Abstract
Purpose: The purpose of this chapter is to provide an account of some of the themes and issues that are frequently taken up in writings on internal control.
Synopsis: Official definitions of internal control develop, vary and are often somewhat controversial. Both broad and narrow approaches to internal control have co-existed for a long time and some scholars have argued that defining the boundaries of internal control remains problematic. Although internal control has always had a direct relationship to the concept of risk, recent writings suggest that this relationship is now more explicit and controls are closely associated with risk management practices. There have been continuous attempts to classify and distinguish different types of internal controls. As the concept of internal control has expanded into management control and corporate governance, design issues are becoming more important. It is however difficult to examine and measure internal control quality. Internal control designs seem however to be contingent upon a number of external and internal variables, including certain regulatory environment characteristics, business culture, uncertainty and risk, objectives and strategies, risk appetite, practical frameworks and standards and firm size. The specific design objectives often applied may be management’s financial assertions or a stated risk appetite level. Existing writings on internal controls also suggest that controls need to be integrative, balanced, embedded, cost-effective and adaptive. Much has been written on the assessment and evaluation of internal control, which is unsurprising, since this constitutes a key part of the audit process. Findings suggest that internal control evaluation is part structure, part judgment. The disclosure of internal control is not a new phenomenon but is becoming increasingly important. Issues often examined include whether disclosure requirements should be voluntary or mandatory, whether they should address the effectiveness of internal controls, and also whether auditors should attest to a report on internal control. Today internal control is often referred to as a corporate governance mechanism, yet researchers have suggested that internal control from this perspective remains under-explored. Determining the outcomes of internal control may be difficult however, although prior writings on the subject not only discuss its fraud detection capabilities, risk and cost consequences but also its enabling effects on firm performance.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
For more information, review FFE (The Federation of European Accountants) (2007) which provides a detailed account. The author is grateful to Ph.D. Gunilla Eklöv Alander (econ.) formerly at the Supervisory Board of Public Accountants in Sweden and currently at Uppsala University, for providing input to this section.
- 2.
The author is grateful to Ph.D. Gunilla Eklöv Alander (Ek.dr.) at the Supervisory Board of Public Accountants in Sweden for providing input on the section related to differences between Swedish and international audit standards on internal control.
- 3.
Internal control activities are closely associated with what Porter (1985) refers to as quality assurance activities. These activities, according to Porter, ensure the quality of other primary core activities and include various monitoring, inspecting, reviewing, testing and checking activities (p. 44), which resembles internal controls.
- 4.
From a local Swedish perspective this may not be a completely accurate statement. The Limited Liability Companies Act [SFS 2005:551 Aktibolagslagen] prescribes that the statutory audit also must include an assessment of the Board’s administration of the company. Some aspects of the internal control system is hereby audited, as prescribed by Swedish audit standard RS 209 (FAR SRS, 2009, p. 205).
- 5.
As mentioned in chapter three these changes in Swedish law will also result in updates to the Swedish code of Corporate Governance (Kollegiet för Svensk Bolagsstyrning, 2009, p. 7). The now mandated corporate governance report [bolagsstyrningsrapport] must include information about the most important aspects of the entity´s systems for internal control and risk management, as it pertains to financial reporting quality. However, the new disclosure requirements that result from the implementation of the European Union accounting directive do not significantly deviate from the existing requirements already stipulated by the Swedish code. The SCGB has however signaled that, with reference to the content of the corporate governance report, it may be reasonable that the code requirements go beyond the minimum requirements of Swedish law (see Kollegiet för Svensk Bolagsstyrning, 2009, p. 8).
- 6.
The requirements of Cadbury, Turnbull, Rutteman, Hampel, COSO and COCO are included in their assessment and illustration (see pp. 646–651).
- 7.
Their appropriate positions have been plotted based on an assessment of the following factors: whether MRICs contain a design-statement only or whether they should address the effectiveness of the internal control system as well, whether the definition of control is confined to financial reporting quality only or whether MRICs should cover other controls as well, and whether the auditors are required to attest to the MRICs or not (based on Hermanson, 2000, p. 326).
- 8.
In a recent paper on the drivers of voluntary disclosures, Boessa and Kumar (2007) note on the subject that “it has been frequently discussed that factors such as a company’s effort to gain reputation, long-term value creation, market conditions, and pressures from corporate governing bodies may also be driving the voluntary disclosure practices of companies” (p. 271). Their findings indicate that “in addition to investors’ information needs, factors such as company emphasis on stakeholder management, relevance of intangible asset, and market complexity affect both the volume as well as the quality of voluntary disclosures” (p. 269).
