Special Topics Official Research Paper
Transcript of Special Topics Official Research Paper
-
8/2/2019 Special Topics Official Research Paper
1/24
INTERNAL CONTROLS AND RISK MANAGEMENT
AN ANALYSIS OF THE ROLE AND SIGNIFICANCE OF INTERNAL CONTROLS AND
RISK MANAGEMENT WITHIN GRENADIAN ORGANIZATIONS.
Emma S. Bowen
Author Note
Emma S. Bowen, Accounting Student, St.Georges University.
Correspondence concerning this paper should be addressed to Emma S. Bowen,
Accounting Student, St.Georges University, Campus Box 2306, True Blue St.George, Grenada.
Email:[email protected]
-
8/2/2019 Special Topics Official Research Paper
2/24
-
8/2/2019 Special Topics Official Research Paper
3/24
INTERNAL CONTROLS AND RISK MANAGEMENT
Abstract
Of
AN ANALYSIS OF THE ROLE AND SIGNIFICANCE OF INTERNAL CONTROLS AND
RISK MANAGEMENT WITHIN GRENADIAN ORGANIZATIONS.
By
Emma. S. Bowen
-
8/2/2019 Special Topics Official Research Paper
4/24
INTERNAL CONTROLS AND RISK MANAGEMENT
ACKNOWLEDGEMENTS
First and foremost, I would like to send my deepest gratitude to the course facilitators for
their endless support and guidance throughout this research. As an undergraduate student their
feedbacks and encouragement has provide invaluable insights which helped me in writing this
research paper.
I would also like to thank my mom and any other individual who contributed towards the
completion of this paper.
-
8/2/2019 Special Topics Official Research Paper
5/24
INTERNAL CONTROLS AND RISK MANAGEMENT
TABLE OF CONTENTS
Page
Acknowledgements.
Introduction..
Purpose of Study...
Significance of Study.
Limitations.
Review of Literature..
Methodology..
Results
Discussion.
Conclusion.
References..
-
8/2/2019 Special Topics Official Research Paper
6/24
INTERNAL CONTROLS AND RISK MANAGEMENT
INTERNAL CONTROLS AND RISK MANAGEMENT
Over the years, the meaning of the terms internal control and risk management have
become broader in scope as organizations seek to safeguard their assets (Leitch, 2004). In fact, in
recent decades, the two terms have been used simultaneously as they both deal with methods of
monitoring material goods and resources (Leitch, 2004). It is therefore of great importance that one
is able to distinguish between the two terms. This is so that one can fully understand the concepts
and the practical implications that each would have on the extent to which resources can be
maintained in these volatile economic times.
Purpose of Study
The purpose of the research paper is to discuss why it is important for businesses to employ
internal controls and take the necessary risk management strategies to safeguard its assets. This
particular topic was chosen because it is a focal topic which affects the way in which businesses
operate and indirectly accounts in general. By an analysis of both existing data and observations of
some Grenadian businesses this paper seeks to evaluate the importance of internal control and risk
management strategies, evaluate the nature of an effective internal control and risk management
structure, and draw references to the forms of internal controls and risk management procedures
used by Grenadian businesses.
-
8/2/2019 Special Topics Official Research Paper
7/24
INTERNAL CONTROLS AND RISK MANAGEMENT
Significance of Study
This study would provide important insights into how organizations can protect their
resources to ensure their foreseeable success in the future. For instance, cases such as the World
Com and Enron scandals where as a result of ineffective internal controls and risk management
strategies. This resulted in these companies filing for bankruptcy causing investors to endure
billions of dollars in losses due to collapsed share prices. These scandal stirred publics confidence
in the securities market thus enacting the Sarbanes Oxley Act of 2002. As such this research would
provide valuable inputs into how companies can safeguard their resources and avoid scandals such
as Enron, World Com, Tyco International Ltd, Peregrine Systems and Adelphia Communications
Corporation.
Limitations
A major limitation of the research paper is that the observation of businesses is only limited
to Grenadian businesses and therefore a lot of the information presented cannot be generalized
except probably where existing information derived from the internet and other international
sources available are used.
Research Questions
A few research questions were design to aid in better fulfilling the purpose of the research paper
1. What measures are in place to ensure control and reporting of activities?
2. What risk management strategies or techniques are applied in your organization?
3. How effective are internal controls and risk management strategies to the success of your
organization?
-
8/2/2019 Special Topics Official Research Paper
8/24
INTERNAL CONTROLS AND RISK MANAGEMENT
REVIEW OF LITERATURE
The purpose of this section is to review what is already known on the concepts of internal control
and risk management. The literature review provides an overview of the history of internal control and risk
management to ensure that the research area is easily understood. In addition, contemporary issues about
internal controls and risk management strategies present in the practices of organizations.
