6.7 Principles, Risk, Internal Control & Auditing Accounts

15 May 2009


Principles

The NGB should adopt the following financial policies and procedures that are contained in this publication:

  • A commitment by management and employees of the NGB to competence and integrity and the development of an appropriate culture to support these principles.
  • Communication of appropriate agreed standards of business behaviour and control consciousness to employees (e.g. through written codes of conduct, formal standards of discipline, performance appraisal, codes of conduct for working with volunteers, etc.).
  • An appropriate organisational structure within which business can be planned, executed, controlled and monitored to achieve the NGB's objectives so that it can manage its financial affairs accordingly. A NGB may have to consider changing its historical structures, i.e. changing committee structures to have representation from four provinces.
  • Allocation of sufficient time and resources to internal control and risk management issues by the Board, management and the NGB. NGBs must recognise that they need to run business efficiently if they want their sports promotion aims to flourish. A commitment to internal control and risk management is a key element of this.
  • The creation of an environment that promotes learning within the NGB on risk and control issues, including the provision of relevant training.
  • Appropriate delegation of authority, with accountability, which has regard to acceptable levels of risk. The management of volunteers by professionals is a difficult balance to strike but must be strived for if the resources available to the organisation are to be optimised.
  • A professional approach to attaining standards of corporate and professional excellence throughout the NGB.

 


 

Risk

Risk is an event that may prevent the organisation from achieving its objectives. A NGB can manage and control risk appropriately by establishing internal controls. Risk includes all the uncertainties and opportunities that an organisation faces. Risks need not, and often cannot be eliminated, but they should be reduced to a level that is acceptable to the NGB. It is the responsibility of management to assess risks knowingly, reduce risks where appropriate and consider future events that cannot be predicted with absolute certainty. When an organisation has developed and implemented a comprehensive risk management process it should be in a stronger position to maintain a sound system of internal control. These guidelines focus mainly on financial risk, however all risks are inter-related.

The setting of clear, documented objectives is a precondition for risk management.

In many organisations risk management has developed from the insurance function. However, risk management should be concerned with more than just the insurable risks. It includes all the uncertainties and opportunities that a NGB faces. These risks may be analysed as follows:

INSERT ELEMENT OF RISK IMAGE

 

Strategic Risk: The risk that the NGB would take a strategic direction or engage in activity at variance with its mission statement or fundamental organisational objectives.


Operational Risk :The risk that the NGB's policies, procedures or activities would fail to make progress towards achieving its organisational objectives.


Financial Risk: The risk of failing to safeguard company assets, financial impropriety, financial misreporting or failure to achieve value for money.

Reputational: The risk that the organisation would engage in activities or be perceived to engage in activities that would threaten its good name brand and public image.

 


 

Risk Management

When identifying risks many NGBs will identify the symptoms of risk. However, to enable risks to be effectively managed, the underlying reason for the risk exposure (its cause) will have to be identified. Responsibility for risk management rests ultimately with the NGB's Board who should retain responsibility for the major risks facing the organisation. However, all levels of staff should be responsible for the management of risk in their particular area.

  • Risk management requires the following steps: establish a business framework; identify and evaluate risks; measure risks; control the most important risks; monitor and review arrangements for corrective action.
  • Improving internal controls may reduce risks, for example, implementing audit recommendations. If the risk is too great for the NGB and it is not practical to reduce the risk then the risk should be avoided.
  • Insurance is the usual way of transferring risks, especially high impact risks that cannot be accepted. As an alternative the risk may be transferred by contracting out certain functions, i.e. strategic planning services or through joint ventures, i.e. building a facility with another Governing Body of Sport with a view to sharing the cost and spreading the risk.
  • A full review of the risks that the NGB faces should be undertaken at least once every three years. In addition, each year the risk management process at each level within the organisation should be formally reviewed. The risks that have crystallised and any changes to the impact or likelihood of each significant risk should also be considered. Some financial risks that need to be taken into account each year would include; a drop in the level Sport Ireland funding, a significant increase in the NGB's insurance, etc.
  • One way to achieve this is to combine this process with existing business planning routines such as revising the strategic plan or developing annual budgets. This could be achieved by requiring Committee Chairmen or staff members to complete a report on risks that they may face in the implementation of their strategic goals for their area of responsibility.
  • Where necessary, further action should be agreed to deal with unacceptable outstanding risk and a report should be sent to the Board on the results of this risk review process.