- 9.
For a review of the concept and some of the effects that formalization may have on organizational performance, see for example studies such as Organ and Greene (1981), Dewar, Whetten and Boje (1980), House (1975), Podsakoff, Williams and Todor (1986), Hall, Johnson and Haas (1967), Agarwal (1993) and Michaels, Cron, Dubinsky and Joachimstahaler (1988). Building on earlier studies on formalization Hall, Johnson and Haas (1967) suggest that formalization “is measured by the proportion of codified jobs and the range of variation that is tolerated within the rules of defining jobs. The higher the proportion of codified jobs and the less range of variation allowed the more formalized organization” (p. 906).
References
af Ekenstam, A.-C. (2009, August 17). Modernisera riskarbetet. Dagens Industri.
Agarwal, S. (1993). Influence of formalization on role stress, organizational commitment, and work alienation of sales persons: A cross-national comparative study. Journal of International Business Studies, 24(4), 715–739.
Ahmed, A. S., McAnally, M. L., Rasmussen, S., & Weaer, C. D. (2010). How costly is the Sarbanes Oxley act? Evidence on the effects of the act on corporate profitability. Journal of Corporate Finance, 16, 352–369.
Allegrini, M., DÓnza, G., Paape, L., Melville, R., & Sarens, G. (2006). The European literature on internal auditing. Managerial Auditing Journal, 21(8), 845–853.
Anthony, R. N. (1965). Planning and control systems: A framework for analysis. Boston: Graduate School of Business Administration, Harvard University.
Arwinge, O., & Munkby, T. (2011). Intern kontroll i finansiell sector – en studie av brister [Internal control in the financial sector – a study of deficiencies]. Balans, No.6/7, 25–29.
Ashbaugh-Skaife, H., Collins, D. W., & Kinney, W. R., Jr. (2007). The discovery and reporting of internal control deficiencies prior to SOX-mandated audits. Journal of Accounting and Economics, 44, 167–192.
Ashbaugh-Skaife, H., Collins, D. W., Kinney, W. R., Jr., & LaFond, R. (2008). The effect of SOX internal control deficiencies and their remediation of accrual quality. The Accounting Review, 83(1), 217–250.
Ashbaugh-Skaife, H., Collins, D. W., Kinney, W. R., Jr., & Lanfond, R. (2009). The effect of SOX internal control deficiencies on firm risk and cost of capital. Journal of Accounting Research, 47(1), 1–43.
Ashton, R. H. (1974). An experimental study of internal control judgments. Journal of Accounting Research, 12(1), 143–157.
Bannister, S. J., Engvall, D. H., & Martin, D. B. H. (2007). Retooling the internal control process – A welcome relief. Insights, 21(8), 2–15.
Beasley, M. S., Clune, R., & Hermanson, D. R. (2005). Enterprise risk management: an empirical analysis of the factors associated with the extent of the of implementation. Journal of Accounting and Public Policy, 24, 521–531.
Bierstaker, J. L. (2003). Auditor recall and evaluation of internal control information: Does task-specific knowledge mitigate part-list interference? Managerial Auditing Journal, 18(2), 90–99.
Bierstaker, J. L., Hunton, J. E., & Thibodeau, J. C. (2009). Do client-prepared internal control documentation and business process flowcharts help or hinder an auditor’s ability to identify missing controls? Auditing: A Journal of Practice and Theory, 28(1), 79–94.
Bierstaker, J. L., & Thibodeau, J. C. (2006). The effect of format and experience on internal control evaluation. Managerial Auditing Journal, 21(9), 877–891.
Birkenshaw, J., & Jenkins, H. (2009). Risk management gets personal. Lessons from the credit crisis. Executive Briefing. Advanced Institute of Management Research (AIM Research). Available at www.aimresearch.org
Boessa, G., & Kumar, K. (2007). Drivers of corporate disclosures: A framework and empirical evidence from Italy and the United States. Accounting, Auditing and Accountability Journal, 20(2), 269–296.
Borthick, A. F., Curtis, M. B., & Sriram, R. S. (2006). Accelerating the acquisition of knowledge structure to improve performance in internal control reviews. Accounting, Organizations and Society, 31, 323–342.
Bower, J. B., & Schlosser, R. E. (1965). Internal control – Its true nature. The Accounting Review, 40(2), 338–344.
Braiotta, L., Gazzaway, R. T., Colson, R. H., & Ramamoorti, S. (2010). The audit committee handbook (5th ed.). New Jersey: Wiley.
