Search results

The Public Sector is usually assumed to have a risk avoidance culture, with a reactive rather than proactive approach towards the management. However, an improved holistic approach seems to be required, especially when considering the complexity and size of the Public Sector, and the challenges it faces to connect the services, clients and the different levels of governance.

Within this chapter, the authors lay out a maturity level evaluation of Governance, Risk Management and Compliance (GRC) within the Maltese Public Sector. Through documentation analysis of the available literature on the subject, the authors determine the principal themes required to develop an effective GRC practice across the Public Sector. The authors then design statements based on the identified GRC themes and administer it using an online survey tool to Public employees across different Ministries, Departments, Agencies and Entities, in order to obtain their perception. This is in order to determine gaps, weaknesses or limiting factors towards the implementation of an effective GRC.

The results show that, although, there is a substantial percentage of scepticism and few disagreements towards some of the statements, especially those which related to Risk Management (RM) and Internal Auditing (IA), the majority of Public Sector bodies do in fact show high standards of GRC practices integrated and present in their day-to-day operations and internal environment, showing that there is a well-developed Governance, Compliance and Control structure and Internal Audit function across the Sector.

However, the perception of participants is that the RM function is the least developed area. IA needs some improvement especially where trust on advice is involved.

The publication of the Turnbull guidance represented a radical redefinition of the nature of internal control as a feature of corporate governance in the UK, explicitly aligning internal control with risk management. This paper explores this change, using sociological perspectives on risk and its conceptualisation to frame the debate about internal control and risk management within the UK corporate governance arena – the most recent manifestation of an ongoing competition for the control of economic and social resources. The paper demonstrates that developments in corporate governance reporting requirements offer opportunities for the appropriation of risk and its management by groups wishing to advance their own interests. This is illustrated by a review of recent changes in internal audit.

The purpose of this paper is to describe and compare in a qualitative way how internal auditors perceive their current role in risk management within US and Belgian companies.

In order to get adequate data, Chief audit executives from 10 different companies were interviewed and relevant documents were analyzed.

In the Belgian cases, internal auditors' focus on acute shortcomings in the risk management system creates opportunities to demonstrate their value. Internal auditors are playing a pioneering role in the creation of a higher level of risk and control awareness and a more formalized risk management system. In the US cases, internal auditors' objective evaluations and opinions are a valuable input for the new internal control review and disclosure requirements mentioned in the Sarbanes Oxley Act.

Given the qualitative nature of this study, generalization to all Belgian and US companies is not possible. The time specific character of the subject is an opportunity for future longitudinal research.

In Belgium, the internal auditing profession is actually in a kind of “transition phase”. In order to survive this transition phase, internal auditors need to assume a “teaching role” vis‐à‐vis the different management levels to make them aware of their responsibilities in risk management. After this transition period, internal auditors will be able to focus more on their core activities.

In addition to a number of quantitative studies, this paper extends in a qualitative and comparative way the understanding of the specific role of internal auditors in risk management within US and Belgian companies.

The purpose of this paper is to investigate whether the weaker focus on risk management and internal control within the Belgian corporate governance guidelines is associated with less developed risk management and internal control systems within Belgian companies, when compared to Australian companies.

Theoretical arguments were drawn from institutional theory. Data for the study were collected through a questionnaire that was sent out to chief audit executives in Australia and Belgium.

The paper finds that the weaker focus of the Belgian corporate governance guidelines on risk management and internal control is associated with less developed risk management and internal control systems in Belgian companies than in Australian companies.

The paper contributes to the literature on corporate governance, as it suggests that the specific content of corporate governance guidelines is an important variable to take into account. This paper also confirms that institutional theory is a relevant framework to study on the one hand, corporate governance practices in a “comply or explain” context, and on the other hand, corporate governance practices within unlisted companies.

Part IV provides readers with the extant requirements for the application of materiality to recognition, measurement, presentation, and disclosure in the financial statements. This part also includes a detailed critical review of the recent Practice Statement on materiality, the FASB’s proposed ASU on the notes and the amendments to the Conceptual Framework proposed by the IASB and the FASB.

The part expands to issues that are typical of Management Commentary, including the SEC guidance on materiality in Management Discussion and Analysis.

It informs about the complexities and subtle differences between financial statements and bookkeeping and the different standards of reasonableness versus materiality.

A section moves from materiality to material misstatements and covers the application of materiality in auditing.

Another section goes in depth on internal control over financial reporting, showing the linkages between materiality and risk appetite and risk tolerance and the related application guidance.

