Themes and Issues

Part of the Contributions to Management Science book series (MANAGEMENT SC.)


Purpose: The purpose of this chapter is to provide an account of some of the themes and issues that are frequently taken up in writings on internal control.

Synopsis: Official definitions of internal control develop, vary and are often somewhat controversial. Both broad and narrow approaches to internal control have co-existed for a long time and some scholars have argued that defining the boundaries of internal control remains problematic. Although internal control has always had a direct relationship to the concept of risk, recent writings suggest that this relationship is now more explicit and controls are closely associated with risk management practices. There have been continuous attempts to classify and distinguish different types of internal controls. As the concept of internal control has expanded into management control and corporate governance, design issues are becoming more important. It is however difficult to examine and measure internal control quality. Internal control designs seem however to be contingent upon a number of external and internal variables, including certain regulatory environment characteristics, business culture, uncertainty and risk, objectives and strategies, risk appetite, practical frameworks and standards and firm size. The specific design objectives often applied may be management’s financial assertions or a stated risk appetite level. Existing writings on internal controls also suggest that controls need to be integrative, balanced, embedded, cost-effective and adaptive. Much has been written on the assessment and evaluation of internal control, which is unsurprising, since this constitutes a key part of the audit process. Findings suggest that internal control evaluation is part structure, part judgment. The disclosure of internal control is not a new phenomenon but is becoming increasingly important. Issues often examined include whether disclosure requirements should be voluntary or mandatory, whether they should address the effectiveness of internal controls, and also whether auditors should attest to a report on internal control. Today internal control is often referred to as a corporate governance mechanism, yet researchers have suggested that internal control from this perspective remains under-explored. Determining the outcomes of internal control may be difficult however, although prior writings on the subject not only discuss its fraud detection capabilities, risk and cost consequences but also its enabling effects on firm performance.


Internal Control Corporate Governance Audit Committee Management Control System Internal Control Quality 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. af Ekenstam, A.-C. (2009, August 17). Modernisera riskarbetet. Dagens Industri. Google Scholar
  2. Agarwal, S. (1993). Influence of formalization on role stress, organizational commitment, and work alienation of sales persons: A cross-national comparative study. Journal of International Business Studies, 24(4), 715–739.CrossRefGoogle Scholar
  3. Ahmed, A. S., McAnally, M. L., Rasmussen, S., & Weaer, C. D. (2010). How costly is the Sarbanes Oxley act? Evidence on the effects of the act on corporate profitability. Journal of Corporate Finance, 16, 352–369.CrossRefGoogle Scholar
  4. Allegrini, M., DÓnza, G., Paape, L., Melville, R., & Sarens, G. (2006). The European literature on internal auditing. Managerial Auditing Journal, 21(8), 845–853.CrossRefGoogle Scholar
  5. Anthony, R. N. (1965). Planning and control systems: A framework for analysis. Boston: Graduate School of Business Administration, Harvard University.Google Scholar
  6. Arwinge, O., & Munkby, T. (2011). Intern kontroll i finansiell sector – en studie av brister [Internal control in the financial sector – a study of deficiencies]. Balans, No.6/7, 25–29.Google Scholar
  7. Ashbaugh-Skaife, H., Collins, D. W., & Kinney, W. R., Jr. (2007). The discovery and reporting of internal control deficiencies prior to SOX-mandated audits. Journal of Accounting and Economics, 44, 167–192.CrossRefGoogle Scholar
  8. Ashbaugh-Skaife, H., Collins, D. W., Kinney, W. R., Jr., & LaFond, R. (2008). The effect of SOX internal control deficiencies and their remediation of accrual quality. The Accounting Review, 83(1), 217–250.CrossRefGoogle Scholar
  9. Ashbaugh-Skaife, H., Collins, D. W., Kinney, W. R., Jr., & Lanfond, R. (2009). The effect of SOX internal control deficiencies on firm risk and cost of capital. Journal of Accounting Research, 47(1), 1–43.CrossRefGoogle Scholar