Brandinger, R. (2008a). Kodens ansvar finns i betraktarens öga. Dagens Industri.
Brandinger, R. (2008b, September 1). Riskhantering – inget för koden. Dagens Industri.
Bronson, S. N., Carcello, J. V., & Raghunandan, K. (2006). Firm characteristics and voluntary management reports on internal control. Auditing: A Journal of Practice and Theory, 25(2), 25–39.
Brown, R. (1962): Changing audit objectives and techniques. The Accounting Review, 37(4), 696–703. In Lee, T. A. (ed.). (1988). The evolution of audit thought and practice. New York: Garland.
Cain, A. (2009, December). Financial industry leads in fraud increases. Internal Auditor, 15.
Callaghan, J. H., Savage A., & Mintz, S. (2007, March). Assessing the control environment using a balanced scorecard approach. The CPA Journal.
Carcello, J. V., Hermanson, D. R., & Raghunandan, K. (2005). Factors associated with US public companies’ investment in internal auditing. Accounting Horizons, 19(2), 69–84.
Cardinal, L. B., Sitkin, S. B., & Long, C. P. (2004). Balancing and rebalancing in the creation and evolution of organizational control. Organization Science, 15(4), 411–431.
Carmichael, D. R. (1970). Behavioral hypotheses of internal control. The Accounting Review, 45(2), 235–245.
Chambers, A. (2006). Assurance of performance. Measuring Business Excellence, 10(3), 41–45.
Changchit, C., Holsapple, C. W., & Madden, D. L. (2001). Supporting managers internal control evaluations: An expert system and experimental results. Decision Support Systems, 30, 437–449.
Chapman, C. (1997). Reflections on a contingent view of accounting. Accounting, Organizations and Society, 22(2), 189–205.
Chapman, C., Hopwood, A., & Shields, M. D. (Eds.). (2007). Handbook of management accounting research. Oxford: Elsevier.
Cheney, G. (2008, May 26). Controlling internal controls. Investment dealers’ Digest, 20–21.
Chenhall, R. (2003). Management control systems design within its organizational context: Findings from contingency-based research and directions for the future. Accounting, Organizations and Society, 28, 127–168.
Clikeman, P. M. (2009, February). Audit evidence. Internal Auditor, 19–20.
Cohen, J., Krishnamoorthy, G., & Wright, A. (2004). The corporate governance mosaic and financial reporting quality. Journal of Accounting Literature, 23, 87–152.
Coletti, A. L., Sedatole, K. L., & Towry, K. L. (2005). The effect of control systems on trust and cooperation in collaborative environments. The Accounting Review, 80(2), 477–500.
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (1992). Internal control – Integrated framework. New York: AICPA.
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2004). Enterprise risk management – Integrated framework, executive summary. New York: AICPA.
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2006). Internal control over financial reporting – Guidance for smaller public companies, volume 1: executive summary. New York: AICPA.
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2007). Internal control – integrated framework, guidance on monitoring internal control systems, Discussion document, 2007–09
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2009a). Internal control – integrated framework. Guidance on monitoring internal control systems – introduction. New York: AICPA. Available at www.coso.org
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2009b). Effective enterprise risk oversight – the role of the board of director. New York: AICPA. Available at www.coso.org
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2009c). Strengthening Enterprise Risk Management for Strategic Advantage. New York: AICPA. Available at www.coso.org
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2010a, December). Board risk oversight – a progress report. Where boards and directors currently stand in executing their risk oversight responsibilities. Research commissioned by COSO. Available at www.coso.org
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2010b). Developing key indicators to strengthen enterprise risk management. How key risk indicators can sharpen focus on emerging risks. Research commissioned by COSO. Available at www.coso.org
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2011). Embracing enterprise risk management. Practical approaches to getting started. Research commissioned by COSO. Available at www.coso.org
Davies, M. (2008). The impracticality of international “once size fit all” corporate governance of best practice. Managerial Auditing Journal, 23(6), 532–544.
Davies, M. (2009). Effective working relationships between audit committees and internal audit – The cornerstone of corporate governance in local authorities, a Welsh perspective. Journal of Management and Governance, 13, 41–73.
De La Rosa, S. (2007, June). Moving forward with ERM. Internal Auditor, 50–54.
DeFond, M. L., & Francis, J. R. (2005). Audit research after Sarbanes-Oxley. Auditing: A Journal of Practice and Theory, 24(Supplement: 5–30), 5–40.
DesJardins, J. R., & McCall, J. J. (2005). Contemporary issues in business ethics (5th ed.). Belmont: Wadsworth/Thomson.
