FACTORS TO CONSIDER IN ASSESSING THE EFFECTIVENESS OF THE COMPANY’S RISK AND CONTROL PROCESSES

  take note (link Turnbull Guidance)

-Combined code – board – annual evaluation of IC system

1) Control environment and control activities (ADEQUACY)

 Control environment (strength of control env)

 do co’s culture, code of bs conduct, reward structure support IC system?
 do they emphasis on integrity?
 do senior mgnt walk the talk? – leadership by example – implications on staff
 responsiveness – control environment change in response to change in environment
 Control activities
 Existence of RM system – need strategies to tackle the risks
 Personnel control – knowledge, skills and tools to support the achievement of the company’s
objectives and to manage effectively risks to their achievement
 Authorization control – clearly defined – authority, responsibility, accountability -appropriate people
 Organisational control – does the company communicate to its employee what is expected of them
and the scope of their freedom to act
 Responsiveness – control activities change in response to change in environment, or operational
deficiencies, new or changing risks

2) Risk assessment (part of control activities)

 Establishment of risk appetite which measure the board collective acceptance of risk
 Existence of RM system
 Ongoing basis – proactive

3) Monitoring

 Existence of IA
 Follow up procedures after release of IA report

4) Information and Communication

 Whether the company has a policy that require immediate reporting of certain matters of significance so
that prompt actions can be taken
 Timeliness of reporting of info (timely and relevant)
 Quality of info – objective? Accurate? (reliable reports)
 Format of reporting – balanced and understandable account – allow mgnt ustand the issue
 Existence /Establishment of whistle blowing arrangement – channels of communication