  10. Ashton, R. H. (1974). An experimental study of internal control judgments. Journal of Accounting Research, 12(1), 143–157.CrossRefGoogle Scholar
  11. Bannister, S. J., Engvall, D. H., & Martin, D. B. H. (2007). Retooling the internal control process – A welcome relief. Insights, 21(8), 2–15.Google Scholar
  12. Beasley, M. S., Clune, R., & Hermanson, D. R. (2005). Enterprise risk management: an empirical analysis of the factors associated with the extent of the of implementation. Journal of Accounting and Public Policy, 24, 521–531.CrossRefGoogle Scholar
  13. Bierstaker, J. L. (2003). Auditor recall and evaluation of internal control information: Does task-specific knowledge mitigate part-list interference? Managerial Auditing Journal, 18(2), 90–99.CrossRefGoogle Scholar
  14. Bierstaker, J. L., Hunton, J. E., & Thibodeau, J. C. (2009). Do client-prepared internal control documentation and business process flowcharts help or hinder an auditor’s ability to identify missing controls? Auditing: A Journal of Practice and Theory, 28(1), 79–94.CrossRefGoogle Scholar
  15. Bierstaker, J. L., & Thibodeau, J. C. (2006). The effect of format and experience on internal control evaluation. Managerial Auditing Journal, 21(9), 877–891.CrossRefGoogle Scholar
  16. Birkenshaw, J., & Jenkins, H. (2009). Risk management gets personal. Lessons from the credit crisis. Executive Briefing. Advanced Institute of Management Research (AIM Research). Available at
  17. Boessa, G., & Kumar, K. (2007). Drivers of corporate disclosures: A framework and empirical evidence from Italy and the United States. Accounting, Auditing and Accountability Journal, 20(2), 269–296.CrossRefGoogle Scholar
  18. Borthick, A. F., Curtis, M. B., & Sriram, R. S. (2006). Accelerating the acquisition of knowledge structure to improve performance in internal control reviews. Accounting, Organizations and Society, 31, 323–342.CrossRefGoogle Scholar
  19. Bower, J. B., & Schlosser, R. E. (1965). Internal control – Its true nature. The Accounting Review, 40(2), 338–344.Google Scholar
  20. Braiotta, L., Gazzaway, R. T., Colson, R. H., & Ramamoorti, S. (2010). The audit committee handbook (5th ed.). New Jersey: Wiley.Google Scholar
  21. Brandinger, R. (2008a). Kodens ansvar finns i betraktarens öga. Dagens Industri.Google Scholar
  22. Brandinger, R. (2008b, September 1). Riskhantering – inget för koden. Dagens Industri. Google Scholar
  23. Bronson, S. N., Carcello, J. V., & Raghunandan, K. (2006). Firm characteristics and voluntary management reports on internal control. Auditing: A Journal of Practice and Theory, 25(2), 25–39.CrossRefGoogle Scholar
  24. Brown, R. (1962): Changing audit objectives and techniques. The Accounting Review, 37(4), 696–703. In Lee, T. A. (ed.). (1988). The evolution of audit thought and practice. New York: Garland.Google Scholar
  25. Cain, A. (2009, December). Financial industry leads in fraud increases. Internal Auditor, 15.Google Scholar
  26. Callaghan, J. H., Savage A., & Mintz, S. (2007, March). Assessing the control environment using a balanced scorecard approach. The CPA Journal.Google Scholar
  27. Carcello, J. V., Hermanson, D. R., & Raghunandan, K. (2005). Factors associated with US public companies’ investment in internal auditing. Accounting Horizons, 19(2), 69–84.CrossRefGoogle Scholar
  28. Cardinal, L. B., Sitkin, S. B., & Long, C. P. (2004). Balancing and rebalancing in the creation and evolution of organizational control. Organization Science, 15(4), 411–431.CrossRefGoogle Scholar
  29. Carmichael, D. R. (1970). Behavioral hypotheses of internal control. The Accounting Review, 45(2), 235–245.Google Scholar
  30. Chambers, A. (2006). Assurance of performance. Measuring Business Excellence, 10(3), 41–45.CrossRefGoogle Scholar
  31. Changchit, C., Holsapple, C. W., & Madden, D. L. (2001). Supporting managers internal control evaluations: An expert system and experimental results. Decision Support Systems, 30, 437–449.CrossRefGoogle Scholar
  32. Chapman, C. (1997). Reflections on a contingent view of accounting. Accounting, Organizations and Society, 22(2), 189–205.CrossRefGoogle Scholar
  33. Chapman, C., Hopwood, A., & Shields, M. D. (Eds.). (2007). Handbook of management accounting research. Oxford: Elsevier.Google Scholar
  34. Cheney, G. (2008, May 26). Controlling internal controls. Investment dealers’ Digest, 20–21.Google Scholar
  35. Chenhall, R. (2003). Management control systems design within its organizational context: Findings from contingency-based research and directions for the future. Accounting, Organizations and Society, 28, 127–168.CrossRefGoogle Scholar
  36. Clikeman, P. M. (2009, February). Audit evidence. Internal Auditor, 19–20.Google Scholar
