地方性非營利組織內部控制之研究─以婦女福利基金會為例 / A Research on Regional Nonprofit Organization Internal Control：Take Woman Welfare Foundation for Example

沈慶鴻, Shen, Ching Hung

Unknown Date

長期以來，國內非營利組織的運作經費大多來自於社會大眾的捐款，然而透明度不足，捐款是否善用及管理是否妥當等責信上的質疑，一直困擾者非營利組織。針對此一現象，研究者嘗試引營利組織中為解決代理問題和資訊不對稱等問題之「治理」概念，並以「治理」之□石—內部控制做為研究的焦點，進行探索性研究，了解國內非營利組織在組織運作上的內部控制制度，包括控制環境、風險評估、控制活動、資訊與溝通及監督等部份的概況。 本研究以立意取樣的方式，以台北市四個地方性婦女福利基金會為研究對象，並以個別訪談的方式邀請基金會的主要管理者參與研究資料的收集工作。本研究除了呈現受訪基金會和受訪者的基本資料、內控觀點外，還分析受訪基金會的內控風險。最後，研究者歸納出受訪基金會在資源募款、制度設計、透明度和監督上的風險，並據此提出討論和建議。 / The funding of domestic nonprofit organizations has mainly come from the donation of the public for quite a long time, however, due to the lake of transparency, the doubt of whether the donation is properly used and well controlled is always bothering the nonprofit organization executives. Awaring of this problem, the researcher try to bring the governance concept which is used to solve the agency problem and asymmetric information in profit-seeking organizations into the research and focus the research on internal control of nonprofit organization. The exploring research is to understand the domestic nonprofit organization internal control system in organization operation, including the general situation of control environment, risk assessment, control activities, information and communication, and monitor. This research is done through purposeful sampling and on four regional woman welfare foundations located in Taipei. The researcher invites the executives of these foundations individually to join the project and data are collected from them. In the report, there are the basic data about those selected foundations and the executives viewpoints on internal control and the researcher’s analyses can also be found. The analyses are on risk and other aspect of the selected foundations. The research is concluded with a discussion on the risk of fund raising action, system design, transparency and supervision, the researcher’s suggestions also present in the report. Key word： nonprofit organization, governance, internal control

非營利組織

治理

內部控制

nonprofit organization

governance

internal control

The impact of information and communication technology on internal control's prevention and detection of fraud

Abiola, James

January 2013

This study explores the Impact of Information and Communication Technology (ICT) on internal control effectiveness in preventing and detecting fraud within the financial sector of a developing economy - Nigeria. Using a triangulation of questionnaire and interview techniques to investigate the internal control activities of Nigerian Internal Auditors in relation to their use of ICT in fraud prevention and detection, the study made use of cross-tabulations, correlation coefficients and one-way ANOVAs for the analysis of quantitative data, while thematic analysis was adopted for the qualitative aspects. The Technology Acceptance Model (TAM) and Omoteso et al.'s Three-Layered Model (TLM) were used to underpin the study in order to provide theoretical considerations of the issues involved. The study's findings show that Nigerian Internal Auditors are increasingly adopting IT-based tools and techniques in their internal control activities. Secondly, the use of ICT-based tools and techniques in internal control positively impacts on Internal Auditors' independence and objectivity. Also, the study's findings indicate that Internal Auditors' use of ICT-based tools and techniques has the potential of preventing electronic fraud, and such ICT-based tools and techniques are effective in detecting electronic fraud. However, continuous online auditing was found to be effective in preventing fraud, but not suited for fraud detection in financial businesses. This exploratory study sheds light on the impact of ICT usage on internal control's effectiveness and on internal auditors' independence. The study contributes to the debate on the significance of ICT adoption in accounting disciplines by identifying perceived benefits, organisational readiness, trust and external pressure as variables that could affect Internal Auditors' use of ICT. Above all, this research was able to produce a new model: the Technology Effectiveness Planning and Evaluation Model (TEPEM), for the study of ICT adoption in internal control effectiveness for prevention and detection of fraud. As a result of its planning capability for external contingencies, the model is useful for the explanation of studies involving ICT in a unique macro environment of developing economies such as Nigeria, where electricity generation is in short supply and regulatory activities unpredictable. The model proposes that technology effectiveness (in the prevention and the detection of fraud) is a function of TAM variables (such as perceived benefits, organisational readiness, trust, external pressures), contingent factors (size of organisation, set-up and maintenance cost, staff training and infrastructural readiness), and an optimal mix of human and technological capabilities

