Effektivisering og optimering af interne kontroller i de finansielle processer: En risikobaseret tilgang

Anh Hong Nguyen & Mads Dvoracek

Student thesis: Master thesis


Introduction During the last decades, focus on internal controls and reporting here of have been increased due to the increased globalization and complexity of companies. The demand for reliable financial reporting and the use of internal controls to mitigate significant risks was reflected in the rise of Corporate Governance awareness which later became incorporated in the Danish legislation. The financial crisis in 2008 changed the global markets and from a company perspective, it was no longer sufficient to provide reliable information. It had to be done the most efficient way with use of fewer resources. A significant tool for ensuring reliability in the financial processes is the use of internal controls. For company leaders and process owners, the paradox is how are these designed and optimized so fewer resources are used without damaging the reliability and weakening the control environment? Approach The COSO‐framework provides guidance and tools for how to design, implement and monitor internal controls. Furthermore the design should be performed from a risk based perspective, to ensure that all risks are mitigated and emerging risks evaluated. COSO combined with an understanding of which global demands and local requirements the company is bound to be compliant with and take in consideration, is a robust starting point. However, they do not provide guidance on how controls are effectively designed from an efficiency point of view. Based on control types, timing and characteristics of controls are elements that can be adjusted and designed to meet future requirements and demands. To analyze the effects of different types of controls with different characteristics, two generic financial processes have been selected. The Purchase‐To‐Pay and Record‐To‐Report processes have been selected due to the assessment that these are less influenced by company‐ and market related conditions. For each generic risk identified in the two processes, two suggestions for internal control setup are given. Pros and cons have been discussed and evaluated. Based on the analysis it can be determined whether or not an optimization can be achieved without compromising the reliability of the financial reports. Conclusion The implementation of system based automated internal controls can be used to reduce time spent on manual controls and minimize risk of manual errors. Usage of automated internal controls will enhance the degree of reliability due to consistency and reduce the possibility of manual interference. This is vital when the number of transactions and number of employees increases. However it is important that automated controls are concentrated in the early part of the process to ensure that input data in the ERP‐system is valid. By doing so detective manual controls can be reduced or eliminated entirely. This however requires a complete overview of the entire process and related risks. Another downside is the complexity and relatively high implementation costs compared to manual controls. The decision concerning implementation of automated internal controls should be carefully evaluated by companies, and be based on long term objectives.

EducationsMSc in Auditing, (Graduate Programme) Final Thesis
Publication date2013
Number of pages145