Professional Documents
Culture Documents
Audit Committee Toolkit PDF
Audit Committee Toolkit PDF
Introduction 2
Conclusion 8
The board of directors is responsible for overseeing Originally issued in 1992, the COSO Framework was
management’s development of an effective system of updated and re-published in 2013 to reflect consideration
internal controls. Internal control frameworks are of the dramatic changes in business and operating
important tools for designing and implementing internal environments since its original release. The framework
controls as well as assessing the effectiveness of the provides an updated and comprehensive principles-based
system. The frameworks provide management with a approach to understanding internal control.
foundation to build internal control systems and provide
This CGMA tool was derived from Chapter 9 of the
the board with an added ability to oversee internal
AICPA Audit Committee Toolkit for Private Companies,
control.
2nd Edition, which was published in 2014. The tool is
A widely used framework is the Committee of intended to provide boards, governing bodies and audit
Sponsoring Organisations of the Treadway Commission committees basic information about internal control. A
(COSO) Internal Control – Integrated Framework. The checklist is provided to help audit committee members
COSO Framework has become widely used by U.S. engage with management regarding the development
and foreign companies, both public and private, as and maintenance of internal control systems.
well as not-for-profit and government organisations.
3. C
ontrol activities. Control activities are the While the objective of reliable financial reporting
actions established by policies and procedures to may be paramount for the audit committee of any
help ensure that management directives to mitigate organisation, an effective internal control system
risks related to the achievement of objectives are also encompasses compliance, operational, and
carried out. Control activities are performed at all non-financial reporting objectives. An integrated process
levels of the entity and at various stages within that includes all five components of the internal control
business processes, and throughout the technology framework and its 17 principles working together is the
environment. primary means of having reasonable assurance that
4. I nformation and communication. Information is these important goals are being met. Simply stated,
necessary for the entity to carry out internal control a strong system of internal control, both in its design
responsibilities in support of achievement of its and operation, is good business.
objectives. Communications occur both internally
and externally, and provide the organisation with
the information needed to carry out day-to-day
controls. Communication enables personnel to
understand internal control responsibilities and
their importance to the achievement of objectives.
5. Monitoring activities. Ongoing evaluations,
separate evaluations, or some combination of the
two are used to ascertain whether each of the five
components of internal control, including controls
to affect the principles within each component, is
present and functioning. Findings are evaluated
and deficiencies are communicated in a timely
manner, with serious matters reported to senior
management and to the board.
Internal control can be judged as effective if the board 2. Reporting — The organisation prepares reports in
of directors and management has reasonable assurance conformity with applicable laws, rules, regulations,
of the following: and standards established by legislators, regulators and
standard setters, or with the entity’s specified objectives
1. Operations — The organisation achieves effective and
and related policies.
efficient operations when external events are considered
unlikely to have a significant impact on the achievement 3. Compliance — The organisation complies with
of objectives or when the organisation can reasonably applicable laws, rules, and regulations.
predict the nature and timing of external events and
mitigate the impact to an acceptable level. The
organization understands the extent to which
operations are managed effectively and efficiently when
external events may have a significant impact on the
achievement of objectives, and the impact cannot be
mitigated to an acceptable level
Internal audit
All other employees
A main role for the internal audit team is to evaluate
the effectiveness of the internal control system and The internal control system is only as effective as the
contribute to its ongoing effectiveness. With the internal employees throughout the organisation who must comply
audit team reporting directly to the audit committee with it. Employees throughout the organisation should
of the board of directors and the most senior levels understand their roles in internal control, the importance
of management, it is often this function that plays a of supporting the system through their own actions, and
significant role in monitoring the effectiveness of the encouraging respect for the system by their colleagues
internal control system. throughout the organisation.
This briefing is intended to provide an overview of what is meant by internal control, key
terms, concepts and responsibilities of the audit committee, especially as they relate to internal
control over financial reporting. The concepts are not complex, but sometimes the application
of internal control can be a challenge in an organisation, depending on its size and the
corporate culture. The audit committee plays an important role in establishing an appropriate
control environment or the tone at the top of the organisation.
