ACCA P7 THE CONTROL ENVIRONMENT OF A COMPANY (二)
2 Commitment to competence
Competence is the knowledge and skills necessary to accomplish tasks that define the individual’s job. It is self-evident that if individual employees are tasked with carrying out duties that are beyond their competence levels, then desired objectives are unlikely to be met. For example, there is an increased probability that the objective of avoiding material misstatement in a set of complex financial statements will not be met if prepared by an inexperienced company accountant. This is simply due to the inexperience (translating to a lower competence level) of the accountant. From this, it follows that the auditor will have increased confidence in internal control relevant to the audit, where management have taken measures to ensure employees who participate in internal control are competent to carry out relevant tasks effectively.
Measures taken by management in this regard can cover a range of activity including for example, rigorous technical and aptitude testing at the employee recruitment stage and in-house or external training courses and mentoring from more senior colleagues 3 Participation by those charged with governance
The directors of a limited liability/limited company are charged with the company’s governance. As such, they are responsible for overseeing the strategic direction of the company and its obligations related to its accountability – for example, to governments, shareholders and to society in general. In particular, in most jurisdictions the company’s directors are responsible for the preparation of its financial statements. Given the influence that the actions of directors have on a company’s internal control, the extent of their day-to-day active involvement in the company’s operations has a pervasive effect on the internal control of the company.
The extent to which directors do get involved will, to some extent, depend on legislation or codes of practice setting out guidance for best practice in given jurisdictions. For example, the UK Corporate Governance Code (with which companies listed on the London Stock Exchange should comply) sets out standards of good practice, including those pertaining to board leadership and effectiveness.
Notwithstanding legislation and codes of practice, the extent of each director’s participation is largely influenced by the nature of their professional discipline and their individual perspective about how they should carry out their respective roles. Some may see themselves as micromanagers, while others will trust subordinates to carry out defined duties with minimal interference. Frequently, directors will be very experienced and adopt an arms-length approach to getting involved in operational tasks. However, they may insist on monitoring activity by way of receipt of formal narrative reports. Other directors may adopt a more casual (but equally thorough!) ‘working alongside subordinates’ approach as a method of monitoring activities.
All of the variables mentioned above with regard to director involvement, should be important considerations of an auditor as part of the process of ascertaining the extent of internal control in the company and in assessing its effectiveness. 4 Management’s philosophy and operating style
A company’s board of directors will comprise of individuals each with a different mind
– set as to philosophy and operating style, manifested in characteristics such as their:
approach to taking and managing business risk
? attitudes and actions toward financial reporting
? attitudes toward information processing and accounting and functions personnel.
Each of the above characteristics underlie a company’s control environment and it is crucial for an auditor to have an understanding of them. Dealing with each in turn: Approach to taking and managing business risk. Business risk is the risk inherent in a company as a consequence of its day-to-day operations and it comprises several components. The first of these is financial risk – for example, the risk that the company may have insufficient cash flow to continue in operation. The second component is operational risk – for example, the risk that the company’s product lines may decline in popularity leading to a sharp decline in sales and profitability. The final component of business risk is compliance risk – for example, the risk that the company may be in breach of health and safety regulations, leading to the possibility of hefty fines or even the closedown of operational activity.