DEFINING VALUE BASED INFORMATION SECURITY GOVERNANCE OBJECTIVES

Mishra, Sushma

09 December 2008

This research argues that the information security governance objectives should be grounded in the values of organizational members. Research literature in decision sciences suggest that individual values play an important role in developing decision objectives. Information security governance objectives, based on values of the stakeholders, are essential for a comprehensive security control program. The study uses Value Theory as a theoretical basis and value focused thinking as a methodology to develop 23 objectives for information security governance. A case study was conducted to reexamine and interpret the significance of the proposed objectives in an organizational context. The results suggest three emergent dimensions of information security governance for effective control structure in organizations: resource allocation, user involvement and process integrity. The synthesis of data suggests eight principles of information security governance which guides organizations in achieving a comprehensive security environment. We also present a means-end model of ISG which proposes the interrelationships of the developed objectives. Contributions are noted and future research directions suggested.

information security governance

value theory

value focussed approach

internal control

case study

Business

Management Information Systems

Internal Control in the Financial Sector : A Longitudinal Case Study of an Insurance Company

Arwinge, Olof

January 2014

This thesis comprises of an initial summary of Study I which is my licentiate thesis in business administration. Study I is a literature study on internal control. Thereafter follows Study II which is a case study of Swedish insurance organization. The case study adopts a contingency perspective and attempts to find environmental and firm-level factors that influence the design, use and outcome of internal control. Study II is a longitudinal study that accounts for key internal-control developments that occurred between 2000-2010. This case study finds that there are two environmental influences that significantly affected internal-control design, use and outcome. They consist of environmental uncertainty and regulatory and supervisory forces. Their influences differ in nature but jointly they act to set boundaries and frame in-ternal-control design, use and outcome. There are two firm-level influences of governance structure and managerial attitudes that act jointly with strategy to affect the design, use and outcome of internal control. While environmental influences set boundaries and frame internal-control work, firm-level contingencies can effectively enable or disable internal-control effectiveness. These firm-level influences provide means and opportunities to internal-control work. My longitudinal research suggests that evolutionary steps have been taken regarding internal-control design and use. In sum these steps correspond to a shift in internal-control orientation and a transformation of practices where Folksam has been moving from a looser towards a tighter form of internal control, with greater transparency in operational risk management. Finally, based on the internal-control principles of the COSO framework I see that particular principles have been enhanced within the Folksam system of internal control. The components of these principles are the control environment, risk assessment and monitoring.

Internal Control

Risk Management

Governance

Combined Assurance

Audit

Intern kontroll

Riskhantering

Styrning

Ramverk för försäkran

Revision

Outsourcing av ekonomifunktionen : Hur förändras möjligheterna att arbeta med intern kontroll och styrning? / Outsourcing of accounting function : How does the opportunities to work with internal control change?