Dewar, R. D., Whetten, D. A., & Boje, D. (1980). An examination of the reliability and validity of the Aiken and Hage scales of centralization, formalization and task routineness. Administrative Science Quarterly, 25(1), 120–128.
Dicksee, L. R. (1892). Auditing: A practical manual for auditors (1st ed.). London: Gee.
Dicksee, L. R. (1905). Auditing: authorized American edition (R. H. Montgomery, ed). New York: Arno Press
Dolphin, R. R. (2004). Corporate reputation – A value creating strategy. Corporate Governance, 4(3), 77–92.
Doyle, E. (2007). Compliance obstacles to competitiveness. Corporate Governance, 7(5), 612–622.
Eisenhardt, K. M. (1985). Control: organizational and economic approaches. Management Science, 31(2), 134–149.
Ethiraj, S. K., Kale, P., Krishnan, M. S., & Singh, J. V. (2005). Where do capabilities come from and how do they matter? A study in the software services industry. Strategic Management Journal, 26, 25–45.
Fadzil, F. H., Haron, H., & Jantan, M. (2005). Internal auditing practices and internal control system. Managerial Auditing Journal, 20(8), 844–866.
Fagerberg, J. (2008). Occupational Fraud – Auditors´ perceptions of red flags and internal control. (diss.) [Licenciat avhandling]. Linköping University, Linköping Studies in Science and Technology, Thesis No. 1369.
Far, S. R. S. (2009). Samlingsvolymen 2009 Revision [Swedish Audit Standards 2009]. Stockholm/Sverige: FAR SRS Förlag.
FFE (The Federation of European Accountants). (2007). Selected issues in relation to financial statement audits. Inherent limitations, reasonable assurance, professional judgement and its documentation, and enforceability of auditing standards. Available at www.ffe.be
Finansinspektionen [The Swedish Financial Supervisory Authority]. (2005). Allmänna råd om styrning och kontroll i finansiella bolag. FFFS 2005:1 [General guidelines regarding governance and control of financial undertakings], Stockholm. Available at www.fi.se
Finansinspektionen [The Swedish Financial Supervisory Authority]. (2011, Maj 24). Tillsynsrapport 2011. Erfarenheter från tillsyn och regelutveckling [Oversight report 2011. Learnings from oversight and policy development], Finansinspektionen, Stockholm. Available at www.fi.se
Flint, D. (1988). Philosophy and principles of auditing – An introduction. London: Macmillan Education.
Foster, B. P., Ornstein, W., & Shastri, T. (2007). Audit costs, material weaknesses under SOX section 404. Managerial Auditing Journal, 22(7), 661–673.
Fraser, I., & Henry, W. (2007). Embedding risk management: Structures and approaches. Managerial Auditing Journal, 22(4), 392–409.
FRC (Financial Reporting Council). (2005). Internal control. Revised guidance for directors on the combined code. London. Available at www.frc.org.uk
FRC (Financial Reporting Council). (2008, June). The combined code on corporate governance, London. Available at www.frc.org.uk
Gadh, V. M., Krishnan, R., & Peters, J. M. (1993). Modeling internal controls and their evaluation. Auditing: A Journal of Practice and Theory, 12(Supplement), 113–129.
Garbade, W. H. (1944). Internal control and the internal auditor. The Accounting Review, 19(4), 416–421.
Gee, W., & McVay, S. (2005). The disclosure of material weaknesses in internal control after the Sarbanes-Oxley Act. Accounting Horizons, 19(3), 137–158.
Gerkes, J., Van der Werf, W. J., & Van der Wijk, H. (2007, October). Entity-level controls. Internal Auditor, 50–54.
Goldberg, D. M. (2007, December). Focus on high-risk controls. Internal Auditor, 69–71.
Grant Thornton. (2009a, Summer). Corporate governance series: enterprise risk management: creating value in a volatile economy. Available at www.grantthornton.com
Gupta, P. P., & Thomson, J. C. (2006). Use of COSO 1992 in management reporting on internal control. Strategic Finance, 27–33.
Hall, R. H., Johnson, N. J., & Haas, E. (1967). Organizational size, complexity and formalization. American Sociological Review, 32(6), 903–912.
Hammer, M. (2007, April). The process audit. Harvard Business Review, 111–123.
Hammer, M., & Champy, J. (1993). Reengineering the corporation. A manifesto for business revolution. London: Nicholas Brealey.
Haron, H., Chambers, A., Ramsi, R., & Ismail, I. (2004). The reliance of external auditors on internal auditors. Managerial Auditing Journal, 19(9), 1148–1159.
