Monday, August 5, 2019

Internal Audit Example of Educational Institution

Internal Audit Example of Educational Institution Internal Auditing – Cass Business School Question 1 Control Environment The attitude and actions of the board and management regarding the significance of control within the organization. The control environment provides the discipline and structure for the achievement of the primary objectives of the system of internal control. List and discuss the methods that the management of Cass Business School might use to encourage and develop an effective control environment. Cass Business School is one of the leading schools for business research in London. Being in a thriving cosmopolitan and commercial business centre, the school seems to have a strategic and business advantage and can test its theoretical approaches against practical realities. The school focuses on a rigorous research practice combined with a productive and dynamic relationship with business groups and academic organisations (Cass report 2005). In areas of finance, Cass Business School is known for its contributions to financial markets, money and banking, real estate finance, investment and risk management, strategy, innovation and entrepreneurship, Governance and pay, e-business, international business, voluntary sector management, pensions, life insurance, health insurance, reliability and dependability of computer based systems. In this discussion, we highlight the importance of effective internal control that can provide discipline and structure for achievement of primary objectives within the organisation. The control environment of an organisation includes the following elements: Organizational structure. Managements philosophy and operating style. Integrity and ethical values. Assignment of authority and responsibility. Human resource policies and practices. Competence of personnel. The success of an organisation in developing an effective management structure depends largely on its mission, aims and objectives. The mission of the school is to carry out multidisciplinary research in corporate governance issues which can be applicable at National, European and Global levels. The set of research objectives translated into research themes address specific dimensions of corporate governance process. Corporate governance and organisational performance are closely associated as appointment of high level officials defining internal control actually has an impact on the market performance of a company. The operating style and key activities of the management of the school include: Conducting funded research to produce scholarly publications and reports for policy makers and for practitioners; recruiting post graduates and research students to research on various research themes in management; organising workshops and conferences to promote and disseminate research findings within the school’s RD department; and also contributing to public debates on business strategies and Corporate Governance to improve the image and reputation of the school’s research faculties. As a strategic plan of infrastructure development, the school replaced all previous methods of assessment of students by building a new central computerised database for IT management, and new infrastructure. Organisational structure and assignment of responsibility and authority to board members is a mechanism of internal control and appointment of executive and non-executive directors tend to have a direct impact on the market as the main hypothesis in this case is that since appointments are driven by the financial situation of the company, it is expected that market reactions would be positive to the appointment of non-executive directors to the board and negative for executive directors (Cass report, 2005). The market valuation of appointment of board members defining the control environment is an essential measure of governance and the balance scorecard gives a detailed picture of the performance of a particular company and its use in improving corporate and internal control environment of an organisation. For developing an effective control environment, a close knit board with a clear strategic approach can be recommended. Question 2 The chief audit executive should effectively manage the internal audit activity to ensure it adds value to the organization. (Standard 2000) Critically discuss the potential benefits that internal auditing might bring to Cass Business School. You should consider both financial and non-financial benefits in your answer. Internal auditing has emerged as a distinct profession with its own philosophy, principles and practice. Managerial communities without internal audit systems also lack a proper operating control system (Beale and Bradford, 1993). To minimise work errors, impropriety as business organisations and to audit work omissions, internal auditing is necessary and standards for professional Practice of Internal Auditing have been established along with a code of ethics and statement of responsibilities for internal auditors. The chief audit executive determines the course of an audit system in an organisation. The role of internal and external auditing in serving shareholders and board of directors in different communities has been highlighted in mergers and acquisitions as also the potential role of internal auditors in strategic management (Melville, 2003). There are significant changes in the roles and mission of external and internal auditors and in their activities in consultancy, risk management and governance to investigate the contributions of audit to organisations and stakeholders. The role of the external audit firms, including providing tax advice to clients as well as research into the implications of legislation and regulations are also important strategic considerations. Senior security management standards and effective controlling of their IT infrastructure are issues within IT governance and drawing up a critical infrastructure. Research concerning internal audit results has to consider whether these results have any predictive value relative to actual company outcomes. In this context the internal auditor’s role in assessing and contributing to Corporate Social Responsibility (CSR) and sustainability are one of the key issues for senior management. The focus of internal auditing has been redefined to address consultative, risk and assurance activities. The need for further research in these areas to evaluate actual and potential role of internal audit can be emphasised to understand its potential benefits (Ruskin and Estes, 1984). The financial benefits of internal auditing for Cass Business School are increased contributions to stakeholders and directors and improved analysis of mergers and acquisitions. The non-financial benefits include risk management analysis, corporate governance reports, predicting performance outcomes and effective control of IT and strategic management systems. Question 3 The internal audit activity should assist the organization by identifying and evaluating significant exposures to risk and contributing to the improvement of risk management and control systems. (Standard 2110) List and describe the key risks in Cass Business Schools financial and non-financial systems. In its report on corporate governance and corporate performance, Cass Business School emphasised the linkages of governance and