Special Topics Official Research Paper

8/2/2019 Special Topics Official Research Paper

1/24

INTERNAL CONTROLS AND RISK MANAGEMENT

AN ANALYSIS OF THE ROLE AND SIGNIFICANCE OF INTERNAL CONTROLS AND

RISK MANAGEMENT WITHIN GRENADIAN ORGANIZATIONS.

Emma S. Bowen

Author Note

Emma S. Bowen, Accounting Student, St.Georges University.

Correspondence concerning this paper should be addressed to Emma S. Bowen,

Accounting Student, St.Georges University, Campus Box 2306, True Blue St.George, Grenada.

Email:[email protected]


2/24


3/24


Abstract

Of

AN ANALYSIS OF THE ROLE AND SIGNIFICANCE OF INTERNAL CONTROLS AND

RISK MANAGEMENT WITHIN GRENADIAN ORGANIZATIONS.

By

Emma. S. Bowen


4/24


ACKNOWLEDGEMENTS

First and foremost, I would like to send my deepest gratitude to the course facilitators for

their endless support and guidance throughout this research. As an undergraduate student their

feedbacks and encouragement has provide invaluable insights which helped me in writing this

research paper.

I would also like to thank my mom and any other individual who contributed towards the

completion of this paper.


5/24


TABLE OF CONTENTS

Page

Acknowledgements.

Introduction..

Purpose of Study...

Significance of Study.

Limitations.

Review of Literature..

Methodology..

Results

Discussion.

Conclusion.

References..


6/24



Over the years, the meaning of the terms internal control and risk management have

become broader in scope as organizations seek to safeguard their assets (Leitch, 2004). In fact, in

recent decades, the two terms have been used simultaneously as they both deal with methods of

monitoring material goods and resources (Leitch, 2004). It is therefore of great importance that one

is able to distinguish between the two terms. This is so that one can fully understand the concepts

and the practical implications that each would have on the extent to which resources can be

maintained in these volatile economic times.

Purpose of Study

The purpose of the research paper is to discuss why it is important for businesses to employ

internal controls and take the necessary risk management strategies to safeguard its assets. This

particular topic was chosen because it is a focal topic which affects the way in which businesses

operate and indirectly accounts in general. By an analysis of both existing data and observations of

some Grenadian businesses this paper seeks to evaluate the importance of internal control and risk

management strategies, evaluate the nature of an effective internal control and risk management

structure, and draw references to the forms of internal controls and risk management procedures

used by Grenadian businesses.


7/24


Significance of Study

This study would provide important insights into how organizations can protect their

resources to ensure their foreseeable success in the future. For instance, cases such as the World

Com and Enron scandals where as a result of ineffective internal controls and risk management

strategies. This resulted in these companies filing for bankruptcy causing investors to endure

billions of dollars in losses due to collapsed share prices. These scandal stirred publics confidence

in the securities market thus enacting the Sarbanes Oxley Act of 2002. As such this research would

provide valuable inputs into how companies can safeguard their resources and avoid scandals such

as Enron, World Com, Tyco International Ltd, Peregrine Systems and Adelphia Communications

Corporation.

Limitations

A major limitation of the research paper is that the observation of businesses is only limited

to Grenadian businesses and therefore a lot of the information presented cannot be generalized

except probably where existing information derived from the internet and other international

sources available are used.

Research Questions

A few research questions were design to aid in better fulfilling the purpose of the research paper

1. What measures are in place to ensure control and reporting of activities?

2. What risk management strategies or techniques are applied in your organization?

3. How effective are internal controls and risk management strategies to the success of your

organization?


8/24


REVIEW OF LITERATURE

The purpose of this section is to review what is already known on the concepts of internal control

and risk management. The literature review provides an overview of the history of internal control and risk

management to ensure that the research area is easily understood. In addition, contemporary issues about

internal controls and risk management strategies present in the practices of organizations.

Internal control

Internal control- According to the United States General Accounting Office (GAO), this is

an integral part of an organizations management as it offers reasonable assurance that the

following objectives are being achieved: effectiveness and efficiency of operations; reliability of

financial reporting and compliance with applicable laws and regulations(1999).

