chp-10.1007-978-3-7908-2882-5_6.docx

《chp-10.1007-978-3-7908-2882-5_6.docx》由会员分享，可在线阅读，更多相关《chp-10.1007-978-3-7908-2882-5_6.docx（13页珍藏版）》请在淘文阁 - 分享文档赚钱的网站上搜索。

1、Chapter 6 Conclusions and Future Research Abstract Purpose: The aim of this chapter is to make concluding observations based on what we have discussed in other previous chapters as well as to describe future research opportunities within the area of internal control. Synopsis: Internal control seems

2、 to be an all-encompassing process. The wider approaches to internal control have expanded its boundaries significantly, far beyond the financial reports and the duties of the accountant. Financial reporting quality objectives have been supplemented with other internal control objectives which are r

3、elated to compliance, efficiency and effectiveness. Today internal controls may be dispersed and embedded in most of the companys business activities. Furthermore, internal control has transformed into an extension of risk management and thus tied closer to the strategy formulation and execution pro

4、cess. Internal control is considered to be a form of risk treatment through which inherent risk may be increased or decreased through the design and application of controls. Furthermore, it is today a regulatory object. Lawmakers and supervisory authorities are increasingly concerned with the design

5、 and operating effectiveness of internal controls. Disclosure requirements imposed on firms are forcing them to provide public disclosures about their internal control systems, which were previously private to firms. Today internal control is also considered to be a key corporate governance mechanis

6、m and corporate governance rating systems and credit rating agencies increasingly take into account the internal control and risk management practices of firms. Some researchers however have pointed out that there is still much to learn about internal control quality, and how internal control is ass

7、ociated with corporate governance quality. The fact that internal control is an inherently complex concept poses a significant research barrier, and while all research methods are valid, it is unlikely that archival studies or experiments are able to capture measures of internal control quality. Fin

8、ally, practical, regulatory and academic texts suggest that internal control designs are contingent upon certain variables. These variables include company objectives, strategy, regulatory characteristics, risk and risk appetite, management attitudes and firm size. Prior research also points to the

9、challenge facing any internal control architect. Building O. Arwinge, Internal Control, Contributions to Management Science, DOI 10.1007/978-3-7908-2882-5_6, # Springer-Verlag Berlin Heidelberg 2013 147 148 6 Conclusions and Future Research internal control capabilities would seem to be of great imp

10、ortance if firms are to be able to design internal controls which are balanced, integrated, dynamic and cost- effective. 6.1 Introduction The previous chapters have looked at many of the elements and aspects of internal control. In this final chapter, we will make some concluding observations based

11、on these earlier discussions. We will also recommend areas for future research. However it is first appropriate to revisit the purpose of this research and the research questions proposed in the first chapter, Sect. 1.4.2. The purpose has been to account for existing research on internal control inc

12、luding the concepts key components and features. In doing that we also presented certain themes and issues frequently discussed in writings on the subject. Hopefully this will provide readers with a deeper understanding of the complexity of the concept. Previous chapters have discussed theories that

13、 explain the necessity for controls and also how controls may develop and change. We have also discussed the components of internal control using a practical framework. Since internal control is associated with regulatory and institutional developments, we also found it necessary to provide a regula

14、tory perspective in Chap. 4. In Chap. 5 we described some of the frequently occurring themes and issues on internal controls that are discussed in prior research. This final chapter will make some concluding observations derived from findings in previous chapters. As such, they may be regarded as ov

15、erall conclusions. We argue that these concluding observations show the distinguishing features of the modern view of internal control and thus provide an adequate description of the concept. We further argue that all six observations are quite concept-specific and necessary for the understanding of

16、 the modern view of internal control. 6.2 Concluding Observations 6.2.1 An All Encompassing Process More than a century of debate over internal control demonstrates the importance as well as the complexity of the concept (see Kinney, 2000; Heier, Dugan, & Sayers, 2005). For a long time, internal con

