Reporting on internal controls

Reporting on internal controls

All businesses face risks which need to be managed and controlled.

Two controls include

Reporting on internal controls

The UK Corporate Governance Code (2010) states that a company's board of directors should maintain a sound system of internal control to safeguard shareholders' investment and the company's assets.

Shareholders, as owners of the company, are entitled to know whether the internal control system is sufficient to safeguard their investment.

  • To provide shareholders with the assurance they require, the board should, at least annually, conduct a review of the effectiveness of the group's system of internal controls and report to shareholders that they have done so.
  • The review should cover all material controls, including financial, operational and compliance controls and risk management systems.
  • This review should be conducted against COSO's elements of an effective internal control system, as discussed in the previous chapter.
  • The annual report should also inform members of the work of the audit committee.
  • The chair of the audit committee should be available at the AGM to answer queries from shareholders regarding their work.
  • Additional reporting requirements apply under SOX.

Audit committee reporting

The section in the annual report on the work of the audit committee should include:

  • a summary of the role of the audit committee
  • the names and qualifications of the audit committee members during the period
  • the number of audit committee meetings held during the year
  • a report on the way the audit committee has discharged its responsibilities
  • if the external auditors provide non-audit services, an explanation of how auditor objectivity and independence are safeguarded.

Internal audit reporting

Once an internal control audit (or any other kind of audit) has been completed, the final stage of the assignment is the audit report.

  • The audit report does not have a prescribed format, however it would be expected to feature a number of different parts.
  • How much depth the report goes into will depend on the nature of the engagement.

When making recommendations auditors must always ensure that the recommendations:

  • are practical and cost effective, and
  • will reduce risk to a tolerable level.

The internal auditor should have a process of post-implementation review to ensure that recommendations have been actioned by management.

SOX reporting on internal controls (s404)

One of the requirements of SOX is that the company's management must make a report on the internal controls in force in their company. This report is provided in the form 10K, the company's annual return, which is available to shareholders and other interested parties on the company's website. Management cannot carry out all the review work themselves, so this is delegated to the audit committee and internal audit department. In summary, the audit and reporting work involves:


Created at 8/20/2012 3:10 PM  by System Account  (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London
Last modified at 9/27/2013 2:58 PM  by System Account  (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London

Rating :

Ratings & Comments  (Click the stars to rate the page)


SOX;Internal controls;Reporting

Recent Discussions

There are no items to show in this view.