• We are pleased to announce that the winner of our Feedback Prize Draw for the Winter 2024-25 session and winning £150 of gift vouchers is Zhao Liang Tay. Congratulations to Zhao Liang. If you fancy winning £150 worth of gift vouchers (from a major UK store) for the Summer 2025 exam sitting for just a few minutes of your time throughout the session, please see our website at https://www.acted.co.uk/further-info.html?pat=feedback#feedback-prize for more information on how you can make sure your name is included in the draw at the end of the session.
  • Please be advised that the SP1, SP5 and SP7 X1 deadline is the 14th July and not the 17th June as first stated. Please accept out apologies for any confusion caused.

Module 4: Code related to internal controls and risk management

A

ALEX_AK

Member
Hello,

May I know where in the textbooks can I find readings on internal controls and risk management?

In particular, I am trying to find the answers for the below questions,
1) List the main aims of the internal controls that corporate governance codes of conduct refer.
2) Outline what you would include in the CG code in relation to internal controls and risk management.

I am unable to find the readings on internal controls and risk management with respect to M4.
 
I am trying to find the answers for the below questions,
1) List the main aims of the internal controls that corporate governance codes of conduct refer.
2) Outline what you would include in the CG code in relation to internal controls and risk management.

Hi Alex - to help me reply, please can you provide a reference for these questions, as I can't immediately locate them in our materials or past exam questions
 
Hi David,

I am actually using the notes for 2018 examinations for my study. Since the 2019 upgrade mentioned that the Q&A has been incorporated into the core readings, I assumed I can still use notes for 2018 examinations.

My questions above relate to the below questions.
(Core reading, M4, section 2.2, q4.5) CG codes of conduct refer explicitly to risk management and to the system of internal controls used to ensure that a company operates in a sound and secure way. List the main aims of the internal controls that corporate governance codes of conduct refer.
(Q&A Q1.20ii) Outline what you would include in the CG code in relation to internal controls and risk management.
 
The code should insist that a company has a system of internal controls to ensure it operates in a sound manner. These internal controls must be clearly documented.

The main aims of the internal controls to which these codes refer are:
-ensuring accurate and adequate record-keeping
-preventing fraud and safeguarding the company's assets
-guaranteeing the accuracy of financial statements
-responding appropriately to risk
-ensuring compliance with the law and any supervisory guidance.

The code may require the company to review its internal controls periodically, to ensure they operate effective and remain relevant. the results of such reviews should be made publicly available.

The code may include recommendations on the assignment of responsibility for RM within an organisation. For instance:
-one individual within an organisation should have overall responsibility for the management of risk within the organisation.
-the Board should set up a risk subcommittee specifically to oversee the management of risks within the organisation.

The code could include a requirement that those members of staff involved directly in the identification, management and measurement of risk should undergo risk training regularly, ie a system of CPD for those with risk responsibilities.

The code could include recommendations that:
-there should be evidence that the Board has risk information available to it when making decisions
-the Board should prepare a document stating that company's risk appetite and monitor compliance with this.
 
Hi DC92, I believe you got this answer from the Q&A? But where can you find these in the readings, textbooks or core reading?
 
Hi Alex

You are right that there is not much explicitly in the textbooks on this Alex. Although if you look for Sarbanes Oxley (eg Sweeting, Page 83, Lam Page 144), you'll find that it mentions that companies are required to report on their Internal Controls. Many companies in the US use the COSO cube (Sweeting Pages 508 to 511) to structure a report on Internal Controls.

Much of Sweeting Chapter 16 (Pages 463 to 473) on controlling operational risk contains examples of internal controls.
Lam (Page 248) lists the parts of the business involved in operational risk controls (and by extension gives the rationale for internal controls)
Lam (Pages 254 to 256) has examples of internal controls

Hope this helps build a bit of a picture. I responded earlier to a similar post on internal control reporting - this may be useful too.

Good luck!
Anna
 
Back
Top