View
235
Download
0
Category
Preview:
Citation preview
Chapter 2 extract from our ExPress notes for use
with the current video.
A full set of P3 ExPress notes can be downloaded
free of charge at www.theexpgroup.com
CIMA Paper P3
Performance Strategy
For exams in 2011
theexpgroup.com
Notes
ExPress Notes CIMA P3 Performance Strategy
Page | 2 © 2011 The ExP Group. Individuals may reproduce this material if it is for their own private study use only. Reproduction by any means for any other purpose is prohibited. These course materials are for educational purposes only and so are necessarily simplified and summarised. Always obtain expert advice on any specific issue. Refer to our full terms and conditions of use. No liability for damage arising from use of these notes will be accepted by the ExP Group.
theexpgroup.com
Contents
About ExPress Notes 3
1. Management Control Systems 7
2. Risk and Internal Control 11
3. Review and Audit of Control Systems 24
4. Management of Financial Risk 27
5. Risk and Control in Information Systems 48
ExPress Notes CIMA P3 Performance Strategy
Page | 3 © 2011 The ExP Group. Individuals may reproduce this material if it is for their own private study use only. Reproduction by any means for any other purpose is prohibited. These course materials are for educational purposes only and so are necessarily simplified and summarised. Always obtain expert advice on any specific issue. Refer to our full terms and conditions of use. No liability for damage arising from use of these notes will be accepted by the ExP Group.
theexpgroup.com
START About ExPress Notes
We are very pleased that you have downloaded a copy of our ExPress notes for this paper.
We expect that you are keen to get on with the job in hand, so we will keep the introduction
brief.
First, we would like to draw your attention to the terms and conditions of usage. It’s a
condition of printing these notes that you agree to the terms and conditions of usage.
These are available to view at www.theexpgroup.com. Essentially, we want to help people
get through their exams. If you are a student for the CIMA exams and you are using these
notes for yourself only, you will have no problems complying with our fair use policy.
You will however need to get our written permission in advance if you want to use these
notes as part of a training programme that you are delivering.
WARNING! These notes are not designed to cover everything in the syllabus!
They are designed to help you assimilate and understand the most important areas for the
exam as quickly as possible. If you study from these notes only, you will not have covered
everything that is in the CIMA syllabus and study guide for this paper.
Components of an effective study system
On ExP classroom courses, we provide people with the following learning materials:
The ExPress notes for that paper
The ExP recommended course notes / essential text or the ExPedite classroom
course notes where we have published our own course notes for that paper
The ExP recommended exam kit for that paper.
In addition, we will recommend a study text / complete text from one of the CIMA
official publishers, but we do not necessarily give this as part of a classroom course,
as we think that it can sometimes slow people down and reduce the time that they
are able to spend practising past questions.
ExP classroom course students will also have access to various online support materials,
including:
The unique ExP & Me e-portal, which amongst other things allows “view again” of
the classroom course that was actually attended.
ExPand, our online learning tool and questions and answers database
ExPress Notes CIMA P3 Performance Strategy
Page | 4 © 2011 The ExP Group. Individuals may reproduce this material if it is for their own private study use only. Reproduction by any means for any other purpose is prohibited. These course materials are for educational purposes only and so are necessarily simplified and summarised. Always obtain expert advice on any specific issue. Refer to our full terms and conditions of use. No liability for damage arising from use of these notes will be accepted by the ExP Group.
theexpgroup.com
Everybody in the World has free access to CIMA’s own database of past exam questions,
answers, syllabus, study guide and examiner’s commentaries on past sittings. This can be
an invaluable resource. You can find links to the most useful pages of the CIMA database
that are relevant to your study on ExPand at www.theexpgroup.com.
How to get the most from these ExPress notes
For people on a classroom course, this is how we recommend that you use the suite of
learning materials that we provide. This depends where you are in terms of your exam
preparation for each paper.
