Chapter 6 - Risk Management + Internal control Flashcards
Types of internal control:
- Financial or non-financial (both qualitative and quantitative)
- Prevent, detect, correct and direct
- Input, process, output
- Outsourcing
- Service level agreements
Financial control:
- Budgets
- Standard costing
- Investment appraisal techniques
Non-financial control:
- Quantitative = KPIs and appraisal
* Qualitative = structure charts, codes of conduct and procedures manuals
Prevent, detect, correct and direct:
- Prevents controls = stop risk from occurring in the first place (not paying invoice until matched with a valid order and GRN)
- Detect controls = retrospective and identify risks once occurred (bank reconciliations)
- Correct controls = reduce impact of errors (keeping back-up copies)
- Direct controls = guide behaviour (training)
Input, process and output controls:
- Input controls = what goes into a process (sourcing materials at best price and quality)
- Process controls = process itself (optimal performance)
- Output controls = outputs have met required standards
Outsourcing:
- Ad hoc = outsourcing short-term skills gap
- Project management = installation of new system
- Partial = no. of services is outsourced
- Total = third party provides entire service/ function
Service level agreements:
- Series of minimum standards
* Typically, will include: timescale, service levels, change process and exit route
Responsibilities of treasury functions:
- Relationship with banks
- Liquidity management
- Borrowing activities and interest rate management
- Funding arrangements such as equity issues
- Currency management
Control activities:
- Authorisation:
* Approvement of transactions by appropriate person - Information processing:
* General IT controls = policies and procedures for many applications
* Application controls = processing of individual applications - Performance review:
* Review and analysis of actual performance vs. budget
* Analysing relationships and investigating difference
* Comparing internal data with external sources of information
* Review of functional/ activity performance - Physical controls:
* Physical security of assets
* Authorisation for access to computer programs and data files
* Periodic counting - Segregation of duties:
* No of peoples involved in accounting process so no one person has overall control
* Segregation of function = carry out of a transaction, recording that transaction in accounting records and maintaining custody of assets
* Various steps in carrying out transaction should be segregated
Limitations of internal controls:
- Costs can sometimes outweigh benefits – pragmatic approach is often taken and only implemented if it is worth it
- Human error or fraud – collusion between more than one employee
- Management override – either legitimate or fraudulent purposes
- Non-routine events that system was not originally set up to manage
- Change of any systems that are no longer fit to control
Costs & benefits of internal controls:
Benefits:
* Business assurance
* Efficiency and effectiveness of operation
* Validation by external auditors
Costs:
* Resource (human and financial), technology (hardware and software) and assets (premises, supplies and vehicles)
* Opportunity costs
- Costs + benefits will not always be straight forward to measure and evaluate
SMART targets:
Specific Measurable Achievable Realistic Time-bounded
Governance and internal control:
- Performance-related pay (PRP) = can lead to excessive risk-taking amongst executive directors – go beyond acceptable risk appetite of shareholders if motivated by personal gain (agency problem)
- Share options = builds in limits on when options can be exercised to prevent directors from pursuing strategies that secure personal benefits in short-term at expense of longer-term value
Management styles that can lead to dysfunctional behaviour:
- Budget-constrained:
* Needs to meet budget constraints
* Short-term viewpoint
* High tension within the job
* Short-term focus
* High manipulation of data
* Poor staff relations - Profit-conscious:
* Assessed only in relation to hitting targets no matter how it is done
* Medium tension within the job
* Little manipulation of data
* Good staff relations - Non-accounting:
* Budgets not important (other factors such as customer service or quality is)
* Medium tension – based on hitting targets
* Manipulation of data less relevant as other measures are used
* Good staff relations
Short-term vs. long term objectives
- Reduce capital expenditure/ R+D to protect cash flows and save costs
= Limits potential growth, operating capacity, efficiency and competitive advantage - Reducing quality control costs to increase profits
- Reducing levels of customer service to reduce costs = Negative impact on reputation and customer goodwill
- Cutting training and/or recruitment budgets to save costs
= Potential skills shortages and poor morale
Malfunction at any stage where employees are involved can lead to control failures due to:
- Poor motivation – poor reward structures or poor management
- Poor training – lack of skills or support from management
- Inappropriate values – absence of a code of conduct or code being visibly ignored
- Problems inappropriately managed – inequitably/ inadequately with no regard for feedforward learning
Other forms of dysfunctional behaviour:
- Tunnel vision:
Problem = Focus on stated performance measures only to detriment of other areas
Solution = consideration of different dimensions of performance - Myopia:
Problem = preoccupation with immediate concerns leading to neglect of longer-term objectives
Solution = fostering a long-term view amongst staff and management - Measure fixation:
Problem = activities and behaviours to achieve specific performance indicators only which may not be effective
Solution = adopting a sensible number and application of measures - Misinterpretation:
Problems = creative reporting to suggest result is acceptable
Solution = not placing too much emphasis on results + involvement of staff - Ossification:
Problem = unwillingness to change performance measure scheme once it has been set up
Solution = keeping performance measurement system under constant review + all staff to input suggestions for change
What is a Critical success factor?
- Element of org activity which is central to future success
- May change over time and may include: product quality, employee attitudes, manufacturing flexibility and board awareness
What is a Key performance indicator?
Way of measuring performance against a specific objective
Information needs according to management levels:
- Strategic management:
* Monitors and controls org as a whole and take biggest decisions - Tactical management:
* Implements decisions of strategic management and ensures that divisions are running smoothly - Operational management:
* Controls day-to-day activities and escalates issues to tactical management for decisions
Office automation system (OAS):
Email. Spreadsheet, word processing
Transaction processing system (TPS):
Collects data about each business transaction
Knowledge work system (KWS):
Allows new knowledge creation within org
Management information system (MIS):
Draws info from TPS and presents it to managers for decision making and control in std report format
Enterprise resource planning system (ERPS):
Captures data across whole enterprise so that custom-designed reports can be produced
Strategic enterprise management system (SEMS):
Makes high-level strategic decision using tools such as activity-based management
Decision support systems (DSS):
(e.g. Spreadsheet)
Data analysis tools that can be used to model scenarios and assist decision making
Executive information system (EIS) or executive support system (ESS):
Data presented to senior managers, usually graphical and summarised, but with drill-down facilities
Expert systems (ES):
Stores information and apply rules to make simple decisions
Systems development life cycle:
Disciplined approach to systems upgrades intended to reduce possibility of ending up with a system that fails to meet the needs of org and wastes time and money
Stages of systems development life cycle:
- Feasibility study:
* Review existing system + identify possible alternative solutions - Systems investigation:
* Obtain details of current requirements and user needs
* Identify current problems and restrictions - Systems analysis:
* Consider why current methods are used and identify better alternatives - Systems design:
* Determine inputs, processing and storage facilities
* Consider matters such as programme design, file design and security
* Prepare a detailed specification
* Test system fully - Systems implementation:
* Write/acquire software, test it, convert files, install hardware and start running new system
Systems test:
- Direct changeover:
* Replacing old with new in one go - Parallel running:
* Running old and new together to highlight problems with new system - Pilot operation:
* Introducing a new system in one department to assess new systems and how it could be improved - Phased changeover:
* Splitting new system into elements and implementing one element at a time across whole org