Search results

Islamic financial institutions (IFIs) are required to establish a Shariīʿah Governance Framework (SGF) to strengthen their Sharīʿah-compliance mechanism and ensure that all relevant IFI regulations are in line with Sharīʿah rules and principles. Effective implementation of the Shariīʿah-compliance function will further promote stakeholder confidence, as well as the integrity of IFIs, by reducing Shariīʿah non-compliance risks. This study aims to examine the internal control framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and explore the extent to which it can be incorporated in the Sharīʿah-compliance function of IFIs.

This study adopts a qualitative method of inquiry, utilizing the inductive method and content analysis to build comprehensive knowledge that will assist in exploring the framework of COSO methodology and the extent to which it can be adopted by IFIs.

The findings indicate that the existing frameworks of Sharīʿah governance, whether that of the Accounting and Auditing Organization for Islamic Financial Institutions (AAOIFI) or Bank Negara Malaysia (BNM), need to be further developed. Therefore, the adoption of COSO methodology in the internal Sharīʿah audit of IFIs, as suggested by AAOIFI, is not only possible but desirable. The study also finds that the COSO framework places the highest priority on risk management in that it makes it an integral part of the decision-making process in all the institution's activities. As a result, incorporating the comprehensive COSO risk management structure within the Sharīʿah-compliance function will enhance risk management in IFIs.

This study highlights the importance of the COSO internal control framework and examines its components, principles and the possibility of its adoption by IFIs. The findings of this study are expected to contribute to enhancing the Sharīʿah-compliance function of IFIs.

This paper aims to assess the influence of emotional intelligence (EI) on the perceived internal control performance in the Lebanese companies.

The goal of this study is to decide whether there is a connection between “emotional intelligence” and perceived efficacy of “internal control” in Lebanese organizations. For the benefit and purpose of this research, a quantitative methodology will be applied. The data was collected by the use of self-directed and pre-coded questionnaires to test hypotheses made, making it a deductive research.

The findings showed that the personality traits of the members of the audit team play a key role in cultivating a control climate that is more conducive to effective control. Moreover, personality traits were key in boosting trust and openness in communication that can be seen as antecedents to having a system where all key auditing professionals within the organization can cooperate to boost the effectiveness of the internal control framework. These personality traits amplified the impact of the EI of audit manager on the overall effectiveness of the COSO framework, thus leading to improved efficiency of internal controls.

The exploratory aspect of this study have shown results that are general but create a basis for future comprehensive researches. This study was limited to a relatively small sample, due to the small size of Lebanon and due to the Pandemic that has limited our access to more data. This research did not regulate other relevant variables such as gender, experience, educational level and age. Nevertheless, the importance of the findings is they ascertain that internal control is not a rigid technical function that is primarily concerned with accounting and financial disciplines, rather it extends to organizational psychology and behavior.

The practical implication of studying EM and personality in Lebanese organizations is to describe and understand how it affects the effectiveness of the internal control and thus the survival of the organization. When organizations are aware of such a strong impact, they will try to increase their maturity level in this regard and further seeks more efforts in tackling the EI aspect. As a summary, the practical implication of this paper is to understand how all those variables affect the effectiveness of the internal control and thus the survival of the organization.

The subject of this study consists of many human-related aspects such as personality and human behavior. Once these elements are combined with the internal control framework, it will have an added value at the social level by enhancing the behavior of people and their perception of others' emotions and oneself emotions, in addition to improving their performance which reflects on enhancing the overall organizational performance. Studying EI allows to understand and manage emotions in order to create positive social interactions. The benefits of EI are vast in terms of personal, academic and professional success.

Due to the lack of research on this topic, this research will contribute to explore the field. Future studies will benefit from this analysis while using a larger sample. Future work should aim to include not only auditors but all staff of the company. Further research is required to decide whether the results of this analysis are generalized across various positions and industries and to determine whether EI is the only influential aspect involving a significant number of social interactions. In addition, this article can be used as a basis for the implementation of internal control with a COSO framework that involves the EQ of everyone in the organization.

This article aims to identify management practices that evidence how internal control have been considered essential, from the edition of the State Constitutional Amendment no. 75 of 2012, within the public administration of the executive branch of the State of Ceará, during the period 2012–2021.

The study relates the identified management practices to COSO (The Committee of Sponsoring Organizations) methodology “Internal Environment” component categories. The research is classified as basic, exploratory and bibliographic, on the theme of internal control in scientific articles published between 2015 and 2021, and documental, carried out through official documents, including the 27 Brazilian constitutions.