performance and examined the role of the board of directors in mitigating firms’ agency costs and also in creating shareholder value. The hypothesis put forward was that a large proportion of non-executive directors and chairman and CEO will over-perform in terms of rates of return and stock returns whereas companies with boards dominated by insiders will tend to under-perform. Internal and external control mechanisms such as managerial ownership, bondholders, block ownership and market for corporate control have to be taken into consideration while measuring corporate performance and this is mainly reflected in annual reports of companies. Other factors of corporate governance are important as are identification of the risks, roles and responsibilities of governance (Helliar et al, 2000). Risk management is at the centre of decision making processes in organisations at all levels and research into the different ways of assessing, managing and reporting risks within the organisations and reporting risks to outside stakeholders for achieving benefits is important within the context of management and board responsibilities. Hallikas et al (2002) provide a conceptual framework for risk analysis in networking for a company and note that to analyse and assess the risks associated with networking, either internal audit or computer aided cause and effect analysis can be used as tools for analysis of risks. Considering these factors, in the study of Cass Business School the key risks in financial and non-financial systems seem to be High and increasing tuition fees, increased competition from other schools, legal actions, and internal conflicts between members. However there is a risk management methodology and the Risk Management University Council has agreed to this risk management process. For several years the University has scored the relevant risks for each risk management strategy as to impact and likelihood using a defined scale. The control environment around the high-scoring risks has been reviewed. Question 4 Based on the results of the risk assessment, the internal audit activity should evaluate the adequacy and effectiveness of controls encompassing the organizations governance, operations, and information systems. These include: Reliability and integrity of financial and operational information. Effectiveness and efficiency of operations. Safeguarding of assets. Compliance with laws, regulations, and contracts. (Standard 2120.A1) For each risk identified in Question 3, identify the potential impact of control weaknesses and recommend appropriate controls that might reduce the impact of the threat. Give reasons for your recommendations. Within the Cass Business school management system, the annual report states that risk management Council has agreed to risk management methodology and processes and risks of the University are defined in the methodology. The University has reviewed its corporate risk register and has consolidated risks that have a high impact and likelihood score and has also reviewed the control environment for high scoring risks. The university council receives regular reports on progress of risk management implementation and within each school a risk register exists with each risk scored against a defined scale. There are future School plans to integrate risk reviews in the University’s general management and planning process. Bainbridge and Paul (1986) have effectively related control objectives with internal audit systems. In case of ineffective internal auditing, with unreliable financial information and flaws in accounting, complete transparency of financial data might help to overcome the weaknesses considerably. In case of inefficiency of operations and control, a strong project management approach and board internal control is suggested. The measurement and appraisal of intangible assets, especially human capital as a key factor of wealth creation is a key objective for improving organisational effectiveness. Safeguarding of company or organisational assets is possible through stakeholder or director support as well as general corporate performance and in this case, the overall annual performance of the school which is required to show financial profits. Compliance with laws and regulations can improve credibility and appropriate company objectives and codes of ethics and practice as well as strict management guidelines should be put forward. Bibliography Relating audit and internal control objectives: A missing step in specifying compliance tests Journal of Accounting Education, Volume 4, Issue 2, Autumn 1986, Pages 63-74 D. Raymond Bainbridge, John W. Paul The effects of information order and hypothesis-testing strategies on auditors judgments Accounting, Organizations and Society, Volume 14, Issues 5-6, 1989, Pages 471-479 Jane L. Butt, Terry L. Campbell Chan, K. C.; Chen, C. R.; Steiner, T. L. Production in Finance Literature, Institutional Reputation, and Labor Mobility in Academia: A Global Perspective, Financial Management, (2002) 31(4) pp131-156 Risk analysis and assessment in network environments: A dyadic case study International Journal of Production Economics, Volume 78, Issue 1, 1 July 2002, Pages 45-55 Jukka Hallikas, Veli-Matti Virolainen and Markku Tuominen Internalization versus externalization of the internal audit function: an examination of professional and organizational imperatives Accounting,Organizations and Society, Volume 26, Issues 7-8, October-November 2001, Pages 617-641 Larry Rittenberg and Mark A. Covaleski Managing the internal audit A practical handbook, : by Ian Beale and Roy H Bradford (1993), Kogan Page Computer Law Security Report, Volume 9, Issue 4, July-August 1993, Page 154 Internal vs. external IT audits — or — Mapping out a war zone? Computers Security, Volume 14, Issue 5, 1995, Pages 419-420 Doc Farmer and S. G. Warburg Internal Audits Metal Finishing, Volume 98, Issue 11, November 2000, Pages 73-78 Leslie W. Flott Evidence of agency conflict among management, auditors, and the audit committee chair Journal of Accounting and Public Policy, Volume 9, Issue 4, Winter 1990, Pages 271-292 Susan Haka and Peter Chalos UK AUDITORS PERCEPTIONS OF INHERENT RISK, The British Accounting Review, Volume 28, Issue 1, March 1996, Pages 45-72 CHRISTINE HELLIAR, BOB LYON, GARY S. MONROE, JULIANA NG and DAVID R. WOODLIFF Melville, R., (2003)  The contribution of internal audit to corporate strategy.  International Journal of Auditing Volume 7Issue 3Page 209 November 2003 M. Page and L. Spira, The Turnbull Report, Internal Control and Risk Management: The Developing Role of Internal Audit, The Institute of Chartered Accountants of Scotland, Edinburgh (2004) The project management audit: Its role and conduct Engineering Management International, Volume 2, Issue 4, July 1984, Pages 279-286 Arnold M. Ruskin, W. Eugene Estes Sawyer, Lawrence B.  Sawyer’s internal auditing: the practice of†¦enlarged/Lawrence B. Sawyer, assited by Glenn.E. Sumners  3rd edition, retitled, rev and enl Altamonte Springs, Fla: Institute of Internal Auditors, 1988   Sawyer, Lawrence B.  Elements of management oriented auditing   Institute of Internal Auditors Inc 1983 Sawyer, Lawrence B.  The practice of modern internal auditing / Lawrence B.Sawyer  2nd ed. Rev. and enl Altamonte Springs, Fla: Institute of Internal Auditors, 1981  www.cass.city.uk

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.