Role of Corporate Financial Management by igr23038


More Info
									Developing the Auditing Role:
Corporate and Financial Reporting

                  Richard Archer
              CG Management Solutions
• Establishing the Control Function
• Implementing a System of Internal Controls
• Assessment: monitoring, accountability and
• Adopting International Financial Reporting
  Standards (IFRS)
• Stakeholder involvement
• Reporting and public disclosure
 Establishing a Control Function
• Should the organisation have an internal
  control or internal audit function?
  – Regulatory requirements and listing rules
     • Generally internal audit is either required or a
       recommended best practice
     • UAE Code is unique is specifically designating the
       “control” function
  – Size and complexity of the organisation
  – Type of organisation
  – Nature of the business/industry
• If need established, recruit the right person to
  lead the function
      Establishing a Control Function
• Internal Control vs. Internal Audit
         – Internal Control is a process effected by the
           entity’s board of directors, management, and other
           personnel, designed to provide reasonable
           assurance regarding the achievement of objectives
           in the following categories:
               • reliability of financial reporting,
               • effectiveness and efficiency of operations, and
               • compliance with applicable laws and regulations.1
         – Most common view is that management has
           primary responsibility for establishing and
           maintaining a system of internal controls
    “Internal Control – Integrated Framework”, page 13. Committee of Sponsoring Organisations of the Treadway
Commission, 1992
       Establishing a Control Function
• Internal Control vs. Internal Audit
         – Internal Audit is an independent, objective
           assurance and consulting activity designed to add
           value and improve an organisation's operations. It
           helps an organisation accomplish its objectives by
           bringing a systematic, disciplined approach to
           evaluate and improve the effectiveness of risk
           management, control, and governance processes.2
         – Critical concern for internal audit is how high in the
           organisation it is allowed to monitor and report on
           internal control practices, effectiveness of risk
           management, and improper actions by personnel
    Institute of Internal Auditors
 Establishing a Control Function
• Assurance and consulting roles for Internal
  Audit create conflict that can compromise
• Creation of separate Control Function
  – Reports to management
  – Responsible for design, implementation, operation,
    and improvement in system of internal control and
    risk management
• Internal Audit provides independent assurance
  – Reports to Board of Directors, usually through Audit
  – Responsible for monitoring effectiveness of
    management’s implementation and operation of
    proper system of internal control and risk
  Establishing a Control Function
• Critical elements of the IIA’s 16 step process
  for establishing internal audit
  – Step 1: Determine the assigned authority of the
    internal audit or internal control activity
  – Step 2: Ensure clear understanding of expectations
    and limitations for the function through discussions
    with Board and Senior Management
  – Step 3: Understand Audit Committee Charter
  – Step 5: Understand Management’s Control Policy
  – Step 10: Develop the formal Charter for the function
  – Step 15: Develop best practices reporting
    relationships by working with Board, Senior
    Management, and relevant stakeholders
  – Step 16: Establish a quality assurance program
      Internal Control Systems
• Internal control systems existing in many
  organisations are not the result of conscious,
  planned design
  – Not associated with an accepted framework
  – Internal controls not effectively integrated/adapted
    as organisation structure changed
  – One-off responses to control failures (i.e., things
    going wrong) or identified gaps in internal control
  – Organisational policy and regulatory compliance
    changes added to existing system without change
    in previous requirements
  – Internal controls not evaluated in relation to
    changing objectives and risks
       Internal Control Systems
• Traditional internal control system
  implementation in 8 steps
  – Facilitate management discussions to identify
    organisational objectives
  – Determine effectiveness of the control environment
    (management culture, methods, organisation structure)
  – Facilitate management identification of risks the
    organisation faces in achieving its objectives
  – Design the internal controls based on identified risks,
    risks responses, and control objectives
  – Evaluate the coverage of the designed controls
  – Implement the designed controls
  – Test operational effectiveness of implemented controls
  – Apply revisions where designed controls are not
    performing as intended or do not integrate as designed
         Internal Control Systems
• Traditional internal control design concerns
  –   Auditor driven
  –   Checklist approach going directly to detailed design
  –   Focused on minimising risks (what can go wrong)
  –   Little emphasis on controls to ensure opportunities
      are exploited
  –   Relies heavily on a top-down, command and control
      structure, rather than organisation-wide information
      sharing and flexibility of action
  –   Risk and uncertainty, once identified, can be
  –   Conceptually approached as independent of
      organisational processes
  –   Relies on single scenario (i.e., most likely outcome)
      as basis for control of risk and setting controls
      Internal Control Systems
• “Intelligent controls” design
  – Identify objectives based on actions that need to be
    taken to meet the needs of organisational
    stakeholders, especially customers
  – Identify risks and uncertainties
     • Risks associated with organisational objectives
     • Risks organisation may not be able to exploit range of
       opportunities for improvement
     • Team-based, multiple scenario risk and response analysis
       for flexibility of controls in changing conditions