Your stage in study for
each paper
These ExPress notes
ExP recommended
course notes, or
ExPedite notes
ExP recommended
exam kit
CIMA online past exams
Prior to
study, e.g.
deciding which optional papers
to take
Skim through
the ExPress notes
to get a feel for what’s in the
syllabus, the “size” of the paper
and how much it appeals to you.
Don’t use yet Don’t use yet Have a quick
look at the two
most recent real CIMA exam
papers to get a feel for
examiner’s style.
At the start of
the learning phase
Work through
each chapter of the ExPress notes
in detail before
you then work through your
course notes.
Don’t try to feel
that you have to understand
everything – just
get an idea for what you are
about to study.
Don’t make any
annotations on
the ExPress notes at this stage.
Work through in
detail. Review each chapter after
class at least once.
Make sure that you understand each
area reasonably well, but also make
sure that you can recall key
definitions,
concepts, approaches to exam
questions, mnemonics, etc.
Nobody passes an
exam by what they have studied – we
pass exams by
being efficient in being able to prove
what we know. In other words, you
need to have effectively input the
knowledge and be
effective in the output of what you
know. Exam practice is key to
this.
Try to do at least one past exam
question on the learning phase for
each major chapter.
Don’t use at
this stage.
ExPress Notes CIMA P3 Performance Strategy
Page | 5 © 2011 The ExP Group. Individuals may reproduce this material if it is for their own private study use only. Reproduction by any means for any other purpose is prohibited. These course materials are for educational purposes only and so are necessarily simplified and summarised. Always obtain expert advice on any specific issue. Refer to our full terms and conditions of use. No liability for damage arising from use of these notes will be accepted by the ExP Group.
theexpgroup.com
Your stage in
study for each paper
These ExPress
notes
ExP
recommended course notes, or
ExPedite notes
ExP
recommended exam kit
CIMA online
past exams
Practice phase Work through
the ExPress notes
again, this time annotating to
explain bits that you think are easy
and be brave
enough to cross out the bits that
you are confident you’ll remember
without reviewing
them.
Avoid reading
through your
notes again. Try to focus on doing
past exam questions first and
then go back to
your course notes/ ExPress notes if
there’s something in an answer that
you don’t
understand.
This is your most
important tool
at this stage. You should aim to
have worked through and
understood at
least two or three questions on each
major area of the syllabus. You pass
real exams by
passing mock exams. Don’t be
tempted to fall into “passive”
revision at this stage (e.g.
reading notes or
listening to CDs). Passive revision
tends to be a waste of time.
Download the
two most recent
real exam questions and
answers.
Read through the
technical
articles written by the examiner.
Read through the two most recent
examiner’s
reports in detail. Read through
some other older ones. Try to see if
there are any recurring criticism
he/ she makes.
You must avoid these!
The night
before the real exam
Read through
the ExPress notes in full.
Highlight the bits that you think are
important but you
think you are most likely to forget.
Unless there are
specific bits that you feel you must
revise, avoid looking at your
course notes. Give
up on any areas that you still don’t
understand. It’s too late now.
Don’t touch it! Do a final review
of the two most recent
examiner’s reports for the
paper you will be
taking tomorrow.
At the door of
the exam room before you go
in.
Read quickly
through the full set of ExPress
notes, focusing on
areas you’ve highlighted, key
workings, approaches to
exam questions, etc.
Avoid looking at
them in detail, especially if the
notes are very big.
It will scare you.
Leave at home. Leave at home.
ExPress Notes CIMA P3 Performance Strategy
Page | 6 © 2011 The ExP Group. Individuals may reproduce this material if it is for their own private study use only. Reproduction by any means for any other purpose is prohibited. These course materials are for educational purposes only and so are necessarily simplified and summarised. Always obtain expert advice on any specific issue. Refer to our full terms and conditions of use. No liability for damage arising from use of these notes will be accepted by the ExP Group.
theexpgroup.com
Our ExPress notes fit into our portfolio of materials as follows:
Notes
Notes
Notes
Provide a base understanding of the most important areas of the syllabus only.
