The Spanish legislation responsible for regulating the securities markets and financial instruments is derived from European regulations following the transposition of the Markets in Financial Instruments Directive known as MiFID. The directive was transposed through two regulations: Law 47/2007 which significantly amended Law 28/1988, on the Spanish Securities Market (LMV) and Royal Decree 217/2008, which established the legal regime applicable to entities providing investment services.
The requirement for transparency in the securities markets has evolved over the years. In particular, the regulation that stipulates the presentation of financial information, which listed companies are required to comply with, has become progressively more complex. To respond to these requirements, the internal control systems of organisations cannot remain static. They need to evolve over time and be able to provide a degree of assurance regarding the reliability of the financial information provided to the market.
What are the elements of SCIIF?
To do this, the elements of an internal control system – control environment, risk assessment, control activities, information and communication, and supervision – should be coordinated and should operate together with the aim of preventing, detecting, compensating, mitigating and correcting errors with a material impact, or fraud in the financial information. Below is a description of each of these elements:
- Organisation’s control environment: This will set the behavioural standards of an organisation and will have a direct influence on the level of awareness of staff with regard to the internal control.
- Assessment of risks in financial information: This assessment enables the analysis of potential risks in achieving objectives related to the reliability of the financial information. We might find, for example, calculation errors or errors in the application of standards; accounting fraud; lack of knowledge of information; incorrect estimates or forecasts; and others of a diverse nature.
- Control activities: Control activities need to be carried out at various levels within the organisation to reduce the risk of errors, omissions or fraud, which may affect the reliability of the financial information.
- Information and communication: The information and communication systems identify and distribute the information on transactions and other events that affect the organisation, within a time period that enables the people involved to carry out their assigned functions.
- Supervision of the system’s operation: Supervision of the system is a crucial element for being reasonably sure that the risks identified are being effectively controlled, either through prevention, detection, mitigation, compensation or correction.
How can software help with optimisation and reduce uncertainty with regard to risk?
GlobalSuite Solutions has management software that helps with the optimisation of processes and reduces uncertainty with regard to risks. For “the assessment of risks in financial information”, GlobalSuite® enables us to specify financial information control objectives and identify and analyse the risks (with parametrisable risk methodologies), associated with achieving these objectives as a means of determining which controls need to be implemented, among other functions. Also, with regard to control activities, the software enables us to manage the controls applicable to the organisation as it can carry out an evaluation of each control depending on whether it is preventative or whether its aim is to detect, mitigate, compensate for or correct its potential impact. What’s more, it has a document manager where the control activities can be stored – appropriate policies and procedures – for all stages of the process of preparing the financial information, including the critical appraisal, estimates, evaluations, forecasts and the closing entries.
To reinforce the transparency and quality of the public information supplied to the market in relation to the Systems for Internal Control over Financial Information (SCIIF), it is considered appropriate that the external auditor should be involved in reviewing the information and they should issue a report on it. GlobalSUITE® has an auditing module that helps in this management process.
To conclude, the SCIIF are configured as the set of processes that the various bodies of the organisation carry out to provide reasonable assurance of the reliability of the financial information that will be published in the markets. For better compliance with this obligation, additional elements are needed that help us to manage the risks and control measures, such as the management software from GlobalSUITE Solutions.
- How to use GlobalSuite® to manage your risks 31 August, 2022
- ISO 27036 – Information security for supplier relationships 11 August, 2022
- The Compliance Officer and the Compliance Committee 9 August, 2022