Skip to main content
main-content
Top

About this book

With globalisation, deregulation and the advent of derivatives, credit institutions and the treasury operations of manufacturing, merchandising and service companies are finding that their traditional tools for management control no longer suffice. They must develop more efficient processes able to measure and monitor their risks in real-time. Internal control is a dynamic system covering all types of risk, addressing fraud, assuring transparency and making possible reliable financial reporting within such organisations. In Implementing and Auditing the Internal Control System , Dimitris N. Chorafas defines both auditing and internal control, and explains the value of internal control, why it must be audited, and how it can be most effectively achieved. He addresses top management's accountability for internal control, and uses case studies to demonstrate the application of such systems, and the importance of sound and well-informed analysis of the information gathered. Internal control systems are examined within the context of the globalization of financial markets, under the impact of the growth of information technology, and from the viewpoint of new regulations by supervisory authorities in Group of Ten countries as well as by the Basle Committee on Banking Supervision. Based on an extensive research project in the UK, US, Germany, France, Austria, Switzerland and Sweden, this book is an invaluable source of practical advice for implementing internal control systems, and making existing systems more efficient. It provides managers and professionals with guidelines for the interpretation and use of the resulting internal control intelligence.

Table of Contents

Frontmatter

Why Internal Control Systems Must be Audited

Frontmatter

1. The Role of Auditing in an Organization

Abstract
When he became warden of the Mint, Sir Isaac Newton stepped away from tradition and began to question what he was taught. This is today the task of auditing. Newton also provides a good paradigm for another reason. Once he said to a famous crook: ‘I shall only tell you in general that I understand your way and therefore sue you.’ Auditors usually don’t sue the company but the regulators may.
Dimitris N. Chorafas

2. What is Meant by ‘Internal Control’?

Abstract
Knowledge is not synonymous with reliable financial reporting and to the proper management of exposure, but it is a basic ingredient of both. Without knowledge we will not be able to reconcile accounts, comply with regulations, or find a solution in controlling the risks we are taking — unless we stumble on it. Without timely and accurate information, the board, the CEO, and senior management will not be in a position to steer the company towards the right course.
Dimitris N. Chorafas

3. Internal Control and the Globalization of Financial Markets

Abstract
One of the missing links in effective globalization of financial markets is the ability of internal control systems to span the whole network of a company’s operations — for any transaction or position, anywhere in the world, at any time. Steady tracking is important because fully or partly controlled instruments and subsidiaries abroad represent a major part of the risk taken by the parent company, contrary to the generally held opinion that they only represent ‘added income’.
Dimitris N. Chorafas

4. New Standards for Auditing Internal Control and the Use of Risk-Based Audits

Abstract
Accounting and auditing have come a long way since the end of the Second World War. They now feature revamped, stricter, and enforceable codes of ethics as well as new and revised standards, more efficient professional bodies, and much better structured technical examinations which are getting increasingly more sophisticated. Because of these developments, auditing has evolved into a significant aid to implementation and maintenance of an internal control system. The 1990s have seen new audit, accounting, and management control concepts, such as:
  • Internal control’s expanding horizon
  • Integrated auditing approaches
  • Database mining for auditing reasons
  • Risk-based examinations
  • Self-assessment in corporate governance and
  • A tougher stance by regulators.
Dimitris N. Chorafas

5. A Methodology for Auditing the Internal Control System

Abstract
The message Chapter 4 has conveyed is that, as a matter of policy, banks should have their internal control system regularly reviewed both by their own auditors and by independent outside parties. This statement is valid for all three major internal control functions: compliance, accounting reconciliation, and risk management (see Chapter 2), as well as many other functions coming under the internal control headline.
Dimitris N. Chorafas

Management Appraisal of and Accountability for the Internal Control System

Frontmatter

6. Senior Management Responsibilities for Internal Control

Abstract
The best way to value differentiate a business enterprise is to consider if the company, its products, and its services solve a problem, or make someone else’s life easier. A product or service helps in solving a problem if not only other companies and people need it but are also ready to pay for it. At the same time, because many products and services involve risk, the company must be able to take hold of its exposure(s), including the risk of non-compliance to rules and regulations.
Dimitris N. Chorafas

