Search results
1 – 10 of 696Vandana Pramod, Jinghua Li and Ping Gao
The purpose of this paper is to form a new framework for preventing money laundering by mapping COBIT (Control for Information and Related Technology) processes to COSO (Committee…
Abstract
Purpose
The purpose of this paper is to form a new framework for preventing money laundering by mapping COBIT (Control for Information and Related Technology) processes to COSO (Committee of Sponsoring Organisation) components.
Design/methodology/approach
First, a new framework for preventing money laundering in banks is formed by mapping COBIT to COSO. Further, the potential of the mapped framework to comply with the Bank Secrecy Act requirements is analysed.
Findings
The mapped framework effectively supports all the activities of financial sectors through defining efficient information technology‐based processes and control methods. Information systems play a key role for financial sectors in producing financial statements, managing customer databases, detecting frauds, etc.
Research limitations/implications
Case studies of banks of different sizes, and in different countries are needed. It is necessary to improve the mapped framework by considering Basel III regulations.
Practical implications
COBIT‐mapped‐COSO framework is useful for banks to fight money laundering. While adopting the new framework, an organisation should apply the best practices that suit its operations rather than all the control objectives.
Social implications
The new framework can help banks fight money laundering.
Originality/value
For preventing money laundering through banks, a number of policies and intelligence systems are in place. However, there is no efficient framework that could guide banks to follow these policies and use information technologies. This paper proposes a new framework to target these gaps.
Details
Keywords
Said Bouheraoua and Fares Djafri
Islamic financial institutions (IFIs) are required to establish a Shariīʿah Governance Framework (SGF) to strengthen their Sharīʿah-compliance mechanism and ensure that all…
Abstract
Purpose
Islamic financial institutions (IFIs) are required to establish a Shariīʿah Governance Framework (SGF) to strengthen their Sharīʿah-compliance mechanism and ensure that all relevant IFI regulations are in line with Sharīʿah rules and principles. Effective implementation of the Shariīʿah-compliance function will further promote stakeholder confidence, as well as the integrity of IFIs, by reducing Shariīʿah non-compliance risks. This study aims to examine the internal control framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and explore the extent to which it can be incorporated in the Sharīʿah-compliance function of IFIs.
Design/methodology/approach
This study adopts a qualitative method of inquiry, utilizing the inductive method and content analysis to build comprehensive knowledge that will assist in exploring the framework of COSO methodology and the extent to which it can be adopted by IFIs.
Findings
The findings indicate that the existing frameworks of Sharīʿah governance, whether that of the Accounting and Auditing Organization for Islamic Financial Institutions (AAOIFI) or Bank Negara Malaysia (BNM), need to be further developed. Therefore, the adoption of COSO methodology in the internal Sharīʿah audit of IFIs, as suggested by AAOIFI, is not only possible but desirable. The study also finds that the COSO framework places the highest priority on risk management in that it makes it an integral part of the decision-making process in all the institution's activities. As a result, incorporating the comprehensive COSO risk management structure within the Sharīʿah-compliance function will enhance risk management in IFIs.
Originality/value
This study highlights the importance of the COSO internal control framework and examines its components, principles and the possibility of its adoption by IFIs. The findings of this study are expected to contribute to enhancing the Sharīʿah-compliance function of IFIs.
Details
Keywords
Michele Rubino and Filippo Vitolla
The purpose of this paper is to analyze how the COBIT framework, integrated within the internal control framework, enables improvement in the quality of financial reporting while…
Abstract
Purpose
The purpose of this paper is to analyze how the COBIT framework, integrated within the internal control framework, enables improvement in the quality of financial reporting while helping to reduce or eliminate the material weaknesses (MWs) of internal control over financial reporting (ICFR). The Control Objectives for Information and Related Technology (COBIT) model is a framework for information technology (IT) management and IT governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. Preliminarily, the analysis in this paper illustrates how the Committee of Sponsoring Organizations (COSO) framework impacts on the MWs, highlighting strengths and weaknesses. This paper shows how these limits can be overcome with the use of the COBIT framework.
Design/methodology/approach
This is a conceptual paper that aims to highlight the relationship between COBIT and COSO, by illustrating how the IT processes reduce or eliminate the main MW categories.
Findings
The analysis indicates that the implementation of the COBIT framework, or more generally the adoption of effective IT controls, provides important benefits to the entire company or organization. IT control objectives have a direct impact on the IT control weaknesses and indirectly on the other categories of material weaknesses.
Practical implications
The adoption of the framework allows managers to implement effective ICFR. In particular, the COBIT approach provides managers with a more evolved tool in terms of compliance with the Sarbanes–Oxley Act requirements. This framework also improves the reliability of financial reporting in relation to the requirements of Public Company Accounting Oversight Board’s Auditing Standards No. 2 and 5.
Originality/value
The analysis provides an interdisciplinary approach, connecting accounting and information systems themes, and suggest solutions and tools than can help managers to address the internal control weaknesses. This paper addresses an area of relevance to both practitioners and academics and expands existing accounting literature.