Haun, R. D. (1955). Broad vs. narrow concepts of internal auditing and internal control. The Accounting Review, 30(1), 114–118.
Hay, D. (1993). Internal control: How it evolved in four English-speaking countries. The Accounting Historians Journal, 20(1), 79–102.
Heier, J. R., Dugan, M. T., & Sayers, D. L. (2005). A century of debate for internal controls and their assessment: A study of reactive evolution. Accounting History, 10(3), 39–70.
Hermanson, H. M. (2000). An analysis of the demand of reporting on internal control. Accounting Horizons, 14(3), 325–341.
Hermanson, D. R., & Rittenberg, L. E. (2003). Research opportunities in internal auditing chapter 2: Internal audit and organizational governance. Florida: IIA (Institute of Internal Auditors) Research Foundation.
Hofstede, G. (1984). Culture’s consequences: International differences in work-related values. Beverly Hills: Sage.
Hoitash, R., Hoitash, U., & Bedard, J. C. (2009). Corporate governance and internal control over financial reporting: A comparison of regulatory regimes. The Accounting Review, 84(3), 839–867.
Holmes, S. A., Langford, M., Welch, O. J., & Welch, S. T. (2002). Associations between internal controls and organizational citizenship behavior. Journal of Managerial Issues, 14(1), 85–99.
Holmström, B., & Kaplan, S. N. (2003). The state of U.S. corporate governance: What’s right and what’s wrong? Journal of Applied Corporate Finance, 15(3), 8–20.
House, J. D. (1975). Organization without formalization: The case of a real estate agency. The Canadian Journal of Sociology, 2(2), 19–31.
Hutter, B., & Power, M. (Eds.). (2005). Organizational encounters with risk. Cambridge: Cambridge University Press.
IAASB (International Auditing and Assurance Standards Board). (2006, December). Redrafted International Standards on Auditing 240, 300, 315, 330. New York
IIA (Institute of Internal Auditors). (2004). The professional practices framework. Florida: The IIA Research Foundation. Global Practices Center.
IIA (Institute of Internal Auditors). (2009). International professional practices framework (IPPF). Florida: The IIA Research Foundation.
James, K. L. (2003). The effect of internal audit structure on perceived financial statement fraud prevention. Accounting Horizons, 17(4), 315–327.
Jensen, M. C., & Meckling, W. H. (1976). Theory of the firm: managerial behaviour, agency costs and ownership structure. Journal of Financial Economics, 3, 305–360.
Jokipii, A. (2006). The structure and effectiveness of internal control – A contingency approach. (diss.) Åbo Akademi University, Turku.
Jokipii, A. (2010). Determinants and consequences of internal control in firms: a contingency theory based analysis. Journal of Management and Governance, 14(2), 115–144.
Jonnergård, K., & Larsson, U. (2007). Developing codes of conduct: Regulatory conversations as means for detecting institutional change. Law & Policy, 29(4), 460–492.
Kinney, W. R., Jr. (2000). Research opportunities in internal control quality and quality assurance. Auditing: A Journal of Practice and Theory, 19(Supplement), 83–90.
Kinney, W. R., Jr. (2005). Twenty-five years of audit deregulation and re-regulation: What does it mean for 2005 and beyond? Auditing: A Journal of Practice and Theory, 24, 89–109.
Kirkpatrick, W. W. (1962). The adequacy of internal corporate controls. The ANNALS of the American Academy of Political and Social Science, 343(1), 75–83.
Kjellberg, A.-C. (2009, September). Ledningen måste ta helhetsgrepp på riskerna. Dagens Industri.
Kodgruppen [The Code group]. (2004). Svensk kod för bolagsstyrning [Swedish code of Corporate Governance], Stockholm.
Kollegiet för Svensk Bolagsstyrning [The Swedish Corporate Governance Board]. (2005). Anvisning Nr.1-2005 [Guidance No.1-2005 regarding board reporting on internal control], Stockholm, December 15, 2005.
Kollegiet för Svensk Bolagsstyrning [The Swedish Corporate Governance Board]. (2006a). Anvisning Nr.1-2006 [Guidance No. 1-2006 on the application of code provisions regarding reporting and disclosure of internal controls], Stockholm, September 6, 2006. Available at www.corporategovernanceboard.se
Kollegiet för Svensk Bolagsstyrning [The Swedish Corporate Governance Board]. (2006b). Årsrapport 2006 [Annual Report 2006]. Stockholm, June 2006. Available at www.corporategovernanceboard.se
Kollegiet för Svensk Bolagsstyrning [The Swedish Corporate Governance Board]. (2006c). Kodbarometern 2006 [Survey on the attitudes towards the Swedish code, 2006], Stockholm, June 2006. Available at www.corporategovernanceboard.se
Kollgiet för Svensk Bolagsstyrning [The Swedish Corporate Governance Board]. (2009, June). Årsrapport 2009 [Annual Report 2009], Stockholm. Available at www.bolagsstyrning.se
Koutoupis, A. G. (2007, October). Documenting internal controls. Internal Auditor, 23–27.
