The Internal Control System as a Management Function and the Element of Integrated Reporting Financial Statements

The present article is devoted to one of the most urgent problems of financial accounting organization and preparation of accounts – the issue of implementation of internal control in the companies. The authors consider the internal control as a function of management in interrelation with internal audit and risk management. The purpose of the research is to determine the level of information disclosure about the internal control system in the company's reporting. The research subject is the industrial and economic activity of chosen companies. Public integrated reporting is the object. The authors set out the following tasks in the research process: to estimate the degree of study of the problem; to analyze public reporting, including its structure, different report forms, the content of Explanatory Notes to the reporting and the working documents; to compare the reporting of various companies; and to identify the degree of information disclosure. The methodology of the research suggests an analysis of existing studies in the field of internal control, visual analysis of internal documents of the companies and their reporting and comparative assessment of reports of some companies. The authors study public accounts of the major companies, consider it from the view of completeness of disclosure of information about the internal control system, draw conclusions and give recommendations on improvement of control procedures. The authors justify that the two concepts of internal control and internal audit are not the same. However, the management of some companies does not separate them. The authors prove that internal auditing is only a part of the internal control system.


Introduction
preparation of statements based on its data, but the very business operation items, i.e. any business operations, transactions, events which have or can have an influence on the financial state of an economic entity, the financial result of its activity and (or) cash flow (Plotnikova, L. A., 2015).
Since there are still no separate methodic materials of the state authorities which would regulate this process, the issue of formation of an internal control system is often an element of the accounting policy of an enterprise. As known, the basic moments of accounting policy must be disclosed in the accounting (financial) statements (Kulikova L.I, Semenikhina N.B & Vetoshkina E.Y., 2016). Therefore, companies can disclose information about the current internal control system applied in the company in notes to their accounts (Sun, Y., 2016).
We believe that the activity of any company must be systematic and meet the requirements made by the government and by its owners and investors. As for the implementation of the internal control system into the process of company management, the management must firstly focus on the fact that this is a requirement of time, not a requirement of law. If owners of the company and its investors are interested in a more detailed disclosure of information about the functioning of the internal control system, including internal control, the company management should comply with such needs of the consumers. The reality of economic development dictates its own terms, which must be operatively considered by all the business entities in order to take effective measures. The operational efficiency of every company has its impact on the country's well-being in general. Additional information about the company activity helps to find new investors and potential buyers, thus it makes the company's products more competitive (Rubanov, V.V. & Saulova, A.V., 2016).
In the present terms many major companies are interested in constant increase of the quality level of produced goods, performed works and rendered services (Kaspina, R.G. & Plotnikova, L.A., 2014). This is aimed at the increase of their competitiveness and increase of demand for own products, works and services. Herewith when developing the business strategy, the company management associates the line of increase of quality and reliability level of goods, works and services with the other important strategic blocks (Needles Jr., B.E., Shigaev, A., Powers, M. & Frigo, M. L., 2010). They include: 1) Effective operating of the system of management over assets of own company; 2) Improvement of the internal control system.

Company Management System
Since the improvement of the internal control system in a company is tightly connected with increase of efficiency and rationality of its functioning, we suppose that it needs to be considered in interrelation with other elements of business management, which is depicted in Figure 1. The internal control system provides performing of control functions in two lines: in part of all the committed business operation items and accounting (financial) statements in general. Internal control provides higher results rating of the company activity and authenticity, completeness and timeliness of the preparation of the company's accounts (Nagumanova, Regina, Naumova, Natalia, Sabirova, Aigyl & Titova, Nadezhda, 2018). Thus, internal control entities must perform specific procedures and actions in order to minimize mistakes at the very stage of committing any business operation. Such mistakes can be connected with violation of law requirements in any sphere, illegal actions of the company employees, violation of conditions of the company's internal documents and other types of violations. Timely detection of any deviations and violations at the moment of performing a business operation increases reliability of accounting information and so the most accurate financial statements can be formed. Besides current and regular control of the business, operation items and accounting records help to decrease and even avoiding all existing risks. So, in our opinion, internal control is a necessary system in the company for its risk management potential.
In order to minimize risks, companies must adjust a system of their management. Risks of the company are dependent on both external and internal factors, and with needed information, the company will be able to manage and reduce them. Risks have a negative impact on the results of financial and economic activity of the company, for example, materials losses (Bagley, P., Dorminey, J.W., McSwain, D. & Reed, T., 2016). Risk management excludes reasons of failure to achieve the objectives of the company and forms protective barriers and prevents abuses.
In turn, it is necessary to maintain an internal audit in the company for evaluation of the reliability of internal control system. It means that this is the next stage of the internal control system, which is targeted at expression of objective and independent opinion on efficiency of performed control procedures and rationality of risk management. In our opinion, one shouldn't equate the two notions "internal control" and "internal audit". There is one very important difference. Control is performed directly at the moment of planning and documentary execution of any business operation or in the process of preparation of accounting (financial) statements. As for audit, it provides supervision of already committed business operation item and is aimed at inspection of its compliance with the norms of legislation or internal requirements of the company (Wagner, J.M., 2016). Thus, internal control has three main stagespreliminary, current and consequent stages. At the preliminary stage, the control environment must function in the company in business lines and specific areas of accounts which should be formalized in the form of working documentation. As we suppose, at this same stage, functions of risk management are performed, identified and evaluated. The current control provides direct performance of all control procedures and actions on every business line (business-processes) and every section of accounting work. And finally, the next stage of internal control is implemented in supervisory procedures of audit and tracking of implementation of recommendations on further improvement of the internal control system.
Regarding these three management functions in the company in a tight correlation (Figure 1), we believe that they must be performed by a different company (who are conditionally independent of each other). For instance, suppose an ordinary accountant or a deputy chief accountant performs internal control of a specific accounting area's business operation items at the documentary execution stage. In that case, an internal audit (inspection) of this business operation item must be conducted by an independent expert after its performance and execution in the accounting system. For example, employees of the internal control department can act as such experts. In our opinion, to achieve objectivity of inspection results, it cannot be permitted that the accounting service employee performs further inspection.

