Professional Documents
Culture Documents
ISSN 1990-9233
© IDOSI Publications, 2012
DOI: 10.5829/idosi.mejsr.2012.12.4.1793
Abstract: This paper aims to present the theoretical perspective and practices through relevant literature review
on internal control system (ICS). Authors used the systematic research on academic and non-academic
literature. 3 legislations, 20 working papers of professional bodies, 30 research articles and 10 books were
consulted to review the ICS. It is found that a properly developed and effectively implemented internal control
system helps to protect against wastage of resources and a basis for the smooth operations of all types of
organizations. It produces reliable financial reports which are helpful to the stakeholders to make their best
decision. This paper finds the importance that internal control system helps the organizations reduce their
operational risk and improve the reliability of financial reporting to build confidence of shareholders.
Key words: Internal control system Corporate governance Financial reporting Regulations Control
culture
Need for Control System: Globalization has made the Types of Controls: According to GAMMA [5],
organizations to expand their businesses beyond the control can be characterized into the three types; 1)
border of countries which has made difficult for the few Preventive control, 2) Detective Control and 3) Reactive
people to control the wastage of resources. So, with the Control. Following is the Table 1 that shows the sub
expansion of businesses, there has been a necessity for categories:
separate controls mechanism to regulate the activities of
business operations to protect the interest of Internal Control System: Management of information
shareholders. Control is ensuring that the organization security is not only “locks and keys” but it must relate to
operates in its intended manner and achieves its goals [3]. the social alliance and behavior of the people [6].
Corresponding Author: Qaisar Abbas, Department of Management Sciences, COMSATS Institute of Information Technology,
Islamabad, Pakistan.
530
Middle-East J. Sci. Res., 12 (4): 530-538, 2012
Table 1:
Classes Ability to detect the event and take recovery action
Preventive Control Prevents or detect the event and its impact from happening
Detective Control This can be further categories into three components
a). It detects the event and then reacts to solve within a very short period of time
b). It detects the event and promptly reacts to solve within a very short period of time
c). It detects the event but it takes time to react and solve the problem
Reactive Control Reactive control has also three sub components
a). It cannot detect and promptly react on the events but it has partially set up Business Continuity Planning (BCP)
b). It is unable to detect the event from happening but it does have BCP to solve the problem.
c). It is unable to detect the event and the organization does not have BCP.
531
Middle-East J. Sci. Res., 12 (4): 530-538, 2012
records which can be done by separations of duties. If the 3 The UK Code of Corporate governance
532
Middle-East J. Sci. Res., 12 (4): 530-538, 2012
533
Middle-East J. Sci. Res., 12 (4): 530-538, 2012
534
Middle-East J. Sci. Res., 12 (4): 530-538, 2012
DTR 7.2.10 R states that an issuer which is required to Reliability is the ability of a measurement to differentiate
prepare a group directors’ report within the meaning of between subjects or objects [25]. Micro Strategy, Waste
Section 415(2) of the Companies Act 2006 must include a Management, Qwest, Tyco, Adelphia, Fannie Mae, Global
report stating the “main features of the internal control Crossing, HealthSouth, Xerox and others are the common
and risk management systems in relation to the process examples which traumatized the confidence of investors
for preparing consolidated accounts of the companies”. over the financial information provided by the companies.
These scandals increased the gap between the investors’
Definitions of the Terms: To understand the definitions expectations of corporate governance and financial
provided by the different authors and professional reporting. Several measures have been taken by
bodies, we have defined the terms which are being used regulators to close this gap. Unreliable financial reports
in the internal control definitions. are mainly considered the reasons for the loss of
Now, we report different definitions presented by investor’s confidence and the stock market crash that
different professional bodies. Brief introduction of these results high profile scandals [39]. One of the most
bodies are given in appendix 1. These definitions not only important tasks of internal control is to ensure the quality
provide time to time needs of any organizations but also of financial reporting [17]. One of the purposes of the
provide update for new component required by the Sarbanes-Oxley Act was to re-establish the confidence of
management. the investors in financial reporting by providing financial
results that reflect the true economic performance of the
Discussion on the Definitions: There is a common firms [40]. Identify that internal control regulations limit
consensus by all the researchers and professional bodies managerial discretion and improve the quality of financial
on 3 components from the definitions; reports [41]. US firms use the world wide code whatever
the cost companies have to bear just to enhance their
Efficiently and effectively control of financial and credibility in the markets [42]. PCAOB [43] cites that there
operational “activities or operations” is need for professional bodies and public companies to
Reliability of financial reporting, restore the confidence of investors in financial markets by
Application of policies, regulations and laws lay increasing level of data accuracy, reliability and fairness
down by the management in financial statements. Compliance is the state or fact
accordingly with or meeting rules or standards.
