Flashcards in Study Guide on overall Chapters Deck (31)
The core role of internal audit in an organisation is to:
provide assurance that the main business risks are being managed and that internal controls are operating effectively. Internal audit thus takes holistic view of risk and control and works closely with the risk managers to ensure that the recommended risk management procedures are being followed.
The main functions of internal audit is:
To ensure the adequacy of financial operational and management controls which means that once the decision to purchase overseas properties has been made, it will be important for internal audit to verify that the risk management policies for property purchase are followed to the letter. This answer assumes that such policies are in place and fully documented, and that the management of compliance is the responsibility of the internal audit function.
Risk management process and it's purpose
Risk management is the process of identifying risks facing an organisation, assessing the scale of the risk (in terms of likelihood and consequences). A risk response strategy is determined for each risk that takes into account the organisation's risk appetite, and a system of controls are put in place for the reporting and management of risks. There needs to be a risk treatment or response strategy whereby risks are managed through alternative courses of action: stopping an activity; influencing either or both the likelihood or impact of the risk; sharing risk through techniques such as insurance; or the risk may be accepted. One of the strategies for managing risk is internal control.
Importance of risk management
Risk management improves the ability to respond to and mitigate risks that occur; it minimises surprises; enables advantage to be taken of opportunities; maintains the organisation's reputation; and helps the organisation to be socially responsible and be seen as a good corporate citizen. It is important, while recognizing all 200+ risks, to especially emphasize risk management for the major identified risks identified in the scenario.
Relationship of risk management with internal control system
An internal control system includes all the policies and procedures necessary to ensure that organisational objectives are achieved including the orderly and efficient conduct of the business; the safeguarding of assets; the prevention and detection of fraud and error; the accuracy and completeness of the accounting records; and the timely preparation of reliable financial information.
Board of Directors (BoD) responsibilities
The BOD is responsible for the company's system of internal controls. It should set appropriate policies on internal controls and seek regular assurance that will enable it to satisfying self that the system is functioning effectively. The board must further ensure that the system of internal controls is effective in managing risks in the manner which it has approved.
the BoD's deliberations should include consideration of the following factors
1. The nature and extent of the risks facing the company
2. The extent and categories of risk which it regards as acceptable for the company to bear;
3. The likelihood of the risks concerned materialising;
4. The company's ability to reduce the incidence and impact on the business of risks that do materialise; and
5. The costs of operating particular controls relative to the benefit thereby obtained in managing the related risks.
Risk management strategies include:
1. TRANSFERring the risk to another party
2. AVOIDING the risk
3. REDUCING the negative effect of the risk, and
4. ACCEPTING some of all of the consequences of a particular risk
Objective of risk management
reduce different risks related to a preselected domain to the level accepted by society. It may refer to numerous types of threats caused by environment, technology, humans, organisation and politics. On the other hand, it involves all means available for humans, or in particular, for a risk management entity (person, staff, organisation).
An anti-fraud strategy components
Fraud prevention techniques
1. The introduction of policies
2. Procedures and controls
3. Activities such as training and fraud awareness to stop fraud from occurring
On of the most effective ways to deal with the problem of fraud is to:
1. adopt methods that will decrease motive;
2. restrict opportunity
3. limit the ability for potential fraudsters to rationalise their actions
4. remove temptation
Why fraud prevention is needed?
1. It is profitable
2. Fraud prevention activities can help ensure the stability and continued existence of a business.
Fraud detection should involve
1. Use of analytical; and
2. Other procedures to highlight anomalities,
3. Introduction of reporting mechanisms that provide for communication of suspected fraudulent acts.
Key elements of a comprehensive fraud detection system would include
1. Exception reporting
2. Data mining
3. Trend analysis; and
4. Ongoing risk assessment
A sound system of internal controls contributes to:
Safeguarding the shareholders' investment and the company's assets
Internal control helps with
facilitating the effectiveness and efficiency of operations;
helps ensure the reliability of internal and external reporting; and
assists compliance with laws and regulations
Effective financial controls, as well as maintenance of proper accounting records help ensure
that the company is not unnecessarily exposed to avoidable financial risks; and
that the financial information used within the business and for publication is reliable;
also, contribute to the safeguarding of assets, including the prevention and detection of fraud
Purpose of internal control is to help control and manage the risk or eliminate the risk?
Control and manage
An internal control system encompasses the policies, processes, tasks and other aspects of a company, that take together:
1. facilitate its effective and efficient operation by enabling it to respond appropriately to significant business, operational, financial, compliance and other risks to achieving the company's objectives. This includes the safeguarding of assets from inappropriate use of from loss and fraud, and ensuring that liabilities are identified and managed.
2, help ensure the quality of internal and external reporting. This requires maintenance of proper records and processes that generate a flow of timely, relevant and reliable information from within and outside the organisation;
3. help ensure compliance with applicable laws and regulations, and also with internal policies with respect to the conduct of business.
A company's system of internal control will reflect its control environment which encompasses its organisational structure. The system will include:
1. Control activities
2. Information and communication processes; and
3. Processes for monitoring the continuing effectiveness of the system of internal controls.
The system of internal control should:
1. Be embedded in the operations of the company and form part of its culture;
2. Be capable of responding quickly to evolving risks to the business arising from factors within the company and to changes in the business environment; and
3. Include procedures for reporting immediately to appropriate levels of management any significant control failings or weaknesses that are identified together with details of corrective action being undertaken
A sound system of internal controls reduces, but cannot eliminate which aspects of company operations?
- The possibility of poor judgement in decision-making
- human error
- control processes being deliberately circumvented by employees and others
- management overriding controls
- occurrence of unforeseeable circumstances
Define Corporate Governance
an internal system encompassing policies, processes and people, which serves the needs of shareholders and other stakeholders, by directing and controlling management activities with good business savvy, objectivity and integrity. Sound corporate governance is reliant on external marketplace commitment and legislation, plus a healthy board culture which safeguards policies and processes
CIMA terminology of Board of Directors (BoD)
The system by which companies and other entities are directed and controlled. The board of directors are responsible for the governance of their companies and other entities
The responsibilities of the board:
- setting the company's strategic aim
- providing the leadership to put them into effect
- supervising the management of the company; and
- reporting to shareholders on their stewardship
Corporate governance (from the Combined Code) typically covers the following areas:
- The BoD - its composition and role, appointments, performance
- executive remuneration
- financial reporting and internal control - including mechanisms such as audit committees to ensure that the board fulfils its responsibilities in these areas
- relations with shareholders, plus shareholder rights and responsibilities
BoD decides following:
1. The role of the board
2. Frequency of meetings
3. Whether the role of chairman and chief executive should be split
4. The overall size of the board
5. The balance of the board between non-executive and executive directors
6. The proportion of non-executive directors who should be independent
7. Procedures for board appointments and re-election, including nominations committees
8. Evaluation of board performance
Executive remuneration duties:
- remuneration policy, contracts and compensation
- procedures for determining remuneration, including remuneration committees
Financial reporting and internal controls act as:
- The board's responsibility for presenting information to shareholders
- Maintenance of a sound system of internal controls
- The need for an audit committee or equivalent and its role