Assessment the Internal Control System of

Banks
Tim Sovaniski

University of Primorska, Koper - Slovenia

Workshop Paper – Winter, 2021

Abstract:
This research attempt to explore to determine and investigate the main roles of
auditing in corporate governance around the world especially in Slovenia, A large
number of studies concerned with auditing and corporate governance have been
conducted using US and UK data.
The objective of this research is to contribute to understanding the auditing and
roles of auditing in corporate governance. Determine the nature of the Audit
Committee and the dimensions of their role in promoting corporate governance and
implementation mechanisms.
The study recommended that the role of corporate governance must be adopted
in all organizations in Slovenia.

Keywords:
Internal Control System, COSO Framework, Banks

Electronic copy available at: https://ssrn.com/abstract=3794432

Introduction:

The banking industry worldwide has experienced significant bank failures and
crises over the years. Bank failures are of great concerns to Central banks and
governments because of its systematic nature and often exacerbate recessions and act
as catalyst for financial crises.
Internal control problems are a common place in the banking industry, and that
allowed rogue traders to cause huge financial losses to these banks. In 2012 HSBC the
largest financial institution in Europe, admitted having poor money laundering
controls and was consequently fined $ 1.9b after U.S senate investigations.
An effective internal control system is the nerve centre of every organization,
the breakdown of which leads to the failure of organizations. Internal control is a
crucial aspect of an organization's governance system and ability to manage risk. It
ensures the achievement of an organization's objectives and creating, enhancing, and
protecting stakeholder value.
Precipitating the current global financial crises is the high profile corporate
failures such as Enron and WorldCom in the USA, Parmalat in Europe, and similar
cases of corporate collapse around the world.
Failure of internal control systems and the eventual circumvention of internal
controls by company executives accounted for these corporate scandals.
Organizations must ensure that their internal control systems remain relevant in
today's business model.
Business models have changed dramatically, including increased use of shared
services, outsourced service providers, regulations have also intensified on
companies, over reliance on technology, increased stakeholder expectation etc have
increased business risks significantly , which necessitated COSO's revision of its 1992
framework in 2013.

1. Internal Control

The main concepts of Internal Control:

Internal control includes all of the processes and procedures that management
puts in place to help make sure that its assets are protected and that company activities
are conducted in accordance with the organization’s policies and procedures.
COSO can defined Internal control as : It is a process, effected by an entity’s
board of directors, management, and other personnel, designed to provide reasonable
assurance regarding the achievement of objectives relating to operations, reporting,
and compliance.
Other Scholars define internal control as: A system of internal control consists
of policies and procedures designed to provide management with reasonable
assurance that the company achieves its objectives and goals.

The Objectives of Internal Control:

Electronic copy available at: https://ssrn.com/abstract=3794432

 Arens et al. discussed the main objectives of internal control as following:
1. Reliability of financial reporting. As we discussed, management is
responsible for preparing statements for investors, creditors, and other
users. Management has both a legal and professional responsibility to be
sure that the information is fairly presented in accordance with reporting
requirements of accounting frameworks such as GAAP and IFRS. The
objective of effective internal control over financial reporting is to fulfill
these financial reporting responsibilities.
2. Efficiency and effectiveness of operations. Controls within a company
encourage efficient and effective use of its resources to optimize the
company’s goals. An important objective of these controls is accurate
financial and nonfinancial information about the company’s operations
for decision making.
3. Compliance with laws and regulations. Section 404 requires
management of all public companies to issue a report about the
operating effectiveness of internal control over financial reporting. In
addition to the legal provisions of Section 404, public, nonpublic, and
not-for-profit organizations are required to follow many laws and
regulations. Some relate to accounting only indirectly, such as
environmental protection and civil rights laws. Others are closely related
to accounting, such as income tax regulations and anti-fraud legal
provisions.

Tandon et al. list the main objectives of Internal Control as the following:
1. The orderly and efficient conduct of its business, including adherence to
internal policies
2. The safeguarding of assets of the business
3. The prevention and detection of fraud and error
4. The accuracy and completeness of the accounting records, and
5. The timely preparation of financial information

The Role of Management and Auditing in Internal Control

There is a big role of Management and Auditing in Internal control, this role can
be illustrated in figure (1).

