DETACH THIS SHEET AND STAPLE IT TO YOUR SCRIPT.

YOU ARE ADVISED TO PHOTOCOPY YOUR SCRIPT BEFORE SENDING THE ORIGINAL IN FOR MARKING.

MARKING & SOLUTIONS REQUEST FORM

Your details (MUST be completed by student)

Return address:

Student name: ..

Address: .

Postcode: .

Printed solutions will be sent to you with your marked script

D

Tick here if you do not want us to mark your exam and fill in your name and address in the space provided above. You'll receive the solutions and a mark of 0%.

Alternatively, please contact your local BPP centre quoting the Exam Identification Code.

I BPP Student not:

• Failure to provide may result in a delay to the marking of this paper

Exam details (completed by BPP Professional Education)

ACCA PAPER P1 Professional Accountant

Course Examination 1

Date received: .

Date returned: ..

Company: .

Date of birth: 19 ..

Date of sitting: .

Date sent: .

Marker's comments (completed by BPP Professional Education)

London & Home Study students return to:

The Marking Dept, BPP Professional Education,

Aldine House, 142-144 Uxbridge Road, London W12 8AW

Other students return to:

Your local Study Centre (addresses can be found at www.bpp.com)

Sending your exam to the wrong centre WILL result in a delay to marking your script.

RESULTS

100

I Marked by:

Question Maximum Score
1 25
2 25
3 25
4 25 Total

For office use only: Production code: ACP1 CEO?

'!f)))

LEARNING MF.oIA

Marker's assessment

Ticks in the left-hand boxes indicate a good aspect of your performance. Relevant to How to
Tick in the right-hand boxes highlight areas you need to work on. question improve
(Note: Boxes may be left empty if the comments are not applicable to your script)
Approach Good Improvement
performance needed
Questions correctly interpreted I I I I I Careful reading
Review the definitions of
question words
I I I I I
Logical coherent answers Practise planning and full
written answers

Technical content
Understanding of principles I I I I I Reading your Study Text

Principles applied well to specific I I I I I More question practice
required
problems

Computation
High standard of accuracy I I I I I Check your workings

I I I I I Layout your workings clearly
Workings are easy to follow Label and cross reference

Appearance/Layout Neat handwriting
I I I I I Use plenty of space
Text layout is clear and easy to follow Use headings and
subheadings
Use short paragraphs
Calculations are easy to follow I I I I I Neat diagrams and tables
Workings labelled

Written style
Concise business style I I I I I Short concise sentences

Answering the question set I I I I I Think before you write
'!f)))

llARNlNGMF.oIA

ACCA Professional Level

Paper P1

Professional Accountant

Course Examination 1

Question Paper
Time allowed
Reading and Planning 15 minutes
Writing 3 hours
ALL FOUR questions are compulsory and MUST be attempted
During reading and planning time only the question paper may be annotated Instructions:

Please attempt this exam under test conditions and attach the frontsheet complete with your name and address to your script. The completed package should be sent to BPP Professional Education.

Take a few moments to review the notes on the inside of this page titled, 'Get into good exam habits now!' before attempting this exam.

DO NOT OPEN THIS PAPER UNTIL YOU ARE READY TO START UNDER EXAMINATION CONDITIONS

~

LEARNING MEolA

Get into good exam habits now!

Take a moment to focus on the right approach for this exam.

Effective time management

• Watch the clock, allocate 1.8 minutes to each mark and move on if you get behind.

• Take a few moments to think what the requirements are asking for and how you are going to answer them.

Effective planning

• You should read through the paper and plan the order in which you will tackle the questions.

Always start with the one you feel most confident about.

• Read the requirements carefully: focus on mark allocation, question words (see below) and potential overlap between requirements.

• Identify and make sure you pick up the easy marks available in each question.

Effective layout

• Present your numerical solutions using the standard layouts you have seen. Show and reference your workings clearly.

• With written elements try and make a number of distinct points using headings and short paragraphs. You should aim to make a separate point for each mark.

• Ensure that you explain the points you are making ie why is the point a strength, criticism or opportunity?

• Give yourself plenty of space to add extra lines as necessary, it will also make it easier for the examiner to mark.

Common terminology

Advise

Analyse Calculate/compute Compare and contrast Define

Describe

Discuss

Distinguish

Evaluate

Explain

Identify

Interpret

Justify

List

Prepare

Recommend Summarise

To counsel, inform or notify Examine in detail the structure of

To ascertain or reckon mathematically Show the similarities and/or differences Give the exact meaning of Communicate the key features of

To examine in detail by argument Highlight the differences between

To appraise or assess the value of

Make clear or intelligible/state the meaning of Recognise, establish or select after consideration Process information to explain its meaning

To produce reasons in support of

State short pieces of information on separate lines To make or get ready for use

To advise on a course of action

To express the most important facts of

2

All FOUR questions are compulsory and MUST be attempted

1 FRSWA

Since a change of political regime about 20 years ago, the Federal Republic of South-West Asia (FRSWA) has become a significant centre for financial business. Several international companies, attracted by the low tax, limited regulation, regime have established their registered offices there.

