Search results

Islamic financial institutions (IFIs) are required to establish a Shariīʿah Governance Framework (SGF) to strengthen their Sharīʿah-compliance mechanism and ensure that all relevant IFI regulations are in line with Sharīʿah rules and principles. Effective implementation of the Shariīʿah-compliance function will further promote stakeholder confidence, as well as the integrity of IFIs, by reducing Shariīʿah non-compliance risks. This study aims to examine the internal control framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and explore the extent to which it can be incorporated in the Sharīʿah-compliance function of IFIs.

This study adopts a qualitative method of inquiry, utilizing the inductive method and content analysis to build comprehensive knowledge that will assist in exploring the framework of COSO methodology and the extent to which it can be adopted by IFIs.

The findings indicate that the existing frameworks of Sharīʿah governance, whether that of the Accounting and Auditing Organization for Islamic Financial Institutions (AAOIFI) or Bank Negara Malaysia (BNM), need to be further developed. Therefore, the adoption of COSO methodology in the internal Sharīʿah audit of IFIs, as suggested by AAOIFI, is not only possible but desirable. The study also finds that the COSO framework places the highest priority on risk management in that it makes it an integral part of the decision-making process in all the institution's activities. As a result, incorporating the comprehensive COSO risk management structure within the Sharīʿah-compliance function will enhance risk management in IFIs.

This study highlights the importance of the COSO internal control framework and examines its components, principles and the possibility of its adoption by IFIs. The findings of this study are expected to contribute to enhancing the Sharīʿah-compliance function of IFIs.

The purpose of this paper is to analyze how the COBIT framework, integrated within the internal control framework, enables improvement in the quality of financial reporting while helping to reduce or eliminate the material weaknesses (MWs) of internal control over financial reporting (ICFR). The Control Objectives for Information and Related Technology (COBIT) model is a framework for information technology (IT) management and IT governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. Preliminarily, the analysis in this paper illustrates how the Committee of Sponsoring Organizations (COSO) framework impacts on the MWs, highlighting strengths and weaknesses. This paper shows how these limits can be overcome with the use of the COBIT framework.

This is a conceptual paper that aims to highlight the relationship between COBIT and COSO, by illustrating how the IT processes reduce or eliminate the main MW categories.

The analysis indicates that the implementation of the COBIT framework, or more generally the adoption of effective IT controls, provides important benefits to the entire company or organization. IT control objectives have a direct impact on the IT control weaknesses and indirectly on the other categories of material weaknesses.

The adoption of the framework allows managers to implement effective ICFR. In particular, the COBIT approach provides managers with a more evolved tool in terms of compliance with the Sarbanes–Oxley Act requirements. This framework also improves the reliability of financial reporting in relation to the requirements of Public Company Accounting Oversight Board’s Auditing Standards No. 2 and 5.

The analysis provides an interdisciplinary approach, connecting accounting and information systems themes, and suggest solutions and tools than can help managers to address the internal control weaknesses. This paper addresses an area of relevance to both practitioners and academics and expands existing accounting literature.

The purpose of this study is to provide theoretical guidance that enables local governments to deal with occupational fraud.

The quantitative approach is used to examine the efficacy of the Committee of Sponsoring Organisations of the Treadway Commission (COSO) internal control framework in tackling occupational fraud in local government. To achieve the goals, the authors performed a survey of the Indonesian auditor institutions.

It is not appropriate to argue that all types of local government fraud can be deterred by a single internal control. The study suggests that COSO internal controls are not effective for dealing with corruption cases. However, the authors do find the efficacy of those controls are obvious for controlling asset misappropriation and financial statement fraud. This result indicates that if the COSO internal control framework is only designed for routine financial control and asset protection, it significantly and negatively influences its efficacy to deal with occupational fraud. This study has both theoretical and managerial implications, discussed separately.

In the field of prevention, the authors cannot make generalised theories and approaches for dealing with occupational fraud. Whilst previous authors have offered fraud deterrents in terms of internal controls, they have failed to realise the need to understand their effectiveness for particular forms of fraud. This paper sheds light on the effectiveness of internal controls in achieving their goals. This has both practical applications and stimulates theoretical insights.