  37. Cohen, J., Krishnamoorthy, G., & Wright, A. (2004). The corporate governance mosaic and financial reporting quality. Journal of Accounting Literature, 23, 87–152.Google Scholar
  38. Coletti, A. L., Sedatole, K. L., & Towry, K. L. (2005). The effect of control systems on trust and cooperation in collaborative environments. The Accounting Review, 80(2), 477–500.CrossRefGoogle Scholar
  39. COSO (Committee of Sponsoring Organizations of the Treadway Commission). (1992). Internal control – Integrated framework. New York: AICPA.Google Scholar
  40. COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2004). Enterprise risk management – Integrated framework, executive summary. New York: AICPA.Google Scholar
  41. COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2006). Internal control over financial reporting – Guidance for smaller public companies, volume 1: executive summary. New York: AICPA.Google Scholar
  42. COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2007). Internal control – integrated framework, guidance on monitoring internal control systems, Discussion document, 2007–09Google Scholar
  43. COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2009a). Internal control – integrated framework. Guidance on monitoring internal control systems – introduction. New York: AICPA. Available at
  44. COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2009b). Effective enterprise risk oversight – the role of the board of director. New York: AICPA. Available at
  45. COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2009c). Strengthening Enterprise Risk Management for Strategic Advantage. New York: AICPA. Available at
  46. COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2010a, December). Board risk oversight – a progress report. Where boards and directors currently stand in executing their risk oversight responsibilities. Research commissioned by COSO. Available at
  47. COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2010b). Developing key indicators to strengthen enterprise risk management. How key risk indicators can sharpen focus on emerging risks. Research commissioned by COSO. Available at
  48. COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2011). Embracing enterprise risk management. Practical approaches to getting started. Research commissioned by COSO. Available at
  49. Davies, M. (2008). The impracticality of international “once size fit all” corporate governance of best practice. Managerial Auditing Journal, 23(6), 532–544.CrossRefGoogle Scholar
  50. Davies, M. (2009). Effective working relationships between audit committees and internal audit – The cornerstone of corporate governance in local authorities, a Welsh perspective. Journal of Management and Governance, 13, 41–73.CrossRefGoogle Scholar
  51. De La Rosa, S. (2007, June). Moving forward with ERM. Internal Auditor, 50–54.Google Scholar
  52. DeFond, M. L., & Francis, J. R. (2005). Audit research after Sarbanes-Oxley. Auditing: A Journal of Practice and Theory, 24(Supplement: 5–30), 5–40.Google Scholar
  53. DesJardins, J. R., & McCall, J. J. (2005). Contemporary issues in business ethics (5th ed.). Belmont: Wadsworth/Thomson.Google Scholar
  54. Dewar, R. D., Whetten, D. A., & Boje, D. (1980). An examination of the reliability and validity of the Aiken and Hage scales of centralization, formalization and task routineness. Administrative Science Quarterly, 25(1), 120–128.CrossRefGoogle Scholar
  55. Dicksee, L. R. (1892). Auditing: A practical manual for auditors (1st ed.). London: Gee.Google Scholar
  56. Dicksee, L. R. (1905). Auditing: authorized American edition (R. H. Montgomery, ed). New York: Arno PressGoogle Scholar
  57. Dolphin, R. R. (2004). Corporate reputation – A value creating strategy. Corporate Governance, 4(3), 77–92.CrossRefGoogle Scholar
  58. Doyle, E. (2007). Compliance obstacles to competitiveness. Corporate Governance, 7(5), 612–622.CrossRefGoogle Scholar
  59. Eisenhardt, K. M. (1985). Control: organizational and economic approaches. Management Science, 31(2), 134–149.CrossRefGoogle Scholar
  60. Ethiraj, S. K., Kale, P., Krishnan, M. S., & Singh, J. V. (2005). Where do capabilities come from and how do they matter? A study in the software services industry. Strategic Management Journal, 26, 25–45.CrossRefGoogle Scholar
  61. Fadzil, F. H., Haron, H., & Jantan, M. (2005). Internal auditing practices and internal control system. Managerial Auditing Journal, 20(8), 844–866.CrossRefGoogle Scholar
  62. Fagerberg, J. (2008). Occupational Fraud – Auditors´ perceptions of red flags and internal control. (diss.) [Licenciat avhandling]. Linköping University, Linköping Studies in Science and Technology, Thesis No. 1369.Google Scholar
