SBL 4

Factors protecting the independence of internal auditor:

Reporting to audit committee. Independency of executive management. | Audit committee approve appointment and termination of chief internal auditor (CIA).

Ethic threats:

Intimidation | Familiarity | Advocacy | Self-review | Self-interest

Intimidation threat examples:

Litigation threat | Dominant personality of client director attempting to influence decisions

Familiarity threat examples:

Long association with a client | acceptance of gifts or preferential treatment (significant value)

Advocacy threat examples:

Acting as an advocate on behalf of a client | Promoting shares in a listed audit client

Self-review threat examples:

Auditor in position of reviewing work they have been responsible for (like tax services) | Recent employment and review own work

Self-interest threat examples:

Undue dependence of fee income from one client. | Direct financial interest.

The make-up of the audit committee:

AC consists entirely of NEDs | one with recent financial experience.

Most of the board objectives relating to internal controls will be delegated to the...

to the audit committee

Who is responsible for oversight of company relation with external auditors?

Audit committee

Ecological footprint

A method of gauging humans’ dependence on natural resources. It calculates how much of the environment is needed to sustain a particular lifestyle.

Risk definition

An unrealised future loss arising from a present action or inaction. | Risks are the opportunities and threats associated with uncertain future events.

Why companies incur a general risk?

To gain competitive advantage. | To increase financial return.

Why companies manage a downside and upside risk?

Downside risks managed to identify new risks and changes in existing risks. | Upside risks identified to make best use of opportunities.

Risk management

Process of reducing adverse consequences by reducing likelihood of event or its impact.

Who is responsible for risk management system?

Management

ALARP

As Low as Reasonably Practicable

As Low as Reasonably Practicable principle:

Express a point at which the cost of additional risk reduction would be grossly disproportionate to the benefits achieved. | Usually applied to safety critical systems; for example an oil rig.

Strategic risks examples:

Not enhancing old products. | Producing ‘incorrect’ new products

Operational risks arising from...?

_arising from business operations.

Business risks

Strategic risk that threaten the health and survival of the whole business.

Derivatives risk

Use of financial instruments to improve accounts.

Business probity risk.

Company appears to act incorrectly.

Credit risk.

Inability obtain funds required.

Related risks

Risks that vary because of the presence of another risk or where two risks have a common cause.

Risk heat map

A tool used to present the results of a risk assessment process visually and in a meaningful and concise way. | A common understanding of the risk appetite | A common language for assigning probabilities and potential impacts.

Main role of the Board in risk management

Considering risk at strategic level | and defining organisation’s appetite | and approach to risk.

Risk appetite

How much risk the business will accept.

Risk capacity

Maximum risk business can accept.

Residual risk

Risk that cannot be managed.

Risk manager definition:

Member of risk management committee | who reports direct to the board.

Primary role of risk manager

Implementation of risk management policies.

Aim of embedding risk management:

To ensure that it is ‘part of the way we do business’.

Levels of embedding risk.

In systems | In culture

Embedding risk in systems:

Ensuring risk management is included within control systems of an organisation. | Not a separate system – part of overall control system. | May be statutory requirements (USA) or code of practice.

Process of embedding risk:

Identify controls already operating. | Monitor controls to ensure they work. | Improve controls as required. | Document the new controls impact.

Embedding risk in culture outline.

Risk management being considered ‘normal’ for organisation therefore all employees follow risk management policies. | Risk management culture stars at ‘top of company’ – provides better risk management.

Risk retention

Risk retained within organisation. Acceptance of risk.

How to reduce risk? Where it works the best?

By diversifying operations (Make different products or invest in different countries). | Works best where risks are negatively correlated.

Risk monitoring

Risk auditing | Carried out by internal or external audit teams. | May be obligatory (e.g. Sarbanes-Oxley Act).

Initial coin offering (ICO) - Software value tokens

The company wanting to raise finance creates its own cryptocurrency (like a personalised Bitcoin). These are then sold to investors, who typically pay in another cryptocurrency.

Which tools are used in portfolio analysis?

BCG matrix and BCG public sector matrix. | Ashridge portfolio display.

Profession

A body of theory and knowledge | which is used the support the public interest.

Profession characteristic

Body of theory and skills. | Adherence to common code conduct. | Acceptance of duty to society.

Professionalism

Taking action to support the public interest. Acting professionally.

Reactive professionalism

Nothing negative aspects of accounting and taking action to remove those aspects e.g. legislation post Enron.

Proactive professionalism

Seeking out new ways to support the public interest, such self-imposed codes of conduct.

Public interest

The welfare or well-being of the general public; commonwealth.

Accountants in the public interest influence:

Influence on organisations. | Influence in society. | Influence on distribution of power and wealth.

Ethical codes confirm that that acting against the public interest is?

_is not appropriate for accountant.

Corporate code of ethics:

Application of ethical values to business behaviour.

How business ethics affect shareholders?

Expect fair and proper return on their investment. Company should provide this return and information on how shareholders' investment managed.

How business ethics affect suppliers?

Suppliers attempt to provide quality goods on time. Company should pay invoices promptly, select suppliers on known criteria, such as ‘fair trade’ principles.

How business ethics affect wider community?

