Chapter 6 - Risk Management + Internal control Flashcards
Types of internal control:
- Financial or non-financial (both qualitative and quantitative)
- Prevent, detect, correct and direct
- Input, process, output
- Outsourcing
- Service level agreements
Financial control:
- Budgets
- Standard costing
- Investment appraisal techniques
Non-financial control:
- Quantitative = KPIs and appraisal
* Qualitative = structure charts, codes of conduct and procedures manuals
Prevent, detect, correct and direct:
- Prevents controls = stop risk from occurring in the first place (not paying invoice until matched with a valid order and GRN)
- Detect controls = retrospective and identify risks once occurred (bank reconciliations)
- Correct controls = reduce impact of errors (keeping back-up copies)
- Direct controls = guide behaviour (training)
Input, process and output controls:
- Input controls = what goes into a process (sourcing materials at best price and quality)
- Process controls = process itself (optimal performance)
- Output controls = outputs have met required standards
Outsourcing:
- Ad hoc = outsourcing short-term skills gap
- Project management = installation of new system
- Partial = no. of services is outsourced
- Total = third party provides entire service/ function
Service level agreements:
- Series of minimum standards
* Typically, will include: timescale, service levels, change process and exit route
Responsibilities of treasury functions:
- Relationship with banks
- Liquidity management
- Borrowing activities and interest rate management
- Funding arrangements such as equity issues
- Currency management
Control activities:
- Authorisation:
* Approvement of transactions by appropriate person - Information processing:
* General IT controls = policies and procedures for many applications
* Application controls = processing of individual applications - Performance review:
* Review and analysis of actual performance vs. budget
* Analysing relationships and investigating difference
* Comparing internal data with external sources of information
* Review of functional/ activity performance - Physical controls:
* Physical security of assets
* Authorisation for access to computer programs and data files
* Periodic counting - Segregation of duties:
* No of peoples involved in accounting process so no one person has overall control
* Segregation of function = carry out of a transaction, recording that transaction in accounting records and maintaining custody of assets
* Various steps in carrying out transaction should be segregated
Limitations of internal controls:
- Costs can sometimes outweigh benefits – pragmatic approach is often taken and only implemented if it is worth it
- Human error or fraud – collusion between more than one employee
- Management override – either legitimate or fraudulent purposes
- Non-routine events that system was not originally set up to manage
- Change of any systems that are no longer fit to control
Costs & benefits of internal controls:
Benefits:
* Business assurance
* Efficiency and effectiveness of operation
* Validation by external auditors
Costs:
* Resource (human and financial), technology (hardware and software) and assets (premises, supplies and vehicles)
* Opportunity costs
- Costs + benefits will not always be straight forward to measure and evaluate
SMART targets:
Specific Measurable Achievable Realistic Time-bounded
Governance and internal control:
- Performance-related pay (PRP) = can lead to excessive risk-taking amongst executive directors – go beyond acceptable risk appetite of shareholders if motivated by personal gain (agency problem)
- Share options = builds in limits on when options can be exercised to prevent directors from pursuing strategies that secure personal benefits in short-term at expense of longer-term value
Management styles that can lead to dysfunctional behaviour:
- Budget-constrained:
* Needs to meet budget constraints
* Short-term viewpoint
* High tension within the job
* Short-term focus
* High manipulation of data
* Poor staff relations - Profit-conscious:
* Assessed only in relation to hitting targets no matter how it is done
* Medium tension within the job
* Little manipulation of data
* Good staff relations - Non-accounting:
* Budgets not important (other factors such as customer service or quality is)
* Medium tension – based on hitting targets
* Manipulation of data less relevant as other measures are used
* Good staff relations
Short-term vs. long term objectives
- Reduce capital expenditure/ R+D to protect cash flows and save costs
= Limits potential growth, operating capacity, efficiency and competitive advantage - Reducing quality control costs to increase profits
- Reducing levels of customer service to reduce costs = Negative impact on reputation and customer goodwill
- Cutting training and/or recruitment budgets to save costs
= Potential skills shortages and poor morale