« 監査部隊が会社を救う 内部統制を効かせる強い会社の神経網 by日経ビジネス06.10.09号 | Main | パブコメ 公認会計士協会 監査・保証実務委員会研究報告「重要な虚偽表示のリスクの評価手法」(公開草案) »

2006.10.11

UK Financial Reporting Council - Corporate Governance - Internal Control

 こんにちは、丸山満彦です。いまさらなんですが、UKのFinancial Reporting Council - Corporate Governance - Internal Controlに2005年に改訂されたThe Turnbull Guidance on Internal Controlが載っているのですが、その中のガイダンス部分を抜き出しました。

 
Financial Reporting Council
The Turnbull Guidance on Internal Control
・2005 Revised Turnbull guidance October 2005 (56kb)

Five - Appendix 
Assessing the effectiveness of the company's risk and control processes
Some questions which the board may wish to consider and discuss with management when regularly reviewing reports on internal control and when carrying out its annual assessment are set out below.
The questions are not intended to be exhaustive and will need to be tailored to the particular circumstances of the company.
This Appendix should be read in conjunction with the guidance set out in this document.

Risk assessment
• Does the company have clear objectives and have they been communicated so as to provide effective direction to employees on risk assessment and control issues? For example, do objectives and related plans include measurable performance targets and indicators?
• Are the significant internal and external operational, financial, compliance and other risks identified and assessed on an ongoing basis? These are likely to include the principal risks identified in the Operating and Financial Review.
• Is there a clear understanding by management and others within the company of what risks are acceptable to the board?

Control environment and control activities
• Does the board have clear strategies for dealing with the significant risks that have been identified? Is there a policy on how to manage these risks?
• Do the company's culture, code of conduct, human resource policies and performance reward systems support the business objectives and risk management and internal control system?
• Does senior management demonstrate, through its actions as well as it policies, the necessary commitment to competence, integrity and fostering a climate of trust within the company?
• Are authority, responsibility and accountability defined clearly such that decisions are made and actions taken by the appropriate people? Are the decisions and actions of different parts of the company appropriately co-ordinated?
• Does the company communicate to its employees what is expected of them and the scope of their freedom to act? This may apply to areas such as customer relations; service levels for both internal and outsourced activities; health, safety and environmental protection; security of tangible and intangible assets; business continuity issues; expenditure matters; accounting; and financial and other reporting.
• Do people in the company (and in its providers of outsourced services) have the knowledge, skills and tools to support the achievement of the company's objectives and to manage effectively risks to their achievement?
• How are processes/controls adjusted to reflect new or changing risks, or operational deficiencies?

Information and communication
• Do management and the board receive timely, relevant and reliable reports on progress against business objectives and the related risks that provide them with the information, from inside and outside the company, needed for decision-making and management review purposes? This could include performance reports and indicators of change, together with qualitative information such as on customer satisfaction, employee attitudes etc.
• Are information needs and related information systems reassessed as objectives and related risks change or as reporting deficiencies are identified?
• Are periodic reporting procedures, including half-yearly and annual reporting, effective in communicating a balanced and understandable account of the company's position and prospects?
• Are there established channels of communication for individuals to report suspected breaches of law or regulations or other improprieties?

Monitoring
• Are there ongoing processes embedded within the company's overall business operations, and addressed by senior management, which monitor the effective application of the policies, processes and activities related to internal control and risk management? (Such processes may include control self-assessment, confirmation by personnel of compliance with policies and codes of conduct, internal audit reviews or other management reviews).
• Do these processes monitor the company's ability to re-evaluate risks and adjust controls effectively in response to changes in its objectives, its business, and its external environment?
• Are there effective follow-up procedures to ensure that appropriate change or action occurs in response to changes in risk and control assessments?
• Is there appropriate communication to the board (or board committees) on the effectiveness of the ongoing monitoring processes on risk and control matters? This should include reporting any significant failings or weaknesses on a timely basis.
• Are there specific arrangements for management monitoring and reporting to the board on risk and control matters of particular importance? These could include, for example, actual or suspected fraud and other illegal or irregular acts, or matters that could adversely affect the company's reputation or financial position.

【参考】このブログ
・2006.05.01 内部統制 英国の場合

|

« 監査部隊が会社を救う 内部統制を効かせる強い会社の神経網 by日経ビジネス06.10.09号 | Main | パブコメ 公認会計士協会 監査・保証実務委員会研究報告「重要な虚偽表示のリスクの評価手法」(公開草案) »

Comments

Post a comment



(Not displayed with comment.)




TrackBack


Listed below are links to weblogs that reference UK Financial Reporting Council - Corporate Governance - Internal Control:

« 監査部隊が会社を救う 内部統制を効かせる強い会社の神経網 by日経ビジネス06.10.09号 | Main | パブコメ 公認会計士協会 監査・保証実務委員会研究報告「重要な虚偽表示のリスクの評価手法」(公開草案) »