project incomplete

8/3/2019 project incomplete

1/53

AN INVESTIGATION INTO HOW EFFECTIVE SYSTEM OF RISKAN INVESTIGATION INTO HOW EFFECTIVE SYSTEM OF RISK

MANAGEMENT MAY CONTRIBUTE FOR SAFEGUARING ASSETS ATMANAGEMENT MAY CONTRIBUTE FOR SAFEGUARING ASSETS AT

PAK SUZUKI MOTORS (LTD.)PAK SUZUKI MOTORS (LTD.)

D I S S ER TA T I OND I S S ER TA T I ON

1


2/53

AN INVESTIGATION INTO HOW EFFECTIVE SYSTEM OF RISKAN INVESTIGATION INTO HOW EFFECTIVE SYSTEM OF RISK

MANAGEMENT MAY CONTRIBUTE FOR SAFEGUARING ASSETS ATMANAGEMENT MAY CONTRIBUTE FOR SAFEGUARING ASSETS AT

PAK SUZUKI MOTORS (LTD.)PAK SUZUKI MOTORS (LTD.)

T A B L ET A B L E O FO F C O N T E N T SC O N T E N T S

CCHAPTERHAPTER DDESCRIPTIONESCRIPTIONPPAGEAGE

##

1.0 INTODUCTIONINTODUCTION 3

1.1 RESEARCH BACKGROUNG:RESEARCH BACKGROUNG: 31.3 Research Questions:Research Questions: 41.4 RESEARCH OBJECTIVES:RESEARCH OBJECTIVES: 52.0 LITERATURE REVIEWLITERATURE REVIEW 6

2.1

CORELATION BETWEEN RISKCORELATION BETWEEN RISKMANAGEMENT AND GOVERNANCE INMANAGEMENT AND GOVERNANCE IN

CORPORATE ENVIRONMENTCORPORATE ENVIRONMENT6

2.2

NATIONAL CULTURE OF PAKISTAN ANDNATIONAL CULTURE OF PAKISTAN ANDAPPROACH TOWARDS RISKAPPROACH TOWARDS RISK

MANAGEMENT SYSTEMSMANAGEMENT SYSTEMS

7

2.3 FRAUDS AND RISK MANAGEMENTFRAUDS AND RISK MANAGEMENT 83.0 RESEARCH DESIGNRESEARCH DESIGN 113.1 RESEARCH METHODOLOGYRESEARCH METHODOLOGY 11

3.1.1POSITIVISM AND QUANTITATIVEPOSITIVISM AND QUANTITATIVE

METHODSMETHODS11

3.1.2INTERPRETIVISM AND QUALITATIVEINTERPRETIVISM AND QUALITATIVE

METHODSMETHODS12

3.2INDUCTIVE REASONING AND DEDECTIVEINDUCTIVE REASONING AND DEDECTIVE

REASONING APPROACHREASONING APPROACH12

3.3RESEARCH DATA COLLECTIONRESEARCH DATA COLLECTION

METHODOLOGYMETHODOLOGY13

3.4DATA ANALYSIS TECHNIQUES ANDDATA ANALYSIS TECHNIQUES AND

PROCEDURESPROCEDURES14

4.0SUITABILITY OF PROPOSEDSUITABILITY OF PROPOSED

RESEARCHRESEARCH16

5.0 ACCESS AND ETHICAL ISSUESACCESS AND ETHICAL ISSUES 176.0 REFERENCESREFERENCES 18

7.0 BIBILOGRAPHYBIBILOGRAPHY 19

2


3/53

1.0: INTODUCTION1.0: INTODUCTION

Risk management is defined by Jason (2004) as theRisk management is defined by Jason (2004) as the

measures taken by responsible individuals to minimize themeasures taken by responsible individuals to minimize the

probability of happening unfavourable events. An effectiveprobability of happening unfavourable events. An effective

system of internal controls provide reasonable assurancesystem of internal controls provide reasonable assurance

that organizational assets are secure, it also ensurethat organizational assets are secure, it also ensure

effectiveness of operations and also decreaseseffectiveness of operations and also decreases

opportunity for frauds.opportunity for frauds.