  63. Far, S. R. S. (2009). Samlingsvolymen 2009 Revision [Swedish Audit Standards 2009]. Stockholm/Sverige: FAR SRS Förlag.Google Scholar
  64. FFE (The Federation of European Accountants). (2007). Selected issues in relation to financial statement audits. Inherent limitations, reasonable assurance, professional judgement and its documentation, and enforceability of auditing standards. Available at
  65. Finansinspektionen [The Swedish Financial Supervisory Authority]. (2005). Allmänna råd om styrning och kontroll i finansiella bolag. FFFS 2005:1 [General guidelines regarding governance and control of financial undertakings], Stockholm. Available at
  66. Finansinspektionen [The Swedish Financial Supervisory Authority]. (2011, Maj 24). Tillsynsrapport 2011. Erfarenheter från tillsyn och regelutveckling [Oversight report 2011. Learnings from oversight and policy development], Finansinspektionen, Stockholm. Available at
  67. Flint, D. (1988). Philosophy and principles of auditing – An introduction. London: Macmillan Education.Google Scholar
  68. Foster, B. P., Ornstein, W., & Shastri, T. (2007). Audit costs, material weaknesses under SOX section 404. Managerial Auditing Journal, 22(7), 661–673.CrossRefGoogle Scholar
  69. Fraser, I., & Henry, W. (2007). Embedding risk management: Structures and approaches. Managerial Auditing Journal, 22(4), 392–409.CrossRefGoogle Scholar
  70. FRC (Financial Reporting Council). (2005). Internal control. Revised guidance for directors on the combined code. London. Available at
  71. FRC (Financial Reporting Council). (2008, June). The combined code on corporate governance, London. Available at
  72. Gadh, V. M., Krishnan, R., & Peters, J. M. (1993). Modeling internal controls and their evaluation. Auditing: A Journal of Practice and Theory, 12(Supplement), 113–129.Google Scholar
  73. Garbade, W. H. (1944). Internal control and the internal auditor. The Accounting Review, 19(4), 416–421.Google Scholar
  74. Gee, W., & McVay, S. (2005). The disclosure of material weaknesses in internal control after the Sarbanes-Oxley Act. Accounting Horizons, 19(3), 137–158.CrossRefGoogle Scholar
  75. Gerkes, J., Van der Werf, W. J., & Van der Wijk, H. (2007, October). Entity-level controls. Internal Auditor, 50–54.Google Scholar
  76. Goldberg, D. M. (2007, December). Focus on high-risk controls. Internal Auditor, 69–71.Google Scholar
  77. Grant Thornton. (2009a, Summer). Corporate governance series: enterprise risk management: creating value in a volatile economy. Available at
  78. Gupta, P. P., & Thomson, J. C. (2006). Use of COSO 1992 in management reporting on internal control. Strategic Finance, 27–33.Google Scholar
  79. Hall, R. H., Johnson, N. J., & Haas, E. (1967). Organizational size, complexity and formalization. American Sociological Review, 32(6), 903–912.CrossRefGoogle Scholar
  80. Hammer, M. (2007, April). The process audit. Harvard Business Review, 111–123.Google Scholar
  81. Hammer, M., & Champy, J. (1993). Reengineering the corporation. A manifesto for business revolution. London: Nicholas Brealey.Google Scholar
  82. Haron, H., Chambers, A., Ramsi, R., & Ismail, I. (2004). The reliance of external auditors on internal auditors. Managerial Auditing Journal, 19(9), 1148–1159.CrossRefGoogle Scholar
  83. Haun, R. D. (1955). Broad vs. narrow concepts of internal auditing and internal control. The Accounting Review, 30(1), 114–118.Google Scholar
  84. Hay, D. (1993). Internal control: How it evolved in four English-speaking countries. The Accounting Historians Journal, 20(1), 79–102.Google Scholar
  85. Heier, J. R., Dugan, M. T., & Sayers, D. L. (2005). A century of debate for internal controls and their assessment: A study of reactive evolution. Accounting History, 10(3), 39–70.CrossRefGoogle Scholar
  86. Hermanson, H. M. (2000). An analysis of the demand of reporting on internal control. Accounting Horizons, 14(3), 325–341.CrossRefGoogle Scholar
  87. Hermanson, D. R., & Rittenberg, L. E. (2003). Research opportunities in internal auditing chapter 2: Internal audit and organizational governance. Florida: IIA (Institute of Internal Auditors) Research Foundation.Google Scholar
  88. Hofstede, G. (1984). Culture’s consequences: International differences in work-related values. Beverly Hills: Sage.Google Scholar
  89. Hoitash, R., Hoitash, U., & Bedard, J. C. (2009). Corporate governance and internal control over financial reporting: A comparison of regulatory regimes. The Accounting Review, 84(3), 839–867.CrossRefGoogle Scholar