Johansson, Marcus, Rizk, Gabriella

January 2019

Syfte: Tidigare forskning har visat att intern kontroll och styrning förändras vid outsourcing av ekonomifunktionen. Emellertid är det mindre beforskat på vilket sätt och hur intern kontroll och styrning förändras vid outsourcing av ekonomifunktionen. Syftet är att öka förståelsen för hur ledningen i företag upplever att möjligheterna att forma och använda intern kontroll och styrning förändras vid outsourcing av ekonomifunktionen. Metod: Studien utgår från ett socialkonstruktivistiskt och hermeneutiskt perspektiv. Studien bygger på en kvalitativ forskningsstrategi och abduktiv ansats. Teoretiska referensramen bygger på tidigare forskning och empirin bygger på tio semistrukturerade intervjuer med företagsledare från tio olika företag. Materialet bearbetades och analyserades för att sedan få fram ett bidrag. Resultat & slutsats: Studiens resultat visar på likheter och skillnader jämfört med tidigare forskning. Vi såg att några företagsledare ansåg att möjligheterna att forma och använda intern kontroll och styrning förändras vid outsourcing av ekonomifunktionen, medan några företagsledare inte har samma åsikt. Kommunikation, kontinuerlig uppföljning, ekonomisk kunskap samt genomförandet av outsourcing av ekonomifunktionen var avgörande faktorer till förändring av intern kontroll och styrning vid outsourcing av ekonomifunktionen. Examensarbetets bidrag: I detta arbete har vi ökat förståelsen för hur ledningen i företag upplever att möjligheterna att forma och använda intern kontroll och styrning förändras vid outsourcing av ekonomifunktionen. Studiens främsta teoretiska bidrag är att genomförandet av outsourcing av ekonomifunktionen förändrar möjligheterna att forma och använda intern kontroll och styrning. Ekonomisk kunskap hos företagsledare, kontinuerlig uppföljning samt kommunikation från leverantören var andra avgörande faktorer. Förslag till fortsatt forskning: Vi föreslår att fortsatt forskning bör studera ett flertal små och stora företag på djupet för att undersöka om storlek på företag förändrar möjligheterna att forma och använda intern kontroll och styrning. Det andra förslaget är att studera hur kunskap, kommunikation och kontinuerlig uppföljning samspelar med varandra. Tredje förslaget är att endast undersöka företagsledare som valt att bygga upp en ekonomifunktion internt med externa resurser. / Aim: Previous research has shown that internal control changes when outsourcing the accounting function. However, it is less researched in which way internal control changes when outsourcing the accounting function. The aim is to provide an enhanced understanding of how managers in companies experience that the opportunities to build and use internal control changes when the accounting function is outsourced. Method: This study is based on a social constructive and hermeneutic perspective. The study has taken a qualitative research strategy and an abductive research approach. The theoretical framework is built on prior research and the empirical data is built on ten semi-structured interviews with managers in ten different companies. The material has been processed and analyzed in order to present a contribution. Result & Conclusions: Study results show similarities and differences with previous research. We saw that some business managers experience that the opportunities to build and use internal control changes when outsourcing the accounting function. while some business managers did not have the same opinion. Communication, continuous monitoring, knowledge in economics and the implementation of outsourcing of the accounting function were crucial factors to changes in internal control when outsourcing the accounting function. Contribution of the thesis: In this work, we have increased the understanding of how business managers in companies experience that the opportunities to build and use internal control changes when outsourcing the accounting function. The main theoretical contribution of the study is that the implementation of outsourcing changes the possibilities of building and using internal control. Knowledge from the business managers, continuous monitoring and communication from the supplier were other crucial factors. Suggestions for future research: We propose that further research should study many small and large companies in depth to investigate whether the size of the companies affects the opportunities to build and use internal control. The second suggestion is to study how knowledge, communication and continuous monitoring interact with each other. The third suggestion is to only investigate business managers who have chosen to build up an accounting function internally with external resources.

Internal control

Outsourcing

Accounting function

risks

Intern kontroll och styrning

outsourcing

ekonomifunktionen

risker

Business Administration

Företagsekonomi

Fiscalização financeira quanto à legitimidade / Financial control of legitimacy

Nagata, Bruno Mitsuo

08 April 2013

A fiscalização financeira quanto à legitimidade tem fundamento constitucional expresso no art. 70 da CF de 1988. A sindicância da legitimidade cometida aos órgãos de controle interno e ao controle externo franqueia a possibilidade de verificar a correção material da atividade financeira do Estado. Todavia, essa atribuição constitucional não deixa de revelar alguma dificuldade aos órgãos de controle na medida em que dá condições para que se possa analisar o mérito das escolhas discricionárias. Assim, é preciso compatibilizar a fiscalização quanto à legitimidade com a preservação da discricionariedade, uma vez que não se admitem ingerências de um Poder sobre o outro. Ocorre que o sistema de controle é arquitetado de modo a garantir o exercício das faculdades discricionárias. Mediante controle externo, o Parlamento leva a efeito um controle dilatado e fluido garantindo a liberdade quanto às decisões políticas globais. O Tribunal de Contas, por sua vez, debruça-se sobre a gestão administrativa constatando e coibindo qualquer vício quanto ao uso equivocado da discricionariedade. Já o controle interno da legitimidade não apresenta maiores problemas, pois nesse caso a Administração fiscaliza a si mesma, inexistindo ingerências indevidas. / The financial control regarding the legitimacy is founded expressed in article 70 of the Brazilian Constitution of 1988. The inspection of legitimacy committed to the agencies of internal control and external control allows the possibility of verifying the substantial correctness of the public finances. However, this constitutional assignment causes some difficulties to control agencies in that it allows to examine the discretionary choices. Thus, it is necessary to reconcile the control of legitimacy with the preservation discretion, since it is not allowed the interference of a Power over the other. In fact, what happens is that the control system is architected to ensure the exercise of discretions. Through the external control, the Parliament carries out a less rigid control, ensuring freedom regarding the choices of political decisions. The County Court, in turn, focuses on the administrative action checking and preventing any defect on the mistaken exercise of discretion. Already the internal control of legitimacy presents no major problems, because in this case the Administration inspects herself, there is no undue interference.

