The board of directors has a critical role to play in overseeing the company’s internal controls. Internal controls are designed to provide reasonable assurance that the company’s objectives are achieved and that risks are managed effectively. The board is responsible for ensuring that the company has an effective system of internal controls in place and that it is operating effectively.
The board’s responsibilities with respect to internal controls are set out in several different sources, including:
- The Canadian Code of Corporate Governance (CCG)
- The Treasury Board of Canada Secretariat’s Policy on Financial Management
- The Auditor General of Canada’s Auditing Standards
The CCG states that the board is responsible for “establishing, maintaining, and evaluating the effectiveness of the company’s system of internal controls.” The CCG also states that the board should delegate the day-to-day responsibility for internal controls to management, but that the board should retain ultimate responsibility for their effectiveness.
The Treasury Board of Canada Secretariat’s Policy on Financial Management states that the deputy head of a government department is responsible for ensuring that a risk-based system of internal control over financial management is established, monitored, and maintained. The policy also states that the chief financial officer of a government department is responsible for establishing, monitoring, and maintaining a risk-based system of internal control over financial reporting.
The Auditor General of Canada’s Auditing Standards state that the auditor should assess the effectiveness of the company’s system of internal controls over financial reporting. The auditor’s report should include a statement about whether the company has an effective system of internal controls in place.
In summary, the board of directors has the following responsibilities with respect to internal controls in Canada:
- Establish, maintain, and evaluate the effectiveness of the company’s system of internal controls.
- Delegate the day-to-day responsibility for internal controls to management, but retain ultimate responsibility for their effectiveness.
- Ensure that the company’s internal controls are aligned with its risk management framework.
- Review and approve the company’s internal control framework and policies.
- Obtain regular reports from management on the effectiveness of the company’s internal controls.
- Take corrective action when necessary to address weaknesses in the company’s internal controls.
By fulfilling these responsibilities, the board can help to ensure that the company has an effective system of internal controls in place to protect its assets, promote efficiency, and prevent fraud.
This article is for informational purposes only and is not legal advice. Contact us today to discuss your specific situation.