A monitoring process provides reasonable assurance to the Board that there are appropriate control procedures in place for all the NGB's financially significant business activities and that these procedures are being followed (e.g. consideration by the Board of reports from management, from external auditors or from independent accountants). There should be formal procedures to identify changes and weaknesses in the business, the NGB's policies and procedures and its environment, which will require changes to the system of internal financial control.


 

Internal Control
Internal control includes all the financial policies and procedures adopted by the NGB, and comprises of the control environment and control procedures. It forms an important part of managing the organisation's finances but can be expected to provide only reasonable assurance, not absolute assurance, to the NGB.

The members of the Board have an important role in the development and communication of ethical values and resolving control issues throughout the NGB. Staff, in turn have a professional responsibility to understand, comply with and implement the NGB's policies and procedures in their work practices.

The management and ultimately the Board of the NGB should ensure that there is a strong focus on the role and expertise of the finance personnel to ensure that they are conversant with all developments and best practice in this area.
The Treasurer has the responsibility to ensure that the organisation adheres to and enforces the financial policies and procedures set by the NGB.

The NGB's internal control systems attempt to ensure that the following precautions are implemented:

Internal Controls Objective
Safeguarding of assets Assets are safeguarded on behalf of their rightful owners
Segregation of duties

Error and fraud are minimised, prevented and are likely to be detected if they occur

Staff responsibilities must be organised to ensure that key tasks are segregated

Staff specific responsibilities to separate custody, authorisation and approval, recording and execution of a specific transaction

Physical access controls Only authorised personnel should have access to the records and assets of an organisation
Authorisation and approval limits Appropriate responsible persons should have appropriate authorisation or approval limits for transactions implemented to ensure that the organisation can reasonably limit its exposures
Management control Information (including financial information) can be prepared and disclosed in a timely, efficient and informative manner
Arithmetical and accounting controls

Complete and accurate accounting records are kept so that financial transactions can be recorded and disclosed in an informative manner

Procedures to ensure the reliability of data processing and generated information reports

Complete and accurate accounting records and non-financial information are submitted to stakeholders, i.e. NGB members (through the AGM/Annual Report), etc

Supervision and periodic reconciliation

Variances between actual and budgeted performance for the NGB's activities are managed and monitored

Routine and impromptu checks which provide effective supervision of the control activities are conducted on a regular and structured basis

Human resource control

Staff adhere to NGB policies and procedures

The recruitment, training and remuneration of appropriately qualified and experienced staff is a precondition for the achievement of best practice

Compliance review The NGB and its Officers adhere to statutory and other relevant regulatory requirements

 


 

Auditing Accounts

The term 'audited accounts' means that the financial records of the NGB have been independently checked by someone with a recognised accounting qualification (usually a chartered accountant) as being a true and fair record of the financial operations and position of the organisation at that time.

The Treasurer must be familiar with the rules / constitution of their NGB and its obligations, particularly if the NGB is incorporated.

Auditing can be a costly process, so it is not unusual for NGBs to search for an accountant who is willing to audit the accounts on a voluntary basis. To ensure that an audit is truly independent, the auditor should not be a member of the NGB. Directors or employees of the NGB or a parent, spouse, brother or sister of a Director are disqualified from being appointed as an auditor under section 187 of the Companies Act 1990. It is good practice to give the auditor plenty of time (e.g. 2 months) to audit the accounts.

The auditor will need to be provided with:

  • The books of account, consisting of the cash books written up and balanced for the year, and journals and ledger if these records are maintained
  • Bank statements for the whole year
  • Copies of deposit slips and cheque stubs
  • Receipt books containing the duplicates of receipts issued as well as cancelled original receipts, the auditor also needs to sight books of unused receipts
  • Vouchers for payments made, which should be placed in numerical sequence of cheques drawn
  • Access to 'paid' cheques from the NGB's bankers - unless receipts have been obtained for all payments made
  • A copy of the minutes book to enable the auditor to review approvals for major items of income and expenditure
  • A copy of the last audited statements of account
  • The financial statements for the year now being subjected to audit, together with all supporting working papers
  • Any other records or evidence the auditor may request to confirm the accuracy of transactions recorded and the existence of assets and liabilities shown in the books of account and the financial reports.


The constitution normally sets out the financial year for organisations. Most finish their financial year one or two months prior to the Annual General Meeting (AGM). This allows time to get the accounts in order and have them audited in time for presentation at the AGM. Most NGBs have aligned their financial year to the calendar year and the ISC asks that any remaining NGBs would consider the possibility of doing the same.