Electronic copy available at: https://ssrn.com/abstract=3794432

 Internal
Control

Auditing Managment

Fianacial
Strategy and responsibility Personnal
Internal Check Internal Audit Budgets Informati objectives area Controls
on

Fig (1): The Role of Auditing and Management to Achieve the Internal Control

Audits of Internal Control:

After the 2nd financial crisis in USA of 1997, two men designed a new act to
reduce the effect of the crisis, this act named as Sarbanes Oxley Act, the most
important section in it was section 404.
The most contentious aspect of SOX is Section 404, which requires
management and the external auditor to report on the adequacy of the company's
internal control on financial reporting (ICFR). This is the most costly aspect of the
legislation for companies to implement, as documenting and testing important
financial manual and automated controls requires enormous effort.

Internal Control and Risk Management:

The UK Corporate Governance Code recommends that 'The board should

maintain sound risk management and internal control systems'.
The Cadbury Report noted that risk management should be systematic and also
embedded in company procedures. Furthermore there should be a culture of risk
awareness.
The report's initial definition of risk management was 'the process by which
executive management, under board supervision, identifies the risk arising from
business and establishes the priorities for control and particular objectives'.
While Cadbury recognized the need for internal control systems for risk
management, detailed advice on application of those controls was provided by the
Committee of Sponsoring Organizations, COSO and the Turnbull Report.

Internal Control and COSO:

COSO was formed in 1985 to sponsor the national commission on fraudulent

reporting. The 'sponsoring organizations' included the American Accounting

Electronic copy available at: https://ssrn.com/abstract=3794432

Association and the American Institute of Certified Public Accountants. COSO now
produces guidance on the implementation of internal control systems in large and
small companies. In COSO, internal control is seen to apply to three aspects of the
business:
1. Effectiveness and efficiency of operations - that is the basic business
objectives including performance goals and safe guarding resources.
2. Reliability of financial reporting - including the preparation of any
published financial information.
3. Compliance with applicable laws and regulations to which the company
is subject.

Internal Control and Turnbull:

The Turnbull committee was established after the publication of the 1998
Combined Code in the UK to provide advice to listed companies on how to
implement the internal control principles of the code. The overriding requirement of
their report was that the directors should:
1. implement a sound system of internal controls, and
2. that this system should be checked on a regular basis.

The Turnbull Report requires:

1. That internal controls should be established using a risk-based approach.
Specifically a company should:
- Establish business objectives.
- Identify the associated key risks.
- Decide upon the controls to address the risks.
- Set up a system to implement the required controls, including
regular feedback.
2. That the system should be reviewed on a regular basis. The UK
Corporate Governance Code (2010) contains the statement that:
"The directors should, at least annually, conduct a review of the
effectiveness of the group's system of internal control and should report
to shareholders that they have done so. The review should cover all
controls, including financial, operational and compliance controls and
risk management".

2. Internal Control System

Systems Theory:

A system is a set of interrelated and interdependent components that interact in

a way to achieve a set goal. These components or sub-systems are inter-dependent and
the failure of one component leads to the failure of the whole system. An organization
is a complex system which is divided in various sub-systems (Units, divisions,
departments, etc) and hence requires a system of controls over units, divisions,

Electronic copy available at: https://ssrn.com/abstract=3794432

departments, etc, for its effectiveness and survival. An effective internal control
system is an integrated system with interrelated components, supporting principles
and attributes. Harvey and Brown (1998) identified control environment, accounting
system and control procedures as the major components of internal controls.
According to Grieves, an internal control system available to a firm consists of:
management oversight and the control culture; risk recognition and assessment;
control of activities and segregation of duties; information and communication and
monitoring activities and correcting deficiencies.
The paper adopts COSO’s 1992 integrated internal control framework. The
Committee of Sponsoring Organizations (COSO), was commissioned in the 1980‟s
by National Commission on Fraudulent Financial Reporting (the Treadway
Commission) to identify factors that caused fraudulent corporate financial reports and
make recommendations, and has since developed to become a thought leader in
enterprise risk management (ERM), internal control, and fraud deterrence.
In 1992, COSO published a landmark report on internal control: Internal
Control - Integrated Framework, referred to as “COSO”. The framework classifies an
organization's internal control system in to five integrated components which must be
built into business processes across the entire entity, in its efforts to achieve
objectives. The components are:
1. control environment
2. risk assessment
3. control activities
4. information and communication
5. monitoring activities.

