Business Process Risk Management, Compliance and Internal Control: A Research Agenda

Integration of risk management and management control is emerging as an important area in the wake of the Sarbanes-Oxley Act and with ongoing development of frameworks such as the Enterprise Risk Management (ERM) framework from the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Based on an inductive methodological approach using literature review and interviews with managers engaged in risk management and internal control projects, this paper identifies three main areas that currently have management attention. These are business process risk management, compliance management and internal control development. This paper discusses these areas and identifies a series of research questions regarding these critical issuesRisk management; Internal control; Business processes; Compliance; Sarbanes-Oxley Act; ERP systems; COSO; COBIT

The Risk-based Role of Internal Audit within Albania, Public Organizations

The aspiration of Albania for European integration has added mandatory requirements for public sector to modernize the internal audit function in adherence with International Internal Auditing Standards. According to such Standards supported by Picket (2005) and CIPFA (2003) the internal audit is an assurance function that provides independent opinion on the effectiveness of internal controls that support the achievement of the organizations objectives. Internal auditors can provide consultancy service, in particular to aid management to improve the organization control environment. Meanwhile, Diamond (2002) explains that the internal audit role, remit, scope and activities are driven by the macroeconomic objectives and political stabilization. For those countries with governance problems the first objective is to ensure compliance with financial laws and regulations. Therefore, the most suitable approach for the internal audit is the compliance auditing to attain macroeconomic stabilization objectives. Therefore, the main question around which this paper is based is whether the public sector in Albania is ready to adopt the modern model of internal audit moving beyond the traditional compliance and financial remit to comply with recognized International Internal Audit Standards. This paper finds that although changes in Albanian normative framework since 2007, internal audit within government organizations are still adopting traditional approach of internal audit involving financial inspections rather than performance auditing activities aiming to provide opinion on risk management, control and governance. This paper analyzes that the embryonic risk culture of Albanian public sector, the lack of skilled internal audit resources and a little understanding of both managers and internal auditors with regard to the contribution of internal audit in risk management and corporate governance system aimed at achieving the government organizations objectives are the main reasons why the risk based model and consultancy role of internal auditors is not yet applied. Therefore, this paper recommends the internal auditors to perform additional consultancy tasks to enhance the internal control system and build the risk management methodologies and structures due to the management lack of knowledge. As soon as the organizations become risk mature the internal auditors can provide assurance appraisal service based on risks. The Practice Advisory Standard 1000 recommends principles which should be used as guidance for regulatory framework of internal audit function within Albania, public sector, guiding internal auditors in order for them to maintain their independence, objectivity and due professional care while conducting consulting service

The Risk-based Role of Internal Audit within Albania, Public Organizations

The aspiration of Albania for European integration has added mandatory requirements for public sector to modernize the internal audit function in adherence with International Internal Auditing Standards. According to such Standards supported by Picket (2005) and CIPFA (2003) the internal audit is an assurance function that provides independent opinion on the effectiveness of internal controls that support the achievement of the organizations objectives. Internal auditors can provide consultancy service, in particular to aid management to improve the organization control environment. Meanwhile, Diamond (2002) explains that the internal audit role, remit, scope and activities are driven by the macroeconomic objectives and political stabilization. For those countries with governance problems the first objective is to ensure compliance with financial laws and regulations. Therefore, the most suitable approach for the internal audit is the compliance auditing to attain macroeconomic stabilization objectives. Therefore, the main question around which this paper is based is whether the public sector in Albania is ready to adopt the modern model of internal audit moving beyond the traditional compliance and financial remit to comply with recognized International Internal Audit Standards. This paper finds that although changes in Albanian normative framework since 2007, internal audit within government organizations are still adopting traditional approach of internal audit involving financial inspections rather than performance auditing activities aiming to provide opinion on risk management, control and governance. This paper analyzes that the embryonic risk culture of Albanian public sector, the lack of skilled internal audit resources and a little understanding of both managers and internal auditors with regard to the contribution of internal audit in risk management and corporate governance system aimed at achieving the government organizations objectives are the main reasons why the risk based model and consultancy role of internal auditors is not yet applied. Therefore, this paper recommends the internal auditors to perform additional consultancy tasks to enhance the internal control system and build the risk management methodologies and structures due to the management lack of knowledge. As soon as the organizations become risk mature the internal auditors can provide assurance appraisal service based on risks. The Practice Advisory Standard 1000 recommends principles which should be used as guidance for regulatory framework of internal audit function within Albania, public sector, guiding internal auditors in order for them to maintain their independence, objectivity and due professional care while conducting consulting service