Unfortunately recent corporate scandals have led to criticism by international financial institutions of the regulatory regime and a threat of sanctions if things do not improve. To counter this threat, the FRSWA's stock exchange is considering introducing a code of corporate governance. The government and stock exchange regulators are considering whether to use an existing international code or to develop their own. They also wish to use the introduction of the code as a chance to affirm the country's commitment to key concepts that promote trust and fair business dealing.

(a) Discuss the arguments for and against the FRSWA stock exchange adopting an existing international

code rather than developing its own. (10 marks)

(b) Advise how key underpinning concepts can be reflected in practical recommendations in a code of governance. Your answer should focus on the key concepts of integrity, independence, fairness and

accountability. (15 marks)

(Total = 25 marks)

2ANG

ANG is a road haulage contractor. The company specialises in collection and delivery of large or heavy items such as railway locomotives and sections of bridges from the manufacturer to the customer. The company owns 49 road vehicles of different sizes to enable transportation of the different goods.

ANG's risk management policy is based on taking out insurance. As well as the standard employer and third party liability classes of insurance, ANG also insures against damage to road infrastructure such as bridges and tunnels from its own vehicles or as a result of goods being carried becoming unstable and falling off ANG's lorries.

ANG's terms and conditions of carriage note that radioactive goods will not be transported under any circumstances. Explosives are carried, but only where the owner accepts liability on their own insurance.

Contingency planning is limited; the Board of ANG believes that if any risks do occur, then ANG has sufficient vehicles to continue operations.

The Board of ANG is also considering a new venture for the same day delivery of goods where the distance to travel is more than its existing fleet of road vehicles could travel in one day. This venture involves the purchase of surplus 'Hercules' transport planes from the army. The Board has recently decided to make the purchase of the planes because they are being offered at a substantial discount. Marketing activities will commence next month.

Required

Explain the elements of a risk management framework in an organisation.

(7 marks)

(a) (b) (c)

Explain the risk management strategies available to an organisation. (9 marks)

Evaluate the risk management strategy of ANG, explaining any amendments that you consider are

necessary. (9 marks)

(Total = 25 marks)

3

'!VJ)

lEARNING MroIA

3 New director

The father of a good friend of yours is the senior accountant of a charity. He has recently been asked to become an independent non-executive director of a recently listed company. His responsibilities will include chairing the audit committee. He feels that he needs to know more about corporate governance in companies and in particular the role of the audit committee before he decides whether to accept appointment.

Required

Prepare a letter to your friend's father that:

(a) Identifies the key reasons for the emergence of corporate governance regulations around the world.

(5 marks)

(b) Explains the core aims that underpin corporate governance regulations.

(10 marks)

(c) Discusses the role and responsibilities of audit committees as laid down in corporate governance best

practice. (10 marks)

(Total = 25 marks)

4SPQ

As an ACCA member, you have recently been appointed as the Head of Internal Audit for spa, a multinational listed company that carries out a large volume of internet sales to customers who place their orders using their home or work computers. You report to the Chief Executive, although you work closely with the Finance Director. You have direct access to the Chair of the Audit committee whenever you consider it necessary.

One of your internal audit teams has been conducting a review of IT security for a system which has been in operation for 18 months and which is integral to internet sales. The audit was included in the internal audit plan following a request by the chief accountant. Sample testing by the internal audit team has revealed several transactions over the last three months which have raised concerns about possible hacking or fraudulent access to the customer/order database. Each of these transactions has disappeared from the database after deliveries have been made but without sales being recorded or funds collected from the customer. Each of the identified transactions was for a different customer and there seems to be no relationship between any of the transactions.

You have received a draft report from the internal audit manager responsible for this audit which suggests serious weaknesses in the design of the system. You have discussed this informally with senior managers who have told you that such a report will be politically very unpopular with the chief executive as he was significantly involved in the design and approval of the new system and insisted it be implemented earlier than the IT department considered was advisable. No post-implementation review of the system has taken place.

You have been informally advised by several senior managers to lessen the criticism and work with the IT department to correct any deficiencies within the system and to produce a report to the audit committee that is less critical and merely identifies the need for some improvement. They suggest that these actions would avoid criticism of the chief executive by the Board of spa.

Required

(a) Explain the role of internal audit in internal control and risk management. (5 marks)

(b) Analyse the potential risks faced by spa that have been exposed by the review of IT security and

recommend controls that should be implemented to reduce them. (9 marks)

(c) Discuss the issues that need to be considered when planning an audit of activities and systems such

as the one undertaken at spa. (6 marks)

(d) Discuss the different ways in which you can report your concerns over the database problems. You

must indicate clearly your preferred choice. (5 marks)

(Total = 25 marks)

4

Student self-assessment

Having completed this paper take a few minutes to consider what you did well and what you found difficult. Use this as a basis to focus your future study on effectively improving your performance.

