AF3S116/AF3H116 Global Governance, Risk and Ethics

AF3S34 Corporate Governance in Financial Institutions

8: Internal control systems and corporate governance

Caroline Carr
 57% of FTSE 350 companies now comply with the UK
Corporate Governance Code, up from circa 51% over the
past three years.
 Only 27% of companies give real insight into how they
review the effectiveness of their systems of internal control.
 Personal accountability is this year’s clear trend with 60% of
chairmen providing personal introductions to the corporate
governance statement. The proportion of committee
chairmen personally introducing their reports has also risen
significantly.
 The average annual report is now 143 pages long, with the
front end continuing to grow by about three pages per year.

Corporate governance highlights

2013
Factors affecting internal control systems
as part of corporate governance:
◦ Revisit Turnbull Report
◦ Purpose of systems
◦ Objectives
◦ Board responsibilities
◦ Ensuring effectiveness
◦ Annual assessment and reporting

This week …
Internal
control: Guidance for directors on
the Combined Code
◦ Also known as Turnbull report (1999)
◦ Revised guidance issued in 2005
Superseded by UK Corporate Governance
Code 2010, 2012
Further superseded by FRC Guidance
issued in 2014

Internal control in UK
"The board is responsible for defining the
company’s risk appetite and tolerance. The board
should maintain a sound system of risk
management and internal control to safeguard
shareholders’ investment and the company’s
assets" – main principle C.2.

The board needs to satisfy itself that it has

appropriate systems to identify, evaluate and
manage any significant risks the company might
face.

The UK Corporate Governance

Code states ..
acknowledges that risk-taking
entrepreneurship is an essential part of any
business and that the purpose of internal
controls is to manage risk rather than to
try to eliminate it. In other words, no
system can guard against every adverse
event, but a sound one can improve the
chances of avoiding toxic assets or
identifying a rogue trader, to quote just two
recent examples.

The Turnbull guide …

Board
◦ Set appropriate policies
◦ Seek regular assurance that system functioning
effectively
Management
◦ Implement Board policies on risk and control
Employees
All have some responsibility

Responsibilities
Nature and extent or risks facing company
Extent and categories of acceptable risks
Likelihood of risks materialising
Company’s ability to reduce incidence and
impact of risks
Cost versus benefit of controls

Factors to be considered
Respond to business, operational,
financial, compliance and other risks to
achieving company’s objectives
Help ensure quality of internal and
external reporting
Help ensure compliance with applicable
laws and regulations

Purposes of internal control

systems
Include:

◦ Control activities
◦ Information and communications processes
◦ Processes for monitoring continuing
effectiveness of system

Internal control systems

Should:
◦ Be embedded in operations of company
◦ Be part of culture
◦ Be capable of responding quickly to evolving
risks
◦ Include procedures for reporting control failings
or weaknesses

Effective systems
Objective:
◦ To reduce (but cannot eliminate):
 Poor judgement in decision making
 Human error
 Deliberate circumvention of controls
 Management overriding of controls
 Occurrence of unforeseeable circumstances
Reasonable, not absolute, assurance

Underlying objectives
Responsibility
◦ Board of directors
◦ Board committees
 Audit committee
 Risk committee
 Role of committees is for Board to decide

Responsibility for systems

Process
◦ Board cannot rely on embedded monitoring
processes
◦ Board should:
 Regularly receive and review reports on internal
control
◦ Consider significant risks
◦ Assess effectiveness of internal control system
◦ Consider whether necessary actions taken
◦ Consider need for more extensive monitoring

Ensuring effectiveness
Undertake annual assessment
◦ Statement on internal control in annual report
◦ Consider:
 Changes since last annual assessment
 Scope and quality of ongoing internal control
system
 Extent and frequency of communication to Board
 Incidence of failings or weaknesses
 Effectiveness of public reporting processes

Annual undertaking
 Include meaningful, high-level information
◦ To assist shareholders’ understanding
 Not give a misleading impression
 (Minimum) Disclose that ongoing process for
managing risk
 Acknowledge Board’s responsibility
 Explain reasonable not absolute assurance
 Summarise review process
 Confirm action taken to remedy failings

Board’s annual statement on

internal controls must …
Solomon, J. (2010) Corporate Governance
Accountability (Third Edition) Chapter 6
Tricker, B. (2012) Corporate Governance
(Second Edition) Chapter 14
Mallin, C. A. (2010) Corporate
Governance (Third Edition) Chapter 8
FRC 2014 Corporate Governance Code

Reading …
17