7. Internal Control Implementation Must Focus on Core Functions

Abstract
Chapter 1 explained that auditing is a core function for any company, no matter the business it is in. Chapter 2 made the point that internal control, too, is core to any enterprise. It was also stated that fraud has been one of the first reasons why a company needed a reliable internal control system, but today a more important background reason is exposure to credit risk, market risk, operations risk, and other risks.
Dimitris N. Chorafas

8. Establishing an Efficient Internal Control Structure

Abstract
Whether the bank’s operations are centralized, decentralized, or organized along the principle of federated independent business units, a number of basic organizational prerequisites must always be present to ensure the observance of necessary functions and the fulfilment of basic requirements in the development and execution of internal control policies. The board and senior management need an internal control system able to support six basic issues characterizing a sound business practice:
  • Goals of compliance, accounting reconciliation and preservation of assets
  • Internal intelligence objectives for exposure control regarding trades, inventoried portfolio positions and other operations
  • A mechanism for tracking fraud and other misdemeanours anywhere in the world, at any time
  • Feedback risk control and other management controls everywhere the bank operates, at all organizational levels
  • Feedback for corrective action, actuating the brakes to regulate or stop the risk-taking machine
  • Feedback to assure that managers, professionals, and other employees operate in a manner commensurate with personal accountability.
Dimitris N. Chorafas

Case Studies on the Implementation of Internal Control

Frontmatter

9. Applying Internal Control to Our Institution’s Limits System

Abstract
In my postgraduate studies at UCLA I had a professor of banking who taught his students that ‘no matter how good a new deal is, if the counterparty limit has been reached no further deals are possible’. This is not the message the majority of credit institutions give to their traders and credit managers, and even those who want to see limits set by the board fully observed at all time are unable to hit that goal so because:
  • The prevailing level of detail is not appropriate and
  • There is no real-time reporting on internal controls, including limits.
Dimitris N. Chorafas

10. Auditing Counterparty Limits and Trading Limits

Abstract
Chapter 9 has explained that limits to the line of credit of a counterparty, particularly in connection with loans, are nothing new. Indeed, they constitute one of the earlier and better examples of internal control. What is new is the cross-functional and transborder dimension of credit limits which should characterize their setting and their follow-up. Similarly market limits today have a dynamic structure, leading to the conclusion that both the limits themselves and the way in which they are set and they are observed must be audited.
Dimitris N. Chorafas

11. An Internal Control System for Engineering Design, Product Development, and Quality Assurance

Abstract
Experts believe that in the future sustainable competitive advantages will come from innovative firms that know how to use their store of knowledge in the best way possible. Innovation really goes beyond creativity, because creativity alone might not help in obtaining better business results. Chapter 10 has given an example of companies punished by the market because of pipeline risk. This, so far, has not happened to Intel, Microsoft, and Sun Microsystems because they have sound innovation policies.
Dimitris N. Chorafas

12. Services Provided by Information Technology to the Auditing of Internal Controls

Abstract
Technologically advanced banks appreciate that internal control is the key to keeping their house in order, and to supporting management information requirements in an able manner. There is a crying need for new, sophisticated paradigms on how to use information technology for internal control reasons. This need has been present for some years, but only today has it started to be more generally appreciated because few banks had the skill and culture necessary for implementation of rigorous solutions.
Dimitris N. Chorafas

13. The Contribution of External Auditors to the Internal Control System

Abstract
The role of external auditors is important not only to the certification of accounts but also as a professional support to a company’s internal audit function. Typically, external auditors are certified public accountants (CPAs, chartered accountants) who are hired by senior management for independent auditing duties. External auditors are also delegated by bank supervisors and other regulatory authorities who have the function of independent examiners. The wider description of their mission includes:
  • Evaluation and certification of the work of internal auditors
  • Review of the company’s records and computational procedures
  • Evaluation of accounting procedures for compliance reasons
  • Analysis of financial reports and disclosures
  • Testing of assets, liabilities, revenues, and expenses in terms of valuation
  • Appraisal of internal controls and their adequacy under stress conditions.
Dimitris N. Chorafas

Backmatter

Additional information