Conclusions and Future Research

  • Olof Arwinge
Part of the Contributions to Management Science book series (MANAGEMENT SC.)


Purpose: The aim of this chapter is to make concluding observations based on what we have discussed in other previous chapters as well as to describe future research opportunities within the area of internal control.

Synopsis: Internal control seems to be an all-encompassing process. The wider approaches to internal control have expanded its boundaries significantly, far beyond the financial reports and the duties of the accountant. Financial reporting quality objectives have been supplemented with other internal control objectives which are related to compliance, efficiency and effectiveness. Today internal controls may be dispersed and embedded in most of the company’s business activities. Furthermore, internal control has transformed into an extension of risk management and thus tied closer to the strategy formulation and execution process. Internal control is considered to be a form of risk treatment through which inherent risk may be increased or decreased through the design and application of controls. Furthermore, it is today a regulatory object. Lawmakers and supervisory authorities are increasingly concerned with the design and operating effectiveness of internal controls. Disclosure requirements imposed on firms are forcing them to provide public disclosures about their internal control systems, which were previously private to firms. Today internal control is also considered to be a key corporate governance mechanism and corporate governance rating systems and credit rating agencies increasingly take into account the internal control and risk management practices of firms. Some researchers however have pointed out that there is still much to learn about internal control quality, and how internal control is associated with corporate governance quality. The fact that internal control is an inherently complex concept poses a significant research barrier, and while all research methods are valid, it is unlikely that archival studies or experiments are able to capture measures of internal control quality. Finally, practical, regulatory and academic texts suggest that internal control designs are contingent upon certain variables. These variables include company objectives, strategy, regulatory characteristics, risk and risk appetite, management attitudes and firm size. Prior research also points to the challenge facing any internal control architect. Building internal control capabilities would seem to be of great importance if firms are to be able to design internal controls which are balanced, integrated, dynamic and cost-effective.