Common problems Future emphasis if you answer Yes

Timing and planning
Did you finish too early? YIN Focus your planning time on generating more ideas.
Use models to help develop breadth to your thinking.
Did you overrun? YIN Focus on allocating your time better.
Practise questions under strict timed conditions.
If you get behind leave space and move on.
Did you waffle? YIN Focus your planning time on developing a logical structure to
your answer.
Layout
Was your answer difficult to follow? YIN Use headings and subheadings.
Use numbering sequences when identifying points.
Leave space between each point.
Did you fail to explain each
point clearly? YIN Show why the point identified answers the question set.
Did you fail to show any workings
or were your workings unclear? YIN Give yourself time and space to make the marker's job easy.
Content
Did you struggle with:
Interpreting the questions? YIN Learn the meaning of common terminology (inside front cover).
Learn subject jargon (key terms in study text).
Read questions carefully noting all the parts.
Practise as many questions as possible.
Understanding the subject? YIN Review your notesltext.
Work through easier examples first.
Classroom students please contact your tutor for further help.
Home Study students please contact ACCA queries for further
help (accaqueries@bpp.com).
Remembering the notes/text? YIN Quiz yourself constantly as you study. You need to develop
your memory as well as your understanding of a subject. 5

'!VJ)

lEARNING MroIA

6

ACCA Fundamentals Level Paper P1

Professional Accountant

Course Examination 1

Guidance, Marking scheme and Suggested solutions

ACP1CE07

AC27-P1(1)

~

LEARNINGMEilIA

Guidance on improving your exam performance

To help improve your performance you should focus on these key areas.

Which questions to do first?

It is important for you to decide which order to attempt the questions. As each question on this paper carries equal marks you may prefer to attempt the questions that you are more confident about first. This means you will build up marks early on giving you a solid base to tackle the harder questions later. However do not spend too long on the questions you are confident about as you need to spend an equal amount of time on them all.

An alternative strategy is to answer all questions in strict order. You could use the time saved choosing the order by starting to plan your answers. You may prefer to use this method if you find yourself spending too long on your favourite questions as it forces you to spend an equal time on each before moving on.

Strategy

The examiner lays stress on the key themes of professionalism, responsibility, accountability and ethics. Answers need to bring these themes out.

Time management

Use the reading and planning phase to make sure that you get as many of the marks as possible. Write a short plan for each question containing bullet points per mark and use it to write your answer when the writing time begins. Never overrun on any question and once the time is up move on to the next.

2

1 FRSWA

Marking scheme

Marks

(a) Arguments up to 2 marks for each argument made. Arguments in favour should

bring out the key features of international codes 10

(b) Up to 4 marks for each of the qualities discussed. To achieve high marks, answers

must be supported by references to codes and quote examples of best practice 15

25

Suggested solution

Text references. Chapters 1-3.

Top tips. Your answer to (a) needs to focus on the features that a specifically international code has. The advantages and drawbacks of trying to achieve compatibility are particularly important. (b) links the fundamental principles with the practical recommendations. You would need practical illustrations to score well although they could be from various codes. The point about integrity underlying the whole basis of codes is a particularly important one to remember.

Easy marks. Independence is probably the easiest quality to discuss in (b) as independence in relation to non-executive directors is stressed in the governance guidance.

(a) Arguments in favour of adapting an international code International basis

International codes are designed to be compatible with the requirements of major governance regimes throughout the world. If FRSWA adopts an international code, companies that do business in the country should find compliance straightforward if they comply with their own international codes. The disclosure principles will also be compatible with international accounting standards.

Reflection of international best practice

Codes such as the OECD code have been developed from best practice in a number of jurisdictions. As such, they can be seen as representing an international consensus. They do not emphasise the concerns that are relevant only to certain countries that are reflected in their governance codes.

Emphasis on international issues

International codes lay stress on global issues that are important to regimes such as FRSWA that are hoping to attract companies who've been based in a number of other jurisdictions. The OECD code for example emphasises the importance of eliminating impediments to cross-border shareholdings and treating overseas shareholders fairly.

Emphasis on disclosure

The OECD code places significant emphasis on disclosure and transparency. Lack of transparency is often a symptom of poor corporate governance; given recent scandals in FRSWA this emphasis may be timely.

Arguments against adopting an international code Compatibility with FRSWA legal regime

The international code will have to be compatible with the existing situation in FRSWA. Given that the country was criticised for being too lax, it may not be difficult to achieve compatibility with the

3

~

LEARNING MEolA

country's legal regime; however achieving compatibility with the country's local culture and practices may be more problematic.

Lack of strong recommendations

International codes represent, some argue, lowest common denominator corporate governance. Because international codes reflect a developed consensus, it is up to individual countries to drive corporate governance development forward and provide examples of stronger practice. Since FRSWA has had a recent history of corporate problems, it may prefer to develop its own code that addresses those problems.

Compatibility with Sarbanes-Oxley

Companies that comply with the code FRSWA adopts may also have to comply with the rules-based Sarbanes-Oxley regime if they do business in America. Adherence to two differing regimes is likely to increase compliance costs.

