Friday, July 22, 2011

Content of External Report on Internal Control

In common with corporate governance codes elsewhere, there are four broad themes that such a report should contain.


1. Firstly, the report should contain a statement of acknowledgement by the board that it is responsible for the company’s system of internal control and for reviewing its effectiveness. This might seem obvious but it has been shown to be an important starting point in recognising responsibility. It is only when the board accepts and acknowledges this responsibility that the impetus for the collection of data and the authority for changing internal systems is provided. The ‘tone from the top’ is very important in the development of my proposed reporting changes and so this is a very necessary component of the report.


2. Secondly, the report should summarise the processes the board (or where applicable, through its committees) has applied in reviewing the effectiveness of the system of internal control. These may or may not satisfy shareholders, of course, and weak systems and processes would be a matter of discussion at AGMs for non-executives to strengthen.


3. Thirdly, the report should provide meaningful, high level information that does not give a misleading impression. Clearly, internal auditing would greatly increase the reliability of this information but a robust and effective audit committee would also be very helpful.


4. Finally, the report should contain information about any weaknesses in internal control that have resulted in error or material losses. This would have been a highly material disclosure in the case of ZPT and the costs of non-disclosure of this was a major cause of the eventual collapse of the company




*************


The United States Securities and Exchange Commission (SEC) guidelines are to disclose in the annual report as follows:

1. A statement of management’s responsibility for establishing and maintaining adequate internal control over financial reporting for the company. This will always include the nature and extent of involvement by the chairman and chief executive, but may also specify the other members of the board involved in the internal controls over financial reporting. The purpose is for shareholders to be clear about who is accountable for the controls.


2. A statement identifying the framework used by management to evaluate the effectiveness of this internal control. This will usually involve a description of the key metrics, measurement methods (e.g. rates of compliance, fair value measures, etc) and tolerances allowed within these. Within a rules-based environment, these are likely to be underpinned by law.


3. Management’s assessment of the effectiveness of this internal control as at the end of the company’s most recent fiscal year. This may involve reporting on rates of compliance, failures, costs, resources committed and outputs (if measurable) achieved.


4. A statement that its auditor has issued an attestation report on management’s assessment. Any qualification to the attestation should be reported in this statement.



***********

No comments:

Post a Comment