Please note that this pertains to South African Legislation, the King Requirements, and Best Practice.
What we are tackling today and looking at it the Internal Financial Controls.
Before I get into the detail on what the requirements are, let me just say here, that there is a mantra that I try to live by and that is “If cash is King, then clarity must be Queen!”
All of your controls, irrespective of whether they are financial or not must be extremely clear on “how the process is run and what it measures,” and certainly this must apply to all of the financial controls. There must be no room for interpretation or speculation.
Controls that have no purpose or that cannot properly be measured cannot be properly managed and this will most probably lead to the mismanagement of funds, or even worse, theft or fraud. So please make sure that they are simple and very clear and that they actually serve a purpose. Having a procedure for the sake of having a procedure is a waste of everybody’s time.
Now, back to the requirements.
In order for South African companies to be able to trade globally, we have to be aligned with the global “Best Practice Principles”. These requirements have been attended to in the Kings I, II, III, and now IV (and will most probably be featured in all the subsequent amendments that are made down the line), so it is of paramount importance that you, at the very least, have read all four, if not understood and digested them all.
The following is therefore required:-
– An integrated report, which includes a statement from the Board on the effectiveness of the Internal Control. Remember that if the controls cannot be measured they cannot prove their effectiveness. In my experience, this is where I have to first ask . . “Are there Internal Controls?” and then the next question if the answer is “Yes,” will be “Are these Internal Controls documented?” The next question then, of course, is “Are the documented Internal Controls tested from time to time to ensure compliance?” If the answer to any of these questions is a “No”, please understand you are heading for a world of pain!
– Also included in the integrated report there should be a statement from the Audit Committee on the effectiveness of the Internal Financial Controls. Of course, in order to be able to quantify this, the report needs to be supported by a formally documented annual review which must include a review, which must further include a review of the framework of the Company’s Internal Financial Control. This would also need to have been suitably listed.
– Any weaknesses in the Internal Financial Controls, that are considered to be material or that have resulted in an actual financial loss or a reputational loss due to other material losses, or fraud, must be, reported to both the Board and the Stakeholders. In my opinion, it is a good idea to list what is “acceptable” and what is deemed “unacceptable” as this will remove the ‘emotion’ from the decision when you are faced with it.
– Although the Audit Committee is responsible for the determination of nature and the extent of the formal review of the documented Internal Financial Controls, an external attestation is required on the Audit Committee’s statement on the Internal Financial Control.
So exactly what are the questions that the Directors should be asking?
1. Is there some sort of control framework that governs the financial reporting in the organization, such as (but not limited to) COSO (Committee of Sponsoring Organizations is the one that is used most often)?
2. Have all the probable risks to “fair” presentation in the Financial Statement results and disclosures been identified and documented?
3. Are there controls in place to ensure that these risks are taken into account, in order to both prevent or discover anomalies in the Financial Statements and then to ensure that they are disclosed in the results.
4. Are the anomalies that were identified by the controls, now also evidenced in the report. Remember that we are aiming for “Full Transparency” here, both the directors and the stake Holders MUST be aware of what is happening in the Company in terms of finance and how it will affect the company!
5. Were the controls identified in 4 above, properly documented in the results and reported to the Internal Audit Committee at the time that they were identified, and were they reported accurately? This will show transparency.
6. Has the Internal Audit Committee’s findings been properly evidenced and this would also include the assessment that was documented by Internal Audit?
7. Is there a process in place to ensure that the framework remains current at all times.
As you can see it is of paramount importance that all discrepancies are firstly highlighted, and secondly investigated, and then transparently and accurately reported. Finally, once a discrepancy is highlighted and investigated, and reported, a solution needs to be found to ensure that it cannot and will not happen again going forward.
It is also important to ensure that controls and processes are updated and kept current so that new technology or techniques are always included in the audit.
Next time we will have a look at specifically what the requirements are around Ethical Leadership & Corporate Citizenship.