This dissertation evaluates the significance of Internal Control Systems (ICS) within the framework of the 8th EU Directive. The author analyses the advantages, disadvantages, as well as impending conflicts and limits regarding the implementation process of an ICS in the regulatory environment of the EU. Possible theoretical implementation guidelines are elaborated on the basis of
two commonly known frameworks for internal control, namely 1) the COSO Framework, which considers the general design of an ICS, except for detailed results of IT-based internal controls, and 2) the COBIT Framework, which provides details for the IT processes and their proposed controls.
In addition, the author analyses the findings of a survey in which 27 internal control specialists, auditors, and internal control consultants participated.
The results of the survey reveal that companies face a number of problems and challenges when aiming to implement and maintain an effective ICS. Similar to the findings in literature, the survey sample name the effort, resources, costs, and maintenance, as well as the acceptance, awareness, communication, design and complexity as the main challenges and problems an Internal Control System is confronted with. On the basis of the survey results,
the author provides insights into determining an ICS’ actual state, as well as its target state.
Finally, the author of this dissertation proposes establishing an ICS project in order to create awareness for ICS, to structure the ICS process transparently and within an appropriate time frame. Furthermore, the usage of checklists and frameworks facilitates the implementation process of an ICS. It is recommended to use the COSO and COBIT Framework.
Table of Contents
1. Introduction
1.1. Background
1.2. Analytical Procedure
2. Literature Review
2.1. Regulatory Environment
2.2. Fundamental Elements of the ICS
2.2.1. Basic Idea and Definition of an ICS
2.2.2. Principles of the ICS
2.2.3. Objectives of the ICS
2.2.4. Critical Assessment
2.3. Control Models of the ICS
2.3.1. COSO
2.3.1.1. Background
2.3.1.2. Internal Control - Integrated Framework
2.3.2. COBIT
2.3.2.1. Background
2.3.2.2. Framework
2.3.3. Critical Appreciation and Interaction of the Models
3. Research Design and Methodology
3.1. Research Philosophy
3.2. Research Approach and Method
3.3. Research Strategy
3.4. Research Time Horizon and Data Collection
3.5. Access to Data and Resources
3.6. Ethical Issues
4. Analysis, Discussion and Interpretation
4.1. Presenting the Data: Relevance of the ICS for a Company
4.1.1. Benefits of the ICS
4.1.2. Drawbacks of the ICS
4.1.3. Restriction of the ICS
4.1.4. Implementation Problems of the ICS
4.1.5. Areas for the ICS
4.1.6. Drivers and Prospective Usage of the ICS
4.2. Interpretation: Design in Companies
4.2.1. Determination of the Actual State of an ICS
4.2.1.1. Self-Assessment
4.2.1.2. Identifying Risk Areas and Processes
4.2.1.3. Roles and Responsibilities
4.2.2. Determination of the Target State of an ICS
4.2.2.1. Roles, Responsibilities and the Analysis Process
4.2.2.2. Control Activities
4.2.2.3. Realisation, Monitoring and Documentation
4.2.2.4. Challenges in IT
4.2.2.5. Design of Processes
5. Conclusions
6. Recommendations
Objectives and Research Focus
The primary objective of this dissertation is to investigate the significance and implementation of Internal Control Systems (ICS) within the regulatory framework of the 8th EU Directive. The work aims to identify the key challenges, risks, and implementation barriers faced by companies and to provide practical guidelines and frameworks for establishing an effective ICS.
- Analysis of the regulatory environment and the impact of the 8th EU Directive on public interest companies.
- Evaluation of standardized control frameworks, specifically COSO and COBIT, for internal control implementation.
- Assessment of current practices and implementation challenges through an empirical survey with industry experts.
- Development of a structured, practical approach for determining the actual and target state of an ICS within a company.
- Provision of implementation guidelines, including self-assessment tools, risk matrices, and IT process controls.