(b) Integrity

Governance codes promote integrity by defining what it means and what it implies. The Cadbury report states that integrity means straightforward dealing and completeness. Financial reporting should be honest and present a balanced view of a company's affairs; the integrity of reports depends on the integrity of those who prepare them.

As integrity is a state of mind, it is difficult for governance codes to contain concrete measures to promote integrity. One measure, suggested by the King report, is a code of conduct for boards.

In addition, all principles-based governance guidance is based on integrity. At times those involved in governance will be faced with situations that governance reports do not cover in detail; in these circumstances principles-based guidance will be particularly important.

Independence

The UK Combined Code defines independence as all directors taking decisions objectively in the interests of the company. The main ways in which codes have sought to promote independence is by seeking to ensure the independence of those whose main role is to monitor company and executive management activities.

On boards, this means promoting the position of non-executive directors, who are not involved in day-to-day management. Guidance has done this by stressing that non-executive directors should have a significant presence on the board. The Combined Code states that at least half the board should be independent non-executive directors (have no conflicts of interest, no personal interests in company's affairs other than as shareholders). Independent non-executive directors should be responsible for manning key board committees, including the remuneration committee for determining executives' pay and the audit committee for monitoring risk and control systems and the work of internal and external audit.

The link with the audit committee is also meant to enhance the independence of internal and external audit. The auditors can report concerns to the audit committee, if necessary without executives being present. If the audit committee has line responsibility for internal audit, this will mean that internal audit is not reporting to the finance director, and thus avoid the situation of internal audit scrutinising the director who determines the department's pay and conditions. Audit committees are also responsible for considering whether non-audit services supplied by the external auditors might jeopardise their independence.

4

Fairness

Fairness implies taking into account the needs and views of everyone who has a legitimate interest in the company.

Governance reports seek to ensure that all shareholders are given opportunity to exercise the rights attached to their shares. The codes emphasise the importance of shareholders having rights to register and transfer their shares and share in profits. The OECD and other guidelines also stress the need for all shareholders to obtain relevant and material information, and participate in the company's affairs. Annual general meetings are seen as a key mechanism ensuring fairness both in terms of supplying information and allowing all shareholders to vote.

Fairness to other stakeholders is a more contentious issue, being dependent on the definition of who has a legitimate interest. However the OECD principles take into account various international guidance in emphasising respect for the rights of stakeholders that are enshrined in law and promotion of mechanisms for stakeholder involvement - for example employee representation on boards.

Accountability

Accountability refers to whether the organisation and its directors are answerable in some way for the consequences of their actions. Accountability is particularly important in corporate governance because of the agency relationship between directors (agents) and shareholders (principals).

Corporate governance reports seek to promote accountability in various ways. These include allowing shareholders the chance to hold the board to account at annual general meetings. Reports recommend that board committee chairmen should be available to answer questions at annual general meetings and that shareholders should be able to express their satisfaction or dissatisfaction by voting on the report and accounts.

Other measures relate to dealing with individual directors who are felt not to have performed well enough. Reports recommend that directors should submit themselves for re-election at least once every three years and directors' service contracts should be limited in length to avoid excessive payments on dismissal of under-achieving directors.

A key problem in an agency relationship is information asymmetry; principals having insufficient information to hold better-informed agents to account. Governance reports try to counter this by disclosure provisions, requiring boards to present a balanced and understandable statement of the company's affairs. A number of governance codes operate on a comply or explain basis; if companies have not complied with their provisions they need to explain why. Some reports extend the idea of agent disclosure to relationships with other stakeholders. The King report suggests that a variety of disclosures may be of interest to stakeholders including social, ethical, health and safety

and environmental information.

5

~

LEARNING MEolA

2ANG

Marking scheme

(a) Up to 2 marks per element of framework discussed

(b) Answer should be grouped round the key elements of the risk management framework (avoidance, reduction, acceptance, transfer);

up to 3 marks per element

(c) Answer should be grouped round the key elements of the risk management framework (avoidance, reduction, acceptance, transfer); up to 3 marks per element, only awarded for specific application to ANG

Marks 7

9

9 25

Suggested solution

Text references. Chapter 8.

Top tips. Overall the question demonstrates how to approach a general question on risk management ((a) and (b)) and then apply the general points to a specific situation (c). (a) asks for the risk management framework. To get into this answer, think what a company must do to have risk management in place. This should draw your attention to have a risk management strategy and staff being aware of that strategy. The point about allocating budgets and having the appropriate tools available then follows on from this.

(b) is a fairly standard question on the types of risk management. You need to explain the four main types in your answer.

(c) is more complicated because it involves the application of the different risk management strategies to a specific company. The requirement word to evaluate means to look for the good and bad elements in the strategy - so don't assume that the company is doing everything wrong; in the real world this would be very unlikely anyway. Clearly state the elements of the risk management policy with reasoned comments as to whether they are appropriate. Where you think changes are needed, state these clearly in your answer with justification. As long as you say why the change is needed, you answer can be different from the examiners.