This paper aims to consider a number of key laws and regulations that have implications for information management and internal control systems.

The paper is a discussion of the key laws and regulations. It also considers a number of frameworks that may be useful for assessing compliance with applicable laws and regulations.

Organizations worldwide are impacted by an increasing number of laws and regulations. Many of them have important implications for information management and internal control systems even though they may lack explicit references to information management. This is because information technology (IT) has become pervasive in modern organizations, and it is self evident that awareness of applicable laws and regulations, along with their potential impacts on information management systems, is critical for compliance.

The paper shows how the increasing number of laws and regulations impact on the information management functions of organizations in a variety of ways.

Professional accounting associations in various countries and governmental and other quasi‐official bodies have played an important role not only in the evolution of internal control reporting on a global scale, but also in educating management, investors, financial institutions, accountants, auditors, and other interested parties highlighting the pervasiveness of the effects of a sound internal control structure in corporate reporting as well as other aspects of an organization′s success. These associations include the Institute of Internal Auditors (IIA), the American Institute of Certified Public Accountants (AICPA), the General Accounting Office (GAO), the Securities and Exchange Commission (SEC), the Cadbury Committee, the Institute of Chartered Accountants of England and Wales (ICAEW), the Scottish Institute of Chartered Accountants (SICA), the Canadian Institute of Chartered Accountants (CICA), and others. Business failures, management fraud, corporate misconduct, international bribery, and notorious business scandals in all sectors of business have prompted the US government to take drastic action on internal control reporting to safeguard public interest. Several professional and government committees were formed to study this precarious situation: the Treadway Commission, the Committee of Sponsoring Organizations (COSO) of the Treadway Commission, the Packard Commission, the Cohen Commission, the Adams Commission in Canada, the Cadbury Committee in the UK, and others. The principal motivation for the changing dynamics has been growing public pressure for greater corporate accountability. The government′s pressure on the accounting profession and management of public corporations has been pivotal in spearheading internal control reporting. Examines the role of professional associations, governmental agencies, and others in promulgating standards for internal control reporting, and the impact of legislation on this aspect of internal auditing in the USA and worldwide.

The purpose of this paper is to teach students the fundamental and most critical aspects of performing a financial statement risk assessment, a skill vital to help ensure both auditor and public‐company compliance with guidance found in the Sarbanes‐Oxley Act of 2002 (SOX), the SEC's Interpretative Guidance regarding Management's Report on Internal Control over Financial Reporting, the control deficiency evaluation framework found in Auditing Standard No. 5 (AS5) of the Public Company Accounting Oversight Board (PCAOB), and the Committee of Sponsoring Organizations of the Treadway Commission (COSO).

This instructional case study helps students assess the impact of a set of hypothetical internal control deficiency risks in various industries, including inherent and residual financial statement risk assessment, and concludes with determining which identified internal control weaknesses are significant deficiencies and material weaknesses in internal control. Included in the financial statement residual risk assessment process are example entity‐level and process‐level controls described in COSO. Learning objectives, implementation guidance, and the efficacy of using the case study in the undergraduate or graduate auditing or accounting information systems courses are also provided.

The results of classroom testing of the case study at two universities provides evidence the case study increases student understanding of the implications of internal controls and their impact on the reliability of the financial statements significantly. Students also found the case to be challenging, interesting, relevant, clear, understandable, and a realistic approximation of what they might expect to encounter in the real‐world when performing a financial statement risk assessment.

The case study includes the development of skills important to students in performing financial statement risk assessments, either as an auditor or when working in a private industry environment, including making professional judgments related to risk assessment.

The purpose of this paper is twofold: first to add to the debate on good governance and ethics of enterprise risk management (ERM) and second to describe an ethical maturity scale based on duty and responsibility for practical implementation to ensure better governance.

The methodology has centred on risk governance as a way for many organisations to improve their risk management (RM) practices from an ethical perspective based on responsibility and on fulfilling one's duty within the organisation.