Supply chain involvement in business continuity management: effects on reputational and operational damage containment from supply chain disruptions

Purpose Does internal integration extend to business continuity and to managing supply chain disruptions (SCDs)? Despite the voluminous literature on supply chain integration, evidence on its effectiveness on risk management and disruption response is scant. The purpose of this paper is to assess the effectiveness of business continuity management (BCM) and of supply chain involvement in BCM (SCiBCM) on reputational and operational damage containment in the face of SCDs. Design/methodology/approach This study draws on Simons’ Levers of Control framework to explain how the involvement of supply chain in BCM affects firm capabilities in containing damages caused by major SCDs. The authors develop and test hypotheses by analyzing large-scale questionnaire responses from 448 European companies. Findings Results of the data analysis suggest that BCM improves reputational damage containment, whereas SCiBCM improves operational damage containment. The findings also show that the significant effects of BCM and SCiBCM on reputational and operational damage containment, respectively, were amplified for the firms facing higher supply chain vulnerability. Post-hoc analysis further reveals the complementarity effect between BCM and SCiBCM for the companies exposed to high supply chain vulnerability. Originality/value Evidence on the effects of BCM and its internal integration on performance is limited. This study offers empirical evidence on the topic. Also, while supply chain integration can improve information sharing and coordination, some may not fully recognize its potential benefits in addressing SCDs. This study theoretically and empirically demonstrates the role played by internal integration, in the form of SCiBCM, in improving organizational damage containment efforts

Risk governance in agriculture

This paper identifies and assesses the efficiency of major modes for risk governance in agriculture on the base of Bulgarian dairy farming. Firstly, the New Institutional and Transaction Costs Economics is incorporated and a framework for analysis of the governance of natural, market, private, and social (institutional) risks presented. Next, the pace and challenges of the dairy farming development during the post-communist transition and EU integration is outlined. Third, major types of risks faced by the dairy farms are specified, and the dominant market, private, public and hybrid modes of risk governance assessed. Finally, principal forms of risks caused by the dairy farms are identified, and efficiency and impacts of governing structure assessed. Development of Bulgarian dairy farming has been associated with quite specific risk structures facing by and causing from this important sector of agriculture. The huge market and institutional instability and uncertainty, and the high transaction costs, have blocked evolution of effective market and collective modes for risk protection. A great variety of private modes (internal organization, vertical integration, interlinking etc.) has emerged to deal with the significant natural, market, private, and social risks faced by the dairy farms and other affected agents. Nevertheless, diverse risks associated with the dairy farming have not been effectively governed and persist during the transition now. That has been a consequence of ineffective public (Government, international assistance) intervention to correct market and private sector failures in risk governance. The later has had considerable negative impacts on evolution of size, productivity, and sustainability of farms, development of markets, structure of production and consumption, state of environment etc. What is more, certain risks related to the dairy sector have “disappeared” due to the lack of effective risk governance and declining dairy farming. That would lead to further deformation in development of dairy and related sectors unless effective public (regulations, assistance, control etc.) measures are taken to mitigate the existing problems and risks.natural, market, private, and institutional risk management; governance; dairy farming; transition; CAP implementation; new institutional economics, Bulgaria

Poor Integration between Operational Risk Management activities and Internal Control System in the Municipalities: An analysis of the Italian legislative framework

In the last years, the Public Administration introduced in its strategies logics of Performance Management to increase the services offered to the citizens and the correct treatment of the public goods. The safeguard of the objectives’ achievement also passes for the risk management practices and through the ability of the Municipality to assess their risk and treat these in order to remove or reduce the impact of serious negative events (called also “operational risks”). This work aims to suggest an overall vision on the Risk Management practices, with particular regard of the Operational Risks, provided by the Internal Control System of the municipalities in the Italian legislative framework. The paper aims at sustaining the debate about the introduction of risk logics within the Public Internal Control System to ensure the goal’s achievement and a correct used of the Public resource