Krishnan, J., Rama, D., & Zhang, Y. (2008). Costs to comply with SOX section 404. Auditing: A Journal of Practice and Theory, 27(1), 169–186.
Langfield-Smith, K. (1997). Management control systems and strategy: A critical review. Accounting, Organizations and Society, 22(2), 207–232.
Langfield-Smith, K., & Smith, D. (2003). Management control systems and trust in outsourcing relationships. Management Accounting Research, 14, 281–307.
Lazarides, T., & Drimpetas, E. (2008). The missing link to an effective corporate governance system. Corporate Governance, 8(1), 73–82.
Lee, T. A. (1971). The historical development of internal control form the earliest times to the end of the seventeenth century. Journal of Accounting Research, 9(1), 150–157.
Lee, T. A. (Ed.). (1988). The evolution of audit thought and practice. New York: Garland.
Lekvall, P. (2008, September 6). Intern kontroll kvar i fokus. Dagens Industri.
Leone, A. J. (2007). Factors related to internal control disclosure: A discussion of Ashbaugh, Collins and Kinney (2007) and Doyle, Ge, and McVay (2007). Journal of Accounting and Economics, 44, 224–237.
Lightle, S. S., Castellano, J. F., & Cutting, B. T. (2007, December). Assessing the control environment. Internal Auditor, 51–56
Linseley, P. M., & Lawrence, M. J. (2007). Risk reporting by the largest UK companies: Readability and lack of obfuscation. Accounting, Auditing and Accountability Journal, 20(4), 620–627.
Little, A., & Best, P. J. (2003). A framework for separating duties in an SAP R/3 environment. Managerial Auditing Journal, 18(5), 419–430.
Maijoor, S. (2000). The internal control explosion. International Journal of Auditing, 4, 101–109.
Matyjewicz, G., & DÀrcangelo, J. R. (2004, October). Beyond Sarbanes-Oxley. Internal Auditor, 67–72.
McMullen, D. A., Raghunandan, K., & Rama, D. V. (1996). Internal control reports and financial reporting problems. Accounting Horizons, 10(4), 67–75.
Michaels, R. E., Cron, W. L., Dubinsky, A. J., & Joachimsthaler, E. A. (1988). Influence of formalization on the organizational commitment and work alienation of salespeople and industrial buyers. Journal of Marketing Research, 25(4), 376–383.
Mikes, A. (2009). Risk management and calculative cultures. Management Accounting Research, 20, 18–40.
Mintzberg, H. (1983). Power in and around organizations. Englewood Cliffs: Prentice-Hall.
Mintzberg, H. (1990). The design school: Reconsidering the basic premises of strategic management. Strategic Management Journal, 11(3), 171–195.
Mock, T. J., Sun, L., Srivastava, R. P., & Vasarhelyi, M. (2009). An evidential reasoning approach to Sarbanes-Oxley mandated internal control risk assessment. International Journal of Accounting Information Systems, 10(2), 65–78.
Netter, J., Poulsen, A., & Stegemoller, M. (2009). The rise of corporate governance in corporate control research. Journal of Corporate Finance, 15, 1–9.
O’Leary, C., Iselin, E., & Sharma, D. (2006). The relative effects of elements of internal control on auditors’ evaluations of internal control. Pacific Accounting Review, 18(2), 69–96.
O’Reilly, M., & McMullen, D. (2002, January). Internal control reporting and users’ perceptions of financial statement reliability. American Business Review. 100–107.
Oliviero, M. E. (2001). Internal control – Integrated framework: How is responsible? Critical Perspectives on Accounting, 12, 187–192.
Oliviero, M. E. (2002, February). The architect is missing. Internal Auditor, 76.
Olve, N.-G., Petri, C. J., Roy, J., & Roy, S. (2003). Making scorecards actionable: Balancing strategy and control. England: Wiley.
Organ, D. W., & Greene, C. N. (1981). The effects of formalization on professional involvement: A compensatory process approach. Administrative Science Quarterly, 26(2), 237–252.
