Academic journal article Management Accounting Quarterly

Assessing Internal Controls: Do Management and Staff Agree?

Academic journal article Management Accounting Quarterly

Assessing Internal Controls: Do Management and Staff Agree?

Article excerpt

An integral part of good management is to evaluate and improve internal controls (IC). Although this is required for publicly traded companies under the SarbanesOxley Act (SOX), improving internal controls can enhance the operations of any organization by promoting more effective and efficient asset use, deterring fraud, and improving compliance.

Over the past decade, the practice of control selfassessment (CSA) has emerged as a key diagnostic tool that allows an organization to evaluate its own IC structure by surveying employees who work directly with or implement internal controls. Although CSA is effective in detecting and improving IC weaknesses, it carries the disadvantages of increased cost and time to administer and evaluate.

Managers face the same challenge in evaluating IC as auditors do: A complete examination of all facets of an organization's internal controls system may not be economically feasible or necessary. To complete the evaluation cost effectively, companies spend resources examining those areas of the system that are at the greatest risk for not working properly. Fast and inexpensive techniques such as analytical procedures reduce the time and cost of the IC assessment and often identify areas that may require greater (or less) scrutiny.

The aim of our study was to test whether the perceptions of top management concerning the effectiveness of internal controls are an accurate indicator of the perceptions that other employees hold and, by extension, of the general state of internal controls in the organization.


The Institute of Internal Auditors (IIA) defines CSA as a process through which internal control effectiveness is examined with the goal of providing reasonable assurance that all business objectives are being met. (1) CSA is widely recognized as a valuable tool in gathering evidence concerning so-called "soft" controls, such as the effectiveness of internal communication and the ability to convey sensitive information between levels of management. (2) In addition, CSA provides benefits such as improving independent audits of financial statements, (3) increasing ownership of changes in IC by including those people affected by them, (4) and lowering the costs of compliance with SOX. (5)

In spite of its potential benefits, CSA is not widely used, particularly in conjunction with independent audits of financial statements. While there are a number of possible reasons for this, a common one that auditors cite is the perceived lack of efficiency concerning CSA. (6) Perhaps current research based on managers' perceptions of internal controls may provide guidance that could change that.


Prior research has indicated that upper management's perception of IC could be used as a proxy for the perceptions of employees at lower levels of the organization, but there is still no clear correlation. (7) If such a relationship does exist, however, organizations could benefit in a couple of key ways:

1. Decreased investigative costs. As with any analytical procedure, the advantage of using managers' perceptions as a proxy for employees' perceptions is that it is cheaper than surveying everyone across a large organization.

2. Better fraud prevention. Research in fraud prevention has indicated that the perceptions employees have concerning the effectiveness and quality of internal controls are among the best deterrents to fraud that an organization can have. (8) If management's perceptions of IC mirror those of the firm's employees, then better fraud deterrence can be achieved at a lower cost by identifying whether and where managers perceive weaknesses in IC.

Using managers' perceptions as positive indicators of effective (or ineffective) IC is more problematic. In the case of internal fraud prevention, for example, this is not as material as it might be in other circumstances because it is employee perceptions of effectiveness that deter fraud. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.