Chapter 10 - Internal Control Systems Flashcards Preview

Corporate Governance > Chapter 10 - Internal Control Systems > Flashcards

Flashcards in Chapter 10 - Internal Control Systems Deck (21)
Loading flashcards...
1
Q

What are the 5 main elements of a system of internal control (by COSO)?

A
1 A control environment
2 Risk identification and assessment
3 Internal controls
4 Information and communication
5 Monitoring
2
Q

Identify two or more examples of significant internal control failings in major companies in the past.

A

1995 Barings Banks collapse - failure to identify rogue trader

2010 Northern Rock - “growth” culture led employees to lie to investors, leading to fines by the FCA.

3
Q

Give 5 examples of operational risks.

A
  • system breakdown (IT)
  • lost/stolen information (i.e. data breach)
  • terrorist attack
  • losses due to staff mistakes
  • inefficient use of resources
4
Q

What are the three main categories of internal controls?

A

1 Preventative controls
2 Detective controls
3 Corrective controls

5
Q

What are the three main categories of internal controls?

A

1 Preventative controls
2 Detective controls
3 Corrective controls

6
Q

What are the provisions of the UKCGC relating to internal control?

A
  • the board should at least annually conduct a review of the effectiveness of the company’s risk management and internal control system.
7
Q

What are the responsibilities of an audit committee with respect to internal control and internal audit, as stated in the Code?

A

The Code states that the responsibilities of the audit committee include:

  • review internal financial controls
  • review internal control system and risk management system
  • monitoring effectiveness of the internal audit function.
8
Q

What are the responsibilities of an audit committee with respect to internal control and internal audit, as stated in the Code?

A

The Code states that the responsibilities of the audit committee include:

  • review internal financial controls
  • review internal control system and risk management system
  • monitoring effectiveness of the internal audit function.
9
Q

What are the main reccommendations in the FRC Guidance on Risk Management, Internal Control, and Related Financial and Business Reporting?

A
  • board has responsibility for overall approach to risk management and internal control
  • the risk management and internal control systems should be integrated into the operations of the company
  • there should be an annual review of the internal control system
  • the board should make a statement on the annual review
10
Q

How might an audit committee review the effectiveness of a company’s system of internal control?

A

Using the questions set out within the FRC Guidance.

11
Q

What is the purpose of an internal audit function?

A

To provide independent assurance that an organisation’s risk management, governance and internal control processes are operating effectively.

12
Q

What tasks might be carried out by an internal audit department?

A
  • reviewing the internal control system
  • special investigations
  • examination of financial and operating information
  • value for money (VFM) audits
  • reviewing compliance by the organisation with particular laws or regulations
  • risk assessment
13
Q

How can the independence of the head of internal audit be protected?

A

Auditors should have a reporting line that makes them independent of the executives, and therefore avoids bias.

14
Q

What four factors might be assessed by internal audit when investigating internal financial controls?

A

1 Whether controls are automated or mandatory
2 Whether controls are discretionary or non-discretionary
3 Whether the controls can be circumnavigated easily
4 Whether the controls are effective in achieving their purpose.

15
Q

Why should disaster recovery planning be a part of the internal control system of a large company?

A

To help the company to cope and adapt to any major disaster.

16
Q

What are the key components of a disaster recovery plan?

A
  • specify which operations are essential
  • identify how IT systems can be transferred in the event of a disaster
  • specify where operations should be transferred to if they cannot continue in their current location
  • identify key personnel who are needed to maintain systems
  • identify who should keep the public informed.
17
Q

What does the UK Code state about whistleblowing?

A

The audit committee should review arrangement by which staff of the company may, in confidence, raise concerns about possible improprieties in financial reporting or other matters.

18
Q

What would be the most appropriate reporting channel for whistleblowing?

A

Report initially to the CoSec, who can pass on allegations to the SID and other NEDs.

19
Q

What are the key features of a whistleblowing policy according to the “Whistleblowing Arrangements Code Of Practice” by BSI?

A
  • every employee should receive a copy
  • reporting lines should be established
  • give examples of the type of conduct in question
  • set out procedures by which allegations will be investigated
  • make clear that false accusations will have consequences
  • establish an external whistleblowing route
  • promise confidentiality
20
Q

What are the three offences under the Bribery Act 2010?

A
  • offering (active) or recieving (passive) bribes
  • bribery of foreign officials
  • failure to prevent a bribe being paid on the organisation’s behalf
21
Q

What are the six principles of the MoJ guidance on the Bribery Act 2010?

A
1 Proportionate procedures
2 Top-level commitment
3 Risk assessment
4 Due diligence
5 Communication
6 Monitoring and review