring and learning,Slide,178,Objectives of COSO,The enterprise risk management framework is geared towards achieving an entity,s objectives.,Slide,179,Objectives of COSO - Strategic development,High level goals, aligned with and supporting its mission.,E,ffective and efficient use of its resources.,C,ompliance with applicable laws and regulations.,Slide,180,Objectives of Turnbull,A companys system of internal control has a key role in the management of risks that are significant to the fulfilment of its business objectives.,Slide,181,Objectives of Turnbull,Effectiveness and efficiency of operations.,Ensure the reliability of internal and external reporting.,Slide,182,Objectives of Turnbull,Assist compliance with laws and regulations.,Safeguard the shareholders investment and the companys assets.,Slide,183,COCO - purpose,The COCO framework stresses the need for all aspects of activities to be clearly directed with a sense of purpose. This includes overall objectives, mission and strategy; management of risk and opportunities; policies; plans and performance measures. The corporate purpose should drive control activities and ensure controls achieve objectives.,Slide,184,COCO - commitment,The framework stresses the importance of managers and staff making an active commitment to identify themselves with the organisation and its values, including ethical values, authority, responsibility and trust.,Slide,185,COCO - capability,Managers and staff must be equipped with the resources and competence necessary to operate the control systems effectively. This includes not just knowledge and resources but also communication processes and co-ordination.,Slide,186,COCO - action,If employees are sure of the purpose, are committed to do their best for the organisation and have the ability to deal with problems and opportunities then the actions they take are more likely to be successful.,Slide,187,COCO,monitoring and learning,Monitoring external environments,Monitoring performance,Reappraising information systems,Challenging assumptions,Reassessing the effectiveness of internal controls,Slide,188,Limitation of internal controls,The costs of control not outweighing their benefits,The potential for human error or fraud,Collusion between employees,The possibility of controls being by-passed or overridden by management,Routine and non-routine transactions,Method of data processing,Slide,189,Elements of COSO,COSO,Internal Environment,Objective Setting,Event Identification,Risk Assessment,Risk Response,Control Activities,Information and Communication,Monitoring,Slide,190,Elements of Turnbull,Turnbull,Control Environment,Control Activities,Information and communication processes,Processes for monitoring continuing effectiveness of the Internal Control System,Policies, processes, tasks, behaviours and other aspects,Slide,191,Characteristics of ERM,Linked to operational processes,Matches risk with responsibility and authority,Strategic planning tool,Applicable at all levels,Manages risk within appetite,Provides assurance,Focuses on achieving objectives,Slide,192,Enterprise risk management,Slide,193,Benefits of ERM,Aligns risk and strategy,Links growth to risk and return,Best response to risk or risks,Reduces nasty surprises,Risk managed across the organisation,Grasp good opportunities,Better resource allocation,Slide,194,CIMAs risk management cycle,Slide,195,Cybernetic control system,Six key stages,Identification of system objectives,Setting targets for system objectives,Measuring achievements/outputs of the system,Comparing achievements with targets,Identifying what corrective action might be necessary,Implementing corrective action,Slide,196,Importance of control system,Flexibility and ease of achievement of targets,Relative importance of numerical and subjective performance measures,Relative importance of short and long-term measures,Consistency of measures used across organisation,Whether management actively intervenes or intervenes by exception,How automatic control mechanisms are,Extent of participation below top management,Extent of reliance on social relationships,Slide,197,Control environment,Definition,The control environment is the overall attitude, awareness and actions of directors and management regarding internal controls and their entity. The control environment encompasses the management style, and corporate culture and values shared by all employees. It provides the background against which the various other controls are operated,Slide,198,Control environment reflects following factors,The,philosophy,and,operating style,of the directors and management,The entitys,organisational structure,and methods,The dircetors,methods of imposing control,The,integrity, ethical values,and,competence,of directors and staff,Slide,199,Elements of a strong control environment,Clear strategies,Culture, code of conduct, human resource policies and performance reward systems,Competence, integrity and fostering a climate of trust,Clear definition of authority, responsibility and accountability,Communication,Knowledge, skills and tools,Slide,200,Classification of control procedurs,Based on the idea of a pyramid of control,Corporate controls,Management controls,Business process controls,Transaction controls,Slide,201,Classification of control procedurs,Administrative control,Establishing a suitable organisation structure,The division of managerial authority,Reporting responsibilities,Channels of communication,Accounting control,The recording of transactions,Establishing responsibilities for records, transactions and assets,Slide,202,Classification of control procedurs,Prevent controls,Detect controls,Correct controls,Slide,203,Classification of control procedurs,Discretionary controls,: subject to human discretion,Non-discretionary controls,: provide automatically by the system and cannot be bypassed, ignored or overridden.,Slide,204,Types of procedurs,Approval and control of documents,Computerised applications,Checking the arithmetical accuracy,Maintaining and reviewing control accounts and trial balances,Reconciliations,Comparing,Comparing internal data with external sources,Limiting direct physical access to assets and records,Slide,205,Types of procedurs,Segregation of duties,Authorisation and approval,Management,Supervision,Organisation,Arithmetical and accounting,Personnel,Slide,206,Benefits of internal controls,The benefits of internal control, even well-dirceted ones, are not limitless. Controls can provide reasonable, not absolute, assurance that the organisation is progressing towards its objectives, safeguarding its assets and complying with laws and regulations. Internal controls cannot guarantee success as there are plenty of environmental factors (economic indicators, competitor actions) beyond the organisation,s control.,Slide,207,Cost of internal controls,As well as realising the limitations of the benefits of controls, it is also important to realise their costs. Some costs are obvious, for example the salary of a night security officer to keep watch over the premises. There are also opportunity costs through for example increased manager time being spent on review rather than dealing with customers for example.,Slide,208,Benefits vs Costs,Estimate the potential monetary loss or gain,Possible loss or gain,Many benefits of controls are non-monetary,Chapter summary,Section,Topic,Summary,1,Internal Frameworks,Internal control frameworks cover the control,environment and control procedures.,Two key frameworks are COSO a US framework,and the Turnbull Guidance which supports the UK,s,CC06,2,The Objectives of internal,Controls,The five main purposes of internal control systems,are to help a company: achieve objectives efficiently,and effectively; respond to risk; ensure the quality of,reporting; ensure compliance; and safeguard,assets.,Slide,209,Chapter summary,Section,Topic,Summary,3,Elements of Internal,Control / Effective Risk,Management,The COSO cube contains all the elements,The control environment is dependent on corporate,culture, management styles, organisational structures, and ethical values.,Control Procedures can be classified according to,level from corporate controls (eg policies), management controls (eg budgets, business process controls (eg authorisation limits) down to transaction controls (eg arithmetic checks),Slide,210,