17、trol remained unfamiliar to most people outside of accounting community. This is unlikely to be the case today and the concept has expanded its boundaries significantly, far beyond the financial reports and the duties of the accountant (Maijoor, 2000, p. 102; Merchant & Otley in Chapman, Hopwood, &

18、Shields eds., 2007, p. 787). 6.2 Concluding Observations 149 Both broad and narrow approaches to internal control have, however, for a long time co-existed (Haun, 1955). The traditional, narrow approach has a fairly direct relationship to financial reporting quality (p. 114). This seems largely unch

19、anged and the process of producing the financial statements in this way is sometimes referred to as internal control over financial reporting, a term applied for example by the PCAOB (Public Company Accounting Oversight Board) in the United States following the introduction of the SOX in 2002. With

20、the introduction of frameworks such as the COSO (1992, 2004) the broader approach to internal control has gained significant ground. COSO is now established as a leading guidance on internal control for directors and managers world-wide (Power, 2007, p. 49). A key feature of the COSO-framework is th

21、at it does not only encompass financial reporting quality but also covers objectives related to compliance and efficiency and effectiveness in operations. Definition wise this is then not very different from some other control concepts, such as the management control system referred to in management

22、 control research (see Merchant and Otley in Chapman, Hopwood, & Shields eds., 2007, p. 787). The internal control concept, however, emphasizes terms such as risk assessment, reasonable assurance, financial reporting and safeguarding of assets and furthermore adopts a governance perspec- tive. In th

23、is way, internal control is a basic system that produces assurances about information quality and the protection of firm resources. Another key feature of the COSO is that it defines internal control as a process, rather than a system or a structure. The fact that it does this is most likely to high

24、light its loose and dynamic character, as opposed to being a static and fixed system (see Kinney, 2000). If we build on the writings on process management (Hammer & Champy, 1993, p. 33), internal control could be regarded as a collection of control activities designed to convey valuable output (i.e.

25、 assurance) to its “c ustomers”, such as the board of directors, audit committee members and executive managers. Taken together these two features suggest that internal control is a vast and comprehensive concept which encompasses most parts of the companys business activities (Maijoor, 2000, p. 105

26、). Today internal control is considered to be a co- extensive with risk management (Power, 2007, p. 35) and controls are applied as ways of dealing with strategic, reporting, compliance and operational risk exposures. It follows that controls may be applied in most business- and support processes of

27、 firms, wherever risk exposures need to be dealt with. Hence internal control is an all-encompassing process. Revisiting the ideas behind process management (Hammer & Champy, 1993; Hammer, 2007), the internal control process appears to differ from other processes in one important aspect. The end-to-

28、end concept, where processes start and end, appears to be rather different for the internal control process. Compared to conven- tional processes (see for example the value chain by Porter, 1985) clear-cut beginnings or endings are more difficult to identify in this case. This is perhaps due to the

29、fact that internal control should be regarded as a collection of control activities that are (more or less) embedded into normal operations and business processes. This claim would again point to the challenge facing the internal control architect (see Oliviero, 2002) or the internal control process

30、 manager (see Hammer, 2007). 150 6 Conclusions and Future Research 6.2.1.1 Future Research Opportunities The key research questions in this area are associated with the management of the internal control process. How do firms go about managing the internal control process from an overall organizatio

31、nal perspective? We have already concluded that the process is far-reaching and that furthermore it may comprise different sub- systems and controls. Future research in this area would certainly be beneficial to increase our understanding of how the internal control process is designed and managed b

32、y firms. Specific research questions include: How do firms manage the internal control process of the organization? How are different control systems and internal controls coordinated and integrated from an overall organizational perspective? How do controls become embedded and robust in the day-to-

33、day operations? What types of firm capabilities are important for building effective internal control process management? What are the critical success factors associated with effective internal control process management? 6.2.2 A Co-extensive with Risk Management A stream of high-profile fraud case

