Please note that this pertains to South African Legislation, the King Requirements and Best Practice.
Looking at the Internal Financial Controls is what we tackle today.
Before I get into the detail on what the requirements are, let me just say here, that there is a mantra that I try to live by and that is “If cash is King, then clarity must be Queen!”
All of your controls, irrespective of whether they are financial or not must be extremely clear on the “how the process is run and what it measures,” and certainly this must apply to all of the financial controls. There must be no room for interpretation.
Controls that have no purpose or that cannot properly be measured cannot be properly managed and this will most probably lead to the mismanagement of funds, or even worse, theft or fraud. So please make sure that they are simple and very clear.
Now, back to the requirements.
In order for South African companies to be able to trade globally we have to be aligned with the global “Best Practice Principles”. These requirements have been attended to in the Kings I, II, III and now IV (and will most probably be featured in all the subsequent amendments that are made down the line), so it is of paramount importance that you, at the very least, have read all four, if not understood and digested them all.
The following is therefore required:-
– An integrated report, which includes a statement from the Board on the effectiveness of the Internal Control. Remember that if the controls cannot be measured they cannot prove their effectiveness. In my experience, this is where I have to firstly ask . . “Are there Internal Controls?” and then the next question if the answer is “Yes” will be “Are these Internal Controls documented?” and then of course “Are the documented Internal Controls tested from time to time to ensure compliance?”
– Also included in the integrated report there should be a statement from the Audit Committee on the effectiveness of the Internal Financial Controls. Of course in order to be able to quantify this, the report needs to be supported by a formally documented annual review which must include a review which must further include a review of the framework of the Company’s Internal Financial Control. This would also need to have been suitably listed.
– Any weaknesses in the Internal Financial Control, that are considered to be material or that have resulted in an actual financial loss or a reputational loss due to other material losses, or fraud must be reported to both the Board and the Stakeholders. In my opinion, it is a good idea to list what is “acceptable” and what is deemed “unacceptable” as this will remove the ‘emotion’ from the decision when faced with it.
– Although the Audit Committee is responsible for the determination of the nature and the extent of the formal review of the documented Internal Financial Controls, an external attestation is required on the Audit Committee’s statement on the Internal Financial Control.
So exactly what are the questions that the Directors should be asking?
1. Is there some sort of control framework that governs the financial reporting in the organization, such as (but not limited to) COSO (Committee of Sponsoring Organizations is the one that is used most often)?
2. Have all the probable risks to “fair” presentation in the Financial Statement results and disclosures been identified and documented?
3. Are there controls in place to ensure that these risks are taken into account, in order to both prevent or discover anomalies in the Financial Statements and then to ensure that they are disclosed in the results.
4. Are the anomalies that were identified by the controls, now also evidenced in the report.
5. Were the controls identified in 4 above, properly documented in the results and reported to the Internal Audit Committee at the time that they were identified and were they reported accurately? This will show transparency.
6. Has the Internal Audit Committee’s findings been properly evidenced and this would also include the assessment that was documented by Internal Audit?
7. Is there a process in place to ensure that the framework remains current at all times.
As you can see it is of paramount importance that all discrepancies are firstly highlighted, and secondly investigated and then transparently and accurately reported.
It is also important to ensure that controls and processes are updated and kept current, so that new technology or techniques are always included in the audit.
Next time we will have a look at specifically what the requirements are around Ethical Leadership & Corporate Citizenship.