Hi, Could anyone please explain what’s internal control report for and what contents should be included? Thanks very much Martina
Hi Martina An internal controls report may be required under either legislation (such as Sarbanes Oxley in the USA) or under a Corporate Governance Code (such as The UK Corporate Governance Code). The term 'Internal Controls' is quite a wide ranging term that refers to any processes that a company establishes to: - safeguard its assets (in particular to prevent fraud) and to ensure the reliability / accuracy of financial statements and reports (REPORTING) - ensure compliance with regulation / legislation (COMPLIANCE) - promote efficient operations (OPERATIONS) - ensure the company meets its objectives (STRATEGIC) Examples of internal controls might include setting out how the company: - segregates duties (ie to prevent one person having too much power and fraud) - authorises transactions (eg over a certain size) - retains records / documentation - supervises its operations - employs physical safeguards (eg access to buildings, cameras to protect property and contents) - employs IT controls (eg security, access rights, data back up, change management, user testing before production, validation checks for data entry, reconciliations / comparisons) - reviews its strategy and operations against objectives (eg comparing actual results vs expected, KPIs/KRIs vs limits) Many companies in the USA use the COSO cube as a structure for their Sarbanes Oxley Internal Controls Report, making sure that: - there are internal controls in respect of each of the four areas given above (strategic, operational, compliance, reporting) - each aspect of the risk management framework is considered (ie What is the control environment (eg attitude to controls, responsibilities, integrity)? What are the objectives of the company in relation to controls? How does the company identify and assess its risks? What are the internal controls (see examples above)? How will information be reported and communicated on risks and controls? How with the control process be reviewed and monitored) - controls are considered for each section of the business (the whole entity, divisions, subsidiaries, business units). There are various examples on the internet of internal control reports if you want to look further, eg: https://ubistatic19-a.akamaihd.net/comsite_common/en-US/images/2469_tcm99-27496_tcm99-196733-32.pdf http://www.hysan.com.hk/wp-content/...sk-Management-and-Internal-Control-Report.pdf https://www.rpmi.co.uk/docs/default...aaf-report-2014-added-27-05-2015.pdf?sfvrsn=2 Does this help Martina? Anna