Easy marks. (b) is a straightforward discussion on methods of dealing with risk.

(a) Risk management structure

The organisation needs a structure to facilitate and communicate information about risks. A system such as an Intranet or groupware product would be suitable as it connects all the individuals in an organisation, allowing access to shared databases where information about risks can be stored.

Resources

Sufficient resources are required to support effective risk management. This means that the Board of an organisation must allocate an appropriate budget for risk management, and then the budget should be spent on appropriate areas. The appointment of a risk management officer will help to ensure budgeted amounts are spent appropriately.

Risk culture

The culture of the organisation should be developed as far as possible to ensure employees are aware of risk and to act to avoid risks where possible. Having a risk avoidance culture will help to ensure that management decisions taken focus on and avoid important risks.

6

Tools and techniques

Appropriate tools and techniques are available in the organisation to enable the efficient and consistent management of risks across an organisation. Tools and techniques available may include obtaining appropriate insurance against risks and having a clear risk management policy in place.

(b) Avoidance

In this situation, the organisation attempts to determine whether the possible losses avoided from not undertaking a risky activity are greater than the advantages that can be gained from carrying out the activity. If the losses avoided appear to outweigh the benefits of carrying out the activity, then the activity may not take place. In an extreme situation, entire sections of the business may be closed down if the risk or loss is considered to be too great.

Reduction

Risks are avoided in part but not reduced to zero. For example, the risk of launching a new product can be reduced by obtaining market research on possible demand for the product prior to manufacture and launch.

Risk reduction will also involve contingency planning to ensure that if a risk does crystallise, then the damage from that risk is minimised. For example, most companies will have a contingency plan against their computer systems failing. Files will be backed-up regularly, and alternative processing locations will be available if one centre becomes unavailable eg due to fire or flood.

Acceptance

Risk retention is where the organisation bears the risk itself. This means that if the unfavourable outcome occurs, then the organisation will suffer the full loss of that event.

Risk retention normally occurs in two situations. Firstly, where some risk occurs which the organisation's risk management policy did not detect. Secondly, where risk was classified as insignificant or the cost of the risk was deemed to be too great compared to the likelihood of that risk occurring.

Risk retention may also involve self-insurance. This means that funds are placed into some fund against risks actually occurring.

Transfer

The last risk management strategy is to transfer the risk to a third party. The most commonly used risk transfer policy is take out insurance against a risk occurring. However, risks may also be transferred to other third parties, often without the knowledge of that party. For example, there may be a minimal risk of errors occurring in some software. The cost of carrying out additional testing may be more than any compensation that may be payable if the error occurs and the customer makes a successful complaint. In this situation, risk has been transferred to the customer without the customer's knowledge.

7

~

LEARNING MEolA

(c) Avoidance

The decision by ANG to avoid risk completely in the transfer of hazardous materials seems sensible. There has been some bad publicity about the transfer of radioactive goods by road, and the potential for claims, particularly if an accident occurred in an area of high population density, could be excessive and the damage to ANG's reputation would be considerable. In the case of explosives, ANG would need to ensure that the contract for carriage clearer stated that the owner of the goods was responsible for insurance. ANG may also want to obtain a copy of the insurance contract to confirm this.

Reduction

It appears that ANG effectively self-insures against loss of vehicles in respect of being able to provide a replacement vehicle at short notice. This may be acceptable in the case of individual losses. However, it may be inappropriate in situations where, for example, a significant number of ANG's vehicles are destroyed in a fire or flood. Where haulage contracts are signed for time critical delivery of goods, then some reciprocal agreement with another haulage company may be appropriate.

Acceptance

There appears to be some risk in purchasing the transport planes prior to any market appraisal of the new venture. Normally the risk of a new venture would be reduced by carrying out market research prior to significant expenditure being incurred. The Board would normally be advised to check whether there was a demand for this service prior to expenditure being committed.

Transfer

The overall risk management strategy of ANG appears to be one of risk transfer. This is the policy adopted by most businesses and is wholly appropriate given the likelihood of many risks occurring is low, but if they do occur then significant expenditure would be involved. For example, if a load did fall off one of ANG's lorries, then the damage caused could be considerable, not only to the load itself, but also to other vehicles, people and even the roads being used. ANG would not be able to operate legally without this insurance, and so it is essential to obtain it.

Whether ANG needs to insure against damage to roads, bridges etc. is unclear. The government of the country is normally responsible for maintaining the transport infrastructure. ANG could probably withdraw this insurance and effectively transfer the risk to the government. Some cost savings would accrue from this move.

8

3 New director

Marking scheme

Marks

(a) Identification of reasons for emergence of regulations; 1 mark for each valid

point made 5

(b) Identification and explanation of core aims; up to 2 marks for each aim identified. For high marks mention required of integrity/accountability, strategy,

shareholders/stakeholders 10

(c) Discussion of roles and responsibilities; up to 2 marks for each valid point made.

For high marks mention required of accounts and risk management review, and

liaison with internal and external audit 10

25

Suggested solution

Text references. Chapter 1-3, 5.

