Chapter 5 - Internal Controls and Risk Management

Abstract

This chapter considers the various internal controls that contribute to the governance framework of a company. The aim of a company's system of internal controls should be to ensure that its management systems, accounting records, asset maintenance, and compliance issues are operating correctly. Internal controls ensure both the effectiveness of a company's operations and the reliability of its internal and external reporting. They also assist in its compliance with laws and regulations. The Combined Code (the Code) includes several recommendations for listed companies in relation to internal control, and the Turnbull guidance helps boards to implement those recommendations. The Turnbull guidance states that a control system should be: embedded in the operations of the company and form part of its culture, capable of responding quickly to changing risks and to a changing business environment, inclusive of procedures for identifying any significant control failings, or weaknesses and reporting these to management immediately. The Appendix to the Turnbull guidance includes a series of questions to which a board of directors should have regard when setting up a system of internal control and reviewing its effectiveness. Code Provision C.2.1 refers to the review as covering “all material controls,” including financial, operational, and compliance controls, and risk management systems. Further, the Turnbull guidance indicates that the focus should be on the significant risks faced by a company. They might, for example, be centered in litigation, document management, or intellectual property. Others will find that ethics, commodity trading, or the concentration of powers in a general manager are the problem areas.