  90. Holmes, S. A., Langford, M., Welch, O. J., & Welch, S. T. (2002). Associations between internal controls and organizational citizenship behavior. Journal of Managerial Issues, 14(1), 85–99.Google Scholar
  91. Holmström, B., & Kaplan, S. N. (2003). The state of U.S. corporate governance: What’s right and what’s wrong? Journal of Applied Corporate Finance, 15(3), 8–20.CrossRefGoogle Scholar
  92. House, J. D. (1975). Organization without formalization: The case of a real estate agency. The Canadian Journal of Sociology, 2(2), 19–31.Google Scholar
  93. Hutter, B., & Power, M. (Eds.). (2005). Organizational encounters with risk. Cambridge: Cambridge University Press.Google Scholar
  94. IAASB (International Auditing and Assurance Standards Board). (2006, December). Redrafted International Standards on Auditing 240, 300, 315, 330. New YorkGoogle Scholar
  95. IIA (Institute of Internal Auditors). (2004). The professional practices framework. Florida: The IIA Research Foundation. Global Practices Center.Google Scholar
  96. IIA (Institute of Internal Auditors). (2009). International professional practices framework (IPPF). Florida: The IIA Research Foundation.Google Scholar
  97. James, K. L. (2003). The effect of internal audit structure on perceived financial statement fraud prevention. Accounting Horizons, 17(4), 315–327.CrossRefGoogle Scholar
  98. Jensen, M. C., & Meckling, W. H. (1976). Theory of the firm: managerial behaviour, agency costs and ownership structure. Journal of Financial Economics, 3, 305–360.CrossRefGoogle Scholar
  99. Jokipii, A. (2006). The structure and effectiveness of internal control – A contingency approach. (diss.) Åbo Akademi University, Turku.Google Scholar
  100. Jokipii, A. (2010). Determinants and consequences of internal control in firms: a contingency theory based analysis. Journal of Management and Governance, 14(2), 115–144.CrossRefGoogle Scholar
  101. Jonnergård, K., & Larsson, U. (2007). Developing codes of conduct: Regulatory conversations as means for detecting institutional change. Law & Policy, 29(4), 460–492.CrossRefGoogle Scholar
  102. Kinney, W. R., Jr. (2000). Research opportunities in internal control quality and quality assurance. Auditing: A Journal of Practice and Theory, 19(Supplement), 83–90.CrossRefGoogle Scholar
  103. Kinney, W. R., Jr. (2005). Twenty-five years of audit deregulation and re-regulation: What does it mean for 2005 and beyond? Auditing: A Journal of Practice and Theory, 24, 89–109.Google Scholar
  104. Kirkpatrick, W. W. (1962). The adequacy of internal corporate controls. The ANNALS of the American Academy of Political and Social Science, 343(1), 75–83.CrossRefGoogle Scholar
  105. Kjellberg, A.-C. (2009, September). Ledningen måste ta helhetsgrepp på riskerna. Dagens Industri. Google Scholar
  106. Kodgruppen [The Code group]. (2004). Svensk kod för bolagsstyrning [Swedish code of Corporate Governance], Stockholm.Google Scholar
  107. Kollegiet för Svensk Bolagsstyrning [The Swedish Corporate Governance Board]. (2005). Anvisning Nr.1-2005 [Guidance No.1-2005 regarding board reporting on internal control], Stockholm, December 15, 2005.Google Scholar
  108. Kollegiet för Svensk Bolagsstyrning [The Swedish Corporate Governance Board]. (2006a). Anvisning Nr.1-2006 [Guidance No. 1-2006 on the application of code provisions regarding reporting and disclosure of internal controls], Stockholm, September 6, 2006. Available at
  109. Kollegiet för Svensk Bolagsstyrning [The Swedish Corporate Governance Board]. (2006b). Årsrapport 2006 [Annual Report 2006]. Stockholm, June 2006. Available at
  110. Kollegiet för Svensk Bolagsstyrning [The Swedish Corporate Governance Board]. (2006c). Kodbarometern 2006 [Survey on the attitudes towards the Swedish code, 2006], Stockholm, June 2006. Available at
  111. Kollgiet för Svensk Bolagsstyrning [The Swedish Corporate Governance Board]. (2009, June). Årsrapport 2009 [Annual Report 2009], Stockholm. Available at
  112. Koutoupis, A. G. (2007, October). Documenting internal controls. Internal Auditor, 23–27.Google Scholar
  113. Krishnan, J., Rama, D., & Zhang, Y. (2008). Costs to comply with SOX section 404. Auditing: A Journal of Practice and Theory, 27(1), 169–186.CrossRefGoogle Scholar
  114. Langfield-Smith, K. (1997). Management control systems and strategy: A critical review. Accounting, Organizations and Society, 22(2), 207–232.CrossRefGoogle Scholar
  115. Langfield-Smith, K., & Smith, D. (2003). Management control systems and trust in outsourcing relationships. Management Accounting Research, 14, 281–307.CrossRefGoogle Scholar
  116. Lazarides, T., & Drimpetas, E. (2008). The missing link to an effective corporate governance system. Corporate Governance, 8(1), 73–82.CrossRefGoogle Scholar