The term internal control was first defined in 1949 by The American Institute of

Accountants presently known as The American Institute of Certified Public Accountants (AICPA).

In 1958 internal controls where later distinguished between administrative controls which relates to

operational efficiency and adherence to managerial policies whereas accounting controls relates to

safeguarding assets and reliability of financial records. These are further broken down in detective,

corrective and preventive controls. By 1972 this classification of internal controls have provided

reasonable assurance that (1) transactions were executed as authorized (2) transactions were

recorded to ensure that Generally Accepted Accounting Principles were adhered to in the

preparation of financial statement and maintained accountability of assets (3) access to assets were

only permitted on authorization and (4) existing assets were regularly compared with actual assets

(Gupta, 2005). This in turn was enacted by the Foreign Corrupt Practices Act and made law.

As a result of this regulation, since 1977 all publicly traded companies are required to (1)

maintain records that accurately and fairly reflect transactions and disposition of assets and; (2)


9/24


devise and maintain a system of internal controls sufficient to provide reasonable assurance that;

transactions are authorized by management; transactions are recorded so GAAP statements can be

prepared and maintain accountability for assets; access to assets is authorized by management;

periodic inventory is required to compare recorded assets with existing assets (Gupta, 2005). For

this reason, the objectives of internal controls are authorize, record, access and accountability for

assets in addition to ensuring that accounting and data processing are operationally efficient.

However, since earlier periods and presently scandals such as McKesson & Robbins

scandal of 1938 and Enron and World Com of 2002 has led to major corporate governance and

auditing reforms. As a result The American Institute of Certified Public Accountants mandates that

the receivable and inventory accounts should be thoroughly reviewed when auditing company

statements (OReilly et al, 1999).

Limitations of Internal Controls

Internal controls are useful in enhancing the likelihood that the organizations objective has

been achieved. Due to the self- adjusted and restrictiveness of modern organizations, internal

controls play a significant role in ensuring accurate financial information and legal operational

activities. However, the limitations of internal controls must not be overlooked.

Many factors must be considered to effectively implement an internal control system.

These include cost and benefit of internal controls which restrict the effectiveness of internal

controls, threat and exposure such as poor management strategies, unintentional errors, employees

carelessness, lack of law compliance, destruction of records (intentional or not) and squandering of

resources. Furthermore, risk and objective must also be taken into account. These comprise:-


10/24


"Inherent risk is the susceptibility of an account balance or class of transactions to error that could

be material, when aggregated with error in other balances or classes, assuming that there were no

related internal accounting controls."

"Control risk is the risk that error that could occur in an account balance or class of transactions

and could be material, when aggregated with error in other balances or classes, will not be

prevented or detected on a timely basis by the system of internal accounting controls."

"Detection risk is the risk that an auditor's procedures will lead him to conclude that error in an

account balance or class of transactions that could be material, when aggregated with error in other

balances or classes, does not exist when in fact such error does exist"

Additional considerations include timing, effectiveness, reliability (risk = 1-reliability),

internal and external factors. Internal factors mainly emphasize the role of managements attitude

to internal controls as it is the sole responsibility of management to ensure the effectiveness of

internal controls and financial reporting (Albrecht et al, 2009). External factors include regulatory

bodies, Financial Accounting Standards Board (FASB) and The Securities Exchange Commission

(SEC). With an effective internal control system companies can ensure that their objectives are

met. However, the use of internal controls may not necessarily ensure that operational and strategic

goals are attained.

Nevertheless, many US companies has adopted the Committee of Sponsoring

Organizations of the Treadway Commission (COSO ) Model published in the 1992 COSO report

which defines internal controls as a process, effected by an entity's board of directors,

management and other personnel, designed to provide reasonable assurance regarding the

achievement of objectives in the following categories: effectiveness and efficiency of operations,


11/24


reliability of financial reporting, and compliance with applicable laws and regulations. This in

turn composes of five key elements; control environment, risk assessment, control activities,

information and communication and monitoring (General Accounting office, 1999).