Internal control
Internal control- According to the United States General Accounting Office (GAO), this is
an integral part of an organizations management as it offers reasonable assurance that the
following objectives are being achieved: effectiveness and efficiency of operations; reliability of
financial reporting and compliance with applicable laws and regulations(1999).
The term internal control was first defined in 1949 by The American Institute of
Accountants presently known as The American Institute of Certified Public Accountants (AICPA).
In 1958 internal controls where later distinguished between administrative controls which relates to
operational efficiency and adherence to managerial policies whereas accounting controls relates to
safeguarding assets and reliability of financial records. These are further broken down in detective,
corrective and preventive controls. By 1972 this classification of internal controls have provided
reasonable assurance that (1) transactions were executed as authorized (2) transactions were
recorded to ensure that Generally Accepted Accounting Principles were adhered to in the
preparation of financial statement and maintained accountability of assets (3) access to assets were
only permitted on authorization and (4) existing assets were regularly compared with actual assets
(Gupta, 2005). This in turn was enacted by the Foreign Corrupt Practices Act and made law.
As a result of this regulation, since 1977 all publicly traded companies are required to (1)
maintain records that accurately and fairly reflect transactions and disposition of assets and; (2)
-
8/2/2019 Special Topics Official Research Paper
9/24
INTERNAL CONTROLS AND RISK MANAGEMENT
devise and maintain a system of internal controls sufficient to provide reasonable assurance that;
transactions are authorized by management; transactions are recorded so GAAP statements can be
prepared and maintain accountability for assets; access to assets is authorized by management;
periodic inventory is required to compare recorded assets with existing assets (Gupta, 2005). For
this reason, the objectives of internal controls are authorize, record, access and accountability for
assets in addition to ensuring that accounting and data processing are operationally efficient.
However, since earlier periods and presently scandals such as McKesson & Robbins
scandal of 1938 and Enron and World Com of 2002 has led to major corporate governance and
auditing reforms. As a result The American Institute of Certified Public Accountants mandates that
the receivable and inventory accounts should be thoroughly reviewed when auditing company
statements (OReilly et al, 1999).
Limitations of Internal Controls
Internal controls are useful in enhancing the likelihood that the organizations objective has
been achieved. Due to the self- adjusted and restrictiveness of modern organizations, internal
controls play a significant role in ensuring accurate financial information and legal operational
activities. However, the limitations of internal controls must not be overlooked.
Many factors must be considered to effectively implement an internal control system.
These include cost and benefit of internal controls which restrict the effectiveness of internal
controls, threat and exposure such as poor management strategies, unintentional errors, employees
carelessness, lack of law compliance, destruction of records (intentional or not) and squandering of
resources. Furthermore, risk and objective must also be taken into account. These comprise:-
-
8/2/2019 Special Topics Official Research Paper
10/24
INTERNAL CONTROLS AND RISK MANAGEMENT
"Inherent risk is the susceptibility of an account balance or class of transactions to error that could
be material, when aggregated with error in other balances or classes, assuming that there were no
related internal accounting controls."
"Control risk is the risk that error that could occur in an account balance or class of transactions
and could be material, when aggregated with error in other balances or classes, will not be
prevented or detected on a timely basis by the system of internal accounting controls."
"Detection risk is the risk that an auditor's procedures will lead him to conclude that error in an
account balance or class of transactions that could be material, when aggregated with error in other
balances or classes, does not exist when in fact such error does exist"
Additional considerations include timing, effectiveness, reliability (risk = 1-reliability),
internal and external factors. Internal factors mainly emphasize the role of managements attitude
to internal controls as it is the sole responsibility of management to ensure the effectiveness of
internal controls and financial reporting (Albrecht et al, 2009). External factors include regulatory
bodies, Financial Accounting Standards Board (FASB) and The Securities Exchange Commission
(SEC). With an effective internal control system companies can ensure that their objectives are
met. However, the use of internal controls may not necessarily ensure that operational and strategic
goals are attained.
Nevertheless, many US companies has adopted the Committee of Sponsoring
Organizations of the Treadway Commission (COSO ) Model published in the 1992 COSO report
which defines internal controls as a process, effected by an entity's board of directors,
management and other personnel, designed to provide reasonable assurance regarding the
achievement of objectives in the following categories: effectiveness and efficiency of operations,
-
8/2/2019 Special Topics Official Research Paper
11/24
INTERNAL CONTROLS AND RISK MANAGEMENT
reliability of financial reporting, and compliance with applicable laws and regulations. This in
turn composes of five key elements; control environment, risk assessment, control activities,
information and communication and monitoring (General Accounting office, 1999).