34、s and corporate scandals around the world has been a key driver for improved corporate governance (Hermanson & Rittenberg, 2003, p. 39). Supported by regulators and other stakeholders, organizations are struggling to organize an uncertain world into manageable risks (Power, 2007). As a result, a new

35、 fully-fledged management function has entered onto the corporate governance scene under the leadership of the chief risk officer (see Power, 2004; Hutter & Power, 2005; Power, 2007; Mikes, 2009) and recent studies suggest that enterprise risk management (ERM) practices are growing and evolving (see

36、 studies such as Beasely, Clune, & Hermanson, 2005; Sarens & DeBeelde, 2006; Fraser & Henry, 2007; Woods, 2009; Mikes, 2009; Woods, 2009). An associated development with these emerging risk-based practices has been that internal control has become more closely tied to risk management practices, and

37、therefore also the strategy formulation and execution process of firms. The introduction of new risk-related regulations, the explosion of operational risk (Power, 2005) and practical frameworks for risk (COSO, 2004) have all contributed to the transformation of internal control into an extension of

38、 risk management (Power, 2007, p. 35). This focus on risk management practices during recent years may leave strategy experts relatively unimpressed, since risk lies at the heart of value creation and has for a long time been an explicit part of strategy development and execution (Power, 2007, p. 8)

39、. Nevertheless, a “new form” of internal control-based risk management practices has developed. Recent case studies (Woods, 2009; Mikes, 2009) suggest that these 6.2 Concluding Observations 151 practices may develop as a result of institutional pressures (see Chap. 2, Sect. 2.4) and that their desig

40、n is contingent upon variables such as firm size, technology, management attitudes towards risk and risk practices, environment and strategy (see Chap. 5, Sect. 5.3.3). The case study by Mikes (2009) reveals that companies may adopt different approaches to risk management. Mikes defines these approa

41、ches as either ERM by the numbers or holistic ERM, and argues that the former is driven by a shareholder value approach to corporate governance, and the latter by a risk based internal control approach. Since risk management is inherently a co-extensive with strategy, this also binds internal contro

42、ls closer to the formulation and execution of strategies. Internal control is now regarded as a risk treatment whereby inherent risk may by be increased, accepted or decreased through the design and application of controls (Picket, 2001, p. 45). The beneficial nature of internal controls is thus bec

43、oming increasingly recognized and emphasised, by which it is meant that controls have a promotional and enabling effect and no longer only restraining or containing firm activity and related risk exposures (pp. 217 259). 6.2.2.1 Future Research Opportunities The key research questions in this area a

44、re associated with the application of internal controls as a risk-treatment in firms risk assessment processes. How do firms go about applying internal controls as a part of their risk assessments? We have earlier mentioned a few studies which have been made on risk management and recently interesti

45、ng case studies have shed additional light on the risk manage- ment practices of firms (see for example Woods, 2009; Mikes, 2009). However much remains to be learned, which is why more research is needed in this area (Mikes, 2009, p. 19). One way forward could perhaps be to build on studies such as

46、those mentioned above and examine in-depth how internal controls are applied based on risk assessment processes. Specific research questions include: How do firms apply internal control in their emerging risk assessment processes? What are the critical success factors associated with internal contro

47、l risk treatments in firms? How do risk officers, internal control officers, managers an directors co-operate with reference to assessment of risk and control treatments? How do control treatments adapt based on changes in contingent factors such as strategy and risk? 6.2.3 A Regulatory Object The i

48、nfluence of the regulatory environment on internal control practices cannot be overestimated. Power (2007) uses the telling phrase “turning organizations inside out” (p. 34) to describe how regulatory requirements have forced organizations to 152 6 Conclusions and Future Research disclose their inte

49、rnal control systems systems which previously remained private to firms. For the last 15 years governance has been a dominating theme in corporate regulation and internal control now forms part of public policy and formal law (p. 62). Power (p. 55) concludes very interestingly on this development that: It remains to be seen whether this emphasis on reporting on the process of producing financial statements will become more significant for regulators than the financial statements themselves; internal contro