Chapter 10 - Internal Control Systems Flashcards Preview

Corporate Governance > Chapter 10 - Internal Control Systems > Flashcards

Flashcards in Chapter 10 - Internal Control Systems Deck (21)
Loading flashcards...
1

What are the 5 main elements of a system of internal control (by COSO)?

1 A control environment
2 Risk identification and assessment
3 Internal controls
4 Information and communication
5 Monitoring

2

Identify two or more examples of significant internal control failings in major companies in the past.

1995 Barings Banks collapse - failure to identify rogue trader

2010 Northern Rock - "growth" culture led employees to lie to investors, leading to fines by the FCA.

3

Give 5 examples of operational risks.

- system breakdown (IT)
- lost/stolen information (i.e. data breach)
- terrorist attack
- losses due to staff mistakes
- inefficient use of resources

4

What are the three main categories of internal controls?

1 Preventative controls
2 Detective controls
3 Corrective controls

5

What are the three main categories of internal controls?

1 Preventative controls
2 Detective controls
3 Corrective controls

6

What are the provisions of the UKCGC relating to internal control?

- the board should at least annually conduct a review of the effectiveness of the company's risk management and internal control system.

7

What are the responsibilities of an audit committee with respect to internal control and internal audit, as stated in the Code?

The Code states that the responsibilities of the audit committee include:
- review internal financial controls
- review internal control system and risk management system
- monitoring effectiveness of the internal audit function.

8

What are the responsibilities of an audit committee with respect to internal control and internal audit, as stated in the Code?

The Code states that the responsibilities of the audit committee include:
- review internal financial controls
- review internal control system and risk management system
- monitoring effectiveness of the internal audit function.

9

What are the main reccommendations in the FRC Guidance on Risk Management, Internal Control, and Related Financial and Business Reporting?

- board has responsibility for overall approach to risk management and internal control
- the risk management and internal control systems should be integrated into the operations of the company
- there should be an annual review of the internal control system
- the board should make a statement on the annual review

10

How might an audit committee review the effectiveness of a company's system of internal control?

Using the questions set out within the FRC Guidance.

11

What is the purpose of an internal audit function?

To provide independent assurance that an organisation's risk management, governance and internal control processes are operating effectively.

12

What tasks might be carried out by an internal audit department?

- reviewing the internal control system
- special investigations
- examination of financial and operating information
- value for money (VFM) audits
- reviewing compliance by the organisation with particular laws or regulations
- risk assessment

13

How can the independence of the head of internal audit be protected?

Auditors should have a reporting line that makes them independent of the executives, and therefore avoids bias.

14

What four factors might be assessed by internal audit when investigating internal financial controls?

1 Whether controls are automated or mandatory
2 Whether controls are discretionary or non-discretionary
3 Whether the controls can be circumnavigated easily
4 Whether the controls are effective in achieving their purpose.

15

Why should disaster recovery planning be a part of the internal control system of a large company?

To help the company to cope and adapt to any major disaster.

16

What are the key components of a disaster recovery plan?

- specify which operations are essential
- identify how IT systems can be transferred in the event of a disaster
- specify where operations should be transferred to if they cannot continue in their current location
- identify key personnel who are needed to maintain systems
- identify who should keep the public informed.

17

What does the UK Code state about whistleblowing?

The audit committee should review arrangement by which staff of the company may, in confidence, raise concerns about possible improprieties in financial reporting or other matters.

18

What would be the most appropriate reporting channel for whistleblowing?

Report initially to the CoSec, who can pass on allegations to the SID and other NEDs.

19

What are the key features of a whistleblowing policy according to the "Whistleblowing Arrangements Code Of Practice" by BSI?

- every employee should receive a copy
- reporting lines should be established
- give examples of the type of conduct in question
- set out procedures by which allegations will be investigated
- make clear that false accusations will have consequences
- establish an external whistleblowing route
- promise confidentiality

20

What are the three offences under the Bribery Act 2010?

- offering (active) or recieving (passive) bribes
- bribery of foreign officials
- failure to prevent a bribe being paid on the organisation's behalf

21

What are the six principles of the MoJ guidance on the Bribery Act 2010?

1 Proportionate procedures
2 Top-level commitment
3 Risk assessment
4 Due diligence
5 Communication
6 Monitoring and review