Otley, D. T. (1980). The contingency theory of management accounting: Achievement and prognosis. Accounting, Organizations and Society, 5(4), 413–428.
Otley, D. T. (1994). Management control in contemporary organizations: Towards a wider framework. Management Accounting Research, 5, 289–299.
Otley, D. T. (1999). Performance management: A framework for management control systems research. Management Accounting Research, 10, 363–382.
Otley, D. T. (2003). Management control and performance management: Whence or whither? The British Accounting Review, 35, 309–326.
Otley, D. T. (2008). Did Kaplan get it right? Accounting, Auditing and Accountability Journal, 21(2), 229–229.
Ouchi, W. G. (1977). The relationship between organizational structure and organizational control. Administrative Science Quarterly, 22, 95–113.
Ouchi, W. G. (1979). A conceptual framework for the design of organizational control mechanisms. Management Science, 25(9), 833–848.
Ouchi, W. G. (1980). Markets, bureaucracies and clans. Administrative Science Quarterly, 25, 129–141.
Pathak, J. (2005). Guest Editorial: Risk management, internal controls and organizational vulnerabilities. Managerial Auditing Journal, 20(6), 569–577.
PCAOB (Public Company Accounting Oversight Board). (2004). Auditing Standard No.2 – An audit of internal control over financial reporting performed in conjunction with an audit of financial statements
PCAOB (Public Company Accounting Oversight Board). (2007). Auditing Standard No.5 – An audit of internal control over financial reporting that is integrated with an audit of financial statements. Available at www.pcaob.org
PCAOB (Public Company Accounting Oversight Board). (2009, September). Report on the first-year implementation of the audit standard No.5: An audit of internal control over financial reporting that is integrated with an audit of financial statements. Available at www.pcaob.org
Pfister, J. A. (2009). Managing organizational culture for effective internal control, from practice to theory. Heidelberg: Physica-Verlag.
Picket, K. H. S. (2001). Internal control: A manager’s journey. New York: Wiley.
Podsakoff, P. M., Williams, L. J., & Todor, W. D. (1986). Effects of organizational formalization on alienation among professionals and nonprofessionals. The Academy of Management Journal, 29(4), 820–831.
Porter, M. E. (1985). Competitive advantage. New York: Free Press.
Power, M. (1996). Making things auditable. Accounting, Organizations and Society, 21(2), 289–315.
Power, M. (1997). The audit society: Rituals of verification. New York: Oxford University Press.
Power, M. (2003a). Auditing and the production of legitimacy. Accounting, Organizations and Society, 28, 379–394.
Power, M. (2003b). Evaluating the audit explosion. Law & Policy, 25(3), 185–202.
Power, M. (2004). The nature of risk: The risk management of everything. Balance Sheet, 12(5), 19–28.
Power, M. (2005). The invention of operational risk. Review of International Political Economy, 12(4), 577–599.
Power, M. (2006). Special research symposium: Organizations and the management or risk. Journal of Management Studies, 43(6), 1331–1337.
Power, M. (2007). Organized uncertainty: Designing a world of risk management. New York: Oxford University Press.
Rae, K., & Subramaniam, N. (2008). Quality of internal control procedures: Antecedents and moderating effect on organizational justice and employee fraud. Managerial Auditing Journal, 23(2), 104–124.
Raghunandan, K., & Rama, D. V. (1994). Management reports after COSO. Internal Auditor, 54–58.
Ramamoorti, S. (2003). Research opportunities in internal auditing, chapter 1: Internal auditing: History, evolution and prospects. Florida: IIA (Institute of Internal Auditors) Research Foundation.
Ramos, M. (2004, May). Evaluate the control environment. Journal of Accountancy, 75–78.
Rittenberg, L. E., & Miller, P. K. (2005). Sarbanes-Oxley 404 work: looking at the benefits. Florida: IIA (The Institute of Internal Auditors) Research Foundation.
Sarens, G., & De Beelde, I. (2006). Internal auditors’ perception about their role in risk management: A comparison between US and Belgium companies. Managerial Auditing Journal, 21(1), 63–80.
Schipper, K. (1989, December). Earnings management. Accounting Horizons, 91–102.
Schnatterly, K. (2003). Increasing firm value through detection and prevention of white-collar crime. Strategic Management Journal, 24, 587–614.
Scott, W. R. (2003). Financial accounting theory (3rd ed.). Toronto: Prentice Hall.
Scott, S. V., & Walsham, G. (2005). Reconceptualizing and managing reputation risk in the knowledge economy: Toward reputable action. Organization Science, 16(3), 308–322.