Existence of management practices that corroborate the essentiality of internal control in Ceará.

The study is limited to evidencing the control practices implemented in Ceará, not evaluating them as to their quality.

Contributions on control on constitutional-legal bases for other Brazilian Federation States.

Possibility of introducing the research theme into various branches of scientific knowledge, such as political science and contributing to public organizations to implement policies with the proper application of resources for the benefit of society.

The originality of the research is in demonstrating the essentiality of internal control in the State of Ceará, from the edition of management acts performed by the executive branch, based on Constitutional Amendment 75 of 2012, which did not become a dead letter of the law, enabling other states of the federation to do the same.

This paper aims to explore the reporting challenges and related organisational mechanisms of change associated with disclosing corporate risks within integrated reports.

This paper adopts a Latourian performative approach to explore the organisational mechanisms of change in terms of networks of actors, both “human” and “non-human”, involved in the preparation of risk-related disclosure. Empirical evidence is collected by means of in-depth interviews with the preparers of an integrated reporting pioneer company.

Preparing disclosure on corporate risks in the context of integrated reporting demands close interaction among several actors. When disclosure shifts from listing key risks to providing information on how these risks are managed or connect with corporate strategy and value creation, departments not usually involved in corporate reporting play an active role and external stakeholders offer pertinent insights, benchmarks and feedback. Integrated reporting and risk management frameworks are the “non-human” actors that facilitate the engagement of diverse “human” actors.

Preparers should be aware that risk disclosure within integrated reports requires collaboration among (“human”) actors belonging to different departments and the engagement of external stakeholders. Preparers should consider the frameworks of integrated reporting and risk management as facilitators of cross-departmental discussions and dialogue, rather than mere contributors of guidelines and recommendations.

This study enriches the scant literature on organisational mechanisms of change made in response to integrated reporting challenges, showing subsequent advancements in the organisational process underlying the preparation of risk disclosure.

Internal audit is an essential component of the accountability structure in Ghana's local government system. Favourable conditions are required for its operation to assist management bodies to fulfil their responsibilities efficiently and effectively. Using Internal Control-Integrated Framework, this paper investigates the conditions under which internal auditing is carried out in four selected local governments in the Central Region of Ghana.

Based on interpretivism and qualitative approach, purposive sampling technique was used to select 14 key informants at various levels of governance for primary data by the use of key informant interview guide. The data were analysed using pattern matching and content analysis based on themes.

The findings of the study indicate that internal auditors faced unfavourable conditions including intimidation, threats and administrative interference in the course of performing their duties.

This paper is based on qualitative data from four selected local governments in the Central Region of Ghana. Hence these findings are specific to the local governments, internal auditors and management bodies in the country to benefit from them. The implication of the findings is closely related to the efforts to realise the ultimate goal of the recent government reforms and the need for further reforms to enhance independence, objectivity, effectiveness and efficiency.

This study helps management of local governments in finding out conditions under which internal auditing operates. This helps to enhance favourable conditions and minimise the unfavourable conditions for the purpose of efficient and effective utilisation of resources towards improvement of service delivery of local government system to meet the needs of the people.

The study contributes to the understanding and application of Internal Control-Integrated Framework to local government system in the Central Region. It also uses the agency theory to explain the conditions under which internal auditing is carried out in the selected local government institutions.

This study provides new insight into the conditions of carrying out internal auditing in local governments and raises awareness of stakeholders on the need to enhance service delivery to the people. It also introduces a novel idea of placing all internal auditors under a newly established Internal Audit Class to advance independence and objectivity.

This paper investigates the relationship between risk management practices and potential fraudulent financial reporting in Malaysia by considering recent regulatory reforms of the Malaysian government on risk management practices.

The sample of this study was based on 257 firm-year observations during the 2012–2017 period. This study employed panel-least square regressions with period fixed effects.

This study found a significant association between risk management activities in the disclosure and potential fraudulent financial reporting. Nevertheless, this study found there is insignificant effect of the risk-management committee in reducing potential of fraudulent financial reporting.

This study is a pioneer research that relates firms’ risk management practices with potential fraudulent financial reporting measured by F-score. Thus, this study provides an insight to regulators on the extent of risk-management practices in deterring potential fraudulent financial reporting which can be used as an input for greater enforcement of risk-management regulations.