Operations are prescribed series of co-ordinated steps Compliance can be defined conformity with regulatory
to be taken by the management under certain recurring requirements established by government [44]. A suitable
circumstances [27]. Operations are coordinated methods governance laws can help alleviate challenges of process,
and measures adopted by the organizations within the quality, cost and overall profitability risk associated with
business to safeguard its resources [37]. Operations are them [45]. Different organization either profit making or
combination of different activities, strategies, policies and no-profit making have some set standards, rules,
efforts of the people working together in an organization regulations which must be complied so that the
[30]. AMF working Group [31] explains that operations organizations processes could be done in an intended
which consist of resources, procedures, conducts and manner to avoid the wastage of resources. These rules,
actions relevant to that specific company. These control regulations, policies may vary from organization to
activities consists of company’s internal processes which organizations, industry to industry and even country to
observe and control the functions correctly, particularly country. Without compliance, there is no rule of law, no
the safety of its assets. PIFC Expert Group [32] explains matter how well the Institutions and regulations are
the operations are the process of transactions. So, the designed [46]. Compliance is ensuring that the
operations or procedures are the combinations of requirements of laws, regulations, industry codes and
management information system, administrative organizational standards and policies are met [47].
procedures system and a system of accountability which According to German Corporate Governance Code firms
helps the management to work according to the strategic that paid higher average remunerations to their
objectives. Reliability is consistency of a measure which management board members were less likely to comply,
identifies the accuracy and quality of accounting whereas firms with higher Tobin's Q were more likely to
information presented to show true and fair view [38]. comply [48].
535
Middle-East J. Sci. Res., 12 (4): 530-538, 2012
536
Middle-East J. Sci. Res., 12 (4): 530-538, 2012
15. Committee of Sponsoring Organizations 32. PIFC Expert Group, 2004. Internal Control Systems in
of the Treadway Commission, 2012. Candidate countries, Volume 1, Report to Supreme
Internal Control-Integrated Framework. Audit Institutions of Central and Eastern European
Update Project. Countries, Cyprus, Malta, Turkey and European court
16. Committee of Sponsoring Organizations of the of Auditors.
Treadway Commission, 2009. Internal Control, 33. Internal Control Standards Committee, 2004.
Integrated Framework. Guidance on Monitoring Guidelines for Internal Control Standards for the
Internal Control Systems, Introduction. Public Sector. The International Organization of
17. Shiri, M.M., S.H. Vaghfi, M.M. Soltani and Supreme Audit Institutions (INTOSAI).
M. Esmaeli, 2012. Corporate Governance and Earning 34. United States General Accounting Office, 1999.
Quality: Evidence from Iran. Middle-East Journal of Standards for Internal Control in the Federal
Scientific Research, 11(6): 702-708. Government, GAO/AIMD-00-21.3.1.
18. The Institute of Internal Auditors, 2008. 35. Committee on Auditing Procedure, 1949.
Sarbanes-Oxley Section 404: A Guide for American Institute of Accountants, Internal Control
Management by Internal Controls Practitioners. (New York: American Institute of Certified Public
2nd (ed). Accountants: Committee on Auditing Procedure,
19. Ouchi, W.G., 1980. Markets, Bureaucracies and Clans. 1963, Auditing Standards and Procedures,
Administrative Science Quarterly, 25(1): 129-141. Statement on Auditing Procedure No. 33.
20. Swedish Corporate governance Board, 2010. 36. Chorafas, D.N., 2001. Implementing and Auditing the
The Swedish Code of Corporate Governance. Internal Control System. Palgrave MacMillan.
21. Financial Reporting Council, 2010. The UK Corporate 37. Bower, J.B. and E.S. Robert, 1965.
Governance code. Internal Control--Its True Nature. The Accounting
22. Fraser, M., 1994. Quality in higher education: Review, 40(2): 338-344.
An international perspective in D. Green, (Ed.). 38. Vermeer, T.E., 2005. Do CEO/CFO Certifications
What is Quality in Higher Education, pp: 101-111. Provide a Signal of Credible Financial Reporting?
23. Marlaine, E.L. and H. Eric, 1994. Concepts of Research in Accounting Regulation, 18: 163-175.
Educational Efficiency and Effectiveness. Human 39. Browning, E.S. and W. Jonathan, 2002. Burden of
Resource Development and Operations Policy. Doubt: Stocks Take a Beating as Accounting Worries
24. Hilton, R.W., 2011. Managerial accounting: Spread beyond Enron. Wall Street Journal.
creating value in a dynamic business environment. 40. Zhou, J., 2008. Financial Reporting After the
7th ed. McGraw-Hill/Irwin, New York. Sarbanes-Oxley Act: Conservative or Less Earnings.