Fig. 2: Integrated Internal Control Framework

Electronic copy available at: https://ssrn.com/abstract=3794432

The followings are the more details about these components:
1. Control Environment: While each component is important, the first—
control environment—is the foundation for all the others. The control
environment reflects the overall attitude, awareness, and actions of the
board and management concerning the importance of control activities.
Overall, the control environment provides discipline and structure for
the bank’s entire operations. The elements of a control environment
include:
- Integrity and ethical values of personnel.
- Commitment to competence.
- Board of directors and/or audit committee participation.
- Overall influence of management’s philosophy and operating style.
- Appropriate and adequate organizational structure.
- Clear assignment of authority and responsibility.
- Effective human resource policies and practices.

2. Risk Assessment: Risk assessment is the process the board and

management use to identify and analyze risks that could keep the bank
from achieving planned objectives. The assessment should help
determine what the risks are, how they should be managed, and what
controls are needed. Risks can arise or change because of circumstances
such as:
- A change in the bank’s operating environment.
- New personnel.
- New or revamped information systems.
- Rapid growth.
- New technology.
- New or expanded lines of business, products, or activities.
- Mergers or other corporate restructuring.
- Changes in accounting requirements.

3. Control Activities: Control activities include the policies, procedures,

and practices established to help ensure that bank personnel carry out
board and management directives. These activities help ensure that the
board and management manage and control risks that could affect bank
operating performance or cause financial loss. Policies governing control
activities should ensure that bank officers who perform internal control
functions in addition to their operational duties do not evaluate their own
work.

4. Information, and Communication Systems: Accounting , information,

and communication systems identify, capture, and exchange information
in a form and time frame that enable bank personnel to carry out their
responsibilities. Accounting systems include methods and records that

Electronic copy available at: https://ssrn.com/abstract=3794432

 identify, assemble, analyze, classify, record, and report a bank’s
transactions. Information systems produce reports on operations,
finance, risk management, and compliance that enable management and
the board to manage the bank. Communication systems impart
information throughout the bank and to external parties such as
regulators, examiners, shareholders, and customers.

5. Monitoring Self-assessment or monitoring: it can provide oversight of a

bank’s control system performance. Management monitors internal
controls to consider whether they are operating as intended and that they
are appropriately modified when conditions change. Self assessment, in
the form of periodic evaluations of a department’s controls by a person
responsible for that area, is one type of oversight mechanism. For
community banks, a clear and focused internal audit program can be a
key defense against control breakdowns or fraud by providing
independent assessments of the internal control system’s quality and
effectiveness.

The concept of internal control system:

Internal control system is an integrated system, integrated with management

processes to achieve overall organizational goals. For an organization to achieve its
organizational objectives, then the five control components of control environment,
risk assessment, control environment, information and communication and monitoring
must be integrated into management processes over the entire organization
(Subsidiaries, divisions, units). Like the body system, the internal control components
and business processes must interact ceaselessly for a healthy, effective internal
control system. The seamless and collaborative interaction of an internal control
system with business processes is a prerequisite for the effectiveness of an internal
control system. Control objectives and measures that are derived from the monitoring
and assessment of risks must be integrated into operational business units‟ business
practices (PricewaterhouseCoopers, 2007), through an effective information and
communication control component that ensures smooth flow of information to
personnel responsible for internal controls across the entity.

Internal control systems effectiveness:

The effectiveness of an internal control system is dependent on how fluid the

system interact with itself and how embedded it is into the organizations business
processes. Again for an internal control system to be effective and provide that needed
assurance to the board, there should be some “agents of effectiveness”. These are a
vibrant board, which does not wait to be informed but a board that understands the
business and questions the status quo, and an effective, independent internal audit
unit. Internal control is a process, but its effectiveness is a state or a condition at point

Electronic copy available at: https://ssrn.com/abstract=3794432

of the process. Therefore it is important for management and the board to evaluate
and assess the effectiveness of the internal control system periodically. According to
COSO, an internal control system can be judged to effective on the high level if the
board of directors and management have reasonable assurance that: 1. they understand
the extent to which the entity's operations objectives are being achieved, 2. published
financial statements are being prepared reliably, and 3. applicable laws and
regulations are being complied with.
An internal control framework that places too much emphasis on detailed
explanation of the different components of the system and methods for their design
but ignore details on how each of the components can be measured to assess their
effectiveness is a deficient control system in itself.
The effectiveness of an internal control system is a function of the workings of
the five components of the system. Consequently, assessing effectiveness of internal
controls must be done in relation to the components of internal control. Judging
whether an internal control system of an organization is effective or not is a subjective
verdict resulting from the assessment of the workings of the five components of
internal control system across the entire organization.
In assessing internal control effectiveness, the evaluator must understand the
operations of the five components, the intent of the principles and assumptions
underlying the operations of the control components and how they are applied across
the organization. The researchers in assessing the effectiveness of the internal control
system of Ghanaian banks, adopts COSO's 1992 principles and assumptions of
assessing the effectiveness of internal control systems .