Control environment- this is an atmosphere that imparts discipline and structure in order to
achieve the primary objectives of the internal control system (United Nations Office for Project
Services, 2008). These include integrity, ethic values, organizational structure, managements
business philosophy and operating style, assignment of authority and responsibility, human
resource policies and practices and competence of personnel (United Nations Office for Project
Services, 2008).
Risk assessment- deals with the association of relevant risks that influences the procedures
of achieving the objectives of the organization (United Nations Office for Project Services, 2008).
These risk assessments should be carried out both internally and externally by managers (General
Accounting Office, 1999).
Control activities- these are the policies and procedures developed by the organization to
ensure that managements directives are implemented (United Nations Office for Project Services,
2008). These activities comprises of approvals, authorizations, verifications, reconciliations,
reviews of operating performance, security of assets and separation of duty (United Nations
Office for Project Services, 2008).
Information and communication- this deals with the effective communication of relevant
and reliable information in a way so as to foster efficient execution of responsibilities in a timely
manner (General Accounting Office, 1999 & United Nations Office for Project Services, 2008).
-
8/2/2019 Special Topics Official Research Paper
12/24
INTERNAL CONTROLS AND RISK MANAGEMENT
Monitoring- is the process of assessing the quality of the internal control over time to
ensure that they are in adherence with audit and other reviews (General Accounting Office, 1999 &
United Nations Office for Project Services, 2008).
Other control models include the CoCo model, Sac, and the COBIT models which all stress
the reasonable assurance of internal controls as internal controls are not a guarantee that
organizations would achieve their objectives.
Risk Management
Risk is the uncertainty that surrounds future events and outcomes (United Nations
Office for Project Services, 2008).
Risk management- as stated by the United Nations Office for Project Services (UNOPS) is
the systematic approach to setting the best course of action in areas of uncertainty by identifying,
assessing, understanding, acting and communicating risk issues (2008).
Risk management is one of the key elements of businesses operating internationally
(Miller, 1991). This is generally perceived as negative outcomes (Miller, 1991). As such risk
management is a central point of view from corporate governance standpoint in the decision
making process (Fabian, 2010).
The concept risk management is an evolving term that was developed throughout history
from ancient times when man relied on God to the transformation of some risk and uncertainty by
means of numbers, experiences and probability. The 20 th century marked the most progress in
measuring and understanding risk. In 1921 Frank Knights Risk, Uncertainty and Profits
highlighted the difference between risk and uncertainty and John Maynard Keynes Treatise on
-
8/2/2019 Special Topics Official Research Paper
13/24
INTERNAL CONTROLS AND RISK MANAGEMENT
Probability emphasized the importance of perception and the Law of Great Numbers. By 1952,
Markowitz developed portfolio analysis as a measure of risk by using returns and variances. At the
turn of the century the concept of risk management had take a critical turn as organizations
understood its importance in business failure or success. During the period 1975 to 2002 marked a
period where numerous organizations where developed as they incorporated risk management
within their mandate. These include The Risk and Insurance Management Society (1975).
Londons Institute of Risk management (1986) and most recently The Professional Risk Managers
International Association (2002). The benefits of risk management have been felt from since
prehistoric times but more so in this present era.
METHODOLOGY
This study took place as a research paper for a course in business. A number of articles
relating to internal controls and risk management were evaluated. The researcher began collecting
-
8/2/2019 Special Topics Official Research Paper
14/24
INTERNAL CONTROLS AND RISK MANAGEMENT
information two weeks prior to the submission date. As such only information collected in this
period was included in the data. Not included in the research any comment left on sites, any web
blogs or feedbacks from internet sources. However, data collected and evaluated was included in
the data these comprise questionnaires, quantitative research.
The sources chosen for this study are questionnaires and quantitative research. A
questionnaire was also distributed including a large sample size as possible to better analyze and
evaluate the significance of internal controls and risk management strategies in Grenada.
Additionally, internet sources were used to evaluate the internal controls and risk management
techniques used regionally and internationally to better evaluate Grenadian businesses. The sites
used to collect data are The United States General Accounting Office (GAO) and the United
Nations Office for Project Services (UNOPS). The General Accounting Office is a US government
official branch of congress and the United Nations Office for Project Services is an organization
dedicated exclusively to project implementation.
Procedure
Research questionnaires were distributed on Friday 8th April. The sample size was chosen
based on companies that have been in existence for a lengthy period of time. This sample size was
chosen because the researcher thought that it would provide a more accurate measure of the
significance of internal controls and risk management strategies as it relates to companies
foreseeable success in the future.
Internet sources were also used to better evaluate the internal control systems and risk
management strategies used by various businesses across the globe. These sites where checked at
regular intervals. During the two week period articles were collected form questionnaires and
-
8/2/2019 Special Topics Official Research Paper
15/24
INTERNAL CONTROLS AND RISK MANAGEMENT
various websites including the two pertinent sites the General Accounting Office and United
Nations Office for Project Services.