Details
Keywords
Mohamad Ridhuan Mat Dangi, Anuar Nawawi and Ahmad Saiful Azlin Puteh Salin
The purpose of this study is to determine whether higher-learning institutions have sufficient internal controls to manage whistle-blowing or similar means when encountering…
Abstract
Purpose
The purpose of this study is to determine whether higher-learning institutions have sufficient internal controls to manage whistle-blowing or similar means when encountering repetitive complaints requiring similar corrective actions. This study attempts to classify complaints as per categories, criteria and components of the COSO framework using a checklist called self-assessment checklist of internal control kits so that complaint activities can be efficiently and effectively managed.
Design/methodology/approach
As a case study, one public university in Malaysia was selected, and 740 complaints were examined over a four-year period. Two methods of data collection, namely, document analysis and interviews, were used.
Findings
This study found no internal controls established to oversee the complaints that were received. Hence, repetitive complaints were received for similar areas and functions over a period. The application of COSO framework on complaints and whistle-blowing activities, however, led to more organised and visible problems; therefore, effective corrective and preventive action may be conducted.
Research limitations/implications
This study was conducted on only one organisation with several series of interviews and limited period of document analysis because of privacy and confidentiality of the information. Future research should collect and analyze data from a higher number of organisations with more respondents for interviews and a longer period for document analysis to obtain more accurate results.
Practical implications
This study provides further evidence on the suitability of COSO framework for different types of organisations, either public or private, and has been successfully adopted globally. It is effective not only to manage the operation and financial matters but also to manage complaints and whistle-blowing activities in organisations.
Originality/value
This study is original because it focuses on the current practices of internal control in government entities, particularly for organisations that operate as higher-learning institutions, which is scarce in the literature. In addition, this study analysed the drawbacks of internal control systems, especially in dealing with whistle-blower reports and complaints by referring to the list of complaints made by their stakeholders.
Details
Keywords
Michele Rubino and Filippo Vitolla
The purpose of this paper is to illustrate how information technology (IT) governance supports the process of enterprise risk management (ERM). In particular, the paper…
Abstract
Purpose
The purpose of this paper is to illustrate how information technology (IT) governance supports the process of enterprise risk management (ERM). In particular, the paper illustrates how the Control Objectives for Information and related Technology (COBIT) framework helps a company reach its objectives by integrating and supporting the Enterprise Risk Management by the Committee of Sponsoring Organizations (COSO ERM) framework.
Design/methodology/approach
This paper explains how the integration between the two frameworks (COSO ERM and COBIT 5) can represent, for any organization, a good way to achieve the objectives of internal control and risk management and, more generally, corporate governance.
Findings
The paper identifies some gaps in the COSO ERM and illustrates how the COBIT framework facilitates the implementation of an adequate system of internal control.
Originality/value
The originality of the work presented here is in analyzing the COBIT 5 together with the COSO ERM framework. This paper highlights that is not enough to apply only an internal control framework for achieving the risk management and internal control system objectives. An IT governance framework, such as COBIT 5 is proposed as a tool that support risk management in order to develop an adequate system of internal control.
Details
Keywords
Ronald F. Premuroso and Robert Houmes
The purpose of this paper is to teach students the fundamental and most critical aspects of performing a financial statement risk assessment, a skill vital to help ensure both…
Abstract
Purpose
The purpose of this paper is to teach students the fundamental and most critical aspects of performing a financial statement risk assessment, a skill vital to help ensure both auditor and public‐company compliance with guidance found in the Sarbanes‐Oxley Act of 2002 (SOX), the SEC's Interpretative Guidance regarding Management's Report on Internal Control over Financial Reporting, the control deficiency evaluation framework found in Auditing Standard No. 5 (AS5) of the Public Company Accounting Oversight Board (PCAOB), and the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
Design/methodology/approach
This instructional case study helps students assess the impact of a set of hypothetical internal control deficiency risks in various industries, including inherent and residual financial statement risk assessment, and concludes with determining which identified internal control weaknesses are significant deficiencies and material weaknesses in internal control. Included in the financial statement residual risk assessment process are example entity‐level and process‐level controls described in COSO. Learning objectives, implementation guidance, and the efficacy of using the case study in the undergraduate or graduate auditing or accounting information systems courses are also provided.
Findings
The results of classroom testing of the case study at two universities provides evidence the case study increases student understanding of the implications of internal controls and their impact on the reliability of the financial statements significantly. Students also found the case to be challenging, interesting, relevant, clear, understandable, and a realistic approximation of what they might expect to encounter in the real‐world when performing a financial statement risk assessment.
Originality/value
The case study includes the development of skills important to students in performing financial statement risk assessments, either as an auditor or when working in a private industry environment, including making professional judgments related to risk assessment.
Details
Keywords
There are two main industry-sanctioned enterprise risk management (ERM) models, that is, COSO 2004 and ISO 31000:2009, that firms refer to when implementing ERM programs. Taken…
Abstract
Purpose
There are two main industry-sanctioned enterprise risk management (ERM) models, that is, COSO 2004 and ISO 31000:2009, that firms refer to when implementing ERM programs. Taken together, the two ERM models specify that firms should implement ERM programs to meet a strategic need, improve operations and reporting or to comply with government regulations or industry best practices. In addition, the focus of ERM implementation should be either the subsidiary, business unit, division, firm/entity or global level. The purpose of this study is to investigate whether firms are aligning their ERM implementations with these tenets: strategy, operations, reporting, compliance and the level of implementation.