Objectives of Internal Control System:

A popular misconception is that the internal control system is implemented

simply to stop fraud and error. As the points below show, this is not the case.
A lack of internal control implies that directors have not met their obligations
under corporate governance. It specifically means that the risk management strategy
of the company will be defective.
The main objectives of an internal control system are summarized in the
Auditing Practices Board (APB) and the COSO guidelines. An internal control system
is to ensure, as far as practicable:

According to APB:

The APB in the UK provides guidance to auditors with specific reference to the
implementation of International Standards on Auditing. A definition of internal
controls from the APB is: "The internal control system - includes all the policies and
procedures (internal records) adopted by the directors and management of an entity to
succeed in their objective of ensuring", as far as practicable:

Electronic copy available at: https://ssrn.com/abstract=3794432

 The main point to note here is that the internal control system encompasses the
whole business, not simply the financial records.

According to COSO:

COSO defines internal control as 'a process, effected by the entity's board of
directors, management and other personnel, designed to provide reasonable assurance
regarding the achievement of objectives', in three particular areas:
1. Effectiveness and efficiency of operations.
2. Reliability of financial reporting.
3. Compliance with applicable laws and regulations.
This definition contains a number of key concepts which illustrate the
pervasiveness of internal control systems in a company.
- Internal control is a process, rather than a structure. It is a continuing
series of activities, planned, implemented and monitored by the board of
directors and management at all levels within an organization.
- Internal control provides only reasonable assurance, not absolute
assurance, with regard to achievement of the organization's objectives.

10

Electronic copy available at: https://ssrn.com/abstract=3794432

 - The objectives of internal control relate to assurance not only about
reliable financial reporting and compliance, but also with regard to the
effectiveness and efficiency of operations.
- Internal control is therefore also concerned with the achievement of
performance objectives, such as profitability.

It is also useful to think of internal control as a system for the management and
control of certain risks, to restrict the likelihood of adverse events or results.

Limitations of Internal Control System:

Warnings should be given regarding over-reliance on any system, noting in

particular that:
- A good internal control system cannot turn a poor manager into a good
one.
- The system can only provide reasonable assurance regarding the
achievement of objectives - all internal control systems are at risk from
mistakes or errors.
- Internal control systems can be by-passed by collusion and management
override.
- Controls are only designed to cope with routine transactions and events.
- There are resource constraints in provision of internal control systems,
limiting their effectiveness.

In other words, it is good corporate governance to establish the system, risks

within the company will be minimized, but those risks can never be entirely
eliminated.

3. Practical Part

In order to obtain appropriate and adequate response from the respondents, a

combination of fixed response and open-end type of questionnaire design was
prepared in such a way that the opinions of the respondents were required on the
subject of the research.
There are no restrictions or tailored answers, to which the respondents’ point of
view was very essential. In the fixed response type of questionnaire design, there are
tailored opinions of answers from which the respondents must choose while
responding or answering to each question, the opinion of the respondents was just to
tick his or her approval of the available options of answers. Most of the questions in
the questionnaire were structured within the fixed response type.
The answered questionnaires were collected personally by hand on visitation to
the banks
The data collected from the questionnaire were presented in tabular
arrangements and the different responses to each question were ascribed percentages
accordingly. The research data were presented using tables and simple percentages.

11

Electronic copy available at: https://ssrn.com/abstract=3794432

The hypothesized statements were tested using the Pearson correlation method of
statistical analysis. The table 1 shows the results of questionnaire.

Table (1): The Result of Questionnaire

Response Frequency Percentage
Strongly Agree 3 2%
Agree 29 15%
Neutral 80 41%
Disagree 63 32%
Strongly Disagree 20 10%
Total 195 100%

The figure 1 shows the result of questionnaire in bar chart.

45%
40%
35%
30%
25%
20%
15%
10%
5%
0%
Strongly Disagree Neutral Agree Strongly Agree
Disagree

Figure (1): The results of questionnaire

Table 2 shows the calculation of correlation between Auditing Challenges (X)

and Fair Value Accounting (Y).