     • Assume planning based on rolling forecasts, rather than
       “most likely” outcomes
  – Develop a reference database of generic controls
    focused on organisational specific control needs
      Internal Control Systems
• “Intelligent controls” design (continued)
  – Design the controls
     • Design top-down
        – High level control architecture
        – Define control types on which reliance will be heaviest
        – Define essential controls likely to be included
     • Adapt generic internal control schemes
     • Fabricate control schemes from relevant components of
       proven controls for similar responses to other risks
  – Continuously monitor results and refine the control
    design based on experience
  – Measure results against a flexible plan
     • Establish alternative paths in the plan to reflect the range
       of conditions and outcomes
     • Plan to do more planning (i.e., rolling plans or forecasts
       reflecting changes in conditions)
       Internal Control Systems
• Advantages of intelligent controls design
  – Intelligent control design is integrated into design of
    organisational structure and operations processes
    emphasising organisational performance, rather than
    audit driven compliance
  – Critical control feature of intelligent control systems
    becomes the proven, demonstrable ability of the
    personnel to adapt control activities as necessary to
    respond to uncertainty and change on a timely basis,
    rather than on adherence to a single fixed control
  – Most effective under a participative, sharing-learning
    management philosophy
  – Depends heavily on the availability of qualified
    personnel (either by hiring or by training)
     Assessing Internal Controls
• Annual assessment of internal control and risk
  management effectiveness is required in most
  governance codes
  – Assessing and reporting on effectiveness of
    management’s approach to internal control system
    design and operation, risk management practices,
    and governance compliance is primary role of
    internal audit
  – Audits planned and conducted to cover all critical
    areas identified in annual controls risk analysis
  – Management design of continuous monitoring
    procedures into internal control system
  – Control self-assessment programs effective in
    overall evaluation and assessment of non-critical
    IFRS – Convergence Trends
• Significant progress toward harmonisation of
  accounting standards in 2007
  – FASB and IASB continue to work jointly to revise
    standards in key areas to a common approach
  – SEC adapts filing rules for IFRS
     • December 2007: FPIs no longer required to provide
       reconciliation to US GAAP if financials prepared following
       standard IFRS
     • Concept statement on US companies using IFRS for SEC
       filings released for comment in August 2007
  – January 2008: Chairman of FASB acknowledges US
    GAAP unlikely to become global reporting standard
  – January 2008: CEOs of 6 largest global accounting
    firms support move to a single global reporting
  – US GAAP harmonisation with IFRS targeted for
    2009; Canada harmonisation for 2011
   IFRS – Convergence Trends
• Conversion to IFRS
  – Determine objectives
     • Meet periodic financial reporting requirements
     • Integrate financial reporting standards into operational,
       planning, compensation, and management decision
       making processes
  – Identify differences in reporting standards
     • Determine conformity with home country standards
     • Define reporting requirements under IFRS
     • Compare and catalog differences
  – Restate closing balance sheet
     • Analyse final differences and calculate adjustments
     • Apply adjustments
    IFRS – Convergence Trends
• Conversion to IFRS (continued)
  – Evaluate effect on operational areas
  – Implement new accounting systems
     • Revised accounting manual
     • Revised charts of accounts to incorporate regulatory,
       statutory/external, and management reporting
     • Revise procedures and controls with emphasis on
       intercompany and tax compliance activities
     • Modify or create conforming accounting applications
  – Test system design
     • Test runs
     • Training
     • Modifications
  – Implement fully developed system
    IFRS – Convergence Trends
• Conversion to IFRS (continued)
  – Time frame
     • Periodic reporting objective: 3 to 4 months
     • Full integration: 18 to 24 months
  – Will usually require support of consultants/advisors
    expert in the new accounting standards, accounting
    application design, and project management
  – Internal Audit roles
     • Consulting role participating in new controls design
     • Monitoring role tracking progress of conversion and
       effectiveness of project techniques
     • Assessment role evaluating effectiveness of planned
       controls and management’s overall effectiveness in
       accomplishing the conversion
      Stakeholder Involvement
• Stakeholders in the financial reporting and
  internal audit process generally consist of:
  – Board of Directors: principal responsibility
  – Senior management: operational responsibility
  – Financial management: reporting responsibility
  – Internal audit: monitor and assess controls for the
  – Regulatory and/or exchange listing officials
  – Investors / owners (current or potential)
• Blockholder (insider) governance systems
  common in the region result in the same
  people having overlapping roles, assuring
  involvement in financial reporting and controls
• Minority investor interests
           Governance Reporting
• All governance systems require some level of
  reporting on internal control and risk
  management practices
  – Existence of a system of internal controls and risk
  – Results of annual review of effectiveness of internal
    controls and risk management
     •   Basic control elements
     •   Changes in controls
     •   Nature and extent of significant risks
     •   Internal control failures or substantial weaknesses having a
         material effect on performance or financial position
  – Procedures followed in evaluating and managing
    risk and the system of controls
  – Need for and existence of a control or internal audit
    function or justification why it is not necessary

To top