Control environment- this is an atmosphere that imparts discipline and structure in order to

achieve the primary objectives of the internal control system (United Nations Office for Project

Services, 2008). These include integrity, ethic values, organizational structure, managements

business philosophy and operating style, assignment of authority and responsibility, human

resource policies and practices and competence of personnel (United Nations Office for Project

Services, 2008).

Risk assessment- deals with the association of relevant risks that influences the procedures

of achieving the objectives of the organization (United Nations Office for Project Services, 2008).

These risk assessments should be carried out both internally and externally by managers (General

Accounting Office, 1999).

Control activities- these are the policies and procedures developed by the organization to

ensure that managements directives are implemented (United Nations Office for Project Services,

2008). These activities comprises of approvals, authorizations, verifications, reconciliations,

reviews of operating performance, security of assets and separation of duty (United Nations

Office for Project Services, 2008).

Information and communication- this deals with the effective communication of relevant

and reliable information in a way so as to foster efficient execution of responsibilities in a timely

manner (General Accounting Office, 1999 & United Nations Office for Project Services, 2008).


12/24


Monitoring- is the process of assessing the quality of the internal control over time to

ensure that they are in adherence with audit and other reviews (General Accounting Office, 1999 &

United Nations Office for Project Services, 2008).

Other control models include the CoCo model, Sac, and the COBIT models which all stress

the reasonable assurance of internal controls as internal controls are not a guarantee that

organizations would achieve their objectives.

Risk Management

Risk is the uncertainty that surrounds future events and outcomes (United Nations

Office for Project Services, 2008).

Risk management- as stated by the United Nations Office for Project Services (UNOPS) is

the systematic approach to setting the best course of action in areas of uncertainty by identifying,

assessing, understanding, acting and communicating risk issues (2008).

Risk management is one of the key elements of businesses operating internationally

(Miller, 1991). This is generally perceived as negative outcomes (Miller, 1991). As such risk

management is a central point of view from corporate governance standpoint in the decision

making process (Fabian, 2010).

The concept risk management is an evolving term that was developed throughout history

from ancient times when man relied on God to the transformation of some risk and uncertainty by

means of numbers, experiences and probability. The 20 th century marked the most progress in

measuring and understanding risk. In 1921 Frank Knights Risk, Uncertainty and Profits

highlighted the difference between risk and uncertainty and John Maynard Keynes Treatise on


13/24


Probability emphasized the importance of perception and the Law of Great Numbers. By 1952,

Markowitz developed portfolio analysis as a measure of risk by using returns and variances. At the

turn of the century the concept of risk management had take a critical turn as organizations

understood its importance in business failure or success. During the period 1975 to 2002 marked a

period where numerous organizations where developed as they incorporated risk management

within their mandate. These include The Risk and Insurance Management Society (1975).

Londons Institute of Risk management (1986) and most recently The Professional Risk Managers

International Association (2002). The benefits of risk management have been felt from since

prehistoric times but more so in this present era.

METHODOLOGY

This study took place as a research paper for a course in business. A number of articles

relating to internal controls and risk management were evaluated. The researcher began collecting


14/24


information two weeks prior to the submission date. As such only information collected in this

period was included in the data. Not included in the research any comment left on sites, any web

blogs or feedbacks from internet sources. However, data collected and evaluated was included in

the data these comprise questionnaires, quantitative research.

The sources chosen for this study are questionnaires and quantitative research. A

questionnaire was also distributed including a large sample size as possible to better analyze and

evaluate the significance of internal controls and risk management strategies in Grenada.

Additionally, internet sources were used to evaluate the internal controls and risk management

techniques used regionally and internationally to better evaluate Grenadian businesses. The sites

used to collect data are The United States General Accounting Office (GAO) and the United

Nations Office for Project Services (UNOPS). The General Accounting Office is a US government

official branch of congress and the United Nations Office for Project Services is an organization

dedicated exclusively to project implementation.