Top tips. Brief examples are helpful in (a) and (b), but overall you can't say much on any individual point in (a) since it's only worth five marks in total.

Our answer to (b) is planned round the most important aims, although you would gain credit for considering corporate governance under the main areas the reports cover. You would also gain credit for bringing in the various perspectives of corporate governance, such as agency, stewardship and stakeholder theory.

(c) deals with the major areas affecting the audit committee, with most focus on the audit committee's liaison with external auditors.

Easy marks. Perhaps the role of the audit committee is the area that's best known.

Address Date

Dear Mr X

I am writing to answer your queries about corporate governance and audit committees.

(a) Reasons for emergence of corporate governance

Corporate governance was defined in the Cadbury report as 'the system by which companies are directed and controlled'.

Corporate governance has developed because of a number of developments and events over the last twenty years.

Abuses by individuals

In the UK a key influence on the development of the Cadbury framework was the financial scandals of the late 1980s and the abuses exposed. A number of provisions have been designed to counter situations where a single individual has dominated a company and has abused his position.

Financial reporting

A key problem in many financial scandals has been misleading financial accounting practices. Whilst these have resulted in strengthened international financial regulations, they have also impacted on corporate governance regulations because of the perceived failure of auditors to address these problems.

9

~

LEARNING MEolA

Risks and controls

Again poor controls have been a symptom of poor corporate governance with for example inadequate management control of individuals such as Nick Leeson. In addition the development of risk management frameworks such as the COSO guidance has impacted upon regulations.

Internationalisation

More investors, in particular institutional investors, have begun to invest outside their home countries. In order to limit the risks of their investments, they seek to promote a common international governance framework.

Cultural reasons

Some corporate governance guidance has been driven by developments in the business environment in local economies and the response of the country's culture to these. South Africa's King report in particular has stressed the influence of corporate governance on qualities that are fundamental to the South African culture. The US has used a strict regulatory approach, embodied in Sarbanes-Oxley to achieve its ends.

(b) Principles of corporate governance

The requirements of the corporate governance reports can be grouped under a number of headings relating to the principles with which they attempt to comply.

Ensuring integrity

A basic aim of all governance guidance has been to promote ethical fair dealing by companies. An important aspect has been stressing the role of directors in influencing the culture, tone and core values of the company.

Promotion of strategic objectives

Reports have sought to ensure adherence to, and satisfaction of, the strategic objectives of the organisation, thus aiding effective management. The UK's Hampel report stressed the importance of good corporate governance in contributing to a business's development. CIMAlIFAC guidance has stressed how analysis of how strategic decision-making and activities will enhance performance. This should be balanced with the conformance requirements of corporate governance reports.

Control of companies

Corporate governance regulations can be seen as creating a framework for the control of multinational companies whose interests may not coincide with the national interests. Corporate governance provides a framework for enforcing compliance with laws on this sort of company.

Enhancing risk management

Corporate governance guidelines have promoted risk management principles, especially financial, legal and reputation risks. They have required compliance with accepted good practice in the jurisdiction in question and ensuring appropriate systems of control are in place, in particular systems for monitoring risk, financial control and compliance with the law.

Protection of shareholders

The corporate governance reports aim to protect shareholders in the same way that investors are protected who buy any other financial investment product, such as insurance or a pension.

10

Involvement of shareholders

As well as protecting shareholders, the governance recommendations are designed to enhance shareholder involvement, particularly institutional shareholder involvement, in companies. This is achieved by giving them more details about company activities, and improving proceedings at annual general meetings by recommending votes on remuneration policy and the report and accounts.

Protection of stakeholders

Corporate governance reports are also concerned with fulfilling responsibilities to all stakeholders. This includes minimising potential conflicts of interest between the owners, managers and wider stakeholder community, and treating each category fairly.

Establishment of accountability

Governance reports are designed to address the problem of the over-mighty managing director by emphasising the role of the whole board in major decisions, and a need for a clear division of responsibilities at the head of companies so that one person does not enjoy unfettered power. It also means the involvement of non-executive directors through committees in delicate decisions such as recruitment to the board, and remuneration of executive directors.

Maintenance of effective scrutiny

Governance provisions have aimed to ensure the independence of those with primary responsibility for scrutinising company activities. This includes prescribing what constitutes, or what might jeopardise the independence of non-executive directors, It also means enhancing their position by prescribing that a certain number of directors be non-executive, and giving the internal and external auditors the right to communicate with an audit committee staffed by non-executive directors.

Provision of accurate and timely information

Governance reports are designed to complement developments in financial reporting guidance by emphasising the need for accounts to present a true and balanced picture of what is happening in the organisation. They also emphasise the importance of timely information as an aid enabling directors to supervise company activities better.

(c) Audit committee

The Combined Code requires the audit committee to consist of independent non-executive directors. The role and responsibilities of the audit committee can be grouped under the following headers.