See AU §325, Communicating Internal Control Related Matters Identified in an Audit, PCAOB AS No. 5, An Audit of Internal Control Over
Financial Reporting That is Integrated with an Audit of Financial Statements and International Standards on Auditing 265, Communicating
Deficiencies in Internal Control to Those Charged with Governance and Management.
RISK ASSESSMENT
CONTROL ACTIVITIES
MONITORING ACTIVITIES
The above checklist was taken directly from The AICPA Audit Committee
Toolkit: Private Companies, 2nd edition, 2014. This full publication is
available online and in publication from cpa.com. This is one in a series
of four audit committee toolkits (Public Company, Private Company,
Not-for-Profit Organisations and Government Organisations).
Acknowledgements
We would like to thank all of those who contributed their time, knowledge,
insight and experience in order to provide this tool.
This material may be shared and reproduced for The information and any opinions expressed in this material
non- commercial purposes in online format only, subject do not represent official pronouncements of or on behalf of
to provision of proper attribution to the copyright owner the AICPA, CIMA, the CGMA designation or the Association
listed above. For information about obtaining permission of International Certified Professional Accountants. This
to use this material in any other manner, please email material is offered with the understanding that it does not
copyright@cgma.org constitute legal, accounting, or other professional services or
advice. If legal advice or other expert assistance is required,
All other rights are hereby expressly reserved. The
the services of a competent professional should be sought. The
information provided in this publication is general
information contained herein is provided to assist the reader
and may not apply in a specific situation. Legal advice
in developing a general understanding of the topics discussed,
should always be sought before taking any legal action
but no attempt has been made to cover the subjects or issues
based on the information provided. Although the
exhaustively. While every attempt to verify the timeliness
information provided is believed to be correct at the date
and accuracy of the information herein as of the date of
of publication, be advised that this is a developing area.
issuance has been made, no guarantee is or can be given
The AICPA or CIMA cannot accept responsibility for
regarding the applicability of the information found within to
the consequences of its use for other purposes or
any given set of facts and circumstances.
other contexts.
Africa Middle East, South Asia South East Asia and Australasia
Office address: and North Africa Level 1, Lot 1.05
4th Floor, 54 Melrose Boulevard 356 Elvitigala Mawatha KPMG Tower, 8 First Avenue
Melrose Arch Colombo 5 Bandar Utama
Melrose North Sri Lanka 47800 Petaling Jaya
Johannesburg, South Africa T: +94 (0)11 250 3880 Selangor Darul Ehsan
T: +27 (0)11 788 8723 F: +94 (0)11 250 3881 Malaysia
F: +27 (0)11 788 8724 colombo@cimaglobal.com T: +60 (0) 3 77 230 230/232
johannesburg@cimaglobal.com F: +60 (0) 3 77 230 231
North Asia Unit seasia@cimaglobal.com
Europe 1508A, 15th floor, AZIA Center
26 Chapter Street 1233 Lujiazui Ring Road CIMA also has offices in the
London SW1P 4NP Pudong Shanghai, 200120 following locations:
United Kingdom China Australia, Bangladesh, Botswana,
T: +44 (0)20 8849 2251 T: +86 (0)21 6160 1558 China, Ghana, Hong Kong SAR,
F: +44 (0)20 8849 2250 F: +86 (0)21 6160 1568 India, Ireland, Malaysia, Nigeria,
cima.contact@cimaglobal.com infochina@cimaglobal.com Pakistan, Poland, Russia, Singapore,
South Africa, Sri Lanka, UAE, UK,
Zambia and Zimbabwe.
cgma.org
March 2015 © The Chartered Institute of Management Accountants 2015
17047-347
CGMA, CHARTERED GLOBAL MANAGEMENT ACCOUNTANT, and the CGMA logo are trademarks of
the Association of International Certified Professional Accountants. ASSOCIATION OF INTERNATIONAL
CERTIFIED PROFESSIONAL ACCOUNTANTS and the ASSOCIATION OF INTERNATIONAL CERTIFIED
PROFESSIONAL ACCOUNTANTS logo are trademarks of the American Institute of Certified Public
Accountants. These trademarks are registered in the United States and in other countries.