SEC (United States Securities and Exchange Commission). (2009b). Proxy disclosure enhancements, Release No: 33–9089, Proposed Rule Release No. 33–9052. Release date December 19, 2009, Effective date: February 28, 2010. Available at www.sec.gov
Senior Supervisors Group. (2009, October 21). Risk management lessons from the global banking crisis of 2008. Available at www.sec.gov
Sherer, M., & Turley, S. (1997). Current issues in auditing (3rd ed.). London: Sage.
Simons, R. (1987). Accounting control systems and business strategy: An empirical analysis. Accounting, Organizations and Society, 12(4), 357–374.
Simons, R. (1990). The role of management control systems in creating competitive advantage: New perspectives. Accounting, Organizations and Society, 15(1/2), 127–143.
Simons, R. (1991). Strategic orientation and top management attention to control systems. Strategic Management Journal, 12(1), 49–62.
Simons, R. (1995). Levers of control: How managers use innovative controls systems to drive strategic renewal. Boston: Harvard Business School Press.
Smith, K. A. (1972). The relationship of internal control evaluation and audit sample size. The Accounting Review, 47(2), 260–269.
Solomon, J., Solomon, A., Norton, S., & Joseph, N. (2000). A conceptual framework for corporate risk disclosure emerging from the agenda for corporate governance reform. British Accounting Review, 32, 447–478.
Spira, L. F., & Page, M. (2003). Risk management: The reinvention of internal control and the changing role of internal audit. Accounting, Auditing and Accountability Journal, 16(4), 640–661.
Steffee, S. (2009, December). Reforms reduced compliance costs. Internal Auditor, 17.
Swayze, W. S. (1946). Internal control in industrial organizations. The Accounting Review, 21(3), 272–277.
Tacket, J., Wolf, F., & Claypool, G. (2006). Internal control under Sarbanes Oxley: A critical examination. Managerial Auditing Journal, 21(3), 317–323.
Tackett, J., Wolf, F., & Claypool, G. (2004). Sarbanes-Oxley and audit failure: A critical examination. Managerial Auditing Journal, 19(3), 340–350.
Taiariol, R. (2000, February). Segregated duties in fashion. Internal Auditor, 23–25.
Tannenbaum, A. (1968). Control in organizations. New York: McGraw-Hill.
Taylor, B. (2003). Board leadership: Balancing entrepreneurship and strategy with accountability and control. Corporate Governance, 3(2), 3–5.
Teece, D. J., Pisano, G., & Shuen, A. (1997). Dynamic capabilities and strategic management. Strategic Management Journal, 18(7), 509–533.
Trenerry, A. (1999). Principles of internal control. Sydney: University of New South Wales Press.
Turley, S., & Zaman, M. (2007). Audit committee effectiveness: Informal processes and behavioural effects. Accounting, Auditing and Accountability Journal, 20(5), 765–788.
Wallace, W. A. (1981). Internal control reporting practices in the municipal sector. The Accounting Review, 56(3), 666–689.
Waller Shelton, S., & Whittington, O. R. (2008). The influence of the auditor’s report on investors’ evaluations after the Sarbanes-Oxley act. Managerial Auditing Journal, 23(2), 142–160.
Wells, J. T. (2002). Let them know someone’s watching. Journal of Accountancy, 5, 106–110.
Whitley, J. (2006, December). COSO to develop further internal control guidance. Internal Auditor, 18.
Wiesen, J. (2003). Congress enacts Sarbanes-Oxley Act of 2002: A two-ton gorilla awakes and speaks. Journal of Accounting, Auditing and Finance, 18(3), 429–448.
Winter, S. G. (2003). Understanding dynamic capabilities. Strategic Management Journal, 24, 991–995.
Woods, M. (2009). A contingency theory perspective on the risk management control systems within Birmingham city council. Management Accounting Research, 20, 69–81.
Ernst & Young (2009). The future of risk. Protecting and enabling performance. EYGM limited. Available at http://www.ey.com
Zannetos, Z. S. (1964). Some thoughts on internal control systems of the firm. The Accounting Review, 39(4), 860–868.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Arwinge, O. (2013). Themes and Issues. In: Internal Control. Contributions to Management Science. Physica, Heidelberg. https://doi.org/10.1007/978-3-7908-2882-5_5
Download citation
DOI: https://doi.org/10.1007/978-3-7908-2882-5_5
Published:
Publisher Name: Physica, Heidelberg
Print ISBN: 978-3-7908-2881-8
Online ISBN: 978-3-7908-2882-5
eBook Packages: Business and EconomicsBusiness and Management (R0)