25. Kottner, J., et al, 2011. Guidelines for Reporting Research in Accounting Regulation, 20: 187-192.
Reliability and Agreement Studies (GRRAS) were 41. Altamuro, J. and B. Anne, 2010. How Does Internal
proposed. International Journal of Nursing Studies Control Regulation Affect Financial Reporting?
48: 661-671. Journal of Accounting and Economics, 49(1-2): 58-74.
26. Ministry of environment, British Columbia, 2009. 42. Madura, J., 2006. International Financial Management.
Compliance and Enforcement Policy and Procedure. 8th ed. Thomson/South-Westrern.
27. Bartol, K., et al, 2004. Management A Pacific Rim 43. Public Company Accounting Oversight Board
Focus. Enhanced Edition. McGraw Hill. (PCAOB), 2004. An audit of internal control over
28. Lynch, R., 2005. Corporate Strategy. 4th (ed). financial reporting performed in conjunction with an
Financial Times/ Prentice Hall. audit of financial statements.
29. Price water coopers and SAP, 2008. Internal Control 44. Ministry of environment, British Columbia,
System and Risk Management. GRC White Paper. 2009. Compliance and Enforcement Policy and
30. Thomas, P.D., 2007. Standards for Internal Control. Procedure.
New York State Government. 45. Stratman, J., 2008. Facilitating offshoring with
31. AMF Working Group, 2007. The Internal Control enterprise technologies: Reducing operational friction
System; Reference framework. Presentation of the in the governance and production of services?
work performed by the Working Group. Journal of Operations Management, 26(2): 275-287.
537
Middle-East J. Sci. Res., 12 (4): 530-538, 2012
46. Levi, M., T. Tyler and A. Sacks, 2009. The Reasons 47. Curtin University, 2010. Compliance Policy and
for Compliance with Law. Understanding Social Procedures. Category: Legal, Policy and Procedures.
Action, Promoting Human Rights; working paper. 48. Andres, C. and E. Theissen, 2008. Setting a fox to
Harvard Law School. keep the geese-Does the comply or explain principle
work? Journal of Corporate Finance, 14: 289-301.
APPENDIX 1: Organizations with their brief descriptions working on Internal Control System
No. Organization Description
1 COSO Committee of Sponsoring Organization of the Treadway Commission is sponsored by five major American professional organizations which
is a private sector initiative begun in 1985 to address fundamental causes of financial reporting scandals.
2 International Organization of Supreme INTOSAI was formed in 1953 at the initiative of Emilio Fernandez Camus with presently 189 full members and 4 associated members. It is
Audit Institutions (INTOSAI) a non-governmental, autonomous, independent and non-political organization with special consultative status with the Economic and Social Council
(ECOSOC) of the United Nations and operates as an umbrella organization for the external government audit community.
3 AMF The Autorité des marchés financiers (AMF) established by the Financial Security Act of 1 August 2003. It was formed from the merger of
the Commission des opérations de bourse (COB), the Conseil des marchés financiers (CMF) and the Conseil de discipline de la gestion financière
(CDGF). The objective in amalgamating these bodies was to improve the efficiency of France’s financial regulatory system and to give it greater
visibility. The AMF is an independent public body of France with legal personality and financial autonomy.
4 Standards for Internal Control The New York State Governmental Accountability, Audit and Internal Control Act of 1987 (Internal Control Act) required State agencies and
in New York State Government other organizations to promote and practice good internal control and to provide accountability for their activities. In 1999, this legislation was
made permanent and the State Finance Law was amended to require the State comptroller to issue internal control standards for State agencies
and other organizations.
5 Price waterhouse Coopers (PwC) PricewaterhouseCoopers is one of the world’s pre-eminent professional services organizations which works as a professional advisers to helps
its clients solve complex business problems and aim to enhance their ability to build value, manage risk and improve performance.
6 Public internal financial control The concept of PIƒC was developed by the European Commission during the second half of the 1990’s and is nowadays used to guide and support
(PIFC) Expert Group applicant countries attempting to develop modern public internal control systems.
7 GAMMA Gamma is an ISO/IEC 27001:2005 and BS EN ISO 9001: 2008 registered company, certified for the provision of information security
consultancy. Gamma is a subscribing member of the British Standards Institution and an active participant in its committees relevant to
information security.
8 The Basle Committee on The Basle Committee on Banking Supervision is a Committee of banking supervisory authorities located Basle established by the central bank
Banking Supervision Governors of the Group of Ten countries in 1975 which consists of senior representatives of bank supervisory authorities and central banks from
Belgium, Canada, France, Germany, Italy, Japan, Luxembourg, Netherlands, Sweden, Switzerland, United Kingdom and the United States.
538