Search results

The Public Sector is usually assumed to have a risk avoidance culture, with a reactive rather than proactive approach towards the management. However, an improved holistic approach seems to be required, especially when considering the complexity and size of the Public Sector, and the challenges it faces to connect the services, clients and the different levels of governance.

Within this chapter, the authors lay out a maturity level evaluation of Governance, Risk Management and Compliance (GRC) within the Maltese Public Sector. Through documentation analysis of the available literature on the subject, the authors determine the principal themes required to develop an effective GRC practice across the Public Sector. The authors then design statements based on the identified GRC themes and administer it using an online survey tool to Public employees across different Ministries, Departments, Agencies and Entities, in order to obtain their perception. This is in order to determine gaps, weaknesses or limiting factors towards the implementation of an effective GRC.

The results show that, although, there is a substantial percentage of scepticism and few disagreements towards some of the statements, especially those which related to Risk Management (RM) and Internal Auditing (IA), the majority of Public Sector bodies do in fact show high standards of GRC practices integrated and present in their day-to-day operations and internal environment, showing that there is a well-developed Governance, Compliance and Control structure and Internal Audit function across the Sector.

However, the perception of participants is that the RM function is the least developed area. IA needs some improvement especially where trust on advice is involved.

The purpose of this paper is to illustrate how information technology (IT) governance supports the process of enterprise risk management (ERM). In particular, the paper illustrates how the Control Objectives for Information and related Technology (COBIT) framework helps a company reach its objectives by integrating and supporting the Enterprise Risk Management by the Committee of Sponsoring Organizations (COSO ERM) framework.

This paper explains how the integration between the two frameworks (COSO ERM and COBIT 5) can represent, for any organization, a good way to achieve the objectives of internal control and risk management and, more generally, corporate governance.

The paper identifies some gaps in the COSO ERM and illustrates how the COBIT framework facilitates the implementation of an adequate system of internal control.

The originality of the work presented here is in analyzing the COBIT 5 together with the COSO ERM framework. This paper highlights that is not enough to apply only an internal control framework for achieving the risk management and internal control system objectives. An IT governance framework, such as COBIT 5 is proposed as a tool that support risk management in order to develop an adequate system of internal control.

The purpose of this study is to examine the design and implementation of enterprise risk management (ERM) in three large Chinese state-owned enterprises and to develop propositions on integrating ERM, budgetary control system and cash flow stability approach.

This study adopts a field study approach to analyze the risk assessment and risk-return matching of ERM. A field study was carried out over three years from 2008 to 2011 in three Chinese state-owned enterprises. These companies were chosen because less attention has been given to the implementation of ERM in such firms.

First, the authors find that all three companies use budgetary control to identify risks, analyze each risk to determine the potential consequences, determine the acceptable levels of risk, develop a risk mitigation plan and monitor the activities in all business processes that may change the levels of risks continuously. Second, the companies focus on cash flow risks through budgetary control to ensure the stability of cash flows. Finally, the degree of intensity of using budgetary control institutionalization to design and implement ERM has a positive impact on the level of risk acceptance and risk assessment culture.

The findings of this study, however, should be interpreted with caution because this study was conducted in three Chinese state-owned enterprises. To increase the generalizability of the findings, future research is encouraged to replicate this study in different industries, as well as in different countries. Furthermore, future research might also examine the authors’ propositions using a large-scale survey across other regions of the world.

Companies can minimize resistance to change by using budgetary control institutionalization when implementing the ERM. State-owned enterprises can initiate and implement a new risk management system by identifying the potential risks and by developing a risk mitigation plan.

The results of this study will help companies, particularly state-owned enterprises, to improve their performance and become more competitive, which in turn will benefit the society as a whole by performing their risk driver identification, risk driver impact assessment, risk management actions and risk management optimization more effectively.

The authors investigate how the firms use a legitimate system, namely, budgetary control, that is widely accepted and used in China to foster the acceptance and use of ERM. The authors also develop testable propositions of ERM implementation and cash flow stability that will provide useful guidelines for future research.

The publication of the Turnbull guidance represented a radical redefinition of the nature of internal control as a feature of corporate governance in the UK, explicitly aligning internal control with risk management. This paper explores this change, using sociological perspectives on risk and its conceptualisation to frame the debate about internal control and risk management within the UK corporate governance arena – the most recent manifestation of an ongoing competition for the control of economic and social resources. The paper demonstrates that developments in corporate governance reporting requirements offer opportunities for the appropriation of risk and its management by groups wishing to advance their own interests. This is illustrated by a review of recent changes in internal audit.

The purpose of this study is to examine how managers in financial institutions satisfy themselves of the effectiveness of risk mitigation strategy and management control. It studies the co-opting of accounting tools within a single financial institution case study, examining the recursive and emergent characteristics of risk management practice.

