The effectiveness of the internal control system in preventing operational risks to income statement issuance: A practical risk-based internal audit perspective
MetadataShow full item record
CitationAksoy, T. (2021). The effectiveness of the internal control system in preventing operational risks to income statement issuance: A practical risk-based internal audit perspective. 37nd EBES Conference Program and Abstract Book içinde (42.ss). Berlin: EBES Publications.
In recent years, corporate risk management (CRM) has gained great importance in companies with the effect of various factors such as technological development, globalization, rapid change, increase in competition, information technologies, deregulation, global scandals, supranational companies, corporate governance. The understanding of internal audit has evolved from classical auditing to risk-based internal auditing(RBIA). Focusing on high-risk areas has come to the fore in RBIA in terms of ensuring efficiency, productivity and sustainability. Proactive pre-determination, measurement and prioritization of business risks, especially operational risks(ORs), which constitute the most difficult risk group to detect, identify, reveal, quantify, measure and evaluate, have come to life in the CRM process. In this study, the effectiveness of the internal control system(ICS) in preventing ORs related to income statement issuance is examined in the context of a company application example from RBIA optics. In the study, a tomato paste&frozen canned food company listed on the Stock Exchange (Borsa Istanbul-BIST) was selected from the leading member companies of the TGDF and SALKONDER. Methodologically, a survey method based on a risk assessment questionnaire on a 5x5 Likert scale was used to collect data and create a risk inventory. The questionnaire was applied to the group consisting of officers, experts, chiefs, assistant managers, managers, relevant senior managers and internal auditors who are involved in preparation and follow-up of the income statement in the financial affairs/internal audit departments. An Excel macro program was used to calculate the coefficients in the risk analysis questionnaire/matrix in the context of the probability of the risk occurring and the possible impact of the risk. Considering the preferences and risk coefficients, the risk score for each defined OR&main account group was determined and prioritized and made visible in the low, medium, high risk categories both in the risk matrix/analysis questionnaire. After ORs were scored, they were prioritized by ranking them both within the relevant&main account group/headings. The study revealed that most of the direct ORs defined for income statement, except for two items, are in the low risk group. Additionally, the study showed that the risk score of the two items (compliance with IFRS&VUK-TPL, independent audit reporting) remaining in the medium risk group as an individual item is in the low risk category. Finally, considering the assessment of relevant stakeholders, the study showed possible ORs were largely eliminated within the control sequence in the processes and the existing ICS and were in a tolerable condition.