Working Documents of the Company
We think that in order to achieve high systematicity of employees' work in any company, it is necessary to have a more qualitative approach to the process of developing internal working documents of the company, which regulate its activity (Kulikova, L. I., & Mukhametzyanov, R. Z., 2019). The composition and contents of the working documents must be urgent and meet up-to-date requirements of legislation and consumers of the accounts. They must comprise the whole system of management existing in the company (Greco, G., Ferramosca, S. & Marchi, L., 2015). In our opinion, the company must develop working documents in part of the functioning of the internal control system and internal audit. These documents can be represented by the Code, Policy, Provisions, Regulations, Instructions, Decrees and others. The following moments must be specified: 1. Objective, tasks and principles of internal control organization.

Aspects of internal control.
3. Stages, types and levels of internal control implementation.
4. Procedure of internal control implementation. 5. Role of participants, their correlation, responsibility.
6. Further control of procedures execution.

Express Analysis of Annual Reports of the Company
We held express analysis of the annual accounts of about one hundred public companies which are engaged in types of activity varying from each other. We had a task to define the degree of completeness of the companies' disclosure of information about the corporate management system functioning in part of three lines: internal control, risk management and internal audit. Most of them do not disclose information about the internal control system and the risks, unfortunately. Only 50% of the companies surveyed disclose such data in their reports. A sample of data and results of the analysis for several companies are represented in Table 1.  It can be concluded that most of the companies are interested in the detailed disclosure of information about the management system. It should be noted that the annual accounts of some companies look quite informative and are represented in the form of an interactive Web-page. However, there are some data hidden from external users. So, for example, all the analyzed objects have a Development strategy (Mission) of the company. But not all events on further business development, which are specified in the Development strategy, provide improvement of the internal control system. Exceptions are company's number 2, 3, 6, 7. From their reports follows, they planned the implementation of some events on the improvement of its operation. Company number 1 provided detailed disclosure of the corporate management report, which includes information about the results of the audit of the internal control system, which was held in 2018. This has specific interest to us. However, the company presents brief information about its own working documents of internal control.

Discussion
Arguably, the most comprehensive and detailed annual account was presented by the Public Joint Stock Company of Power Supply and Electrification of Kuban (PJSC "Kubanenergo"). This company is involved in the delivery and distribution of electric power in Krasnodar Krai's territory and the Republic of Adygea (Official site, 2020). We examined the structure and composition of the company's annual accounts about the availability of knowledge on the internal control system performing in the company.
We consider that every year PJSC "Kubanenergo" in its annual accounts presents all information about its activity which is necessary for external users. Particularly annual accounts of the studied company include the following sections: 1. Key indicators of activity. Some conclusions were made on the basis of the internal documents of PJSC "Kubanenergo" which we have previously reviewed.

