Internal control services
Recently, the requirements imposed on companies by shareholders, executive management, regulatory bodies and other stakeholders have significantly risen and continue to rise. As a result, more and more companies view the establishment of an internal control system as a top priority, which assists in enabling the company to attain its objectives.
Our experience in implementing internal control system improvement projects has seen our experts perform work across a range of industry sectors including leading Kazakhstan companies within the metallurgy, oil and gas, telecommunication and other industries.
- Internal control improvement
- ERP controls
- Automated GRC solutions
- Sarbanes-Oxley Section 404 compliance
- UK regulatory compliance
Internal control is a process carried out by the board of directors, management and personnel of the company, which is designed to provide reasonable assurance that the following objectives are achieved:
- Operational and financial efficiency
- Reliability of financial reporting
- Regulatory compliance
What is internal control?
An internal control system provides several advantages for organizations, which collectively have the ability to increase shareholder value. Some of these advantages include:
- Better managerial decisions based on accurate and reliable financial and management information
- Assures the interests of the company’s shareholders and the security of their investments
- Improved stakeholder perception
- Greater management of risk
- Implementation of robust, approved procedures
Internal control system improvement projects involve our consultants assisting companies to identify and assess risks related to the accuracy of their financial statements and the security of their assets. Based upon these risks they make an assessment as to the adequacy of the internal control procedures designed and perform checks on whether these procedures are appropriately implemented. Upon completion of these assessments our consultants develop documentation that clearly describes the processes, risks and controls identified, and any recommendations for internal control improvements based upon leading practices.
In conducting these projects we place emphasis on control efficiency and continually search for ways that the internal control system can be further rationalized in order to achieve reduced costs for the organization. We apply a “top-down” approach to our engagements to ensure that the key risks of the company are addressed. Our proprietary risk and control database which is based upon best practice allows our consultants to focus on only those controls that cover the key risks of the company, resulting in a more efficient control environment for the company.
Our internal control experts also play an important role in business process optimization projects, ensuring that these newly designed processes contain the appropriate internal controls, thus, providing a complete business process design.
Internal control improvement
The implementation of an Enterprise Resource Planning (ERP) System is a major undertaking of any organisation. In almost all cases, it leads to the redesign of business processes, resulting in significant changes to the organisation's business control environment.
Our services span through the life cycle of an ERP System: from designing controls and security, as part of the implementation process, ongoing monitoring and assessment, or one-time reviews. You will benefit from the highlighting of the main risk affecting your business, avoid costly re-work after implementation, reduce the risk of fraud and the project will be brought back on track as needed.
Many governance, risk management and compliance projects are labour-intensive, disruptive to business operations and are silo-orientated. Companies recognise that in order to sustain governance, risk management and compliance (GRC) efforts, they have to move these disjointed tactical-level approaches into a more integrated and strategic framework through the use of technology.
We provide the services for the integration of technology into GRC activities and processes to ensure that the right information get to the right person at the right time.
Automated GRC solutions
The Sarbanes-Oxley Act of 2002 establishes stricter requirements regarding corporate governance and internal controls in relation to financial reporting for US-listed companies. In particular, the Act includes the requirements for the documentation and annual assessment of the internal control system.
Numerous leading companies have obtained significant advantages due to SOX compliance, or voluntary partial compliance, in case the company is not required to be in full compliance with this Act.
Deloitte is a leader in preparing Kazakhstan companies for SOX compliance.
Our experts can be involved in various project stages related to SOX compliance, including:
- Design of the internal control system monitoring process
- Provision of SOX training for the company’s employees
- Preparation of recommendations on the improvement of the internal control system to bring it in compliance with SOX requirements
- Preparation of documentation and the selection of software for controls procedures monitoring
Sarbanes-Oxley Section 404 compliance
Kazakhstan companies are increasingly interested in IPOs on the UK stock market. To be listed on the London Stock Exchange, the issuer should meet a number of corporate governance and internal control requirements.
Such requirements are defined in the Combined Code of Corporate Governance as best practice principles which the company should comply with. Every year, the issuer’s compliance with the Code should be disclosed in their annual report, including the methods used to address specific principles, or the reasons why such principles have not been met.
The Combined Code of Corporate Governance recommends, in particular, that the effectiveness of the corporate internal control system should be reviewed and the annual report to shareholders should be prepared based on the results of this review. The review should address all material control, including operational and financial controls, the existence of the required internal regulations as well as the risk management system.
More detailed internal control requirements are provided in the Turnbull report, which forms an integral part of the Combined Code of Corporate Governance.
Our internal control experts will provide issuers or potential issues with all the necessary advice to ensure compliance with the requirements of the Combined Code of Corporate Governance prior to their securities being listed on the London Stock Exchange.
These services are provided under both the "Don't Go to London without Deloitte" program and individual projects.
UK regulatory compliance
Kazakh regulatory authorities have developed a number of internal control requirements related to listed companies and financial institutions operating in the Republic of Kazakhstan.
Our experience in implementing and optimizing the internal control systems of companies based on international best practices is valuable both to ensure regulatory compliance and in order to obtain additional benefits for the shareholders and executive management.
Our specialists provide assistance in the development of the internal regulatory documents which are based on the Kazakh regulatory requirements and innovative internal control principles recommended by international organizations such as the UK Corporate Governance Code, the International Organization of Securities Commissions (IOSCO) and the Basel Committee for Banking Supervision.
In addition to development of such systems, we also provide services related to the independent assessment of existing internal control systems and corporate governance systems. These projects assess the existing systems in place for compliance with the standards established by the regulatory authorities or international principles. Upon completion of the assessment our specialists provide recommendations for improving organizational, procedural and documentation aspects of the existing internal control system.
Kazakhstan regulatory compliance