Chapter 7:

Internal Controls I

Prepared by
Kent Wilson
University of South Australia

Corporate Governance

The system by which companies are

directed and managed. It influences
how the objectives of the company
are set and achieved, how risk is
monitored and assessed and how
performance is optimised

Brief History of Corporate

Governance
Corporate collapses in Australia in late 1980s
The Cadbury Report - UK 1992
Corporate Collapses
o
o
o
o

Enron
One Tel
Harris Scarfe
ABC Learning

Sarbanes Oxley Act - US 2002

ASX Corporate Governance Principles - 2003 &
2007

Corporate Governance in
Australia
1. Lay solid foundations for management &
oversight
2. Structure the board to add value
3. Promote ethical and responsible decision
making
4. Safeguard integrity in financial reporting

Corporate Governance in
Australia (Cont)
5. Make timely and balanced
disclosure
6. Respect the rights of shareholders
7. Recognise and manage risk
8. Remunerate fairly and responsibly

IT Governance
IT governance is concerned with whether
IT is being used within the organisation in
the manner intended
Four main objectives
1.
2.
3.
4.

Ensuring consistency with organisation goals

Ensuring IT used to optimise business opportunities
To ensure responsible usage
Ensuring appropriate risk management strategies
are in place

IT Governance

(Cont)

Five key areas that need to be

considered by those with the
responsibility of managing IT
1.
2.
3.
4.
5.

Adding value
Managing risk
Matching IT to strategy
Measuring performance
Managing resources

IT Governance Frameworks &

Standards - COBIT
1. Plan and organise
2. Acquire and implement
3. Deliver and support
4. Monitor and evaluate

Australian IT
Governance

Internal Control
Internal control: the measures an
organisation employs to help attain the
objectives of efficient operations, reliable
reporting and compliance with relevant laws
Australian Auditing Standard ASA 315
o Reasonable assurance
o Reliability of financial reporting
o Effectiveness and efficiency of operations
o Compliance with laws & regulation

Key Components of Internal

Control
1. Reasonable assurance
o An organisation meets its objectives

2. Management
o Different people are involved in internal
control
o People affect how internal controls
operate

Key Components of Internal

Control (Cont)
3. Control objectives
o Effectiveness and efficiency of
operations
Profitable operations
Protecting resources

o Reliability of financial reporting

o Compliance with applicable laws and
regulations
Legislative requirements

What Makes up an Internal

Control System?
1. Control environment
o Based on attitude and awareness
o Managements philosophy, overall
commitment and attitude to ethics
and integrity influence behaviour

2. Risk assessment
o Awareness of possible threats

What Makes up an Internal

Control System? (Cont)
3. Control activities
o Managements response to the risks
identified

4. Information and communication

o Essential elements for satisfactory
functioning
o Encompasses the design of the
information system

What Makes up an Internal

Control System? (Cont)
5. Monitoring
o Continued monitoring is required of
any system if it is to remain effective
o Needs to occur on regular basis
o Can be performed by both internal and
external parties
o Senior management plays a critical
role

COSO Framework

Identifying risks

Identifying Risks

(cont)

COSO & COBIT

ERM Expanding COSO

1. Internal environment
2. Objective setting
3. Event identification
4. Risk assessment

ERM Expanding COSO

(Cont)

5. Risk response
6. Control activities
7. Information and communication
8. Monitoring

Overview of Chapter 7
Corporate governance was defined and
discussed in detail
The importance of IT governance and an
appropriate framework was considered
Internal control and an internal control
system were outlined
Coverage of the ERM model rounded out
our discussions

Key Terms

o
o
o
o

Control activities
Control environment
Corporate governance
Enterprise Risk Model
(ERM)

o Internal control
o Monitoring
o Risk assessment