It is the responsibility of executive management to put in place a suitable system of internal controls to manage the risks of the company
In the UK, internal controls are divided into three categories for the purpose of corporate governance:
These safeguard the company assets
Ensure adequate accounting records are kept
Include the preparation of Financial Statements
Management must design and implement internal controls,
The company’s governors (directors) must satisfy themselves that the IC system is adequate and works properly
External Audit v Management Responsibilities
Management and the external auditors have different responsibilities when it comes to various aspects of the client business:
To ensure that effective measures are in place to ensure good corporate governance
If under combined code, to report on any conflicts between reported corporate governance and the financial statements
Prepare financial statements which provide a ‘true and fair’ view of the company’s results.
Select and apply suitable accounting policies.
Base judgements on prudent and responsible basis.
Implement suitable internal controls.
Report an opinion as to whether the financial statements give a ‘true and fair’ view.
Planning the work to be undertaken.
Gathering sufficient audit evidence.
Systems and Controls
Establishing suitable systems and controls to safeguard assets, produce accurate accounting information and prevent and detect fraud.
Assess risk of material misstatement due to poor systems and controls
Document tests of controls undertaken
Report weaknesses to those charged with governance
Fraud and Error
Safeguards should be in place to avoid fraud and error through the systems and controls the company operates
Internal audit function will be responsible for monitoring and implementation of these
If fraud or error leads to material misstatement, the auditor is responsible for detecting it.
If immaterial, these should be reported to those charged with governance, but there is no responsibility to detect them.
The inherent limitations of audit mean that the auditor cannot guarantee that the financial statements are free from fraud and error.
The auditor must consider the risk of material misstatement due to fraud and error when planning and performing their audit.
If discovered, fraud should be reported to the audit committee (if one exists), or the highest level of management (if not involved in the fraud), or the shareholders if the fraud is by those in senior management.