Assessment The Internal Control System of Banks: Tim Sovaniski
Assessment The Internal Control System of Banks: Tim Sovaniski
Assessment The Internal Control System of Banks: Tim Sovaniski
Banks
Tim Sovaniski
Abstract:
This research attempt to explore to determine and investigate the main roles of
auditing in corporate governance around the world especially in Slovenia, A large
number of studies concerned with auditing and corporate governance have been
conducted using US and UK data.
The objective of this research is to contribute to understanding the auditing and
roles of auditing in corporate governance. Determine the nature of the Audit
Committee and the dimensions of their role in promoting corporate governance and
implementation mechanisms.
The study recommended that the role of corporate governance must be adopted
in all organizations in Slovenia.
Keywords:
Internal Control System, COSO Framework, Banks
The banking industry worldwide has experienced significant bank failures and
crises over the years. Bank failures are of great concerns to Central banks and
governments because of its systematic nature and often exacerbate recessions and act
as catalyst for financial crises.
Internal control problems are a common place in the banking industry, and that
allowed rogue traders to cause huge financial losses to these banks. In 2012 HSBC the
largest financial institution in Europe, admitted having poor money laundering
controls and was consequently fined $ 1.9b after U.S senate investigations.
An effective internal control system is the nerve centre of every organization,
the breakdown of which leads to the failure of organizations. Internal control is a
crucial aspect of an organization's governance system and ability to manage risk. It
ensures the achievement of an organization's objectives and creating, enhancing, and
protecting stakeholder value.
Precipitating the current global financial crises is the high profile corporate
failures such as Enron and WorldCom in the USA, Parmalat in Europe, and similar
cases of corporate collapse around the world.
Failure of internal control systems and the eventual circumvention of internal
controls by company executives accounted for these corporate scandals.
Organizations must ensure that their internal control systems remain relevant in
today's business model.
Business models have changed dramatically, including increased use of shared
services, outsourced service providers, regulations have also intensified on
companies, over reliance on technology, increased stakeholder expectation etc have
increased business risks significantly , which necessitated COSO's revision of its 1992
framework in 2013.
1. Internal Control
Internal control includes all of the processes and procedures that management
puts in place to help make sure that its assets are protected and that company activities
are conducted in accordance with the organization’s policies and procedures.
COSO can defined Internal control as : It is a process, effected by an entity’s
board of directors, management, and other personnel, designed to provide reasonable
assurance regarding the achievement of objectives relating to operations, reporting,
and compliance.
Other Scholars define internal control as: A system of internal control consists
of policies and procedures designed to provide management with reasonable
assurance that the company achieves its objectives and goals.
Tandon et al. list the main objectives of Internal Control as the following:
1. The orderly and efficient conduct of its business, including adherence to
internal policies
2. The safeguarding of assets of the business
3. The prevention and detection of fraud and error
4. The accuracy and completeness of the accounting records, and
5. The timely preparation of financial information
There is a big role of Management and Auditing in Internal control, this role can
be illustrated in figure (1).
Auditing Managment
Fianacial
Strategy and responsibility Personnal
Internal Check Internal Audit Budgets Informati objectives area Controls
on
Fig (1): The Role of Auditing and Management to Achieve the Internal Control
After the 2nd financial crisis in USA of 1997, two men designed a new act to
reduce the effect of the crisis, this act named as Sarbanes Oxley Act, the most
important section in it was section 404.
The most contentious aspect of SOX is Section 404, which requires
management and the external auditor to report on the adequacy of the company's
internal control on financial reporting (ICFR). This is the most costly aspect of the
legislation for companies to implement, as documenting and testing important
financial manual and automated controls requires enormous effort.
The Turnbull committee was established after the publication of the 1998
Combined Code in the UK to provide advice to listed companies on how to
implement the internal control principles of the code. The overriding requirement of
their report was that the directors should:
1. implement a sound system of internal controls, and
2. that this system should be checked on a regular basis.
Systems Theory:
According to APB:
The APB in the UK provides guidance to auditors with specific reference to the
implementation of International Standards on Auditing. A definition of internal
controls from the APB is: "The internal control system - includes all the policies and
procedures (internal records) adopted by the directors and management of an entity to
succeed in their objective of ensuring", as far as practicable:
According to COSO:
COSO defines internal control as 'a process, effected by the entity's board of
directors, management and other personnel, designed to provide reasonable assurance
regarding the achievement of objectives', in three particular areas:
1. Effectiveness and efficiency of operations.
2. Reliability of financial reporting.
3. Compliance with applicable laws and regulations.
This definition contains a number of key concepts which illustrate the
pervasiveness of internal control systems in a company.
- Internal control is a process, rather than a structure. It is a continuing
series of activities, planned, implemented and monitored by the board of
directors and management at all levels within an organization.
- Internal control provides only reasonable assurance, not absolute
assurance, with regard to achievement of the organization's objectives.
10
It is also useful to think of internal control as a system for the management and
control of certain risks, to restrict the likelihood of adverse events or results.
3. Practical Part
11
12
This study had attempted to evaluate the Internal Control system of banks
according to COSO framework of 1992
Findings from the testing indicate that there is significant relationship between
the middle level of internal control and the components of COSO framework of 1992.
Most of the accountants and auditors in the bank were agreed (in low level)
about the components of COSO framework of 1992, the very little of them were
strongly disagree.
The degree of accountants' and auditor's agreement was diverted according to
the type of COSO's framework of 1992 component.
5. Conclusions:
According to the practical part of this project, and the results of analyzing the
questionnaire , the researchers conclude their results as :
- There is good relation between the internal control system and the
effectiveness of the banks according to COSO's framework of 1992.
- The role of internal control may differ from environment to another,
because of the structure of COSO's framework of 1992 components.
13
14
15
16