Evaluation and control of risks and measurement of performance of treasury activities in a dealing room: the case of an international bank in Hong Kong.

by Lok Ka Chiu, Wong Huck Keung.Thesis (M.B.A.)--Chinese University of Hong Kong, 1995.Includes bibliographical references (leaves 121-122).ABSTRACT --- p.iiACKNOWLEDGEMENT --- p.ivTABLE OF CONTENTS --- p.vLIST OF TABLES --- p.ixChapterChapter 1. --- INTRODUCTION --- p.1Chapter 1.1 --- Scope and Objectives --- p.1Chapter 1.1.1 --- Evaluation and Control of Risks --- p.2Chapter 1.1.2 --- Measurement of Performance of Treasury Activities in a Dealing Room --- p.4Chapter 1.2 --- Methodology and Sources of Information --- p.6Chapter 2. --- EVALUATION AND CONTROL OF RISKS --- p.8Chapter 2.1 --- Scope of Risk Management --- p.12Chapter 2.1.1 --- Board and Senior Management Oversight --- p.14Chapter 2.1.2 --- Independent Risk Management and Control Functions --- p.16Chapter 2.1.3 --- "Integration of People, System and Organisation" --- p.17Chapter 2.2 --- Risk Management Process --- p.18Chapter 2.2.1 --- Risk Management --- p.19Chapter 2.2.2 --- Limit Control System --- p.21Chapter 2.2.3 --- Reporting System --- p.22Chapter 2.2.4 --- Management Evaluation and Review --- p.22Chapter 2.3 --- Various Types of Risks --- p.24Chapter 2.3.1 --- Market Risk Management --- p.24Chapter 2.3.1.1 --- Mark to Market Evaluation --- p.25Chapter 2.3.1.2 --- """Worst Reasonable Case"" Scenario / ""Stress"" Scenario Analysis" --- p.26Chapter 2.3.2 --- Liquidity Risk Management --- p.29Chapter 2.3.2.1 --- Controlling the Liquidity Risks --- p.30Chapter 2.3.3 --- Credit Risk Management --- p.30Chapter 2.3.3.1 --- Limiting / Controlling Credit Risk --- p.31Chapter 2.3.3.2 --- Credit Risk Limit --- p.31Chapter 2.3.4 --- Operation Risk Management --- p.31Chapter 2.3.4.1 --- Proper Management and System Support --- p.32Chapter 2.3.4.2 --- Proper Internal and Operational Control --- p.33Chapter 2.3.5 --- Legal Risk Management --- p.34Chapter 2.3.5.1 --- Enforceability of Agreements --- p.34Chapter 2.3.5.2 --- Making Use of Netting Agreements --- p.35Chapter 2.4 --- Internal Control and Audit --- p.35Chapter 2.4.1 --- Internal Audit Activities --- p.36Chapter 3. --- PREVAILING MARKET FOCUS ON RISK MANAGMENT --- p.37Chapter 3.1 --- Management Supervision and Internal Control System within Local --- p.38Chapter 3.1.1 --- Branch and Additional Monitoring at Head OfficeChapter 3.1.2 --- Client Suitability and Risk Disclosure --- p.39Chapter 3.1.3 --- Resources to Support Existing Range of Treasury Products --- p.39Chapter 3.2 --- A Central Banker's View on Derivatives --- p.40Chapter 4. --- THE CASE OF AN INTERNATIONAL BANK IN HONG KONG RE: EVALUATION AND CONTROL OF RISK --- p.43Chapter 4.1 --- Overview of Activities of the Chosen Bank --- p.44Chapter 4.2 --- Reasons for Choosing one Particular Bank for this Case Study --- p.46Chapter 4.3 --- Organisational Structure of Global Control Department --- p.47Chapter 4.4 --- Risk Control System of the Chosen Bank --- p.47Chapter 4.4.1 --- Board and Senior Management Oversight --- p.47Chapter 4.4.2 --- Independent Risk Management and Control Function --- p.49Chapter 4.4.3 --- Risk Management --- p.49Chapter 4.4.3.1 --- Description of Risk Management Systems --- p.50Chapter 4.4.3.2 --- Limits for each type of risks involved in its treasury activities --- p.53Chapter 4.4.4 --- Operational Risk Management --- p.57Chapter 4.4.5 --- Legal Risk --- p.57Chapter 4.4.6 --- Internal Control and Audit --- p.59Chapter 4.5 --- Problems in Implementing Sound Control System --- p.60Chapter 4.5.1 --- Limited Human Resources --- p.60Chapter 4.5.2 --- Powerful Risk Analytical Tools too costly for an individual branch --- p.60Chapter 4.5.3 --- Management Philosophy Biased towards Profit Making --- p.61Chapter 4.5.4 --- Necessary Skills in Control Department are in Short Supply --- p.61Chapter 4.5.5 --- Time Lag in Coping with Fast Growing Market Development --- p.62Chapter 4.6 --- Suggested Areas for Further Improvement --- p.63Chapter 4.6.1 --- Change in Management's attitude and philosophy towards risk Management --- p.63Chapter 4.6.2 --- Setting up of Independent Control and Reporting Channel --- p.63Chapter 4.6.3 --- More Rigorous Management Supervision --- p.64Chapter 4.6.4 --- Upgrade the Status and Delegate more authority to the Control Staff --- p.64Chapter 4.6.5 --- Training and Development of Existing Staff --- p.65Chapter 4.6.6 --- Explore the Benefits of Netting Arrangements --- p.65Chapter 4.6.7 --- Modify the Bonus System for Traders --- p.65Chapter 4.6.8 --- Follow the Market Trend towards more Disclosure to Customers --- p.66Chapter 4.6.9 --- Installation of Value-at-risk Evaluation Model for Complex Products --- p.66Chapter 5. --- MEASUREMENT OF PERFORMANCE OF TREASURY ACTIVITIES IN A DEALING ROOM --- p.68Chapter 5.1 --- Principles for Performance Measurement --- p.69Chapter 5.2 --- Other Important Aspects of Performance Measurement From a Practical Perspective --- p.73Chapter 5.3 --- Dealers' General Attitude towards Performance Targets --- p.77Chapter 5.4 --- Possibilities of Over-exaggeration of Trading Results / Hiding of Losses --- p.78Chapter 5.5 --- Actions to be Taken by Banks to Reduce the above Risks --- p.79Chapter 6. --- THE CASE OF AN INTERNATIONAL BANK IN HONG KONG RE : MEASUREMENT OF PERFORMANCE OF TREASURY ACTIVITIES IN A DEALING ROOM --- p.81Chapter 6.1 --- Situation before Implementation of New Computer System --- p.81Chapter 6.2 --- Current Situation --- p.84Chapter 6.3 --- Reasons for Inability to Measure the Performance of Treasury Activities Satisfactorily --- p.91Chapter 6.4 --- Suggested Areas for Further Improvements --- p.94Chapter 7. --- PRACTICES OF OTHER FOREIGN BANKS IN HONG KONG --- p.97Chapter 7.1 --- General Situation --- p.97Chapter 7.2 --- Current Practices of Some Active Players --- p.99Chapter 7.2.1 --- Overall View on Dealing Room Activies of these Banks --- p.100Chapter 7.2.2 --- Policies and Procedures on Risk Management --- p.100Chapter 7.2.3 --- Independent Risk Managment Unit --- p.100Chapter 7.2.4 --- Risk Management --- p.101Chapter 7.2.5 --- Dealings in Derivatives with Customers --- p.101Chapter 7.2.6 --- Involvement of Internal Auditors --- p.102Chapter 7.2.7 --- Performance Measurement --- p.102Chapter 8. --- CONCLUSION --- p.103APPENDIX 1. Summary of Response on Questionnarie --- p.108APPENDIX 2 . Brief Background Information --- p.115APPENDIX 3 . Procedure Manual on Benchmark Rates --- p.116BIBLIOGRAPHY --- p.121GLOSSARY --- p.12

