Internal Control : A Study of the Concept and Themes of Internal Control
Abstract: This thesis studies the accounting and auditing approach to control where the concept of internal control has developed along with the theory and practice of accounting and auditing and its stated objectives. In this context, internal control has traditionally been regarded as a means of ensuring financial reporting quality as well as a way of preventing and detecting fraudulent activity.We have surveyed scientific research on the subject of internal control and reviewed regulatory texts as well as practical frameworks and standards. Based on this literature study, we have investigated some of the findings from previous research. Components and particular features of internal control were described and discussed. We have also identified and summarized themes and issues that frequently occur in writings on the subject.During recent years, demands have been made for greater accountability and transparency in corporate governance. The independent audit activity has become the primary tool for securing accountability. Some regard this as the emergence of an audit society. An important joint development has been the rise of internal control systems. Internal control, once a private matter for technical assurance specialists, has risen to be an autonomous field of expertise and a mode of organizing uncertainty. Traditionally internal control has had a fairly direct relationship to the accounting records. The wider approaches to internal control have expanded its boundaries significantly, far beyond the financial reports and the duties of the accountant. Internal control has become an all-encompassing process.Enterprise risk management practices are growing and evolving. An associated development has been that internal control has become more closely tied to these risk management practices, and therefore also to the formulation and execution of strategies. New risk-related regulations and practical frameworks have contributed to the transformation of internal control into a co-extensive with risk management. Internal control is now considered to be a form of risk treatment through which risk may be managed in different ways.Internal control is today a primary regulatory and formal olicy object. Lawmakers and supervisory authorities are increasingly concerned with the design and operating effectiveness of internal controls. Disclosure requirements imposed on firms are forcing them to provide public disclosures about their internal control systems, which were previously private to firms.Both scientific research and practical writings suggest that internal control designs are contingent upon certain variables. These variables include company objectives and strategies, regulatory characteristics, risk and risk appetite, firm size and managements’ attitudes to risk and control. Building internal control capabilities is important if firms are to be able to design balanced, integrated, dynamic and cost-effective internal controls.Internal control is considered to be a key corporate governance mechanism. Some researchers however, have pointed out that there is still much to learn about internal control quality and how internal control is associated with corporate governance quality. The fact that internal control is an inherently complex concept poses a significant research barrier, and while all research methods are valid, it is unlikely that archival studies or experiments are able to measure internal control quality. Instead, we recommend case studies of how firms design, apply and oversee their systems of internal control.This study was made possible through the research collaboration between my former employer, Skandia, and Linköping University through the Research Programme for Auditors and Consultants. During the final stage, generous funding was provided by the Jan Wallanders and Tom Hedelius foundation as well as the Tore Browaldhs foundation.
This dissertation MIGHT be available in PDF-format. Check this page to see if it is available for download.