Design/methodology/approach
The proxy for ERM implementation is the hiring of a Chief Risk Officer (CRO). The research data come from a sample of 122 US firms that issued a press release following the hiring of a CRO between 2010 and 2014. The press releases were retrieved and aggregated through content analysis in LexisNexis Academic.
Findings
The results reveal that many ERM implementations are occurring at the firm/entity level, and with the exception of reporting, firms consider ERM to be a strategic firm resource capable of improving business operations and compliance initiatives.
Originality/value
There is a dearth of research studies specifically investigating whether ERM programs adopted by firms are aligned with the specification of COSO 2004 and ISO 31000:2009 frameworks. The apparent lack of a clear understanding of the alignment between the firm ERM programs and the industry’s ERM frameworks may limit the development and implementation of ERM and the eventual realization of the benefits associated with a successful ERM implementation.
Details
Keywords
This paper aims to examine the effectiveness of the Committee of Sponsoring Organization’s 2013 Framework, by investigating how the number of auditor-reported material weaknesses…
Abstract
Purpose
This paper aims to examine the effectiveness of the Committee of Sponsoring Organization’s 2013 Framework, by investigating how the number of auditor-reported material weaknesses compares for Early-, Timely- and Late-adopters of the framework, and how the number of auditor-reported material weaknesses changed for Early- and Timely-adopters following their adoption of the framework.
Design/methodology/approach
The paper uses regression analyses based on a sample of US firms subject to Sarbanes-Oxley Act Section 404(b).
Findings
Timely-adopters of the 2013 Framework continued to exhibit fewer instances of auditor-reported material weaknesses than Late-adopters, even though they had a marginal increase in the number of auditor-reported material weaknesses, in the post-2013 Framework period.
Practical implications
The findings suggest that the effectiveness of the 2013 Framework may lie in the iterative nature of the internal control process, and as firms remedy deficiencies they or their auditors identify, they will continuously improve the effectiveness of their internal control systems.
Originality/value
Unlike existing literature, this paper uses data from the pre-2013 Framework, transition and post-2013 Framework periods to examine changes in the number of auditor-reported material weaknesses, thus differentiating between Early-, Timely- and Late-adopters of the 2013 Framework. It also shows the effect of adopting the 2013 Framework on the number of auditor-reported material weaknesses.
Details
Keywords
This paper aims to consider a number of key laws and regulations that have implications for information management and internal control systems.
Abstract
Purpose
This paper aims to consider a number of key laws and regulations that have implications for information management and internal control systems.
Design/methodology/approach
The paper is a discussion of the key laws and regulations. It also considers a number of frameworks that may be useful for assessing compliance with applicable laws and regulations.
Findings
Organizations worldwide are impacted by an increasing number of laws and regulations. Many of them have important implications for information management and internal control systems even though they may lack explicit references to information management. This is because information technology (IT) has become pervasive in modern organizations, and it is self evident that awareness of applicable laws and regulations, along with their potential impacts on information management systems, is critical for compliance.
Originality/value
The paper shows how the increasing number of laws and regulations impact on the information management functions of organizations in a variety of ways.
Details
Keywords
Rocco R. Vanasco, Clifford R. Skousen and Curtis C. Verschoor
Professional accounting associations in various countries andgovernmental and other quasi‐official bodies have played an importantrole not only in the evolution of internal…
Abstract
Professional accounting associations in various countries and governmental and other quasi‐official bodies have played an important role not only in the evolution of internal control reporting on a global scale, but also in educating management, investors, financial institutions, accountants, auditors, and other interested parties highlighting the pervasiveness of the effects of a sound internal control structure in corporate reporting as well as other aspects of an organization′s success. These associations include the Institute of Internal Auditors (IIA), the American Institute of Certified Public Accountants (AICPA), the General Accounting Office (GAO), the Securities and Exchange Commission (SEC), the Cadbury Committee, the Institute of Chartered Accountants of England and Wales (ICAEW), the Scottish Institute of Chartered Accountants (SICA), the Canadian Institute of Chartered Accountants (CICA), and others. Business failures, management fraud, corporate misconduct, international bribery, and notorious business scandals in all sectors of business have prompted the US government to take drastic action on internal control reporting to safeguard public interest. Several professional and government committees were formed to study this precarious situation: the Treadway Commission, the Committee of Sponsoring Organizations (COSO) of the Treadway Commission, the Packard Commission, the Cohen Commission, the Adams Commission in Canada, the Cadbury Committee in the UK, and others. The principal motivation for the changing dynamics has been growing public pressure for greater corporate accountability. The government′s pressure on the accounting profession and management of public corporations has been pivotal in spearheading internal control reporting. Examines the role of professional associations, governmental agencies, and others in promulgating standards for internal control reporting, and the impact of legislation on this aspect of internal auditing in the USA and worldwide.
Details