Controle externo

Controle interno

Discretion

Discricionariedade

External control

Fiscalização

Internal control

Legitimacy

Legitimidade

Surveillance

A governança empresarial e a emergência de um novo modelo de controladoria / The corporate governance and the new organizational model of the controller function

Santos, Lilian Regina dos

18 November 2004

Neste estudo, os conceitos e mecanismos da governança empresarial foram revisados para identificar os instrumentos e elementos que possibilitam seu efetivo exercício aos responsáveis pela determinação dos rumos das empresas. Apoiados na constatação de que não existe governança sem controle e que a mesma depende da estruturação de um quadro completo de avaliação do desempenho que permita monitorar não apenas a gestão dos recursos como também os riscos associados, como os de agenciamento. Assim, emerge a necessidade de garantir a independência e isenção dessa avaliação, o que demanda a existência de um órgão especializado e unificado para realizar tal controle, independente das demais unidades com tarefas de caráter executivo. A atribuição desse órgão seria avaliar e controlar as diversas divisões da empresa e servir como instrumento de apoio e conexão, tanto à atividade de gerir, como de controlar e reportar o desempenho vinculado ao risco desses gestores. Demonstra-se que tais atribuições possuem identificação com as funções primordiais da Área de Controladoria, cujo sistema contábil-financeiro de informações é instrumento poderoso e insubstituível no rastreamento e identificação do processo de criação e erosão do valor da empresa por meio das diversas unidades das organizações. Conclui-se que a Controladoria deve ser reformulada para incorporar novas métricas e procedimentos de monitoração do desempenho vinculado ao risco. Desse modo, é proposta uma nova posição da Área na estrutura empresarial, que garanta independência a seu titular por meio do reporte simultâneo ao principal executivo e ao Conselho de Administração e, por extensão, aos acionistas/proprietários. / This dissertation revise concepts and mechanisms of corporate governance, to identify which are the elements and instruments that make it possible to the responsible ones, to determine the corporation?s lines of direction, its effective action. From the evidence that there is no governance without control, and that it depends, therefore, on the structuring of a complete performance evaluation chart allowing to monitor not only the management of resources, but also the linked risks, among them the agency risk, it emerges the need of guaranteeing the independence and the exemption of such evaluation, which requires the existence of a unified and specialized organ to manage this control independently of the remaining units, that carry executive tasks out. This organ should evaluate and control the several divisions of the corporation and work as an instrument of support and connection, not only to the management activity, but also to the activity of controlling and reporting the performance bounded, to these manager?s risk. Evidence is given that such attributions are identified with the primordial functions of the Controlling Area, whose accounting-financial system is a powerful and non-replaceable instrument to track and identify the creation and erosion process of the corporation value through the several units of the organizations. It is, therefore, concluded that the Control Area should be reformulated in a way to incorporate new measures and procedures for monitoring performance linked to risks and it is proposed a new position of the said Area in the entrepreneurial structure, thus guaranteeing independence to its head through a simultaneous reporting to the main executive of the Board, and by extension, to the shareholders/owners.

Agenciamento

Agency theory

Controladoria

Controllership

Corporate Governance

Governança corporativa

Internal control

Risco

Risk

A lógica institucional da liderança municipal como determinante da prática do Sistema de Controle Interno / The institutional logic of municipal leadership as determinant to the practice of the Internal Control System.