  117. Lee, T. A. (1971). The historical development of internal control form the earliest times to the end of the seventeenth century. Journal of Accounting Research, 9(1), 150–157.CrossRefGoogle Scholar
  118. Lee, T. A. (Ed.). (1988). The evolution of audit thought and practice. New York: Garland.Google Scholar
  119. Lekvall, P. (2008, September 6). Intern kontroll kvar i fokus. Dagens Industri. Google Scholar
  120. Leone, A. J. (2007). Factors related to internal control disclosure: A discussion of Ashbaugh, Collins and Kinney (2007) and Doyle, Ge, and McVay (2007). Journal of Accounting and Economics, 44, 224–237.CrossRefGoogle Scholar
  121. Lightle, S. S., Castellano, J. F., & Cutting, B. T. (2007, December). Assessing the control environment. Internal Auditor, 51–56Google Scholar
  122. Linseley, P. M., & Lawrence, M. J. (2007). Risk reporting by the largest UK companies: Readability and lack of obfuscation. Accounting, Auditing and Accountability Journal, 20(4), 620–627.CrossRefGoogle Scholar
  123. Little, A., & Best, P. J. (2003). A framework for separating duties in an SAP R/3 environment. Managerial Auditing Journal, 18(5), 419–430.CrossRefGoogle Scholar
  124. Maijoor, S. (2000). The internal control explosion. International Journal of Auditing, 4, 101–109.CrossRefGoogle Scholar
  125. Matyjewicz, G., & DÀrcangelo, J. R. (2004, October). Beyond Sarbanes-Oxley. Internal Auditor, 67–72.Google Scholar
  126. McMullen, D. A., Raghunandan, K., & Rama, D. V. (1996). Internal control reports and financial reporting problems. Accounting Horizons, 10(4), 67–75.Google Scholar
  127. Michaels, R. E., Cron, W. L., Dubinsky, A. J., & Joachimsthaler, E. A. (1988). Influence of formalization on the organizational commitment and work alienation of salespeople and industrial buyers. Journal of Marketing Research, 25(4), 376–383.CrossRefGoogle Scholar
  128. Mikes, A. (2009). Risk management and calculative cultures. Management Accounting Research, 20, 18–40.CrossRefGoogle Scholar
  129. Mintzberg, H. (1983). Power in and around organizations. Englewood Cliffs: Prentice-Hall.Google Scholar
  130. Mintzberg, H. (1990). The design school: Reconsidering the basic premises of strategic management. Strategic Management Journal, 11(3), 171–195.CrossRefGoogle Scholar
  131. Mock, T. J., Sun, L., Srivastava, R. P., & Vasarhelyi, M. (2009). An evidential reasoning approach to Sarbanes-Oxley mandated internal control risk assessment. International Journal of Accounting Information Systems, 10(2), 65–78.CrossRefGoogle Scholar
  132. Netter, J., Poulsen, A., & Stegemoller, M. (2009). The rise of corporate governance in corporate control research. Journal of Corporate Finance, 15, 1–9.CrossRefGoogle Scholar
  133. O’Leary, C., Iselin, E., & Sharma, D. (2006). The relative effects of elements of internal control on auditors’ evaluations of internal control. Pacific Accounting Review, 18(2), 69–96.CrossRefGoogle Scholar
  134. O’Reilly, M., & McMullen, D. (2002, January). Internal control reporting and users’ perceptions of financial statement reliability. American Business Review. 100–107.Google Scholar
  135. Oliviero, M. E. (2001). Internal control – Integrated framework: How is responsible? Critical Perspectives on Accounting, 12, 187–192.CrossRefGoogle Scholar
  136. Oliviero, M. E. (2002, February). The architect is missing. Internal Auditor, 76.Google Scholar
  137. Olve, N.-G., Petri, C. J., Roy, J., & Roy, S. (2003). Making scorecards actionable: Balancing strategy and control. England: Wiley.Google Scholar
  138. Organ, D. W., & Greene, C. N. (1981). The effects of formalization on professional involvement: A compensatory process approach. Administrative Science Quarterly, 26(2), 237–252.CrossRefGoogle Scholar
  139. Otley, D. T. (1980). The contingency theory of management accounting: Achievement and prognosis. Accounting, Organizations and Society, 5(4), 413–428.CrossRefGoogle Scholar
  140. Otley, D. T. (1994). Management control in contemporary organizations: Towards a wider framework. Management Accounting Research, 5, 289–299.CrossRefGoogle Scholar
  141. Otley, D. T. (1999). Performance management: A framework for management control systems research. Management Accounting Research, 10, 363–382.CrossRefGoogle Scholar
  142. Otley, D. T. (2003). Management control and performance management: Whence or whither? The British Accounting Review, 35, 309–326.CrossRefGoogle Scholar
  143. Otley, D. T. (2008). Did Kaplan get it right? Accounting, Auditing and Accountability Journal, 21(2), 229–229.CrossRefGoogle Scholar
