P1 GOVERNANCE RISK

AND ETHICS
Lecture 5
Nearchos A. Ioannou

Structure of Lecture
-Internal Controls
- Cybernetic control system
- COSO framework

Internal controls
Internal controls should help the

organisation counter risks, maintain

the quality of financial reporting and
comply with laws and regulations.
The provide reasonable assurance
that organisations will fulfil their
strategic objectives

The cybernetic control

system
A cybernetic control system describes
the process of control within a
system. A general cybernetic control
system has six stages:
1) Identification of system objectives
2) Setting targets for system objectives
3) Measuring achievements/ outputs of
the system

The cybernetic control

system
4) Comparing achievements with
targets
5) Identifying what corrective action
might be necessary
6) Implementing corrective action

Important characteristics of
control systems
Fisher has suggested that management

control systems can be viewed in terms of

the following criteria:
- Flexibility and ease of achievement of
targets
- Relative importance of numerical and
subjective performance measures
- Relative importance of short and long-term
measures

Important characteristics of
control systems(cont)
- Consistency of measures used across the
-

organisation
Whether management actively
intervenes or intervenes by exception
How automatic control mechanisms are
Extent of participation below top
management
Extent on reliance on social relationships

Effectiveness of control
systems
In order for internal controls to

function properly, they have to be

well-directed

Report on internal controls

Turnbull (revised in 2005)
It comments that internal controls consists

of the policies, processes, tasks, behaviours

and other aspects of a company that taken
together:
- Facilitate its effective and efficient operation
- Help ensure the quality of internal and
external reporting
- Help ensure compliance with applicable
laws and regulations

The COSO framework

The control framework that the

Committee of Sponsoring
Organisations(COSO) of the Treadway
Commission has developed links
objectives with risk management. All
elements of this framework affect
what COSO call the objective
categories

COSO( cont)
These categories are:
- Strategic development
- Operations
- Reporting
- Compliance

COSO( cont)
A significant advantage of the COSO
framework is that it focuses on a
wide concept of internal control and
is not limited to financial control

Limitations of controls
Cost may outweight the benefits
Potential of human error
Collusion between employees
Controls by-passed or overidden by

management
Controls depending on the method of
data processing

INTERNAL CONTROLS AND REVIEW

ELEMENTS OF THE CONTROL SYSTEM
In addition a good control system must have also:
1. Information and communication
The company must gather information and
communicate it to the right people so the can
carry out their responsibilities. The quality of
information systems is a key factor in the
effectiveness of internal controls.
2. Risk assessment
Having established its objectives a company
should identify and assess the risks involved in
achieving those objectives and this assessment
should form the basis for deciding how the risks
should be managed.

INTERNAL CONTROLS AND REVIEW

ELEMENTS OF THE CONTROL SYSTEM
The risk assessment process should consider:
Internal factors such as the complexity of the
company, organisational changes, quality of staff and
External factors such as changes in the industry and
economic conditions, technological changes etc.
It should also distinguish between
The likelihood of the risk to materialised
The impact of the risk to the company
When completing the above the management of the
company then should decide

1.
2.
3.

Whether to accept the risk or

To take measures to control or reduce the risk or
If risk is uncontrollable and to big for the company consider
withdraw from the business activity partially or fully so as to
avoid it

INTERNAL CONTROLS AND REVIEW

ELEMENTS OF THE CONTROL SYSTEM
3. If risk is uncontrollable and too big for the company it
should consider withdrawal from the business activity
partially or fully so as to avoid it.
4. The costs of operating the particular control relative
to the benefit of obtained in managing the related
risk.

3. Monitoring
The internal control system must be monitored. This
element of internal control system is associated with
internal audit
( to be covered later) as well as general
supervision. It is important that deficiencies should be
identified and reported to top management so corrective
actions can be taken.