Professional Documents
Culture Documents
8 Internal Control Systems
8 Internal Control Systems
Caroline Carr
57% of FTSE 350 companies now comply with the UK
Corporate Governance Code, up from circa 51% over the
past three years.
Only 27% of companies give real insight into how they
review the effectiveness of their systems of internal control.
Personal accountability is this year’s clear trend with 60% of
chairmen providing personal introductions to the corporate
governance statement. The proportion of committee
chairmen personally introducing their reports has also risen
significantly.
The average annual report is now 143 pages long, with the
front end continuing to grow by about three pages per year.
This week …
Internal
control: Guidance for directors on
the Combined Code
◦ Also known as Turnbull report (1999)
◦ Revised guidance issued in 2005
Superseded by UK Corporate Governance
Code 2010, 2012
Further superseded by FRC Guidance
issued in 2014
Internal control in UK
"The board is responsible for defining the
company’s risk appetite and tolerance. The board
should maintain a sound system of risk
management and internal control to safeguard
shareholders’ investment and the company’s
assets" – main principle C.2.
Responsibilities
Nature and extent or risks facing company
Extent and categories of acceptable risks
Likelihood of risks materialising
Company’s ability to reduce incidence and
impact of risks
Cost versus benefit of controls
Factors to be considered
Respond to business, operational,
financial, compliance and other risks to
achieving company’s objectives
Help ensure quality of internal and
external reporting
Help ensure compliance with applicable
laws and regulations
◦ Control activities
◦ Information and communications processes
◦ Processes for monitoring continuing
effectiveness of system
Effective systems
Objective:
◦ To reduce (but cannot eliminate):
Poor judgement in decision making
Human error
Deliberate circumvention of controls
Management overriding of controls
Occurrence of unforeseeable circumstances
Reasonable, not absolute, assurance
Underlying objectives
Responsibility
◦ Board of directors
◦ Board committees
Audit committee
Risk committee
Role of committees is for Board to decide
Ensuring effectiveness
Undertake annual assessment
◦ Statement on internal control in annual report
◦ Consider:
Changes since last annual assessment
Scope and quality of ongoing internal control
system
Extent and frequency of communication to Board
Incidence of failings or weaknesses
Effectiveness of public reporting processes
Annual undertaking
Include meaningful, high-level information
◦ To assist shareholders’ understanding
Not give a misleading impression
(Minimum) Disclose that ongoing process for
managing risk
Acknowledge Board’s responsibility
Explain reasonable not absolute assurance
Summarise review process
Confirm action taken to remedy failings
Reading …
17