Provide a comprehensive coverage of the syllabus and accompany our face to face professional exam courses
Provide detailed coverage of particular technical areas and are used on our Professional Development and Executive Programmes.
To maximise your chances of success in the exam we recommend you visit
www.theexpgroup.com where you will be able to access additional free resources to help
you in your studies.
START About The ExP Group
Born with a desire to be the leading supplier of business training services, the ExP Group
delivers courses through either one of its permanent centres or onsite at a variety of
locations around the world. Our clients range from multinational household corporate
names, through local companies to individuals furthering themselves through studying for
one of the various professional exams or professional development courses.
As well as courses for CIMA and other professional qualifications, our portfolio of expertise covers all areas of financial training ranging from introductory financial awareness courses for non financial staff to high level corporate finance and banking courses for senior executives.
Our expert team has worked with many different audiences around the world ranging from
graduate recruits through to senior board level positions.
Full details about us can be found at www.theexpgroup.com and for any specific enquiries
please contact us at info@theexpgroup.com.
ExPress Notes CIMA P3 Performance Strategy
Page | 7 © 2011 The ExP Group. Individuals may reproduce this material if it is for their own private study use only. Reproduction by any means for any other purpose is prohibited. These course materials are for educational purposes only and so are necessarily simplified and summarised. Always obtain expert advice on any specific issue. Refer to our full terms and conditions of use. No liability for damage arising from use of these notes will be accepted by the ExP Group.
theexpgroup.com
Chapter 2
Risk and Internal Control
START The Big Picture
This chapter addresses the variety of risks facing an organization and the risk management
strategy and internal controls that exist in response to those risks.
It is useful to start with CIMA’s definition of Risk Management: “the process of
understanding and managing the risks that the organization is inevitably subject to in
attempting to achieve its corporate objectives”. (CIMA Official Terminology)
KEY KNOWLEDGE Types of Risks
ExPress Notes CIMA P3 Performance Strategy
Page | 8 © 2011 The ExP Group. Individuals may reproduce this material if it is for their own private study use only. Reproduction by any means for any other purpose is prohibited. These course materials are for educational purposes only and so are necessarily simplified and summarised. Always obtain expert advice on any specific issue. Refer to our full terms and conditions of use. No liability for damage arising from use of these notes will be accepted by the ExP Group.
theexpgroup.com
Risk management at the enterprise level addresses all risks affecting a company. These can
be classified as follows (diagram on next page):
Enterprise Risk
Operational risk Financial risk
Process risk Credit risk
People risk Market (price) risk
Systems risk Gearing risk
Event risk
Business risk
Operational (or Operating) Risk
One may view this category as including all risks that can arise in the course of operating a
business, though by definition they are clearly distinguished from financial risks.
It will be seen that the list of risks presented below can be expanded and sub-divided
according to a particular company’s specific circumstances.
Process Risk
This relates to the processes within a business and evaluates them from the standpoint of
pure risks, as well as (a) economy, (b) efficiency and (c) effectiveness.
People Risk
All risks connected to human resources, including quality and sufficiency of staff, and issues
of recruitment, training, compensation, honesty and morale. There is an important link to
corporate culture and explicit and implicit attitudes displayed by management; i.e. how they
cultivate risk awareness, or encourage profits with(out) regard to the methods employed in
achieving them.
Systems Risk
ExPress Notes CIMA P3 Performance Strategy
Page | 9 © 2011 The ExP Group. Individuals may reproduce this material if it is for their own private study use only. Reproduction by any means for any other purpose is prohibited. These course materials are for educational purposes only and so are necessarily simplified and summarised. Always obtain expert advice on any specific issue. Refer to our full terms and conditions of use. No liability for damage arising from use of these notes will be accepted by the ExP Group.
theexpgroup.com
Information systems and communications in the broadest sense of the term, including IT
hard/software, capacity, reliability (back-up) and policies relating to accuracy, access
(passwords) and data integrity.
