Internal Control Systems & Audit Flashcards
COSO (Committee of Sponsoring Organisations of the Treadway Commission) Enterprise Risk Management Cube
- Provides framework for identifying and managing risk
- Operated at organisational level helping staff to understand risk, responsibility and authority levels
Level
STRATEGIC - High level goals, support mission
OPERATIONS - Effectiveness and efficiency
REPORTING - Reliability
COMPLIANCE - with applicable laws
Process
CONTROL ENVIRONMENT
- Ethical values and corporate culture or org; Management philosophy and style; Organisational structure
RISK ASSESSMENT
- Set obj of org
- Assess risk associated int & ext and controllable and uncontrollable
CONTROL ACTIVITIES
- Policies and procedures ensuring management decisions and instructions carried out - at all levels
COMMUNICATION AND INFO
- Correct info to correct ppl so responsibilities carried out
- Quality info systems proving int and ext info
MONITORING ACTIVITIES
Normally by internal Audit
Types ENTITY LEVEL DIVISION OPERATION UNIT FUNCTION
Internal Control Systems definition
- Network of systems in an organisation to provide reasonable assurance that an organisations objectives will be achieved (COSO)
- Attempt to ensure risk is minimised
Sound ICS and Limitations
From Turnbull (based on adoption by board of risk based approach to establishing sound system of ICS)
- Embedded within operations
- Form part of the culture
- Responds quickly to evolving risks, internal and external
- Procedures for reporting immediately significant control failings and weaknesses, with control action to remedy situations.
Limitations of controls ~ Costs>Benefit ~ Human error/ Fraud ~ Employee collusion ~ Management Bypass ~ Designed for routine transactions ~ Depend on method of data processing
Objectives and Benefits of ICS (Turnbull)
From Turnbull
- Management of Risk that are significant in the conduct of business
- Profits are from successful risk taking, therefore manage and control risk rather than eliminate.
- Efficient and effective operations/conduct of an organisations activities
- Safeguarding shareholders and company assets
- Prevent/detect fraud
- Robustness, quality and timeliness of Internal and External financial reporting
- Compliance to Laws and Regulations
———————————————
Practically they Counter risk, Maintain quality Financial Reporting, and Ensure compliance.
ERM help by
(1) Aligning risk appetite and strategy
(2) Enhance risk response decisions
(3) Reduce operational surprises and losses
(4) Identify and manage multiple and cross enterprise risks
(5) Seize business opportunities
(6) Improve deployment of capital through linking growth, risk and return
Information Quality and Characteristics at different levels
Accurate Complete Cost beneficial User targeted Relevant Authoritative Timely Easy to use
Strategic vs Operational Time Period: Forecast - Historical Timeliness: Delayed - Available now Objectivity: Subjective - Objective Quantifiability: Qualitative- Quantitative Accuracy: Approximate - Accurate Certainty: Uncertain - Certain Completeness: Partial - Complete Detail: Little - Very
Information Flows
Activity. Int Cont. Risk
Strategic - monitor, review assess
Tactical - Implement, est, advise
Operational - control, operate, id
Responsibilities in IC (BoD, Management, Employees)
BoD (1) setting appropriate policies (2) seeking regular assurance (3) ensuring effective RM --------------------------------------------- When setting policies consider: - NATURE and EXTENT of risk - extent of ACCEPTABLE risk - CATEGORIES of acceptable risk - LIKELIHOOD of risk materialising - Companies ability to REDUCE incidence and impact of risk - COST of particular control relative to benefit --------------------------------------------- Management • Identify and evaluate risk • Operate system of IC • Monitor effectiveness of systems
Internal Audit Committee
- At least 3 members, all NED’s, at least one with recent and relevant financial experience.
- Audit department should have written terms of reference (SoX Audit Committee Charter) which is reviewed by Audit Committee
- Carry out annual review of Internal Audit
Monitor and Review
- financial statements
- price sensitive info
- internal financial controls
- external auditor independence
Overseeing
- Effective internal audit
- Appointment and remunerations of external auditors
Policy setting
- other non audit services provided by external auditors
Special investigations (fraud)
Internal Audit
- Independent appraisal function established within an organisation to examine and evaluate its activities
- Form of control placed by board to help achieve company’s objectives through > assisting members in the discharge of their responsibilities through > analyses, appraisals, recommendations, information on activities
• Functions
- Review internal controls
- Risk Management
- Compliance
- Value for money
• Annually reviewed by Audit committee which covers A. Scope of work B. Authority C. Resources D. Independence
• Scope of work:
- Safeguard assets
- Economy, efficiency and effectiveness of operations
- Reporting and compliance
- Risk management processes
- Value for money audits
- Attainment of Company’s goals and objectives
External Reporting
• Responsibility of BoD
• Required to annually report on Risk and Internal controls in the Annual Report and AGM
• Report includes
- Changes since last formal review
- Companies ability to respond to changes in business environment
- Scope and quality of management monitoring
- Extent and frequency of report to the board
- Significant control failings and weaknesses
