AAF8
Syllabus A. Audit Framework And Regulation A3. Corporate Governance

A3f. Responsibilities for systems and controls

Syllabus A3f)

Explain the importance of internal control and risk management.

It is the responsibility of executive management to put in place a suitable system of internal controls to manage the risks of the company

In the UK, internal controls are divided into three categories for the purpose of corporate governance:

  1. Financial controls

  2. Compliance controls

  3. Operational controls

Financial controls

  • These safeguard the company assets

  • Ensure adequate accounting records are kept

  • Include the preparation of Financial Statements

Management must design and implement internal controls,

The company’s governors (directors) must satisfy themselves that the IC system  is adequate and works properly

External Audit v Management Responsibilities

Management and the external auditors have different responsibilities when it comes to various aspects of the client business:

  • Corporate Governance

    • Management Responsibilities

      To ensure that effective measures are in place to ensure good corporate governance

    • Auditor Responsibilities

      If under combined code, to report on any conflicts between reported corporate governance and the financial statements

  • Financial Reporting

    • Management Responsibilities

      Prepare financial statements which provide a ‘true and fair’ view of the company’s results.

      Select and apply suitable accounting policies.

      Base judgements on prudent and responsible basis.

      Implement suitable internal controls.

    • Auditor Responsibilities

      Report an opinion as to whether the financial statements give a ‘true and fair’ view.

      Planning the work to be undertaken.

      Gathering sufficient audit evidence.

  • Systems and Controls

    • Management Responsibilities

      Establishing suitable systems and controls to safeguard assets, produce accurate accounting information and prevent and detect fraud.

    • Auditor Responsibilities

      Assess risk of material misstatement due to poor systems and controls

      Document tests of controls undertaken

      Report weaknesses to those charged with governance

  • Fraud and Error

    • Management Responsibilities

      Safeguards should be in place to avoid fraud and error through the systems and controls the company operates

      Internal audit function will be responsible for monitoring and implementation of these

    • Auditor Responsibilities

      If fraud or error leads to material misstatement, the auditor is responsible for detecting it.  

      If immaterial, these should be reported to those charged with governance, but there is no responsibility to detect them.

      The inherent limitations of audit mean that the auditor cannot guarantee that the financial statements are free from fraud and error.

      The auditor must consider the risk of material misstatement due to fraud and error when planning and performing their audit.

      If discovered, fraud should be reported to the audit committee (if one exists), or the highest level of management (if not involved in the fraud), or the shareholders if the fraud is by those in senior management.