The purpose of this study is to examine how companies integrate cyber risk into their enterprise risk management practices. Data breaches have become commonplace, with thousands occurring each year, and some costing hundreds of millions of dollars. Consequently, cyber risk has become one of the gravest risks facing organizations, and has attracted boardroom-level attention. On the other hand, companies already manage many kinds of difficult and growing risks, and that firms lose less than 1% of annual revenues as a result of cyber incidents. Therefore, how should firms appropriately address cyber risk? Is it indeed a materially different kind of risk area, or is it simply just one more risk that can seamlessly be integrated into existing enterprise risk management (ERM) practices?

The authors performed thematic analysis based on semi-structured interviews, with non-probabilistic, purposive sampling, to answer two main questions. First, how do firms manage enterprise risks, generally? And second, how are they integrating cyber risk into these existing processes?

The authors find that there is considerable variation in the approach and sophistication in ERM practices, such as whether they are driven more like an auditing function, or as a risk champion. The authors also find that despite the novelty of cyber risk, it can be integrated like other enterprise risks, and that cyber risk is most often seen as an operational risk (similar to workplace accidents or fraud), rather than a strategic risk, emerging from, for example, technology innovation and R&D.

The generalization of the results is limited by the sample size and variation of firms interviewed. While the authors attempted to interview enterprise risk managers across a wide variation of firms, there were clear limitations in the scope. That being said, the authors were fortunate to be able to examine ERM and cyber risk practices across small and large, private and publicly traded companies, from a variety of business sectors.

The authors believe these finding are important because they present evidence that while cyber risk may be new, it does not require specialized handling or processes to track it at the enterprise level. While some firms may choose to provide special accommodations or attention because of their data collection or business practices, this approach is neither necessary nor required of all firms in all situations.

This research is one of the only papers that, to the best of the authors’ knowledge, examines how cyber risk is integrated at an enterprise level.

In a rapidly changing world, organisations are constantly presented with threats and opportunities and the need to be responsive and resilient. This necessitates developing risk and uncertainty management capabilities within organisations. This article aims to consider risk and uncertainty competence, knowledge, skills, attitudes and the behaviours required by contemporary managers to protect their organisations from threat and harm, whilst seizing opportunity and reward.

This article presents answers to three fundamental questions: (1) Do all managers (those not specialising in risk management) need to be competent in risk and uncertainty management? (2) What does risk competence mean? and (3) How can managers develop the capabilities to become risk competent? The content can be used by practicing managers or educators to develop individual and ultimately organisational risk competence.

All contemporary managers should have some degree of risk competence. Risk competence behavioural indicators and requisite risk knowledge and skills are identified and discussed.

This article provides a contemporary view on risk and uncertainty management competence, drawing on relevant competence frameworks and the existing risk literature.

This study aims to explore the formation of municipal risk management (RM) and the reasons for the differences of RM practices between the seven biggest cities in Finland.

The empirical data of this comparative qualitative case study comprises 33 interviews conducted with municipal managers. Supplementary material includes documentary material on municipal rules governing RM as well as annual reports and risk tools used in the municipalities.

This study found differences in cities with respect to when, how and why RM practices had evolved. The results indicate that differences in RM practices and development paths between cities are largely explained by the differences in the original reason to initiate RM, time span since its introduction, professional and educational backgrounds of risk managers, local risk events and accounting infrastructure such as RM tools developed in a city. These findings also suggest that even within the same municipality, different functions can be at different phases regarding RM.

This study reports on RM as a new form of accounting in the field of Finnish municipalities. This highlights how fairly uniform considerations at the field level lead to variation in the elaboration of RM practices at the municipal level. The study finds that different paths in the development of local RM involve iterative evolution between the phases of emergence, largely explained by contextual differences. This study contributes to understanding the emergence of new accounting forms in a municipal RM context.

After 15 years of research, this paper aims to present a review of the academic literature on the ISO/IEC 27001, the most renowned standard for information security and the third most widespread ISO certification. Emerging issues are reframed through the lenses of social systems thinking, deriving a theory-based research agenda to inspire interdisciplinary studies in the field.

The study is structured as a systematic literature review.

Research themes and sub-themes are identified on five broad research foci: relation with other standards, motivations, issues in the implementation, possible outcomes and contextual factors.

The study presents a structured overview of the academic body of knowledge on ISO/IEC 27001, providing solid foundations for future research on the topic. A set of research opportunities is outlined, with the aim to inspire future interdisciplinary studies at the crossroad between information security and quality management. Managers interested in the implementation of the standard and policymakers can find an overview of academic knowledge useful to inform their decisions related to implementation and regulatory activities.