1 Accounting Research Centre - ARC, Aarhus School of Business, Aarhus BSS, Aarhus University2 Department of Business Studies, Aarhus School of Business, Aarhus BSS, Aarhus University3 unknown4 Department of Economics and Business Economics, Aarhus BSS, Aarhus University5 Department of Economics and Business Economics, Aarhus BSS, Aarhus University
This paper addresses the internal control issue from a Corporate Governance perspective. The increased focus on risk management as an ongoing business process may be changing the view on internal control. The different interest groups identified by the Corporate Governance perspective might have different perceptions regarding the role and function of internal controls. Earlier research on audit issues suggests that differences in perceptions might lead to expectation gaps and consequently to miscommunication, misunderstandings regarding placement of responsibilities, and sometimes even to lawsuits. One of the intentions of the COSO-report from 1992 was to provide a shared framework for internal controls across the field of different interest groups. Hence, this paper addresses the question whether the COSO-framework is enough from a Corporate Governance Perspective. Because of the status of the COSO-framework, the answer to this question is relevant beyond a mere American context. The question is sought answered by applying a longitudinal approach to the perceptions of internal control at different points in time. At three different points in time the perceptions of the Corporate Governance interest groups are analyzed and discussed, i.e. before COSO, at the time of COSO, and after COSO. The content analysis 1) provides a detailed description of the development in the conceptual understanding of internal controls, and 2) contrasts the perceptions as experienced by the auditors with the other Corporate Governance interest groups. The examination provides new evidence, which suggests that external auditors are serving their own self-interests in their description of the content of internal control. At the same time the internal and external auditors treat the concept of internal control as a partial concept, i.e., not a conceptual context in compliance with the interests of the totality of the Corporate Governance interest groups (at least until SAS No. 78,1995). This contribution to self-regulation gives the auditors an opportunity to position themselves in a situation where they can maintain to serve their self-interests in determining their own responsibilities. The analysis demonstrates that the increased focus on risk management is a logical step, which, in turn, might have different implications for the individual parties involved in the process of Corporate Governance. Based on the great interest for Corporate Governance, risk management, and internal control, the paper finally consider the question whether it is time to develop a holistic conceptual framework or mega framework which integrates these elements.