Page 14 - SCS May 2018 - Day 2 Suggested Solutions
P. 14

CIMA MAY 2018 – STRATEGIC CASE STUDY


                    Another consideration would be according to COSO (Committee of Sponsoring Organisations), an
                    organisation with a good internal control system would expect to have the following attributes:

                    A good control environment

                    This refers to manager’s attitudes to controls. If managers ignore and demonstrate little interest
                    in controls, employees are unlikely to follow the policies and procedures created. The “tone” set
                    by managers and directors is extremely important and underpins the strength of an internal
                    control system overall. It is therefore vital that you, Jen and Jo as co-founders and the rest of the
                    board members lead by example on this. If managers are not applying the disciplinary policy, staff
                    will break the rules.

                    Risk Assessment

                    A good internal control will include risk assessment so that controls that deal with those risks with
                    the highest impact and probability are prioritised. Couchweb provides a risk report; although the
                    extract I saw recently did not include impact and likelihood, or any mitigation. Ideally the risk
                    assessment process should be included in these documents.

                    Control activities

                    There are various types of control such as supervision, physical, authorisation and so on.
                     Management control activities mentioned above also come under this heading.
                    Information and communication

                    Couchweb’s Board requires good information in order to understand how well the business is
                    doing. It is this issue in particular that the CEO raises in his note: the fact that the Board was
                    unaware of the activities of staff. Communication can be affected by the organisation structure as
                    mentioned. Hence, most companies also have a whistleblowing policy. The financial scandals at
                    Enron and Tesco were both brought to light by whistle-blowers, and as Couchweb is now a high
                    profile company, if it does not already have one it may wish to consider such a policy.

                    Monitoring

                    Couchweb may wish to evaluate the strength of its monitoring. For instance, it should have an
                    internal audit department that is independent and effective.

                    The quality of the monitoring may also be something that requires appraisal. How regular it is, the
                    process that is undertaken, the type of testing, whether the audits are random and unannounced
                    and so on, are all aspects that could be reviewed to assess the effectiveness of the monitoring.

                    These are broadly the ways in which a Board can ensure employee behaviour is controlled. Please
                    contact me if you require any further information












                    70                                                             KAPLAN PUBLISHING
   9   10   11   12   13   14   15   16   17   18   19