Event/Hazard Risk
Risk of losses resulting from single events that may have a high or low impact. Natural
disasters and human actions, whether intentional (terrorism) or not (accidents), fall within
this category.
Some companies may include fraud in this category though fraud and malfeasance are also
clearly the result of the actions of people (see “people risk”).
Business Risk
This is a broad category with indistinct boundaries, but it generally covers risks to a
company’s ability to generate returns from its ordinary operations, including its strategy,
business model, competitive position, political/legal environment (including regulatory/
compliance/ intellectual property), products, marketing, clients and reputation.
Process, people and systems risks can be seen as being mainly internal in nature; the other
risks are generally seen as being external.
KEY KNOWLEDGE
International operations
The challenge presented by international operations can be analyzed using the above
categories; such operations add complexity to a company’s operations since they confront it
with differing:
Cultural norms
Political stability
Efficiency and honesty of the judicial system
Regulatory enforcement
Just to name a few!
ExPress Notes CIMA P3 Performance Strategy
Page | 10 © 2011 The ExP Group. Individuals may reproduce this material if it is for their own private study use only. Reproduction by any means for any other purpose is prohibited. These course materials are for educational purposes only and so are necessarily simplified and summarised. Always obtain expert advice on any specific issue. Refer to our full terms and conditions of use. No liability for damage arising from use of these notes will be accepted by the ExP Group.
theexpgroup.com
KEY KNOWLEDGE
Key risk concepts
There are several key concepts relating to risk:
Probability: measures the likelihood that a certain event will occur;
Severity (or impact): quantifies the loss which results if the undesired outcome occurs;
Exposure: Is the degree to which one is confronted by the particular type of risk
The above factors can be combined into a quantification of the risk of loss by multiplying the
financial consequences if the undesired event occurs by the probability factor:
Risk = Probability x Severity x Exposure
Note: This can be condensed to Risk = Probability x Financial consequences
This is essentially the application of the expected value technique to risk.
Volatility: refers to the variability or the spread of all likely outcomes of an uncertain factor
to which a business is exposed. Statistically, volatility is measured by standard deviation.
KEY KNOWLEDGE
Risk Mapping
Se
ve
rity
Hig
h
Detect/Monitor
Prevent (at source)
Low
Low control
Monitor
Low High
Likelihood
ExPress Notes CIMA P3 Performance Strategy
Page | 11 © 2011 The ExP Group. Individuals may reproduce this material if it is for their own private study use only. Reproduction by any means for any other purpose is prohibited. These course materials are for educational purposes only and so are necessarily simplified and summarised. Always obtain expert advice on any specific issue. Refer to our full terms and conditions of use. No liability for damage arising from use of these notes will be accepted by the ExP Group.
theexpgroup.com
KEY KNOWLEDGE
Risk Response Strategy
It is management’s responsibility to adopt a “risk response strategy”, which results from the
specific identification and assessment of each type of risk facing the organization. The
responses can come under one of the four following (generic) headings:
(1) Avoid: Discontinuing (or not starting) an activity that causes unacceptable risks;
(2) Reduce (or prevent): Taking (internal) action to reduce the risk;
(3) Insure (transfer or share): Transferring the risk to a 3rd party (such as an insurer)
or sharing the risk with a partner;
(4) Accept (or retain): the risk is considered small and it is not worth the effort to
protect against it.
Refer back to the risk map: One could chart the above risk responses as a progression from
upper right (High Severity/High Likelihood = Avoidance) to the lower left (Low Severity/Low
Likelihood = Acceptance).
KEY KNOWLEDGE
Risk & Corporate Objectives
Achieving a clear and explicit articulation of corporate objectives, and the connection to risk
appetite/acceptance, is the duty of senior management. This perspective begins at the most
senior corporate strategy and policy-making level, where strategic objectives are
established. This is a “top-down” process.
Following from the establishment of corporate objectives, a company’s business strategy can
be seen, among other purposes, as reconciling corporate objectives with the level of risk
accepted in pursuing strategic and financial goals.