Internal control and administrative management. A systematic review from 2020 to 2022

El presente artículo de revisión tiene como principal objetivo describir el control interno y la gestión administrativa. Una revisión sistemática del 2020 al 2022. La metodología aplicada en el presente artículo de revisión sistemática y se seleccionaron 30 artículos. Se concluye en una retroalimentación del sistema de control interno para identificar deficiencias del ambiente de control, la evaluación del riesgo, las actividades de control, la información y comunicación, y de las actividades de supervisión, los cuales conforman los cinco componentes funcionales para desarrollar un sistema de control interno de nivel alto; así como también realizar una retroalimentación de la gestión administrativa para mejorar los procesos de planeación, organización, integración, dirección y control.The main objective of this review article is to describe internal control and administrative management. A systematic review from 2020 to 2022. The methodology applied in this systematic review article and 30 articles were selected. It concludes in feedback of the internal control system to identify deficiencies in the control environment, risk assessment, control activities, information and communication, and supervision activities, which make up the five functional components to develop a high-level internal control system; as well as carry out feedback of the administrative management to improve the processes of planning, organization, integration, direction and control

Corporate Sustainable Development Through An Integrated Management System Approach: A Case Study of Corporate Sustainability Practice at PT. X Indonesia

a change in resource availability has been a concern of various parties. With the rapid economic growth in many parts of the world, global GDP is expected to increase from U.S. $70 trillion in 2008 to U.S.$ 135 trillion (increase 95%) in 2030. At the same time, the world population will grow from 6.7 billion people to 8.2 billion people. This phenomenon has prompted the more responsible and sustainable way to resource management, including resource management best-practice. Recent research from McKinsey suggests that the corporate sustainability practice has increased the ability of businesses to compete in the market. Recently, PT. X Indonesia has planned to implement corporate sustainable initiatives are more integrated, systematic, and continuous-based. Considering that corporate sustainability is a wide scope corporate initiative which involved many stakeholders both internal and external, PT. X Indonesia is very concerned about how to approach sustainability most effectively to gain sustainability competitive advantage through leverage their capabilities and will reduce future risk to sustainable growth of company’s business. The author has proposed the use of sustainability integration into business management systems through PDCA cycle of continuous improvement based on integrated management system approach. This solution would be basis to further develop PT. X Indonesia sustainability management practice in the areas of control, integration, and performance management. Implementation of final project is expected to optimize corporate sustainability initiatives to gain competitive advantage by ensuring their alignment to the achievement of business objectives and provide clarity and flexibility in managerial, measurement and assessment. The author has recommended implementation plan: establish objectives, prepare management programs, and monitoring progress in the last part of this document. Keyword: Corporate Sustainability, Integrated Management Systems, Business Management System, Organizational Capabilities, Stakeholders, Competitive Advantage

A Study on Integration of Financial Risk Management and Internal control——the Case Study of F Company

人们还记得美国能源巨头安然公司的倒塌，肯定也记得震撼华尔街的雷曼兄弟的倒闭。如果这两宗破产案放在一起比较，自然有很多的不同点，但这两起在萨班斯法案出台前后曝光的财务丑闻在内部控制上的缺陷上却有惊人的相似之处。其实像这样让人痛心的悲剧在国内也是时有发生，比如上世纪90年代末郑百文神话的破灭、2004年四川长虹巨额应收账款坏账危机、2008年三鹿奶粉事件等等。在这些令人心痛的悲剧面前，人们一次又一次感到企业在风险面前的苍白无力。但事实上，在这些悲剧的背后至少有一种内控分析的视角，如果历史能够重来，这些曾经的巨头们能够重新从风险的角度审视自身的内部控制，将风险管理融入内部控制的制度和流程中，那情况或...Everybody must still remember the collapse of both Enron and Lehman Brothers. There are a lot of differences of these two cases when we compare them, but they had one common key point, which is the default of internal control. In fact, there were lots of cases like Enron or Lehman Brothers in China. Such as the defeat of Zheng Baiwen, Changhong’s huge bad debts of accounts receivables and Sanlu mi...学位：管理学硕士院系专业：管理学院_会计学学号：1752010115113