Table (2): The Calculation of Correlation

Options X Y XY X2 Y2
Strongly Agree 5 3 15 25 9
Agree 4 29 116 16 841
Neutral 3 80 240 9 6400
Disagree 2 63 126 4 3969
Strongly Disagree 1 20 20 1 400
Total 15 195 1034 55 11619

12

Electronic copy available at: https://ssrn.com/abstract=3794432

 4. Findings:

This study had attempted to evaluate the Internal Control system of banks
according to COSO framework of 1992
Findings from the testing indicate that there is significant relationship between
the middle level of internal control and the components of COSO framework of 1992.
Most of the accountants and auditors in the bank were agreed (in low level)
about the components of COSO framework of 1992, the very little of them were
strongly disagree.
The degree of accountants' and auditor's agreement was diverted according to
the type of COSO's framework of 1992 component.

5. Conclusions:

According to the practical part of this project, and the results of analyzing the
questionnaire , the researchers conclude their results as :
- There is good relation between the internal control system and the
effectiveness of the banks according to COSO's framework of 1992.
- The role of internal control may differ from environment to another,
because of the structure of COSO's framework of 1992 components.

13

Electronic copy available at: https://ssrn.com/abstract=3794432

References:
1. Al-Nasrawi, Salam A., and Thabit, Thabit H. (2020). The Influence of the
Environmental Factors on the Adoption of the International Accounting System
IAS/IFRS: Case of Iraq, Journal of Accounting, Finance and Auditing Studies,
6(1), 66-85.
2. Amudo, A., and Inanga, L. (2009). Evaluation of Internal Control Systems: A
Case Study from Uganda. International Research Journal of Finance and
Economics.
3. Arens, Alvin A., Elder, Randal J., and Beasley, Mark S. (2012). Auditing and
Assurance Services, Prentice Hall, USA.
4. Ayagre et al. (2014). The Effectiveness of Internal Control Systems of Banks:
The Case of Ghanaian Banks, International Journal of Accounting and Financial
Reporting, 4(2).
5. Bajaj, V., and Creswell, J. (2009). A Lender Failed, Did its Auditor?, The New
York Times, USA.
6. Basel (2004). Bank Failures in Mature Economies, Basel: Bank for International
Settlements.
7. Center For Audit Quality (2012). Guide to Internal Control over Financial
Reporting, USA.
8. Cheng, K. (2009). Fair Value's How Meets and When, CPA Journal, 79(8).
9. Committee of Sponsoring Organizations of the Treadway Commission (2013).
Internal Control — Integrated Framework, USA.
10. COSO (2013). Internal Control-Integrated Framework. New Jersey: COSO.
11. Davies, Marlene, and Aston, John (2011). Auditing Fundamentals, Prentice Hall,
USA.
12. Dawood, Harith A., Thabit, Thabit H., Jasim, Yaser A. (2015). Proposed
Approach to Apply a Green Balanced Scorecard at the Iraqi Environment, 2nd
International Conference on Ecology, Environment, and Energy, Ishik University,
Erbil, Iraq.
13. Field, A. (2000). Discovering Statistics Using SPSS for Windows, SAGE
Publications, London.
14. Hermanson, D. R., Smith, J. L., and Stephens, N. M. (2012). How Effective are
Organizations’ Internal Controls? Insights into Specific Internal Control
Elements. American Accounting Association , A31–A50.
15. Johnson, S. (2007), PCAOB Ponders How to Audit FV, CFO Magazine.
16. Johnson, S. (2007). PCAOB: Can Auditors Handle FV?, CFO Magazine.
17. Kieso, D., Warfield, T., and Weygandt, J. (2010). Balance Sheet & Statement of
Cash Flows, Intermediate Accounting, JohnWiley & Sons, New Jersey, USA.
18. King, Alfred M. (2006). Fair Value for Financial Reporting, New Jersey, John
Wiley & Sons.
19. Lefebvre, R., Simonova, E., and Scarlat , M. (2009). Fair Value Accounting: The
Road to Be Most Travelled, Issue in focus, Certified General Accountants
Association of Canada, CGA.
20. Leone, M. (2009). The FAS159 Mulligan, CFO Magazine.
21. O'Kelly, B. (2008). Commercial Banks: How Fair is Fair Value?, Accountancy
Ireland, 40(3).
22. Pannese, D. and Delfavero, A. (2010). Fair Value Accounting: Affect on the
Auditing Profession, Journal of Applied Business Research, 26(3).
23. Ronen, J. (2002). Post-Enron Reform: Financial Statement Insurance and GAAP
Revisited, Stanford Journal of Law, Business and Finance, 8(1).