ExPress Notes CIMA P3 Performance Strategy
Page | 12 © 2011 The ExP Group. Individuals may reproduce this material if it is for their own private study use only. Reproduction by any means for any other purpose is prohibited. These course materials are for educational purposes only and so are necessarily simplified and summarised. Always obtain expert advice on any specific issue. Refer to our full terms and conditions of use. No liability for damage arising from use of these notes will be accepted by the ExP Group.
theexpgroup.com
These elements are tied together by the culture of the organization (incl. attitudes to risk)
and its management control and other systems.
Objectives (strategy)
Risks Returns(Rewards)
KEY KNOWLEDGE
Risk Management Processes
There exist a number of risk management models. Since they have similar objectives, they
will resemble each other in their process steps. From a generic point of view, these
embrace:
Risk identification and awareness
At the policy level, this involves the need to define explicitly the organisation’s risk
appetite (the types and levels of risks it is willing to tolerate).
There is also a need to agree common definitions of risks. One can refer to this a
“common language” of risk or “risk glossary. There is an effort to “inventory” risks; this
means categorizing risks, including an understanding of their causes and degree of
impact.
Risk management and assessment
This is concerned with methods and techniques used to evaluate risks, including
methodologies to prioritize risks (risk-ranking) and to quantify them.
Culture &
Systems
ExPress Notes CIMA P3 Performance Strategy
Page | 13 © 2011 The ExP Group. Individuals may reproduce this material if it is for their own private study use only. Reproduction by any means for any other purpose is prohibited. These course materials are for educational purposes only and so are necessarily simplified and summarised. Always obtain expert advice on any specific issue. Refer to our full terms and conditions of use. No liability for damage arising from use of these notes will be accepted by the ExP Group.
theexpgroup.com
Risk response and control
Risk response means effective action-taking to ensure that the identified risks are
addressed in conformity with policy.
This requires an assignment of responsibilities to individuals -- who does what.
Risk monitoring and reporting
A system of monitoring the ERM process, including periodic evaluations as to whether the
system is accomplishing its purpose, is indispensable. The costs of maintaining the system
must be outweighed by the benefits.
Management is accountable to shareholders, and other stakeholders, by a system of periodic reporting.
KEY KNOWLEDGE
CIMA Risk Management Cycle
The student is advised to refer also to CIMA’s Risk Management Cycle (contained in CIMA
publication Fraud Risk Management: A Guide to Good Practice): www.cimaglobal.com
The student might also refer to COSO (Committee of Sponsoring Organisations of the
Treadway Commission) which addresses Enterprise Risk Management (ERM) through its
eight Components and four Objectives categories.
The Components are:
Internal environment
Objective setting
Event identification
Risk assessment
Risk response
Control activities
ExPress Notes CIMA P3 Performance Strategy
Page | 14 © 2011 The ExP Group. Individuals may reproduce this material if it is for their own private study use only. Reproduction by any means for any other purpose is prohibited. These course materials are for educational purposes only and so are necessarily simplified and summarised. Always obtain expert advice on any specific issue. Refer to our full terms and conditions of use. No liability for damage arising from use of these notes will be accepted by the ExP Group.
theexpgroup.com
Information and communication
Monitoring
The Objectives address:
Strategy
Operations
Financial Reporting
Compliance
KEY KNOWLEDGE
ERM Implementation
Defining Enterprise Risk Management (ERM) in conceptual terms is merely the first step.
Moving from theory to practical implementation begins with:
1. The Board of Directors’ explicit responsibility for risk management oversight
This may be accompanied by the establishment of a Risk Committee at the board
level, or including the responsibility within the scope of the Audit Committee;
2. Creation of a risk management team under the leadership of a senior-level executive
(Chief Risk Officer, CRO, or VP – Risk) with a reporting line into the Board
The real test of the effectiveness of a risk management process is measured by the
degree to which:
3. The methods and norms of ERM are successfully disseminated throughout the
organization.