Carvalho, Luciano Bastos de

24 April 2018

O controle interno público no cenário brasileiro tem sido discutido tanto por órgãos reguladores quanto por pesquisas acadêmicas. Muito embora os órgãos reguladores estejam propondo novas estruturas para o controle interno, pesquisas recentes têm apontado para uma relativamente baixa efetividade na atuação desse sistema. Tal situação é influenciada pela falta de fatores que tenderiam a fortalecer a estrutura, como a existência de equipes qualificadas e a disponibilidade de informação. A presente pesquisa adiciona as práticas da lógica institucional tipificada como \"autonomia técnica\", desempenhadas por atores responsáveis por decisões no município, como Prefeito e Secretário de Controle Interno, como favoráveis ao controle interno. Tal situação legitimou o sistema de controle interno municipal perante os atores citados. Esta pesquisa utilizou a observação participante declarada em um município brasileiro. O município foi escolhido por ter passado por mudança de gestão de características predominantemente políticas para uma gestão com predominância de características técnicas. O estudo de caso demonstrou que o controle interno ganhou proeminência quando a liderança, prefeito e secretários, apresentavam características técnicas. Um dos motivos dessa atuação mais presente foi a lógica institucional do controlador e do prefeito, que se assemelha à lógica de autonomia técnica que então envolvia os servidores do sistema de controle. Outro fator observado foi o engajamento entre prefeito municipal e controlador, o que facilitou a participação do chefe do executivo no ambiente do controle interno. Desse modo, a lógica institucional de autonomia técnica, observada na liderança local, em conjunto com a interação ativa entre o prefeito municipal e controlador interno, foram vistas como essenciais para a mudança de atuação do controle interno no município em estudo. / Public internal control in Brazil has been discussed by both regulatory agencies and academic research. Although regulatory bodies are proposing new structures for the internal control, recent studies have pointed out to a relatively low effectiveness in the performance of this system. This situation has been influenced by the lack of some factors that would tend to strengthen the structure, such as the existence of qualified teams and the availability of information. The present research adds the practices of an institutional logic typified as \'technical autonomy\', performed by actors responsible for decision-making in the municipality, such as the mayor and the internal control\'s secretary, as favorable to internal control. This context enhanced the internal control legitimation towards the mentioned actors. This research adopted a declared participant observation in a Brazilian municipality. The municipality was chosen due to a management change from a predominantly political context to a predominance of a technical context. This research showed that the internal control had a greater prominence when the leadership, mayor and secretaries, presented technical characteristics. One of the reasons for this more present performance is the institutional logic of the controller and mayor, which is aligned to the technical autonomy logic also presented by the servants of the internal control department. Another factor observed was that the engagement between municipal mayor and controller made it easier for the chief executive to participate in the internal control daily activities. Thus, the technical autonomy institutional logic, observed in the local leadership, together with the active interaction between the municipal mayor and the internal controller, were seen as essential for the change in the internal control performance in this case study.

Controles internos e riscos de auditoria: influência na extensão dos testes substantivos em auditoria das demonstrações contábeis

Lima, Welington de Pontes

27 February 2003

RESUMO O risco da emissão de opinião inadequada acerca das demonstrações contábeis é algo presente nos trabalhos pertinentes a auditoria independente, demandando especial atenção, tanto por parte das empresas responsáveis pela condução dos exames, pelos órgãos que regulamentam a profissão, como também pela sociedade em geral. Para que possa expressar devidamente sua opinião, o auditor emprega uma série de técnicas que o levam a ganhar convicção e a confiar nas informações a serem divulgadas. A extensão dos testes substantivos realizados para este fim, é determinada mediante a conjugação de fatores como a qualidade dos controles internos mantidos na organização, revelada pelas conclusões obtidas nos testes de aderência, e a consciência dos riscos que alcançam, tanto a auditoria em si, como também, a entidade auditada. Este trabalho se propõe a apresentar pesquisa envolvendo o estudo sobre controles internos; os riscos da auditoria e os riscos que norteiam a entidade auditada, os quais têm sido alvo de discussões e debates no mundo inteiro, e ainda, a influência que estes exercem na extensão e profundidade dos procedimentos de auditoria aplicados. Apresenta, com detalhes, os riscos que mais preocupam as empresas de auditoria na condução de seus exames, especificando e enfatizando sua relação com a extensão dos testes realizados. É incluída aqui ademais, pesquisa de campo, envolvendo as empresas de auditoria, conhecidas como “big five", no sentido de investigar o modo como estas operam atualmente, identificando os riscos mais relevantes, apontados particularmente, por cada uma delas. Palavras - chave: Controle interno, Risco, Teste Substantivo, Teste de Aderência. / ABSTRACT The risk involved on expressing an inadequate opinion about Financial Statements is something present on independent audit works, demanding special attention from the auditing firms, the society and the professional regulators agencies as well. In order to express his opinion precisely, the auditor uses techniques that lead him to be convinced and trust the information that will be published. The scope of the substantive tests used for this purpose, is determined by using a combination of factors such as quality control, revealed by the results of adherence tests and the acknowledgment of the risks involved on the audit work as well as the client’s risk. This document intends to present a research involving the study of internal control, the risks of the audit itself and the risks of the auditing companies, which has been target of researches and debates all over the world, as well as the influence they have over the audit techniques. Details are shown, covering the risks that mostly worry those companies, specifying and emphasizing the necessary scope on the tests. The following is a field research involving the “big five" audit companies, focusing on the way they do the business today, identifying the most relevant risks, commented specifically by each one of them. Keywords: Internal Control, Risk, Substantive Test, Adherence Test.

