Principle 3: Structure Establishes Authority and Responsibilities
Under the supervision of the board of directors, management establishes appropriate structures, reporting lines, and appropriate authority and responsibilities.
Focus Points
The focus points described below highlight features relevant to this principle.
It Takes All Structures of the Organization into Consideration
The Board of Directors and Management consider the multiple structures used (including operating units, legal entities, geographic distribution, and external service providers) to support organizations in achieving their goals.
Senior management and the board of directors create the organizational structure and reporting lines required to plan, execute, control, and periodically evaluate the organization’s activities, in other words, to fulfill their oversight responsibilities. Variables to consider when creating and assessing organizational structures include the following.
- The nature, size, and geographical distribution of the business carried out by the organization,
- Risks identified within or outside the organization, related to the organization’s objectives and business processes, and mutual relations with external service providers and business partners,
- The nature of the distribution of authorities and responsibilities to top management, operating unit management, functional management, and geographical management,
- Definition of reporting lines (e.g., direct reporting/”solid line” saying versus secondary reporting/”dashed line”) and communication channels,
- Financial, tax regulatory, and other reporting requirements of relevant jurisdictions,
- Creates Reporting Channels.
Management designs and evaluates reporting channels to ensure the fulfillment of authorities and responsibilities and the flow of information to manage the organization’s activities.
- While creating the organizational structure, Reporting lines (e.g., direct reporting/”solid line” reporting versus secondary reporting/”dashed line”) and communication channels should be defined.
- Regardless of organizational organization, definitions, and distribution of authority and responsibility, reporting lines and communication channels must be open to ensure accountability in operating units and functional areas. For example, The board determines which senior management roles will be linked to the board by at least one “dotted line” to allow for all significant issues to be escalated to the board. Similarly, direct reporting and informational reporting lines are defined at all levels of the organization.
Regardless of organizational organization, definitions, and distribution of authority and responsibility, reporting lines and communication channels must be open to ensure accountability in operating units and functional areas. For example, the board determines which senior management roles will be linked to the board by at least one “dotted line” to ensure that all significant issues are communicated. Similarly, direct reporting and informational reporting lines are defined at all levels of the organization.
Defines, Assigns, and Limits Authority and Responsibilities
The Board of Directors and management delegate authority, define responsibilities and use appropriate processes and technologies to assign responsibilities and separate tasks as necessary across various levels of the organization.
Authority and responsibilities are delegated based on demonstrated competencies and skills. Roles are determined based on who is responsible for decisions or who is informed about these decisions.
Delegation of authority enables faster action and increases the complexity of managing risks.
Authority allows people to act appropriately on a given task, but it is also necessary to define control boundaries.
- Powers are delegated only to the extent necessary to achieve the organization’s objectives. (For example, review and approval of new products)
- Inappropriate risks are unacceptable. (for example, a new supplier cannot be accepted without carrying out the necessary due diligence.)
- Duties are separated to reduce the risk of inappropriate behavior while achieving goals, and necessary checks and balances are established from upper to lower levels. (For example, defining roles, responsibilities, and performance criteria in a way that reduces any potential for conflict.)
- Appropriate technologies are developed to facilitate the definition of roles and responsibilities and the setting of boundaries within the flow of business processes. (For example, privileges granted to online customers, partners, and other stakeholders)
- Third-party external service providers tasked with carrying out activities on behalf of an organization understand the scope of their decision-making rights.
References for Internal Control Articles
- International Internal Auditing Standards, International Institute of Internal Auditors
- Dr. Davut Pehlivanlı, Current Internal Audit Practices, Beta 2010
- Prof. Dr. Nejat Bozkurt, Accounting Audit, Alfa 1998
- Prof.Dr.Nejat Bozkurt, TÜRMOB Independent Audit Training Lecture Notes, 2012
- Dr.Özgür Çatıkkaş, KGK, Marmara University. Corporate Governance Lecture Notes, 2013
- İSMMMO-Practical Information for Internal Audit in SMEs, 2013
- Turkish Internal Audit Institute, www.tide.org.tr
- Alp Buluch, Article, Internal Control, Hurses, 19 March 2013
- Turkish Commercial Code No. 6102
- International Internal Auditing Standards, www.theiia.org
- Treadway Commission Supporting Institutions Committee, Internal Control-Integrated Framework, 2013
- Public Financial Management and Control Law
- Public Internal Control Standards
- Public Internal Control Guide
Bu gönderi şu adreste de mevcuttur: Türkçe