Excerpt from the Book
2.2.1. Basic Idea and Definition of an ICS
Internal control is not new; in the past, internal control was mostly associated with “bookkeeping where checks were done to detect errors and fraud” (Leitch, 2008, p. 13). However, this approach first transformed in the 1950s. In 1949, the American Institute of Accountants (AIA, today American Institute of Certified Public Accountants, AICPA) released a study which focused on the issue of internal control and provided the following definition cited by Root (1998, p. 68):
“Internal Control comprises the plan of organization and all of the coordinate methods and measures adopted within a business to safeguard its assets, check the accuracy and reliability of its accounting data, promote operational efficiency, and encourage adherence to prescribed managerial policies”.
Leitch (2008, p. 13f.) and Trenerry (1999, p. 4f.) assert that internal control was a process designed to provide “reasonable assurance as to achievement of controls” in the following three areas:
• effectiveness and efficiency of operations;
• reliability of financial reporting; and
• compliance with applicable laws and regulations.
Summary of Chapters
1. Introduction: Outlines the background of market globalization and the resulting demand for corporate governance and transparent Internal Control Systems in light of recent financial scandals.
2. Literature Review: Provides a theoretical foundation by discussing the regulatory environment, fundamental elements, and existing control frameworks like COSO and COBIT.
3. Research Design and Methodology: Details the research philosophy, strategy, and data collection methods, including a survey of 27 experts to gather qualitative insights.
4. Analysis, Discussion and Interpretation: Analyzes the survey data to identify benefits, drawbacks, and implementation problems of an ICS and suggests a structured design process for companies.
5. Conclusions: Synthesizes the findings, confirming that while an ICS is not a trivial task, its implementation is a crucial step for business sustainability, risk management, and regulatory compliance.
6. Recommendations: Offers a strategic implementation guide for businesses, emphasizing the need for a phased, long-term approach supported by established frameworks and consistent management commitment.
Keywords
Internal Control Systems, ICS, 8th EU Directive, COSO Framework, COBIT Framework, Corporate Governance, Risk Management, Regulatory Compliance, Internal Audit, IT Governance, Implementation Strategy, Business Process, Financial Reporting, Internal Control, Organizational Transparency
Frequently Asked Questions
What is the core focus of this research?
The dissertation examines the necessity and implementation of Internal Control Systems (ICS) for companies of public interest under the requirements of the 8th EU Directive.
What are the primary thematic areas covered?
The study covers the regulatory background, the theoretical components of internal control, the application of frameworks like COSO and COBIT, and practical methods for designing and monitoring an ICS.
What is the primary objective of this work?
The goal is to identify common implementation challenges and to provide companies with practical tools, such as checklists and guidelines, to develop an effective and compliant ICS.
Which scientific methodology is utilized?
The research adopts a qualitative, inductive approach, combining a comprehensive literature review with a survey conducted among 27 internal control specialists, auditors, and consultants.
What is addressed in the main body of the work?
The main body evaluates the actual and target states of an ICS, discusses IT-related risks and controls, and suggests frameworks to structure the implementation process within the company’s existing value chain.
Which key terms characterize the work?
Key terms include ICS, 8th EU Directive, COSO, COBIT, Corporate Governance, Risk Management, and Internal Audit.
How does the author recommend integrating IT into an ICS?
The author emphasizes that IT is no longer a peripheral support function but part of the core business; therefore, IT governance must be integrated using the COBIT framework, separating general controls from specific application controls.
Why is the 8th EU Directive central to this study?
The Directive acts as the legal catalyst for this research, mandating that companies of public interest must maintain effective internal controls, thereby creating the immediate need for the guidelines proposed in this thesis.
What is the role of the "self-assessment" tool proposed by the author?
The self-assessment tool serves as a diagnostic instrument, derived from COSO and COBIT, allowing organizations to evaluate their current ICS maturity level across strategy, risks, and IT, and to identify areas for improvement.
- Quote paper
- Björn Möller (Author), 2010, Internal control systems within the framework of the 8th EU directive, Munich, GRIN Verlag, https://www.hausarbeiten.de/document/159949
