Hello, May I know where in the textbooks can I find readings on internal controls and risk management? In particular, I am trying to find the answers for the below questions, 1) List the main aims of the internal controls that corporate governance codes of conduct refer. 2) Outline what you would include in the CG code in relation to internal controls and risk management. I am unable to find the readings on internal controls and risk management with respect to M4.
Hi Alex - to help me reply, please can you provide a reference for these questions, as I can't immediately locate them in our materials or past exam questions
Hi David, I am actually using the notes for 2018 examinations for my study. Since the 2019 upgrade mentioned that the Q&A has been incorporated into the core readings, I assumed I can still use notes for 2018 examinations. My questions above relate to the below questions. (Core reading, M4, section 2.2, q4.5) CG codes of conduct refer explicitly to risk management and to the system of internal controls used to ensure that a company operates in a sound and secure way. List the main aims of the internal controls that corporate governance codes of conduct refer. (Q&A Q1.20ii) Outline what you would include in the CG code in relation to internal controls and risk management.
The code should insist that a company has a system of internal controls to ensure it operates in a sound manner. These internal controls must be clearly documented. The main aims of the internal controls to which these codes refer are: -ensuring accurate and adequate record-keeping -preventing fraud and safeguarding the company's assets -guaranteeing the accuracy of financial statements -responding appropriately to risk -ensuring compliance with the law and any supervisory guidance. The code may require the company to review its internal controls periodically, to ensure they operate effective and remain relevant. the results of such reviews should be made publicly available. The code may include recommendations on the assignment of responsibility for RM within an organisation. For instance: -one individual within an organisation should have overall responsibility for the management of risk within the organisation. -the Board should set up a risk subcommittee specifically to oversee the management of risks within the organisation. The code could include a requirement that those members of staff involved directly in the identification, management and measurement of risk should undergo risk training regularly, ie a system of CPD for those with risk responsibilities. The code could include recommendations that: -there should be evidence that the Board has risk information available to it when making decisions -the Board should prepare a document stating that company's risk appetite and monitor compliance with this.
Hi DC92, I believe you got this answer from the Q&A? But where can you find these in the readings, textbooks or core reading?
Hi Alex You are right that there is not much explicitly in the textbooks on this Alex. Although if you look for Sarbanes Oxley (eg Sweeting, Page 83, Lam Page 144), you'll find that it mentions that companies are required to report on their Internal Controls. Many companies in the US use the COSO cube (Sweeting Pages 508 to 511) to structure a report on Internal Controls. Much of Sweeting Chapter 16 (Pages 463 to 473) on controlling operational risk contains examples of internal controls. Lam (Page 248) lists the parts of the business involved in operational risk controls (and by extension gives the rationale for internal controls) Lam (Pages 254 to 256) has examples of internal controls Hope this helps build a bit of a picture. I responded earlier to a similar post on internal control reporting - this may be useful too. Good luck! Anna