Adherence Test

Controles internos

Internal Control

Riscos

Risk

Substantive Test

Testes de Aderência

Testes Substantivos

A governança empresarial e a emergência de um novo modelo de controladoria / The corporate governance and the new organizational model of the controller function

Lilian Regina dos Santos

18 November 2004

Neste estudo, os conceitos e mecanismos da governança empresarial foram revisados para identificar os instrumentos e elementos que possibilitam seu efetivo exercício aos responsáveis pela determinação dos rumos das empresas. Apoiados na constatação de que não existe governança sem controle e que a mesma depende da estruturação de um quadro completo de avaliação do desempenho que permita monitorar não apenas a gestão dos recursos como também os riscos associados, como os de agenciamento. Assim, emerge a necessidade de garantir a independência e isenção dessa avaliação, o que demanda a existência de um órgão especializado e unificado para realizar tal controle, independente das demais unidades com tarefas de caráter executivo. A atribuição desse órgão seria avaliar e controlar as diversas divisões da empresa e servir como instrumento de apoio e conexão, tanto à atividade de gerir, como de controlar e reportar o desempenho vinculado ao risco desses gestores. Demonstra-se que tais atribuições possuem identificação com as funções primordiais da Área de Controladoria, cujo sistema contábil-financeiro de informações é instrumento poderoso e insubstituível no rastreamento e identificação do processo de criação e erosão do valor da empresa por meio das diversas unidades das organizações. Conclui-se que a Controladoria deve ser reformulada para incorporar novas métricas e procedimentos de monitoração do desempenho vinculado ao risco. Desse modo, é proposta uma nova posição da Área na estrutura empresarial, que garanta independência a seu titular por meio do reporte simultâneo ao principal executivo e ao Conselho de Administração e, por extensão, aos acionistas/proprietários. / This dissertation revise concepts and mechanisms of corporate governance, to identify which are the elements and instruments that make it possible to the responsible ones, to determine the corporation?s lines of direction, its effective action. From the evidence that there is no governance without control, and that it depends, therefore, on the structuring of a complete performance evaluation chart allowing to monitor not only the management of resources, but also the linked risks, among them the agency risk, it emerges the need of guaranteeing the independence and the exemption of such evaluation, which requires the existence of a unified and specialized organ to manage this control independently of the remaining units, that carry executive tasks out. This organ should evaluate and control the several divisions of the corporation and work as an instrument of support and connection, not only to the management activity, but also to the activity of controlling and reporting the performance bounded, to these manager?s risk. Evidence is given that such attributions are identified with the primordial functions of the Controlling Area, whose accounting-financial system is a powerful and non-replaceable instrument to track and identify the creation and erosion process of the corporation value through the several units of the organizations. It is, therefore, concluded that the Control Area should be reformulated in a way to incorporate new measures and procedures for monitoring performance linked to risks and it is proposed a new position of the said Area in the entrepreneurial structure, thus guaranteeing independence to its head through a simultaneous reporting to the main executive of the Board, and by extension, to the shareholders/owners.

Agenciamento

Controladoria

Governança corporativa

Risco

Agency theory

Controllership

Corporate Governance

Internal control

Risk