Monitoring financial statements and announcements of financial performance

The audit committee should review all announcements, concentrating in particular on the significant financial reporting judgements, also key accounting policies and the overall appearance and presentation of the accounts. To order to carry out this review effectively, the audit committee must include members with sufficient financial expertise and qualifications.

Reviewing internal controls and risk management

The committee should review the system of financial controls and may also be responsible for reviewing internal control and risk management systems. This includes continual monitoring of the overall adequacy of the internal control systems and management's attitude towards control. The committee should also focus on specific aspects, such as legal and ethical compliance and fraud reduction measures. The committee should be responsible for drafting or reviewing the statement of internal controls.

11

~

LEARNING MEolA

Review of internal audit

As part of their review of the adequacy of internal controls, the audit committee should assess the need for an internal audit function in the context of the overall risk management framework. The committee should approve the appOintment of the head of internal audit if it decides it is appropriate to have an internal audit function.

If the organisation has internal auditors, the committee should supervise its work including the standards it follows, its scope, its resources, work plan, liaison with external audit and results. The committee should monitor management's responsiveness to internal audit's work. To protect the independence of the internal audit function, the chief internal auditor should be able to report directly to the committee and should with the external auditors meet the committee at least once a year without the presence of executive management.

Liaison with external audit

The committee's role in connection with external audit has a number of aspects:

(i) The audit committee should be responsible for recommending the appOintment, reappointment and removal of external auditors. If the main board disagrees with this decision, the disagreement should be disclosed in the accounts. The audit committee should also approve the remuneration and terms of engagement of the external auditor.

(ii) The audit committee should be particularly concerned with the effectiveness of the external audit process and also the independence and objectivity of external audit. The committee should especially consider whether it is appropriate to use external audit to supply non-audit services, and other issues such compliance with ethical guidance and employment of former employees of the external auditor.

(iii) As regards the external audit itself, the committee should discuss its scope with the external auditors before it starts. The committee should also aid the external auditors by helping them obtain the information they require, act as a forum for liaison between the external and internal auditors and audit committee, and be available for consultation with external auditors. The audit committee should review the results of external audit's work and pursue any serious concerns the external auditors have.

(iv) At the end of the audit, the audit committee should assess the effectiveness of external audit by obtaining feedback and considering whether external audit has shown good understanding of the business, and robust handling of the key audit judgements.

Dealing with staff concerns and investigations

The audit committee should review arrangements by which staff can raise concerns about improprieties. The committee should be able to ensure that appropriate investigations are made of concerns, whether raised by staff or through other sources.

I hope that what I've said has been helpful. Please get in touch if you want to know more about anything else. Yours sincerely

12

4SPQ

Marking scheme

Marks

(a) Explanation of role of internal audit; up to 2 marks for each aspect of role

discussed. Discussion should focus on internal control and risk management process 5

(b) Analysis of risks and recommendations of controls; up to 2 marks for each

risk and each control 9

(c) Discussion of planning issues; up to 2 marks per each issue discussed 6

(d) Resolution of conflicts; up to 2 marks for each resolution discussed depending on

application to SPQ. max 5

25

Suggested solution

Text references. Chapters 5 and 6.

Top tips. Note that (a) stresses the work internal audit does in reviewing the overall control and risk management framework as well as the detailed testing.

(b) goes beyond the problems with the systems and asks what else the systems development demonstrates about SPQ; make sure you clearly identified the control action. We identify more risks than would be required for full marks for this question.

In (c) we cover the issues affecting the running of the specific audit, but also consider the issues affecting this audit's place in the overall plan for internal audit. (b) and (c) both require application of your auditing knowledge.

In (d) you just about have time to consider different solutions to the problem, although don't go overboard on these. You should have drawn a conclusion at the end of your answer. Your solutions need to have a degree of depth (short bullet points would be inadequate) and clear application to the scenario.

Easy marks. (a) is a good start to the question.

(a) Internal audit's role

Internal audit's evaluation of an organisation's systems and processes is part of the process by which an organisation gains assurance that its business risks are being effectively managed and that internal controls are operating as planned.

Risk management process

Part of internal audit's remit is to review the risk management strategies established by management, the risk culture of the organisation and the risk assessments being made. Internal auditors may be able to place reliance on the risk assessments made when planning their own work; however if they are not satisfied, they will have to make their own judgements and report on the inadequacies of the current system to the board and audit committee.

13

~

LEARNING MEolA

Internal control

Internal audit will also be concerned with how the systems established by management to respond to, and manage, risks are working and their work on internal control systems is part of this.

Internal audit will be concerned initially with the design of internal controls and the adequacy of the framework for reducing risks to acceptable levels. Internal audit will also be concerned with the operation of controls, using a combination of risk assessment and detailed testing. Not only will internal audit provide a check on operation, it may improve the chances of some controls operating effectively; staff may be more likely to operate controls well if they know that their work might be audited.

Recommendations

The recommendations internal audit make will feed back into the design and operation of risk management and internal control systems. The recommendations will have regard for the organisation's strategic objectives (including the requirement that costs of control are reasonable given benefits) and also the organisation's risk appetite.

