King III - Chapter 12: Internal financial controls

Overview

Chapter



12


The purpose of this section is to highlight those areas of King III that apply to an organisation’s assessment of internal financial controls and to offer our professional insights as to how entities can practically implement and apply the recommendations of the Code.

King III requires that the audit committee ensure the integrity of integrated reporting and internal financial controls. In addition, the audit committee should have oversight of financial reporting risks. In order to align recommendations with global best practice principles, King III requires:
  • A statement from the board on the effectiveness of internal controls to be included in the integrated report
  • A statement from the audit committee, also included in the integrated report, on the effectiveness of internal financial controls
  • The statement made by the audit committee should be supported by a formally documented annual review of the design, implementation and effectiveness of the company’s system of internal financial controls following suitable testing performed by internal audit
  • The nature and extent of weaknesses in financial control that are considered material and that resulted in actual material financial loss, fraud or material errors, should be reported to the board and the stakeholders
  • The audit committee should determine the nature and extent of the formal documented review of internal financial controls. No external attestation is required to be made on the audit committee’s statement on internal financial control.
Key provisions of the Report - click here  New Window
(Click on the arrows to expand section)
Meeting the internal financial control requirements of King III and putting its principles into practice will require a number of practical interventions. As a minimum, companies should:
  • Implement a control framework incorporating internal financial controls that is documented and achieves fair presentation of the financial statement results and disclosures in accordance with generally accepted accounting principles
  • Follow a risk-based approach by identifying likely sources of material errors in the financial statements and disclosures. These risks should then be mitigated by controls that are adequately designed and are operating effectively to ensure fair presentation of the financial statement results and disclosures
  • Have internal audit evidence an annual assessment of the design adequacy and operating effectiveness of internal financial controls and maintain relevance over time by taking into consideration any changes to both internal and external factors impacting the entity
  • Apply a cost-efficient approach that ensures a sensible balance between the cost of implementing and monitoring the framework and the benefits of such a framework.
  • Is there a control framework (e.g. COSO) governing financial reporting in the organisation?
  • Have all probable risks to fair presentation in the financial statement results and disclosures been identified and documented? (Fair presentation implies that the numbers and disclosures are not materially misstated).
  • Are there controls in place to address these risks and are they adequately designed to prevent or detect material misstatements in the financial statement results and disclosures?
  • Do the controls identified operate as they are supposed to and are they appropriately evidenced?
  • Has internal audit tested the controls identified above and reported their results to the audit committee completely and accurately?
  • Is the audit committee’s assertion appropriately evidenced (including internal audit’s assessment)?
  • Is a process in place to ensure that the framework remains relevant over time?
How we can help you
Organisations should make an informed decision as to how to adopt the principles of King III in regard to internal financial controls. We can help you to achieve this by advising and assisting you on the implementation of a framework tailored to your business that will support internal audit’s assessment of internal financial controls. This approach takes into account the design of a framework that is flexible to the needs of your business and the cost and associated benefits envisaged to achieve the desired result.

The methodology we apply in helping our clients is principles based and which we approach from management’s perspective. Almost all frameworks that enable management to assess internal financial controls draw on experiences gained in complying with Section 404 of the Sarbanes-Oxley Act (SOX). Unlike King III, SOX requires the external auditor to assess internal financial controls. As a result, much of the guidance in applying SOX came from the external auditors and did not always take management’s requirements into consideration. Management best understands the risks that impact financial reporting. Our methodology is based on management’s experience and takes into consideration the relative size and complexity of the business. The result of this is that our clients are able to maximise the benefits and minimise the effort of applying the principles of King III.