Effective implementation requires important commitments at all levels of the
organization, manifested by:
Clear written policies and procedures;
Staff training;
ExPress Notes CIMA P3 Performance Strategy
Page | 15 © 2011 The ExP Group. Individuals may reproduce this material if it is for their own private study use only. Reproduction by any means for any other purpose is prohibited. These course materials are for educational purposes only and so are necessarily simplified and summarised. Always obtain expert advice on any specific issue. Refer to our full terms and conditions of use. No liability for damage arising from use of these notes will be accepted by the ExP Group.
theexpgroup.com
Disciplinary steps for violations;
Constant management reinforcement (both in word and deed)
KEY KNOWLEDGE
Internal Control
The IIA (Institute of Internal Auditors) have provided the following useful definition:
“An internal control is any action taken by management to enhance the likelihood that
established objectives and goals will be achieved. Management plans, organises and directs
the performance of sufficient actions to provide reasonable assurance that objectives and
goals will be achieved. Thus, control is the result of proper planning, organising and
directing by management.”
The internal control function should be regarded as a process designed to provide
reasonable (not absolute) assurance that the company is in a position to achieve its
objectives; it should be integral to a company’s operations, not an external imposition.
Responsibilities include:
Safeguarding of corporate assets;
Checking the accuracy and reliability of corporate accounting data;
Promoting operational efficiency;
Ensuring adherence to accounting and financial control policies
KEY KNOWLEDGE
COSO – Internal Controls
A widely-used framework of internal control in the USA is the COSO Internal Control –
Integrated Framework, which consists of five components:
Control Environment – setting the “tone at the top”;
Risk Assessment - identification risks (to the achievement of objectives);
Information and Communication – internal data flow (timely, relevant, etc.);
Control Activities - the policies and procedures;
Monitoring – verification processes to assess the quality/effectiveness of internal
controls
ExPress Notes CIMA P3 Performance Strategy
Page | 16 © 2011 The ExP Group. Individuals may reproduce this material if it is for their own private study use only. Reproduction by any means for any other purpose is prohibited. These course materials are for educational purposes only and so are necessarily simplified and summarised. Always obtain expert advice on any specific issue. Refer to our full terms and conditions of use. No liability for damage arising from use of these notes will be accepted by the ExP Group.
theexpgroup.com
KEY KNOWLEDGE
Types of Controls
Corporate controls = general policy statements, established core culture and overall
monitoring procedures, corporate governance
Management controls = planning and performance monitoring
Business process controls = authorisation limits and reconciliation
Transaction controls include = accuracy and completeness checks
You may use the mnemonic SOAPSPAM to generate ideas for types of control:
Segregation of duties
Organisational controls (eg set authority limits)
Authorisation
Physical
Supervision
Personnel, eg background checks
Arithmetical and reconciliations
Management – the tone from the top, including existence of an internal audit
department.
KEY KNOWLEDGE
Features of a good system
Essential features of any good system of internal control
As a useful aide memoire when asked to evaluate a described system of internal control
within a question scenario, you could make use of the mnemonic PCRAM.
Plan of organisation
Custody procedures
Recording procedures
Authorisation procedures
Management supervision
ExPress Notes CIMA P3 Performance Strategy
Page | 17 © 2011 The ExP Group. Individuals may reproduce this material if it is for their own private study use only. Reproduction by any means for any other purpose is prohibited. These course materials are for educational purposes only and so are necessarily simplified and summarised. Always obtain expert advice on any specific issue. Refer to our full terms and conditions of use. No liability for damage arising from use of these notes will be accepted by the ExP Group.
theexpgroup.com
KEY KNOWLEDGE
The Turnbull Report
The UK Turnbull report gives us a useful summary of the main purposes of an internal
control system, by stating that internal control consists of “the policies, processes, tasks,
behaviour and other aspects of a company that taken together:
Facilitate its effective and efficient operation by enabling it to respond to
significant business, operational, financial, compliance and other risks to
achieving the company’s objectives. This includes safeguarding the assets
from inappropriate use or from loss and fraud and ensuring that liabilities are
identified and managed.