While companies in Australia, for example, are more mature than those in Russia in terms of governance systems life cycle, there are a number of common international challenges in risk governance implementation. These relate to a link between risk framework, enterprise value model and strategic planning; to a definition of risk appetite, the embodiment of RM in organisational culture, internal audit and ERM function, the evolving role of a chief risk officer (CRO) and senior management buy‐in and sponsorship of the integrated ethical RM from a chief executive officer.

ERM – a way for many organisations to improve their RM practices – is a key component of the applied ethics of corporate governance. It has developed into a philosophy to assist organisations with the process of protecting shareholders' value while also increasing the bottom‐line profitability. Effective ERM is based on ethical risk governance. Internal audit needs to be involved in the process of integrating RM and compliance. It should maintain a degree of independence when assisting with ERM establishment. CRO is most effective when reporting to the board.

Global companies are becoming more accountable to multiple stakeholders. It is the adoption of an ethical code to arrest the lack of clarity of roles ascribed to the audit committee and risk committee and management's accountability or lack thereof that remains the challenge across different jurisdictions. In attempting to implement good governance and meet the challenges, the paper introduces an ethical maturity scale as an internal measure that could be embedded in an organisation's strategy.

Internal Control – Integrated Framework (COSO Report, 1992) defines internal control, suggests a framework for internal control, and presents criteria to use in evaluating controls. The document also provides guidance to management developing a report on controls for use by external parties. SSAE 2, “Reporting on an Entity′s Internal Control Structure over Financial Reporting” (1993) offers assistance to the practitioner reporting on management′s assertion regarding internal control over financial reporting. Discusses and provides an example of management′s report on internal control prepared according to COSO. Also discusses the accountant′s examination under SSAE guidance of management′s assertions and subsequent report and provides an example of the accountant′s report. Concludes by discussing the new business opportunities for the accountant which may result from external reporting on internal controls over financial reporting.

There have been many studies that investigated the causes of workarounds, but there is less research on their outcomes, such as the impact on internal control. This study aims to investigate the use of workarounds by a multinational organization that implemented SAP about 10 years ago, and how those workarounds affected internal controls.

A qualitative study is performed by analyzing interviews with company personnel for a multinational organization. Employees selected for interviews are primarily users of SAP’s accounting functions.

Workarounds have significant impacts on the internal controls over financial reporting. Workarounds cause compensating controls to be implemented, which are often manual in nature, and decrease the organizational efficiency and effectiveness.

Workarounds become integrated into an organization’s activities to meet its business needs. This research raises questions to determine when maintaining organizational efficiency and control outweighs the need to provide customer service and other business needs.

Companies should consider whether their business processes can be modified to ensure that they can be handled within the enterprise system. In addition, the number of compensating controls required due to workarounds may decrease the organizational efficiency expected from having an enterprise resource planning system to ensure the integrity of financial information.

This paper moves beyond finding the causes of workarounds, and expands what is known about workarounds and their impact on an organization. An important contribution of this study is to consider the intersection of workarounds, ERP systems and internal controls.

The purpose of this paper is to form a new framework for preventing money laundering by mapping COBIT (Control for Information and Related Technology) processes to COSO (Committee of Sponsoring Organisation) components.

First, a new framework for preventing money laundering in banks is formed by mapping COBIT to COSO. Further, the potential of the mapped framework to comply with the Bank Secrecy Act requirements is analysed.

The mapped framework effectively supports all the activities of financial sectors through defining efficient information technology‐based processes and control methods. Information systems play a key role for financial sectors in producing financial statements, managing customer databases, detecting frauds, etc.

Case studies of banks of different sizes, and in different countries are needed. It is necessary to improve the mapped framework by considering Basel III regulations.

COBIT‐mapped‐COSO framework is useful for banks to fight money laundering. While adopting the new framework, an organisation should apply the best practices that suit its operations rather than all the control objectives.

The new framework can help banks fight money laundering.

For preventing money laundering through banks, a number of policies and intelligence systems are in place. However, there is no efficient framework that could guide banks to follow these policies and use information technologies. This paper proposes a new framework to target these gaps.