Despite speculation in the financial press that the final guidance on internal control would be essentially similar to April’s consultative document, the final guidance was significantly tightened by the removal of the option for a single annual review. This should act to discourage bureaucratic procedures that provide neither the depth nor quality of information provided by the now required regular review process. | The KPMG Review Internal Control: A Practical Guide This book has been prepared to assist clients and others in understanding the implications of the ICAEW publication Internal Control: Guidance for Directors on the Combined Code. Whilst every care has been taken in its preparation, reference to the guidance should be made, and specific advice sought where necessary. No responsibility for loss occasioned to any person acting or refraining from action as a result of any material in this publication can be accepted by KPMG. KPMG is registered to carry on audit work and authorised to carry on investment business by the Institute of Chartered Accountants in England and Wales. c KPMG October 1999 All rights reserved. No part of this publication may be reproduced, stored in any retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior permission of the publisher. Designed and produced by Service Point (UK) Limited Printed by Service Point (UK) Limited Foreword From discussions with many Board directors over the years since the Cadbury and the Rutteman guidelines were issued, there has been much criticism of regulators and consultants alike that organisations are being driven to create bureaucratic processes - divorced from managing the business - with the sole purpose of complying with regulations. The spirit of Cadbury was right, the enactment was flawed. By taking the easy option of reporting on internal financial control companies created an annual review process disconnected from managing the business. The Combined Code and Turnbull guidance recognise that this was neither beneficial for organisations, nor provided the comfort sought that governance was being enhanced. There has always been an opportunity to enhance business performance through better management of risk. With Turnbull, the connection between managing the business and managing risk is now explicit. This guide has been