  144. Ouchi, W. G. (1977). The relationship between organizational structure and organizational control. Administrative Science Quarterly, 22, 95–113.CrossRefGoogle Scholar
  145. Ouchi, W. G. (1979). A conceptual framework for the design of organizational control mechanisms. Management Science, 25(9), 833–848.CrossRefGoogle Scholar
  146. Ouchi, W. G. (1980). Markets, bureaucracies and clans. Administrative Science Quarterly, 25, 129–141.CrossRefGoogle Scholar
  147. Pathak, J. (2005). Guest Editorial: Risk management, internal controls and organizational vulnerabilities. Managerial Auditing Journal, 20(6), 569–577.CrossRefGoogle Scholar
  148. PCAOB (Public Company Accounting Oversight Board). (2004). Auditing Standard No.2An audit of internal control over financial reporting performed in conjunction with an audit of financial statements Google Scholar
  149. PCAOB (Public Company Accounting Oversight Board). (2007). Auditing Standard No.5An audit of internal control over financial reporting that is integrated with an audit of financial statements. Available at
  150. PCAOB (Public Company Accounting Oversight Board). (2009, September). Report on the first-year implementation of the audit standard No.5: An audit of internal control over financial reporting that is integrated with an audit of financial statements. Available at
  151. Pfister, J. A. (2009). Managing organizational culture for effective internal control, from practice to theory. Heidelberg: Physica-Verlag.CrossRefGoogle Scholar
  152. Picket, K. H. S. (2001). Internal control: A manager’s journey. New York: Wiley.Google Scholar
  153. Podsakoff, P. M., Williams, L. J., & Todor, W. D. (1986). Effects of organizational formalization on alienation among professionals and nonprofessionals. The Academy of Management Journal, 29(4), 820–831.CrossRefGoogle Scholar
  154. Porter, M. E. (1985). Competitive advantage. New York: Free Press.Google Scholar
  155. Power, M. (1996). Making things auditable. Accounting, Organizations and Society, 21(2), 289–315.CrossRefGoogle Scholar
  156. Power, M. (1997). The audit society: Rituals of verification. New York: Oxford University Press.Google Scholar
  157. Power, M. (2003a). Auditing and the production of legitimacy. Accounting, Organizations and Society, 28, 379–394.CrossRefGoogle Scholar
  158. Power, M. (2003b). Evaluating the audit explosion. Law & Policy, 25(3), 185–202.CrossRefGoogle Scholar
  159. Power, M. (2004). The nature of risk: The risk management of everything. Balance Sheet, 12(5), 19–28.CrossRefGoogle Scholar
  160. Power, M. (2005). The invention of operational risk. Review of International Political Economy, 12(4), 577–599.CrossRefGoogle Scholar
  161. Power, M. (2006). Special research symposium: Organizations and the management or risk. Journal of Management Studies, 43(6), 1331–1337.CrossRefGoogle Scholar
  162. Power, M. (2007). Organized uncertainty: Designing a world of risk management. New York: Oxford University Press.Google Scholar
  163. Rae, K., & Subramaniam, N. (2008). Quality of internal control procedures: Antecedents and moderating effect on organizational justice and employee fraud. Managerial Auditing Journal, 23(2), 104–124.CrossRefGoogle Scholar
  164. Raghunandan, K., & Rama, D. V. (1994). Management reports after COSO. Internal Auditor, 54–58.Google Scholar
  165. Ramamoorti, S. (2003). Research opportunities in internal auditing, chapter 1: Internal auditing: History, evolution and prospects. Florida: IIA (Institute of Internal Auditors) Research Foundation.Google Scholar
  166. Ramos, M. (2004, May). Evaluate the control environment. Journal of Accountancy, 75–78.Google Scholar
  167. Rittenberg, L. E., & Miller, P. K. (2005). Sarbanes-Oxley 404 work: looking at the benefits. Florida: IIA (The Institute of Internal Auditors) Research Foundation.Google Scholar
  168. Sarens, G., & De Beelde, I. (2006). Internal auditors’ perception about their role in risk management: A comparison between US and Belgium companies. Managerial Auditing Journal, 21(1), 63–80.CrossRefGoogle Scholar
  169. Schipper, K. (1989, December). Earnings management. Accounting Horizons, 91–102.Google Scholar
  170. Schnatterly, K. (2003). Increasing firm value through detection and prevention of white-collar crime. Strategic Management Journal, 24, 587–614.CrossRefGoogle Scholar
  171. Scott, W. R. (2003). Financial accounting theory (3rd ed.). Toronto: Prentice Hall.Google Scholar
  172. Scott, S. V., & Walsham, G. (2005). Reconceptualizing and managing reputation risk in the knowledge economy: Toward reputable action. Organization Science, 16(3), 308–322.CrossRefGoogle Scholar
