Professional Documents
Culture Documents
CG L9
CG L9
CG L9
BBBD 3014
Lecture 9
Internal Control Systems
▶ Internalaudit function
▶ Risk management
The Turnbull Committee
▶ Guidance for Directors on the Combined Code:
◦A sound system of internal control is
established and maintained; and
◦The system is reviewed regularly to check
that it operates effectively.
The role of Internal Audit
▶ The role of Internal Audit
◦Investigation of internal controls
◦The objectivity and independence of internal
auditors
◦The need for an internal audit function
Internal Control system
▶ Segregation of duties
▶ Physical controls
▶ Authorisation & Approval
▶ Management control
▶ Supervision
▶ Organisation
▶ Accounting Control
▶ Personnel
◦ SPAMSOAR
The Board’s statement on Internal
Control
▶ Minimum content of Board’s statement on Internal
control pursuant to Bursa Malaysia’s listing
requirement:
◦ There is an ongoing process for identifying, evaluating and
managing significant risks;
◦ This process has been in place for the year under review;
◦ The state of internal control is reviewed regularly by the
board;
◦ If the listed company is unable to establish an internal audit
department, alternative ways of ensuring appropriate internal
control is in place and evaluated by out-sourced professional
firm.
The Board’s statement on Internal
Control
▶ Scope of internal control report, the board should:
◦ Consider what are the significant risks and assess how they have
been identified, evaluated and managed;
◦ Assess the effectiveness of the related system of internal control in
managing the significant risks, having regard, in particular, to any
significant failings or weaknesses in internal control that have been
reported;
◦ Consider whether necessary actions are being taken promptly to
remedy any significant failings or weaknesses; and
◦ Consider whether the findings indicate a need for more extensive
monitoring of the system of internal control.
Risk management & CG
Nature & extent of Extent and categories Reduce the incidence Considerations of
Likelihood of risks
risk of risk and impact on the biz costs
Internal Control expectations with
regards to PLCs in Malaysia
▶ Guidelines for Directors of Listed Issuers provides guidance
regarding on the Statement on Risk Management & Internal
Control that is required by Bursa Malaysia in the company’s
Annual Report.
▶ The guidelines require the Chief Executive Officer (CEO) and
Chief Financial Officer (CFO) to provide assurance to the board
stating whether the company’s risk management and internal
control system is operating adequately and effectively.
▶ A CFO is defined as the person primarily responsible for the
management of the financial affairs of the company (such as
record keeping, financial planning and financial reporting), by
whatever name called.
Internal Audit Function
▶ MCCG 2017 Principle A 10.0:
▶ Companies have an effective governance, risk
management and internal control framework and
stakeholders are able to assess the effectiveness of
such a framework
Internal Audit Evaluation
▶ Paragraph 15.20 of the Listing Requirements states that the board of
directors of a listed issuer must review the term of office and performance
of the audit committee and each of its members at least once every three
years. This is to assess whether the audit committee and its members have
carried out their duties in accordance with their terms of reference.
▶ A formal evaluation of the performance of all committee members should
be undertaken by the nominating committee.
▶ Assessment of the audit committee’s effectiveness helps to ensure the
committee members’ expectations are continuously met.
▶ Upon completion of the evaluation, the board should deliberate the
outcome to undertake appropriate remedial actions (if any), for example
relevant training / education to be recommended for the committee
members, etc., to effectively discharge their responsibilities.
Oversight of Financial Reporting