Adopting a field study approach within the strategy-as-practice perspective, the paper provides insights into the role of actor perceptions of risk and accounting as a calculative practice in the adaptive enactment of risk strategy.

Results highlight the interactions between risk management strategy, management controls and actor interests at Lehman Brothers. The actions and reactions of risk management decision-makers such as Executive Committee and Board members are examined to better understand the role of accounting and leadership.

Results of this study may not be generalised beyond this single case study.

The paper emphasises that concern for the social relations and the performative interests of actors in a risk management network needs to be understood and considered in accounting research. It is argued that the market prices of tradable financial asset will continue to be opaque without these insights.

This study explores an under-researched topic in the accounting literature in examining how management controls are affected by and, in turn, affect risk strategising.

The purpose of this paper is to describe and compare in a qualitative way how internal auditors perceive their current role in risk management within US and Belgian companies.

In order to get adequate data, Chief audit executives from 10 different companies were interviewed and relevant documents were analyzed.

In the Belgian cases, internal auditors' focus on acute shortcomings in the risk management system creates opportunities to demonstrate their value. Internal auditors are playing a pioneering role in the creation of a higher level of risk and control awareness and a more formalized risk management system. In the US cases, internal auditors' objective evaluations and opinions are a valuable input for the new internal control review and disclosure requirements mentioned in the Sarbanes Oxley Act.

Given the qualitative nature of this study, generalization to all Belgian and US companies is not possible. The time specific character of the subject is an opportunity for future longitudinal research.

In Belgium, the internal auditing profession is actually in a kind of “transition phase”. In order to survive this transition phase, internal auditors need to assume a “teaching role” vis‐à‐vis the different management levels to make them aware of their responsibilities in risk management. After this transition period, internal auditors will be able to focus more on their core activities.

In addition to a number of quantitative studies, this paper extends in a qualitative and comparative way the understanding of the specific role of internal auditors in risk management within US and Belgian companies.

The purpose of this paper is to investigate how the management control system, the bank’s control package, influences opinion about the usefulness of risk measurement (RM) in different control contexts before and after a financial crisis, to understand what influences the usefulness of enterprise risk management (ERM) manifested in RM.

The study is based on semi-structured interviews in 2000-2010, with senior bank managers of two international banks (Bank A and Bank B) – both ranking among the top 100 in the world but differing structurally and culturally.

The two banks took opposite trajectories. Bank A went from high to low expectations of usefulness; Bank B went from low to high expectations. The different attitudes toward RM exhibited by Bank A and Bank B are explained by differences in their control packages, manifested by technocratic control and socio-ideology.

This study reveals that there are not merely different degrees of RM usage in the two banks but that they also show two diverting trajectories. Given this finding, the significance of the organization structure and its control packages (especially the alignment between these two factors) is analyzed to find a plausible explanation for the different experiences of senior managers toward the usefulness of RM. This study contributes to ERM research and to the contingency theory of management accounting.

Part IV provides readers with the extant requirements for the application of materiality to recognition, measurement, presentation, and disclosure in the financial statements. This part also includes a detailed critical review of the recent Practice Statement on materiality, the FASB’s proposed ASU on the notes and the amendments to the Conceptual Framework proposed by the IASB and the FASB.

The part expands to issues that are typical of Management Commentary, including the SEC guidance on materiality in Management Discussion and Analysis.

It informs about the complexities and subtle differences between financial statements and bookkeeping and the different standards of reasonableness versus materiality.

A section moves from materiality to material misstatements and covers the application of materiality in auditing.

Another section goes in depth on internal control over financial reporting, showing the linkages between materiality and risk appetite and risk tolerance and the related application guidance.

This study explores the interrelationship between regulatory risks and strategic controls within the financial supervision architecture of an emergent global financial centre of China that embraces innovation as part of its strategic objectives.

This paper employs a longitudinal case study approach to examine the institutional dynamics of the key financial regulators in connection with the regulated financial institutions in Hong Kong before and after the financial tsunami of 2008.

First, this study reveals an organic development of a specialised financial regulatory architecture that resists transforming itself structurally despite the significant impact of externalities. Second, in this post-financial crisis analysis, regulated financial institutions swiftly respond by strengthening their risk controls through compliance with the guidelines imposed by the regulator. Institutional dynamics in influencing the implementation of risk controls through a top-down interactive mechanism are observed. Such dynamic and pertinent rapid responses induce the pursuit of optimal risk management within a regulatory framework.

This paper provides a longitudinal case study to reveal regulatory risks and strategic controls of the global financial centre of China. It unveils mitigating risk control measures in the aftermath of the global financial crisis. The study demonstrates how regulatory institutions strive to take precautionary, coercive measures such that the regulated institutions mimic and implement prudent mechanisms.