Internal Control Corporate Governance Audit Committee Management Control System Internal Control Quality 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. Beasley, M. S., Clune, R., & Hermanson, D. R. (2005). Enterprise risk management: an empirical analysis of the factors associated with the extent of the of implementation. Journal of Accounting and Public Policy, 24, 521–531.CrossRefGoogle Scholar
  2. Brandinger, R. (2008a). Kodens ansvar finns i betraktarens öga. Dagens Industri.Google Scholar
  3. Brandinger, R. (2008b, September 1). Riskhantering – inget för koden. Dagens Industri. Google Scholar
  4. Chapman, C., Hopwood, A., & Shields, M. D. (Eds.). (2007). Handbook of management accounting research. Oxford: Elsevier.Google Scholar
  5. COSO (Committee of Sponsoring Organizations of the Treadway Commission). (1992). Internal control – Integrated framework. New York: AICPA.Google Scholar
  6. COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2004). Enterprise risk management – Integrated framework, executive summary. New York: AICPA.Google Scholar
  7. Davies, M. (2008). The impracticality of international “once size fit all” corporate governance of best practice. Managerial Auditing Journal, 23(6), 532–544.CrossRefGoogle Scholar
  8. Doyle, E. (2007). Compliance obstacles to competitiveness. Corporate Governance, 7(5), 612–622.CrossRefGoogle Scholar
  9. Eisenhardt, K. M. (2007). Theory building from case studies: Opportunities and challenges. Academy of Management Journal, 50(1), 25–32.CrossRefGoogle Scholar
  10. Ethiraj, S. K., Kale, P., Krishnan, M. S., & Singh, J. V. (2005). Where do capabilities come from and how do they matter? A study in the software services industry. Strategic Management Journal, 26, 25–45.CrossRefGoogle Scholar
  11. Fadzil, F. H., Haron, H., & Jantan, M. (2005). Internal auditing practices and internal control system. Managerial Auditing Journal, 20(8), 844–866.CrossRefGoogle Scholar
  12. Fraser, I., & Henry, W. (2007). Embedding risk management: Structures and approaches. Managerial Auditing Journal, 22(4), 392–409.CrossRefGoogle Scholar
  13. Hammer, M. (2007, April). The process audit. Harvard Business Review, 111–123.Google Scholar
  14. Hammer, M., & Champy, J. (1993). Reengineering the corporation. A manifesto for business revolution. London: Nicholas Brealey.Google Scholar
  15. Handley-Schachler, M., Juleff, L., & Paton, C. (2007). Corporate governance in the financial services sector. Corporate Governance, 7(5), 623–634.CrossRefGoogle Scholar
  16. Haun, R. D. (1955). Broad vs. narrow concepts of internal auditing and internal control. The Accounting Review, 30(1), 114–118.Google Scholar
  17. Heier, J. R., Dugan, M. T., & Sayers, D. L. (2005). A century of debate for internal controls and their assessment: A study of reactive evolution. Accounting History, 10(3), 39–70.CrossRefGoogle Scholar
  18. Hermanson, D. R., & Rittenberg, L. E. (2003). Research opportunities in internal auditing chapter 2: Internal audit and organizational governance. Florida: IIA (Institute of Internal Auditors) Research Foundation.Google Scholar
  19. Hutter, B., & Power, M. (Eds.). (2005). Organizational encounters with risk. Cambridge: Cambridge University Press.Google Scholar
  20. Jonnergård, K., & Larsson, U. (2007). Developing codes of conduct: Regulatory conversations as means for detecting institutional change. Law & Policy, 29(4), 460–492.CrossRefGoogle Scholar
  21. Khanchel, I. (2007). Corporate governance: Measurement and determinant analysis. Managerial Auditing Journal, 22(8), 740–760.CrossRefGoogle Scholar
  22. Kinney, W. R., Jr. (2000). Research opportunities in internal control quality and quality assurance. Auditing: A Journal of Practice and Theory, 19(Supplement), 83–90.CrossRefGoogle Scholar
  23. Kollegiet för Svensk Bolagsstyrning [The Swedish Corporate Governance Board]. (2005). Anvisning Nr.1-2005 [Guidance No.1-2005 regarding board reporting on internal control], Stockholm, December 15, 2005.Google Scholar
  24. Kollegiet för Svensk Bolagsstyrning [The Swedish Corporate Governance Board]. (2006a). Anvisning Nr.1-2006 [Guidance No. 1-2006 on the application of code provisions regarding reporting and disclosure of internal controls], Stockholm, September 6, 2006. Available at
  25. Lekvall, P. (2008, September 6). Intern kontroll kvar i fokus. Dagens Industri. Google Scholar
  26. Maijoor, S. (2000). The internal control explosion. International Journal of Auditing, 4, 101–109.CrossRefGoogle Scholar
  27. Mikes, A. (2009). Risk management and calculative cultures. Management Accounting Research, 20, 18–40.CrossRefGoogle Scholar
  28. Oliviero, M. E. (2002, February). The architect is missing. Internal Auditor, 76.Google Scholar
  29. Picket, K. H. S. (2001). Internal control: A manager’s journey. New York: Wiley.Google Scholar
  30. Porter, M. E. (1985). Competitive advantage. New York: Free Press.Google Scholar
  31. Power, M. (1997). The audit society: Rituals of verification. New York: Oxford University Press.Google Scholar
  32. Power, M. (2004). The nature of risk: The risk management of everything. Balance Sheet, 12(5), 19–28.CrossRefGoogle Scholar
  33. Power, M. (2005). The invention of operational risk. Review of International Political Economy, 12(4), 577–599.CrossRefGoogle Scholar
  34. Power, M. (2007). Organized uncertainty: Designing a world of risk management. New York: Oxford University Press.Google Scholar
  35. Rae, K., & Subramaniam, N. (2008). Quality of internal control procedures: Antecedents and moderating effect on organizational justice and employee fraud. Managerial Auditing Journal, 23(2), 104–124.CrossRefGoogle Scholar
  36. Sarens, G., & De Beelde, I. (2006). Internal auditors’ perception about their role in risk management: A comparison between US and Belgium companies. Managerial Auditing Journal, 21(1), 63–80.CrossRefGoogle Scholar
  37. Scott, W. R. (2003). Financial accounting theory (3rd ed.). Toronto: Prentice Hall.Google Scholar
  38. Spira, L. F., & Page, M. (2003). Risk management: The reinvention of internal control and the changing role of internal audit. Accounting, Auditing and Accountability Journal, 16(4), 640–661.CrossRefGoogle Scholar
  39. Teece, D. J., Pisano, G., & Shuen, A. (1997). Dynamic capabilities and strategic management. Strategic Management Journal, 18(7), 509–533.CrossRefGoogle Scholar
  40. Turley, S., & Zaman, M. (2007). Audit committee effectiveness: Informal processes and behavioural effects. Accounting, Auditing and Accountability Journal, 20(5), 765–788.CrossRefGoogle Scholar
  41. Winter, S. G. (2003). Understanding dynamic capabilities. Strategic Management Journal, 24, 991–995.CrossRefGoogle Scholar
  42. Woods, M. (2009). A contingency theory perspective on the risk management control systems within Birmingham city council. Management Accounting Research, 20, 69–81.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  1. 1.Department of Finance and AccountingUppsala UniversityUppsalaSweden

Personalised recommendations