After the data was collected it was presented in the form of diagrams to better grasp the
nature of internal controls and risk management strategies. Throughout the research it was
considered that the limitations of internal control systems and risk management strategies are
absolute.
RESULTS
Internet sources and questionnaires were used to analyze the role and significance of
internal controls and risk management in Grenadian organizations. The data accumulated was then
-
8/2/2019 Special Topics Official Research Paper
16/24
INTERNAL CONTROLS AND RISK MANAGEMENT
tallied to analyze the overall importance of internal controls and risk management and presented in
the form of diagrams. In the research paper three questions were asked in order to better evaluate
the importance of internal controls and risk management.
Question number one asked, what measures are in place to ensure control and reporting of
activities? Data was collected to determine what internal controls measures are in place to
safeguard the companys resources and assets. In total 20 questions were delivered and a number
of questions pertaining to internal controls were raised. Data collected revealed that 60% of the
businesses are in retail services, 10% are in manufacturing and 30% are in the service industry. Of
the 20 respondents 15 use approvals, 20 use authorizations, 18 use verifications, 12 use
reconciliation, 17 review operating activities, 20 use asset security and 14 use segregation of duty
as a measure of internal control. Other methods of internal control used, 100% of respondents said
that they check to see if deposited receipts are intact. Overall, one measure of internal control or
another is utilized within each organization.
Question number two asked, what risk management strategies or techniques are applied in
the organization? From the data gathered 90% of managers employ some form of risk management
strategy or technique while just 10% have not fully implemented any form of risk management
strategy. Of the 90% of managers that applied a risk management strategy or technique 83.33%
have a risk management department as opposed to 16.67% who have a risk management strategy
but not a risk management department. Additionally, of the 90% of managers 66.67% carryout risk
assessment in each company department while just 33.33% carryout risk assessment in certain
company departments. However, not all the businesses evaluated employed an active risk
management strategy or technique 100% stated that the environment is conducive for staff to
communicate to management. Of the 20 candidates 0% stated that they employ an avoidance
-
8/2/2019 Special Topics Official Research Paper
17/24
INTERNAL CONTROLS AND RISK MANAGEMENT
strategy, 75% stated they employed a risk reduction strategy, 10% stated they employ a risk
transference strategy and 15% stated they employ a risk retention strategy or technique. In general
a majority of the businesses evaluated utilize various risk assessment and management strategies or
techniques.
Question three asked, how effective are internal controls and risk management strategies to
the success of the organization? Data was also collected on how effective is a internal control
system and risk management to the organization whether they employ one or not, 100% of
respondents stated that internal controls and risk management is a very effective method of
gauging risk and protecting assets and resources. In either case each manager stated that effective
internal controls and risk management techniques were very important to their organizations
success. It was also found that 100% of managers agreed that an operational internal control
system and risk management strategies are beneficial in safeguard and monitoring the companys
valuable assets and resources.
DISCUSSION
All sources, both individual and collective all point to one important conclusion that
internal controls and risk management strategies or techniques are very vital to the success of an
-
8/2/2019 Special Topics Official Research Paper
18/24
INTERNAL CONTROLS AND RISK MANAGEMENT
company whether in retail, manufacturing or service industries. Across the board, internal controls
and risk management strategies are employed in one form or another even if these are not fully
operational within each organization. In fact, 90% of managers employed a risk management
strategy, this goes to show that managers are open to the idea that uncertainty in the workplace is
inevitable. Although the sample size may be small the data collected is a reflection of
managements attempts to create a profitable environment through the protection of their
organizations resources.
In light of the measures of internal controls utilized with the firm the majority used both
authorizations (20) and asset security (20) as a means of safeguarding resources. These two
measures are among the most effective methods of internal controls that an organization can be
beneficial. This is because authorizations and assets security deals directly with the firms assets
which is used to general profit.
-
8/2/2019 Special Topics Official Research Paper
19/24
INTERNAL CONTROLS AND RISK MANAGEMENT
-
8/2/2019 Special Topics Official Research Paper
20/24
INTERNAL CONTROLS AND RISK MANAGEMENT
-
8/2/2019 Special Topics Official Research Paper
21/24
INTERNAL CONTROLS AND RISK MANAGEMENT
Risk Management
-
8/2/2019 Special Topics Official Research Paper
22/24
INTERNAL CONTROLS AND RISK MANAGEMENT
-
8/2/2019 Special Topics Official Research Paper
23/24
INTERNAL CONTROLS AND RISK MANAGEMENT
CONCLUSION
-
8/2/2019 Special Topics Official Research Paper
24/24
INTERNAL CONTROLS AND RISK MANAGEMENT
REFERENCES