Internal Control in the Financial Sector : A Longitudinal Case Study of an Insurance Company

Abstract: This thesis comprises of an initial summary of Study I which is my licentiate thesis in business administration. Study I is a literature study on internal control. Thereafter follows Study II which is a case study of Swedish insurance organization. The case study adopts a contingency perspective and attempts to find environmental and firm-level factors that influence the design, use and outcome of internal control. Study II is a longitudinal study that accounts for key internal-control developments that occurred between 2000-2010. This case study finds that there are two environmental influences that significantly affected internal-control design, use and outcome. They consist of environmental uncertainty and regulatory and supervisory forces. Their influences differ in nature but jointly they act to set boundaries and frame in-ternal-control design, use and outcome. There are two firm-level influences of governance structure and managerial attitudes that act jointly with strategy to affect the design, use and outcome of internal control. While environmental influences set boundaries and frame internal-control work, firm-level contingencies can effectively enable or disable internal-control effectiveness. These firm-level influences provide means and opportunities to internal-control work. My longitudinal research suggests that evolutionary steps have been taken regarding internal-control design and use. In sum these steps correspond to a shift in internal-control orientation and a transformation of practices where Folksam has been moving from a looser towards a tighter form of internal control, with greater transparency in operational risk management. Finally, based on the internal-control principles of the COSO framework I see that particular principles have been enhanced within the Folksam system of internal control. The components of these principles are the control environment, risk assessment and monitoring.