a. Company development strategy
Development strategy of the studied company is rated until 2030 and includes target marks, development perspectives and priority business lines. Priority business lines of the company include improvement of the internal control system, risk management and internal audit. In our opinion, the positive moments of the presented document are that the company associates all the aforementioned main elements of the management system with each other (Figure 1). systems, internal control, and corporate management. There are such regulating documents as "Provision on Audit Committee" and "Policy of Internal Audit". It is reassuring to know that the Audit Committee is not charged to guarantee the authenticity of accounts, efficiency of risk management systems, internal control, corporate management, and compliance with legislation. However, to control implementation of own obligations on provision of the authenticity of accounts, the formation of reliable and efficient systems of risk management, internal control, corporate management, compliance with legislation and internal documents of the company

b. Risk management in the company
It should be noted that risk management in the company has a regular nature, which is clear from the accounts of this company for the previous periods. Herewith the following risk groups are distinguished and controlledkey operational risks, operational risks of the main business processes and operational risks of other business processes. This issue is regulated in the studied company by the internal document -Policy of Risk Management. According to this policy risks are analyzed as per two parameters -probability of their occurrence and degree of potential damage for the company (degree of the event's impact of the business indicators). In our opinion, this document needs to be improved in part of determination and more detailed specification of people who can act as risk "owners" and executors of control procedures. Internal documents of PJSC "Kubanenergo" do not include methodic materials for executors of control functions. We hope that these normative documents are available in this company. We consider that methodic instructions for the process of risk management must be developed as an element of working documentation and they must include the following moments:

c. Internal control in the company
In part of internal control activity of the studied company is also regulated by the working document "Policy of Internal Control". This document is based on experience of the leading world and Russian companies and is developed for implementation of provisions of the Strategy of development of electric network complex of the Russian Federation approved by the Decree of the Government of the Russian Federation dated April 3, 2013 No. 511-р. The policy defines objectives, principles of functioning and elements of the internal control system of the company, the main functions and responsibility of participants of the internal control system, procedure of evaluation of efficiency of the internal control system.
We believe that for implementation of all requirements contained in the present document it is necessary to form additional, more detailed, methodic instructions for coordination of actions of all structural divisions of the company. They will allow the executors (subjects of internal control) to perform more coordinated actions in this part and to exclude possible duplication of held control procedures or business operation item or element of accounting records. At the same time, it is important to make sure that the executor of the accounting operation could not control the same process. We consider that the company already has such methodic materials, but they are not disclosed in the accounts for a wide range of users. In our opinion, it is indeed unnecessary; it is quite enough for the internal users and executors of control procedures to be aware of the method of control functions implementation.

Summary
So, it should be noted that the annual accounts of the major companies, as in the case of the studied annual accounts of PJSC "Kubanenergo", information about the internal control system, risk management, and internal audit system is disclosed for external interested users. However, the level of disclosure is relatively low, and it is just that internal regulating documents in part of management, in general, are only mentioned to be available. In our opinion, internal and external users would like to know about problem areas and results of monitoring of the internal control system, about the level of evaluation of existing risks, and other aspects of the corporate management system. In current business conditions, not only financial information about the company's activities but also non-financial information is useful to internal and external users. This is necessary for making effective management decisions. In this case, by management decision-making, we mean that interests may differ. So, for internal users, it is essential to achieve a more efficient and effective risk management system to minimize them and improve performance. Moreover, for external users, it is essential to understand how significant their investment in a particular company will be.

Results
The following events can be recommended for further improvement and implementation in the internal control system in the major companies: a) Differentiation of control procedures on every business process concerning the type of the company's activity (Karande, A. M., & Kalbande, D. R., 2015).
b) Distribution of duties between executors of control functions on separate areas of accounting records and fiscal accounts and in the course of execution of accounting (financial) statements.
c) Holding of control procedures in constant correlation and direct dependence on the detected risks. d) Implementation of internal audit system and regular supervision of efficiency of use of means of internal control of business operation items. e) Use of the unified automated management system, including risk management, holding of internal control and audit.
f) Formation of qualitative working documents of the company in part of development of internal standards of practical use in the course of implementation of control procedures.
g) Increase of the quality level of professional judgment of specialists on the preliminary stage of organization of the internal control system and in the process of implementation of control functions.
We believe that the aforesaid events will provide the company with a steadier financial position at the market, increase its confidence in authenticity of own accounting (financial) statements and thus will increase the level of disclosure of results of audit of the internal control system and events on its improvement to the interested parties.
Of course, the process of the organization of the internal control system mainly requires a high level of professional judgment of the specialist in the sphere if accounting and audit. The reality of modern practice determines the list of cultural and professional competencies that a graduate of accounting faculty must have (Kaspina, R.G. & Plotnikova, L.A., 2014). We consider that the competence approach in the training of graduates, which is now recognized in the educational activity, will meet the need for the real professionals.