Company affects society as a whole. CSR report explains how company treats wider community.

How ethics affect business values?

Mission statements mention products and services provided financial objectives and also role of business in society.

How business ethics affect employees?

Company recognises employee rights in areas such as working conditions, training, health and safety.

How business ethics affect customer relations?

Company has responsibility to produce quality goods and services at reasonable price.

Ethic Conceptual framework explains how...

how ‘spirit’ of principles applied.

Ethic Application details applied to...

... to specific situations.

Integrity

This means that members should be honest, straightforward. If they see something is amiss, they should say so; they shouldn’t try to conceal it; they shouldn’t ‘turn a blind eye’; they shouldn’t try to be ambiguous, they should state things plainly.

Competence and due care.

They must keep themselves up-to-date with legislation and recent developments. They shouldn’t take on work which they are not qualified for or for which they have no skills. They must be diligent, they must be careful.

Confidentiality.

Members, have access to information which is highly confidential and which is price sensitive. That information must be held confidentially. Members should not disclose confidential information unless they have a legal or professional duty to do so.

Professional behaviour

They should comply with the law | and they should avoid any actions which discredit the profession.

Objectivity

Members should be influenced by the facts and the facts only. They must avoid bias, conflict of interest and undue influence.

Benefits of corporate and professional code of ethics.

Provide framework for conflict resolution. | Provides guidelines for similar ethical disputes and methods of resolution. | Provides boundaries across which it is ethically incorrect to pass.

Drawbacks of corporate and professional code of ethics.

It is only a code – may not fit the precise ethical issue. | Can be interpreted in different ways which may appear ethically incorrect to two different people. | May be no clear or effective punishment for breaching the code.

Ethical threat:

Situation where person tempted not to follow code of ethics.

Types of safeguards for ethical threats. Created by...

Profession. | Work environment. | Individual

Safeguards for ethical threats created by profession.

Education and training | CPD | Monitoring of work. | Disciplinary proceedings

Safeguards for ethical threats created by work environment:

IC systems. | Review procedures. | Codes of ethics. | Disciplinary procedures.

Safeguards for ethical threats created by Individuals.

Compliance with standards. | Mentoring. | Recording contentious issues. | Assistance from professional body.

Corruption examples:

Excessive ‘hospitality’. | Facilitation payments.

Corrupting offences by UK Bribery Act (2010).

Offering, promising or giving bribe. | Requesting agreeing to receive or accepting a bribe. | Bribing a foreign public official. | A corporate offence of failing to prevent bribery.

Obtain detail on ethical conflict:

Relevant facts. | Ethical issues involved. | Relevant fundamental principles. | Established internal procedures. | Alternative courses of action.

Decide action on ethical conflict:

Consider consequences of each course of action. | Consult with those charged with governance. | Consult with appropriate persons in firm. | Advice from professional institute. | Consider withdraw from assignment.

Ability to make ethical decision depends on:

Issue-related factors. | Context-related factors.

Effect concentration

How many people affected by action? Fewer people increases moral intensity.

Probability of effect.

Likelihood harm – benefits occurs. More likelihood increases moral intensity.

Proximity

Nearness of decision maker to people affected by decision. ‘Closer’ relationship increases moral intensity.

Temporal immediacy

How soon effects of decision occur? Short time increases moral intensity.

Magnitude of consequence

Extent of harm caused by poor advice. More harm increases moral intensity.

Social consequences

Extent of agreement ethics of an action. More agreement increases moral intensity.

Cultural context

Cultures have different ideas of ‘ethics’.

Occupation roles

Provides ethical context e.g. accountants normally behave ethically.

Bureaucracy

Follow rules – not normally consider ethics of decisions made.

Reward system

Rewards based on achievement may encourage unethical decisions.

Authority

Senior manager unethical means junior likely to be also.

Group norms

Follow what peer-group think is ethical.

Temporal immediacy

This is the length of time between the present and the onset of the consequences of a moral decision. When the effect is in the near future, it is considered to have a higher degree of moral intensity, and so is more likely to prevent unethical behavior.

Escrow Agreement

Contract that outlines the terms and conditions between parties involved, and the responsibility of each. It generally involve an independent third party, an escrow agent, who holds the asset until the specified conditions of the contract are met.

Boundaryless organization.

It is an organization that is not defined by, or limited to, the horizontal, vertical, or external boundaries imposed by a predefined structure. No external barriers between the company and its customers and suppliers.

Interactivity

he ability of a computer to respond to a user's input.

Reporting to shareholders characteristic:

Chair of AC available at AGM for shareholder questions. | Shareholders right to know if ICs are sufficient to safeguard their investment. | To provide shareholders with necessary information, Board producing comprehensive annual review on IC systems.

Strategic risks identification. Risks arising from consequences of strategic decisions. Identified and assessed at...?

senior management level.

Operational risk are identified at...?

at operational level

Operational risks examples:

include fraud | quality control

Strategic risks are managed by ...... strategy.

by risk management strategy.

Operational risks are managed by ...... systems.?

by internal control systems.

Three stages of environmental audit.

Establishing the metrics. | Measuring actual performance against the metrics. | Reporting the levels of variances.

Rational model components.

Company mission | and Stakeholders.