Islamic financial institutions (IFIs) are required to establish a Shariīʿah Governance Framework (SGF) to strengthen their Sharīʿah-compliance mechanism and ensure that all relevant IFI regulations are in line with Sharīʿah rules and principles. Effective implementation of the Shariīʿah-compliance function will further promote stakeholder confidence, as well as the integrity of IFIs, by reducing Shariīʿah non-compliance risks. This study aims to examine the internal control framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and explore the extent to which it can be incorporated in the Sharīʿah-compliance function of IFIs.

This study adopts a qualitative method of inquiry, utilizing the inductive method and content analysis to build comprehensive knowledge that will assist in exploring the framework of COSO methodology and the extent to which it can be adopted by IFIs.

The findings indicate that the existing frameworks of Sharīʿah governance, whether that of the Accounting and Auditing Organization for Islamic Financial Institutions (AAOIFI) or Bank Negara Malaysia (BNM), need to be further developed. Therefore, the adoption of COSO methodology in the internal Sharīʿah audit of IFIs, as suggested by AAOIFI, is not only possible but desirable. The study also finds that the COSO framework places the highest priority on risk management in that it makes it an integral part of the decision-making process in all the institution's activities. As a result, incorporating the comprehensive COSO risk management structure within the Sharīʿah-compliance function will enhance risk management in IFIs.

This study highlights the importance of the COSO internal control framework and examines its components, principles and the possibility of its adoption by IFIs. The findings of this study are expected to contribute to enhancing the Sharīʿah-compliance function of IFIs.

Using the backdrop of an (apparently) extended visit to the West Indies, analogies with key concerns of internal audit are drawn. An unusual and refreshing way of exploring the main themes ‐ a discussion between Bill and Jack on tour in the islands ‐ forms the debate. Explores the concepts of control, necessary procedures, fraud and corruption, supporting systems, creativity and chaos, and building a corporate control facility.

Using the backdrop of an (apparently) extended visit to the West Indies, analogies with key concerns of internal audit are drawn. An unusual and refreshing way of exploring the main themes ‐ a discussion between Bill and Jack on tour in the islands ‐ forms the debate. Explores the concepts of control, necessary procedures, fraud and corruption, supporting systems, creativity and chaos, and building a corporate control facility.

Section 404 of the Sarbanes–Oxley Act (SOX) altered the relationship between auditors and their clients by requiring an external audit of companies’ internal controls. Regulatory guidance is interpreted and applied by external auditors to comply with SOX. The purpose of this paper is to apply service operations management theories and techniques to the internal control audit process to better understand the role regulatory guidance plays in audit services. We discuss service operations management theories that apply to the production of audit services and employ the operations management technique of simulation to examine the effects of a historical relationship between the client and the auditor, information sharing between the client and the auditor, and the auditor’s perceived risk of the client on the internal control audit process. The application of service operations management theories and the simulation results illustrate that risk and information sharing are key factors for the audit process. The results suggest the updated Public Company Accounting Oversight Board guidance from Auditing Standard 2 to Auditing Standard 5 appropriately increased audit effectiveness by encouraging risk-based judgments and information sharing. This paper merges accounting and service operations management research to examine the effects of regulatory guidance on the internal control audit process. The paper uses simulation to illustrate the importance of interpreting regulatory guidance and the specific effects of risk and information sharing on the internal control audit process.

This chapter adopts Porter’s ‘audit trinity’ approach comprising internal audit, external audit and audit committee to discuss the role auditing can play in the management of corporate fraud.

The chapter maps the historical background of and the developments in external audit as an assurance service, the internal audit function and the audit committee. Based on this, it explains the nature, types and possible causes of corporate fraud within the context of business risk with a view to establishing how auditing can help in managing such frauds.

The chapter highlights the relationships that should exist between the three audit types in order to support a sound internal control system as a tool for preventing and detecting corporate fraud.

The chapter identifies cost, opportunity, connivance and managerial override as factors that could limit the ability of auditing to manage corporate fraud. It also suggests ways of addressing these limitations.

As the current upward trend in IT adoption for corporate operations continue to open new sets of corporate fraud windows, this chapter examines how an entity’s internal controls can be used to prevent and detect these growing fraud schemes.

The chapter’s unique strength is its adoption of a holistic approach to auditing to suggest ways of managing corporate fraud – a novelty in the corporate fraud literature. It is hoped that future research in the area will bring empirical insights to the issues raised and perspectives covered in the chapter.