14

Electronic copy available at: https://ssrn.com/abstract=3794432

24. Tandon, B. N., Sudharsanam, S., and Sundharabahu, S. (2009). A Hand Book of
Practical Auditing, S. Chand and Company LTD, New Delhi, India.
25. Thabit, Thabit H. (2019). The Influence of Mobile Information Technologies in
Enhancing the Electronic Audit, The 3rd International Scientific Conference, The
World Islamic Sciences and Education University, Amman, Jordan.
26. Thabit, Thabit H., Aldabbagh, Lukman M., and Ibrahim, Laith K. (2019). The
Auditing of Sustainable Development Practices in Developing Countries: Case of
Iraq, Revista AUS, 26(3), 12-19.
27. Thabit, Thabit H., and Abbas, Nazar H. (2017). A Proposed Fuzzy Logic Based
Framework for E-Accounting: Evaluation in Iraq, Qalaai Zanist Scientific
Journal, 2(6), 732-751.
28. Thabit, Thabit H., and Al-Nasrawi, Hamed A. (2016). The Role of International
Financial Reporting Standards in Reducing the Financial Risks, International
Journal of Latest Engineering Research and Applications, 1(5), 73-82.
29. Thabit, Thabit H., and Jasim, Yaser A. (2016). A Manuscript of Knowledge
Representation, International Journal of Social Sciences & Economic
Environment, 1(1), 44-55.
30. Thabit, Thabit H., and Jasim, Yaser A. (2016). The Role of Environmental
Accounting Disclosure to Reduce Harmful Emissions of Oil Refining Companies,
The 3rd International Conference on Energy, Environment, And Applied Science,
Ishik University, Erbil, Iraq.
31. Thabit, Thabit H., and Jasim, Yaser A. (2017). Applying IT in Accounting,
Environment and Computer Science Studies, LAP- Lambert Academic Publisher,
Germany.
32. Thabit, Thabit H., and Jasim, Yaser A. (2019). The Challenges of Adopting E-
Governance in Iraq, Current Research Journal of Social Sciences and Humanities,
2(1), 31-38.
33. Thabit, Thabit H., and Raewf, Manaf B. (2016). The Impact of Voluntary
Disclosure on SMEs in Developing Countries, Journal of Global Business and
Social Entrepreneurship, 4(5), 19-31.
34. Thabit, Thabit H., and Raewf, Manaf B. (2017). Applications of Fuzzy Logic in
Finance Studies, LAP- Lambert Academic Publisher, Germany.
35. Thabit, Thabit H., and Solaimanzadah, Alan (2018). The Role of SOX Act in
Enhancing the Internal Control Systems of Kurdistan Banks, International
Conference on Accounting, Business, Economics and Politics, Ishik University,
Erbil, Iraq.
36. Thabit, Thabit H., Hadj Aissa, Sid A., and Harjan, Sinan A. (2016). The Use of
Fuzzy Logic to Measure the Risks of ICT in E-Audit, Revue des Recherches
Economiques, No.15, pp. 30-46.
37. Thabit, Thabit H., Ibraheem, Laith K., and Majed, Ahmed W. (2019). Proposed
Framework for Auditing Sustainable Development Practices in Iraq, 8th
International Scientific Conference, Baghdad College of Economic Sciences
University, Baghdad, Iraq.
38. Thabit, Thabit H., Ishhadat, Heba S., and Abdulrahman, Omar T. (2020). Data
Governance Based on COBIT2019 Framework to achieve Sustainable
Development Goals, Journal of Techniques, 2(3), 9-18.
39. Thabit, Thabit H., Solaimanzadah, Alan, and Al-abood, Muath T. (2017). The
Effectiveness of COSO Framework to Evaluate Internal Control System: The
Case of Kurdistan Companies. Cihan International Journal of Social Science,
1(1), pp. 44-54.

15

Electronic copy available at: https://ssrn.com/abstract=3794432

40. Thabit, Thabit H., Solaimanzadah, Alan, and Mohammed, Mohammed A. (2019).
Determining the Effectiveness of Internal Controls in Enterprise Risk
Management based on COSO Recommendations, the 2nd International
Conference on Accounting, Business, Economics and Politics, Ishik University,
Erbil, Iraq.
41. Veron, N. (2008). Fair Value Accounting is the Wrong Scapegoat for This Crisis,
Revue d’Economie Financière and Risques.
42. Wang, Jiamin (2008). Sarbanes-Oxley Section 404 Places Disproportionate
Burden on Smaller Public Companies, available online at: http://web.archive.org/

16

Electronic copy available at: https://ssrn.com/abstract=3794432