Procedure

Research questionnaires were distributed on Friday 8th April. The sample size was chosen

based on companies that have been in existence for a lengthy period of time. This sample size was

chosen because the researcher thought that it would provide a more accurate measure of the

significance of internal controls and risk management strategies as it relates to companies

foreseeable success in the future.

Internet sources were also used to better evaluate the internal control systems and risk

management strategies used by various businesses across the globe. These sites where checked at

regular intervals. During the two week period articles were collected form questionnaires and


15/24


various websites including the two pertinent sites the General Accounting Office and United

Nations Office for Project Services.

After the data was collected it was presented in the form of diagrams to better grasp the

nature of internal controls and risk management strategies. Throughout the research it was

considered that the limitations of internal control systems and risk management strategies are

absolute.

RESULTS

Internet sources and questionnaires were used to analyze the role and significance of

internal controls and risk management in Grenadian organizations. The data accumulated was then


16/24


tallied to analyze the overall importance of internal controls and risk management and presented in

the form of diagrams. In the research paper three questions were asked in order to better evaluate

the importance of internal controls and risk management.

Question number one asked, what measures are in place to ensure control and reporting of

activities? Data was collected to determine what internal controls measures are in place to

safeguard the companys resources and assets. In total 20 questions were delivered and a number

of questions pertaining to internal controls were raised. Data collected revealed that 60% of the

businesses are in retail services, 10% are in manufacturing and 30% are in the service industry. Of

the 20 respondents 15 use approvals, 20 use authorizations, 18 use verifications, 12 use

reconciliation, 17 review operating activities, 20 use asset security and 14 use segregation of duty

as a measure of internal control. Other methods of internal control used, 100% of respondents said

that they check to see if deposited receipts are intact. Overall, one measure of internal control or

another is utilized within each organization.

Question number two asked, what risk management strategies or techniques are applied in

the organization? From the data gathered 90% of managers employ some form of risk management

strategy or technique while just 10% have not fully implemented any form of risk management

strategy. Of the 90% of managers that applied a risk management strategy or technique 83.33%

have a risk management department as opposed to 16.67% who have a risk management strategy

but not a risk management department. Additionally, of the 90% of managers 66.67% carryout risk

assessment in each company department while just 33.33% carryout risk assessment in certain

company departments. However, not all the businesses evaluated employed an active risk

management strategy or technique 100% stated that the environment is conducive for staff to

communicate to management. Of the 20 candidates 0% stated that they employ an avoidance


17/24


strategy, 75% stated they employed a risk reduction strategy, 10% stated they employ a risk

transference strategy and 15% stated they employ a risk retention strategy or technique. In general

a majority of the businesses evaluated utilize various risk assessment and management strategies or

techniques.

Question three asked, how effective are internal controls and risk management strategies to

the success of the organization? Data was also collected on how effective is a internal control

system and risk management to the organization whether they employ one or not, 100% of

respondents stated that internal controls and risk management is a very effective method of

gauging risk and protecting assets and resources. In either case each manager stated that effective

internal controls and risk management techniques were very important to their organizations

success. It was also found that 100% of managers agreed that an operational internal control

system and risk management strategies are beneficial in safeguard and monitoring the companys

valuable assets and resources.

DISCUSSION

All sources, both individual and collective all point to one important conclusion that

internal controls and risk management strategies or techniques are very vital to the success of an


18/24


company whether in retail, manufacturing or service industries. Across the board, internal controls

and risk management strategies are employed in one form or another even if these are not fully

operational within each organization. In fact, 90% of managers employed a risk management

strategy, this goes to show that managers are open to the idea that uncertainty in the workplace is

inevitable. Although the sample size may be small the data collected is a reflection of

managements attempts to create a profitable environment through the protection of their

organizations resources.

In light of the measures of internal controls utilized with the firm the majority used both

authorizations (20) and asset security (20) as a means of safeguarding resources. These two

measures are among the most effective methods of internal controls that an organization can be

beneficial. This is because authorizations and assets security deals directly with the firms assets

which is used to general profit.


19/24



20/24



21/24


Risk Management


22/24



23/24


CONCLUSION


24/24


REFERENCES

Documents

Special Topics Official Research Paper