Professional Documents
Culture Documents
REVIEW
Management
control systems Factors to consider
in Assessing the
Turnbull effectiveness of IC
Guidance system
INTERNAL
AUDITORS take note
characteristics of a
sound IC system
AUDIT COMMITEE
never tested - some attn
- General role
inherent limitations - Overseeing IA
of IC function
- Relationship with
EA
higher chances tested
Risk Management
and CG
1
IC SYSTEM
- Refer to the attitude, awareness - Refer to ICs/policies and procedures implemented by the
and style of mgnt towards the company
importance of ICs i.e. are they ctrl - FOCR
conscious or not - Financial – ensure F/S prepared are free of errors and fraud
- Operational – ensure co’s operation will be efficient and
economical and thereby achieving co’s obj (effective)
- Compliance – relevant to co in regulated industry to comply with
laws & reg. (fail - withdrawal of operating license)
- Risk mgnt – allows company to take risk knowingly & thus survive
any possible crisis
Financial
Operational
- ensure operations are efficient, economical and effective (3Es) – max returns to S/H
Compliance
Risk Mgnt
2
Exam : Evaluate soundness of ICs / Evaluate ICs
ELEMENTS OF A SOUND (effective) IC SYSTEM
evalute – strengths & weaknesses
Turnbull Report highlights 3 elements of sound system of IC :
1. control activities
- focuses on the ADEQUACY of FOCR
- adequacy depends on nature of biz, event taken place
3. communication
- focuses on the EXISTENCE of
(a) timely communication of info to the board – facilitate sound decision making
(b) whistle blowing arrangement – enable staff to report any known or suspected malpractices involving
their superior to designated personnel (AC) without any fear of reprisal
[in the past – accuse staffs leak co’s confidential info – fail to observe confidentiality – removal – whistle
blowing ACT – curb white collar crimes – protect staff]
2. regular monitoring – capable of responding quickly to changes and biz risks as they emerge and develop
3. communication – immediate reporting to mgnt – any control failings identified and any corrective action
undertaken – require company establishing policy on the type of matters that require immediate reporting
to the board
Turnbull Report emphasizes that a sound IC system can only provide reasonable assurance
and cannot provide protection with certainty against company suffering losses, fail to meet its biz obj
or breaches of laws or reg.
due to the inherent limitations of IC :
1. collaboration among several staff or with 3rd parties - resulted intended ctrls not taking place
[seg of duties – checks and balances]
2. mgnt overriding ctrls – staff responsible for exercising ctrls did not stop the fraudulent transactions due to
the seniority of fraudsters involved – fear of reprisal
3. human error - staffs overseeing ctrls – not competent – careless – allows fraudulent transactions escape
detection – overlooked
4. loopholes within IC system not known to mgnt
3
PAPAMOSS [Financial IC]
Personnel
- focuses on
(a) stringent recruitment policy - right personal quality
(b) ongoing training programme – keep staff up to date
aimed at ensuring staffs are competent
Physical
- ensure asset of portable, valuable and exchangeable (prone to misappropriation) are properly safeguarded –
avoid pilferage
- Eg put cash in a safe, bank cash receipts immediately, prevent unauthorized access to computer systems
thru the use of PWs and internet firewalls
Management
- undertaken by highest authority within an orgz
- carried out on ad-hoc basis
- eg budgets, variance analysis, review monthly mgnt A/Cs
Organization
- focuses on ensuring staffs aware of their responsibilities and to whom they are reporting to
by using job description and organizational chart (clear abt responsibilities, lines of authority, lines of
reporting)
- fraud and errors much more likely if uncertain who responsible for what, who should report to who
Supervision
- undertaken by staff’s immediate superior
- day-to-day basis
- day-to-day work of e’yees properly supervised – reduce likelihood of fraud or errors
Segregation of duties
- aimed at creating checks and balances by having diff staffs carry out diff functions – minimized chances of
covering up
- difficult for fraud to take place – several individuals have to collude in the fraud
- difficult for accidental errors to occur – several ppl involved in a task – act as check on each other
4
RISK MANAGEMENT
Nature of risk
(a) unexpected
(b) negative effect of risk – downside risk – purpose of risk mgnt is to identify these downside risks in
advance so that ready solutions can be put in place to address them should the risk occur
(c) positive effect of risk – upside of the risk – provide opportunities as well
(d) identify upside and downside of the risk – cost vs. benefit – appropriate response
RM as IC
- a form of preventive control – risks continually changing – thorough and regular evaluation of nature and
extent of risks – safeguard S/H’s investment and co’s assets
- Cadbury committee – RM as process by which executive mgnt, under board supervision, identifies risks
arising from the biz and establishes priorities for control and particular objectives
- Combined Code provision – directors – annual review of effectiveness of group’s IC system –
should report to S/Hs that they have done so in Sttm on IC
- Ultimate responsibility for ICs and risk mgnt lies with the board ; task of detailed oversight might be
delegated to AC – oversee FR & IC within the company
- Some prefer to delegate task of monitoring risk mgnt to separate committee – risk mgnt committee
RM and CG
- Take risks knowingly – survive any possible crisis – safeguard S/H interest – protect value of S/Hs’ investment
- Board ensure adequate risks measures are taken – manage them well – without causing any undue waste of
company assets and finances – will result in maximization of returns to S/H
Unlike SOX, the board is not req’d to make a sttm that the ctrl are effective –
merely report that such a review have been carried out