B1-Management control systems in corporate governance

Internal management control.

Objectives of Internal Control
Internal Control Failure
Internal Controls Importance
Effective Systems of Internal Control
Internal Control and Reporting
Internal Controls & Risk Management
Corporate governance and Risks
Important Components of control systems

Internal management control

Internal management control refers to the procedures and policies in
place to ensure that company objectives are achieved
Good corporate governance means that the board must identify and
manage all risks within a company

Objectives of Internal Control

General objectives of internal control

To ensure the orderly and efficient conduct of business in respect of systems

being in place and fully implemented.
To safeguard the assets of the business. Assets include tangibles and
intangibles
To prevent and detect fraud
To ensure the c ompleteness and a ccuracy of accounting records.
To ensure the t imely preparation of financial information

Internal controls can be at the strategic or operational level.

At the strategic level, controls are aimed at ensuring that the organisation
does the right things;
at the operational level, controls are aimed at ensuring that the organisation
does things right.

Internal Control Failure

Typical causes of internal control failure are:
1.
2.
3.
4.
5.

Poor judgement in decision-making

Human error
Control processes being deliberately circumvented
Management overriding controls
The occurrence of unforeseeable circumstances

Internal Controls Importance

Importance of internal control
1. Underpins investor confidence
2. Risks would not be known about and managed without adequate internal
control
3. Helps to manage quality
4. Provides management with information on internal operations and
compliance
5. Helps expose and improve underperforming internal operations
6. Provides information for internal and external reporting
However, internal control systems are only as good as the people using them.
No system is infallible
Responsibility for internal control is not simply an executive management role.
Though they should set the tone
All employees have some responsibility for monitoring and maintaining internal
controls

Effective systems of Internal Control

These are:

Principles of internal control embedded within the organisations structures,

procedures and culture.
Capable of responding quickly to evolving risks.
Any change in the risk profile or environment of the organisation will
necessitate a change in the system

Include procedures for reporting failures immediately to appropriate levels

of management

Internal control and reporting

The United States Securities and Exchange Commission (SEC) guidelines
are to disclose in the annual report as follows:

A statement of managements responsibility for establishing and maintaining

adequate internal control over financial reporting for the company.
This will always include the nature and extent of involvement by the
chairman and chief executive, but may also specify the other members of the
board involved in the internal controls over financial reporting.
The purpose is for shareholders to be clear about who is accountable for the
controls.

A statement identifying the framework used by management to evaluate the

effectiveness of this internal control.
Managements assessment of the effectiveness of this internal control as at
the end of the companys most recent fiscal year.
This may involve reporting on rates of compliance, failures, costs, resources
committed and outputs (if measurable) achieved.

Internal Controls & Risk Management

Internal controls cannot eliminate risk, but they can minimise it.
Internal controls help:
1. Safeguard the assets of the company
2. Prevent and detect fraud
3. Safeguard the investment of the shareholders
They are designed to minimise the risk of fraud and error and will include
such procedures as:

Carrying out regular reconciliations on key ledgers

Keeping assets under lock and key
Passwords and computer system security

Corporate governance and Risks

Directors should pay sufficient attention to risk management and should not take
excessive risks.

Corporate governance guidelines therefore require directors to:

Establish appropriate control mechanisms for dealing with the risks the
organisation faces
Monitor risks themselves by regular review and a wider annual review
Disclose their risk management processes in the accounts

Important Components of control systems

Internal control consists of the following five interrelated components:
1. CONTROL ENVIRONMENT
Control environment is the attitude toward internal control and maintained
by the management and the employees of an organisation.
The organisation structure and accountability relationships are key factors
in the control environment.
Elements of the Control Environment

Ethical Values and Integrity

Managements Operating Style and Philosophy
Competence
Morale
Supportive Attitude
Mission
Structure

2. COMMUNICATION
Communication is the exchange of useful information between and among
people and organisations to support decisions and coordinate activities.
Communication also takes place with outside parties such as customers,
suppliers and regulators.
Elements of Communication

Timeliness
Sufficient but not excessive detail
Appropriate to user
Clear and open horizontal and vertical

3. ASSESSING AND MANAGING RISK

Risks are events that threaten the accomplishment of objectives.

Risk assessment is the process of identifying, evaluating and determining

how to manage these events.
At every level within an organisation there are both internal and external
risks.
Ideally, management should seek to prevent these risks.
However, sometimes management cannot prevent the risk from occurring.
In such cases, management should decide whether to accept the risk, reduce
the risk to acceptable levels, or avoid the risk.
Assessing Risk (Ask the questions)

What can go wrong?

What is the worst thing that could happen?
What is the worst thing that has happened?
Are there new goals and legislation?
Are there staffing changes?

Impact Is generally beyond the organisations control in the short-tomedium term.

Likelihood Is the main focus of an organisations internal control
What are the possible risks in your area of operations and what is the likely
impact of each?

4. CONTROL ACTIVITIES
Control activities are tools - both manual and automated - that help prevent
or reduce the risks.
Management should establish control activities to effectively and efficiently
accomplish the organisation's objectives and mission.
Examples of Control Activities

Documentation
Approval and Authorisation
Verification
Supervision
Separation of Duties
Safeguarding Assets
Reporting
Computer Systems Controls
o Backup
o Input Controls
o Output Controls

5. MONITORING
Monitoring is the review of an organisation's activities and transactions to
assess the quality of performance over time and to determine whether
controls are effective.
For monitoring to be most effective, all employees need to understand the
organisation's mission, objectives, and responsibilities and risk tolerance
levels.
Major Areas for Monitoring

Control Activities
Mission
Control Environment
Communication
Risks and Opportunities
Results