Help to ensure the quality of internal and external reporting.
Help ensure compliance with applicable laws and regulation, and also with
internal policies with respect to conduct of business.”
The Turnbull committee recognised that while a sound internal control system cannot
eliminate poor judgment in decision-making, it may minimize that risk to a significant
degree. Further, the committee stated: “Reviewing the effectiveness of internal controls is
an essential part of the board's responsibilities…”; at the same time, “Management is
accountable to the board for monitoring the system of internal control and for providing
assurance to the board that it has done so.”
The board is responsible for the disclosures on internal control in the company's annual report and accounts.
KEY KNOWLEDGE
Corporate Governance
There is an close connection between corporate governance and risk management: in order to fulfill its corporate governance role faithfully, the directors of the company have to ensure that there is in place at the company a robust system of internal controls and risk management systems. There are several models of corporate governance:
ExPress Notes CIMA P3 Performance Strategy
Page | 18 © 2011 The ExP Group. Individuals may reproduce this material if it is for their own private study use only. Reproduction by any means for any other purpose is prohibited. These course materials are for educational purposes only and so are necessarily simplified and summarised. Always obtain expert advice on any specific issue. Refer to our full terms and conditions of use. No liability for damage arising from use of these notes will be accepted by the ExP Group.
theexpgroup.com
Shareholder-based models: typical of the US and the UK; and
Stakeholder-based: common on the Continent (Europe) and Japan
KEY KNOWLEDGE
Sarbanes Oxley (US) In the US, Sarbanes-Oxley is Federal legislation dating from 2002 that prescribes corporate
governance principles for publicly-quoted US corporations. It seeks to safeguard the
economic interests of the shareholders, by promoting an active market where corporate
control can change hands in an effort to promote the most efficient allocation of economic
resources.
KEY KNOWLEDGE
Combined Code (UK)
In the UK, this is a set of principles of good corporate governance which sets forth a code of
best practice aimed at companies listed on the London Stock Exchange. It is overseen by a
body called the Financial Reporting Council.
The Combined Code on Corporate Governance is the result of the collective efforts of
numerous commissions formed in the UK to study and make recommendations on the
subject (e.g. Cadbury, Greenbury and Hampel) and incorporates conclusions from the
following committees:
Turnbull: Guidance on internal control (as described earlier);
Smith: Guidance on audit committees;
Higgs: Suggestions for good practice
Some key features of the Combined Code include: Comply or explain: Deviations from the Code may be justified “in particular circumstances”; Board Composition: At least half the Board (excluding the chairman) should be independent non-executive directors; Separation of Chairman and CEO roles: These should not be exercised by the same individual;
ExPress Notes CIMA P3 Performance Strategy
Page | 19 © 2011 The ExP Group. Individuals may reproduce this material if it is for their own private study use only. Reproduction by any means for any other purpose is prohibited. These course materials are for educational purposes only and so are necessarily simplified and summarised. Always obtain expert advice on any specific issue. Refer to our full terms and conditions of use. No liability for damage arising from use of these notes will be accepted by the ExP Group.
theexpgroup.com
Non-Executive Directors’ duties: Include “scrutinise the performance of management” and satisfy themselves that financial controls and systems of risk management are “robust and defensible”; Executive remuneration: No director should be involved in deciding his or her own remuneration; Audit Committee: At least three members, all be independent non-executive directors; Audit Committee role: Oversee the effectiveness of internal controls and to liaise with the internal and external auditors.
KEY KNOWLEDGE
Internal Audit
The role of the internal audit is to make sure that the company’s internal controls are appropriate and working properly. Internal auditors are employees and report to management. However, they can also have a reporting line to the Audit committee of the board, so that their professional independence is not compromised.
KEY KNOWLEDGE
CIMA Ethical Guidelines
The student is expected to be fully familiar with CIMA Ethical Guidelines which can be
accessed via: www.cimaglobal.com
Recommended