(b) Risks

Revenue and counterparty risks

An obvious risk is the risk of loss of revenue through failure of customers (or possibly third parties) to pay for goods that have been delivered. There is also a risk of customers' dissatisfaction and loss of sales if they have ordered goods, but their orders have been intercepted by third parties.

Data protection risks

spa is possibly vulnerable to the loss of sensitive data about customers to competitors or other third parties. It may also have breached data protection legislation.

Information systems risks

spa may also be vulnerable to interference in the data it holds by the introduction of viruses. This would severally impact on its ability to trade on-line.

Accounting information risks

If the problems are widespread there is a risk that management decision-making will be influenced by incorrect data. There is also a compliance risk, that the loss of data will mean spa fails to fulfil legal requirements to maintain proper accounting records.

Resource wastage risks

The failure to test systems properly may mean that systems are not fulfilling their objectives and that consequently resources are being wasted, either through the systems not providing the support required or as here because resources are having to be used to investigate problems within the system.

Governance risks

What has happened over the project may indicate that the chief executive has too much power, and the company is at risk of failing to fulfil the requirements of the corporate governance guidelines of division of responsibilities and proper risk management procedures.

Reputation risks

spa will be vulnerable to a fall in its sales, if its computer problems are made public and as a result customers lose confidence in the security of the system. These developments may ultimately depress the company's share price.

14

Controls Security controls

The whole security system requires urgent review including whether staff's rights of access to the system need to change, and whether any current system of passwords needs to change. Possibly the passwords currently required are too easily guessed and more complex passwords or more frequent changes should be introduced. Other measures include firewalls, preventing public access to certain parts of the system.

Accounting information controls

It should not be possible to delete transactions completely without a record being made in the system, possibly a dump file, the contents of which are regularly reviewed and investigated. Also order and delivery records should be matched to sales and receipts details, and unmatched orders and delivery notes investigated.

System testing

The systems development procedures either need to be improved or implemented better, and in particular should require the approval of the information technology department and other users. The use of a structured methodology would ensure that the system is designed with both business and users' needs in mind. Clearly also a system of post-audit reviews should be introduced. If fundamental failure of the systems occur (as perhaps here), there should be a requirement that the system undergo a complete re-testing.

Governance

The governance procedures requiring change may include the requirement for the whole board to approve decisions such as the introduction of the new systems, and improved access particularly for internal audit but also for other staff to the audit committee. The UK's Combined Code necessitates a regular review of all internal control systems, including IT systems, by the board.

(c) Strategic issues

The overall audit plan will be influenced by the organisation's objectives, structure and information flows and the risk management system in place. These will determine which areas of the organisation and which risks it is most important for internal audit work to cover.

Areas to be covered and extent of coverage

The audit objectives, the order of work, the areas to be covered and how much work is done will depend on:

(i) The organisation's own risk assessment and risk assessments undertaken by internal audit

(ii) The extent of internal controls within the area

(iii) Any specific requests for coverage, for example by the chief accountant (as here) or the audit committee

(iv) The work carried out by external audit

(v) The results of preliminary work on the audit area including review of previous results and

changes in the business environment

(vi) Any control breaches identified

Operational planning

The operational plan will need to cover in detail the scope and timetabling of the audit, and also the staffing and resources required (including the need for staff with experience or specialist knowledge).

15

~

LEARNING MEolA

If members of the internal audit team have been involved in the design of the system, they should not be involved in its audit. The internal auditors will need to consider the audit tests carried out, bearing in mind the resource usage against the benefits obtained if the tests identify problems.

(d) Resolving difficulties

Reporting weaknesses to the chief executive

This course of action would be proper in the sense that the chief executive is the HIA's immediate superior. Practically if the chief executive is convinced about the seriousness of the problems, it may be easier to get them corrected. However the chief executive's previous attitude suggests that he may forbid the HIA to issue the audit committee with the report in its current form. The chief executive's previous involvement also means that the HIA could justifiably bypass him.

Reporting directly to the audit committee

This would resolve the issues of not supplying the audit committee with information and aspersions being cast on internal audit's competence, and also mean that the HIA had taken a robust attitude to the pressures placed on himself. However if there is a conflict between the audit committee and the chief executive, it might jeopardise the chances of the necessary improvements being made.

Discussion with audit committee chair

This might be a better response than submitting the report directly. As head of the audit committee, the chair has responsibility for ensuring the findings of internal audit are properly actioned, and practically he may be able to advise how best to present the recommendations, so that internal audit's position is preserved but at the same time the recommendations are actioned.

Discussion with finance director

Alternatively the HIA could first discuss the matter with the finance director, as he should be aware of the concerns the chief accountant has. The difficulty might be that the finance director may feel loyalty to the chief executive and report the conversation to him.

Conclusion

As a first stage, the best solution would be to discuss the matter with the audit committee chair for his advice on the best way to proceed. Although this is not a formal report, notes should be taken of this discussion. Subsequent action can be agreed at this meeting.

16