  173. SEC (United States Securities and Exchange Commission). (2009b). Proxy disclosure enhancements, Release No: 33–9089, Proposed Rule Release No. 33–9052. Release date December 19, 2009, Effective date: February 28, 2010. Available at
  174. Senior Supervisors Group. (2009, October 21). Risk management lessons from the global banking crisis of 2008. Available at
  175. Sherer, M., & Turley, S. (1997). Current issues in auditing (3rd ed.). London: Sage.Google Scholar
  176. Simons, R. (1987). Accounting control systems and business strategy: An empirical analysis. Accounting, Organizations and Society, 12(4), 357–374.CrossRefGoogle Scholar
  177. Simons, R. (1990). The role of management control systems in creating competitive advantage: New perspectives. Accounting, Organizations and Society, 15(1/2), 127–143.CrossRefGoogle Scholar
  178. Simons, R. (1991). Strategic orientation and top management attention to control systems. Strategic Management Journal, 12(1), 49–62.CrossRefGoogle Scholar
  179. Simons, R. (1995). Levers of control: How managers use innovative controls systems to drive strategic renewal. Boston: Harvard Business School Press.Google Scholar
  180. Smith, K. A. (1972). The relationship of internal control evaluation and audit sample size. The Accounting Review, 47(2), 260–269.Google Scholar
  181. Solomon, J., Solomon, A., Norton, S., & Joseph, N. (2000). A conceptual framework for corporate risk disclosure emerging from the agenda for corporate governance reform. British Accounting Review, 32, 447–478.CrossRefGoogle Scholar
  182. Spira, L. F., & Page, M. (2003). Risk management: The reinvention of internal control and the changing role of internal audit. Accounting, Auditing and Accountability Journal, 16(4), 640–661.CrossRefGoogle Scholar
  183. Steffee, S. (2009, December). Reforms reduced compliance costs. Internal Auditor, 17.Google Scholar
  184. Swayze, W. S. (1946). Internal control in industrial organizations. The Accounting Review, 21(3), 272–277.Google Scholar
  185. Tacket, J., Wolf, F., & Claypool, G. (2006). Internal control under Sarbanes Oxley: A critical examination. Managerial Auditing Journal, 21(3), 317–323.CrossRefGoogle Scholar
  186. Tackett, J., Wolf, F., & Claypool, G. (2004). Sarbanes-Oxley and audit failure: A critical examination. Managerial Auditing Journal, 19(3), 340–350.CrossRefGoogle Scholar
  187. Taiariol, R. (2000, February). Segregated duties in fashion. Internal Auditor, 23–25.Google Scholar
  188. Tannenbaum, A. (1968). Control in organizations. New York: McGraw-Hill.Google Scholar
  189. Taylor, B. (2003). Board leadership: Balancing entrepreneurship and strategy with accountability and control. Corporate Governance, 3(2), 3–5.CrossRefGoogle Scholar
  190. Teece, D. J., Pisano, G., & Shuen, A. (1997). Dynamic capabilities and strategic management. Strategic Management Journal, 18(7), 509–533.CrossRefGoogle Scholar
  191. Trenerry, A. (1999). Principles of internal control. Sydney: University of New South Wales Press.Google Scholar
  192. Turley, S., & Zaman, M. (2007). Audit committee effectiveness: Informal processes and behavioural effects. Accounting, Auditing and Accountability Journal, 20(5), 765–788.CrossRefGoogle Scholar
  193. Wallace, W. A. (1981). Internal control reporting practices in the municipal sector. The Accounting Review, 56(3), 666–689.Google Scholar
  194. Waller Shelton, S., & Whittington, O. R. (2008). The influence of the auditor’s report on investors’ evaluations after the Sarbanes-Oxley act. Managerial Auditing Journal, 23(2), 142–160.CrossRefGoogle Scholar
  195. Wells, J. T. (2002). Let them know someone’s watching. Journal of Accountancy, 5, 106–110.Google Scholar
  196. Whitley, J. (2006, December). COSO to develop further internal control guidance. Internal Auditor, 18.Google Scholar
  197. Wiesen, J. (2003). Congress enacts Sarbanes-Oxley Act of 2002: A two-ton gorilla awakes and speaks. Journal of Accounting, Auditing and Finance, 18(3), 429–448.Google Scholar
  198. Winter, S. G. (2003). Understanding dynamic capabilities. Strategic Management Journal, 24, 991–995.CrossRefGoogle Scholar
  199. Woods, M. (2009). A contingency theory perspective on the risk management control systems within Birmingham city council. Management Accounting Research, 20, 69–81.CrossRefGoogle Scholar
  200. Ernst & Young (2009). The future of risk. Protecting and enabling performance. EYGM limited. Available at
  201. Zannetos, Z. S. (1964). Some thoughts on internal control systems of the firm. The Accounting Review, 39(4), 860–868.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  1. 1.Department of Finance and AccountingUppsala UniversityUppsalaSweden

Personalised recommendations