1.1: INTRODUCTION TO THE PROBLEM1.1: INTRODUCTION TO THE PROBLEM

This research concentrates on improving the standards ofThis research concentrates on improving the standards of

internal controls currently in place at Suzuki Motorsinternal controls currently in place at Suzuki Motors

Pakistan for safeguarding organizational assets. AccordingPakistan for safeguarding organizational assets. According

toto Ministry of Commerce Pakistan (2010)Ministry of Commerce Pakistan (2010) audit of Suzukiaudit of Suzuki

Motors revealed different types of fraudulent activitiesMotors revealed different types of fraudulent activities

resulting aggregated loss of more than US$56 millionresulting aggregated loss of more than US$56 million

during the year 2009. Moreover managers have beenduring the year 2009. Moreover managers have been

found abusing the authority by various means.found abusing the authority by various means.

Unauthorised disposition of assets, use of organizationalUnauthorised disposition of assets, use of organizational

resources and reputation for their personal gains was aresources and reputation for their personal gains was a

major element of this cause.major element of this cause.

Suzuki Motors also facing the public scandal of child labourSuzuki Motors also facing the public scandal of child labour

now a day.now a day. Faudziah (2005),Faudziah (2005), Child labour is very commonChild labour is very common

3


4/53

in Emirates culture but strictly prohibited by local andin Emirates culture but strictly prohibited by local and

international laws. All these elements are not only causinginternational laws. All these elements are not only causing

fatal injury to the stake holders interests but alsofatal injury to the stake holders interests but also

destructing financial and strategic assets of thedestructing financial and strategic assets of the

organization at the same time.organization at the same time. Norman (2010),Norman (2010), the Chiefthe Chief

Executive Officer of Suzuki Motors acknowledged in aExecutive Officer of Suzuki Motors acknowledged in a

presspress interview that management proceduresinterview that management procedures involved ininvolved in

internal control systems were inefficient tointernal control systems were inefficient to protectprotect

organizational assets and compliance with laws andorganizational assets and compliance with laws and

regulations.regulations.

The issueThe issue not only affectednot only affected the Suzuki Motors but also castthe Suzuki Motors but also cast

deep impression on the Suzuki Motorss global financialdeep impression on the Suzuki Motorss global financial

position. The issue of child labour was specificallyposition. The issue of child labour was specifically

highlighted in the western print media and Suzuki Motorshighlighted in the western print media and Suzuki Motorsfaced a lot of criticism.faced a lot of criticism.

1.2: ORGANIZATIONS BACKGROUND1.2: ORGANIZATIONS BACKGROUND

Suzuki Motors is one of the worlds most famousSuzuki Motors is one of the worlds most famous

multinational conglomerates. The organization wasmultinational conglomerates. The organization was

founded by Michio Maruti Suzuki in 1909 as Suzuki Loomfounded by Michio Maruti Suzuki in 1909 as Suzuki Loom

Works. Today after a history of centuries Suzuki MotorsWorks. Today after a history of centuries Suzuki Motors

has produced a lot of automobiles with positive socialhas produced a lot of automobiles with positive social

impact. During 1935 to 1945 as the world economyimpact. During 1935 to 1945 as the world economy

expanded, Suzuki Motors launched new automobiles withexpanded, Suzuki Motors launched new automobiles with

creative ideas and dominated European markets. Bycreative ideas and dominated European markets. By

4


5/53

1980s Suzuki Motors had become worlds one of the1980s Suzuki Motors had become worlds one of the

largest business organizations. In the beginning of 21stlargest business organizations. In the beginning of 21st

century the organization developed three years strategiccentury the organization developed three years strategic

plan that ended in 2004 to focus 21st century consumerplan that ended in 2004 to focus 21st century consumer

needs.needs.

Today Suzuki Motors owes more than fifty models of Today Suzuki Motors owes more than fifty models of

automobiles and enigines with existence in more than fiftyautomobiles and enigines with existence in more than fifty

three countries of the world. In the year 2010 Suzukithree countries of the world. In the year 2010 Suzuki

Motorss revenue was recorded approximately US$64,000Motorss revenue was recorded approximately US$64,000

million. Total employees are over four hundred andmillion. Total employees are over four hundred and

seventy thousands across the world.seventy thousands across the world.

The global Suzuki Motors network has been divided intoThe global Suzuki Motors network has been divided into

following three regions for administrative and reportingfollowing three regions for administrative and reporting

purpose;purpose;

Suzuki Motors Asia and JapanSuzuki Motors Asia and Japan

Suzuki Motors AmericaSuzuki Motors America

Suzuki Motors EuropeSuzuki Motors Europe

Suzuki Motors Asia controls Suzuki Motors Pakistan whoseSuzuki Motors Asia controls Suzuki Motors Pakistan whose

one production plant is operating in Karachi known as Pakone production plant is operating in Karachi known as Pak

Suzuki Motors. This is the specific region where SuzukiSuzuki Motors. This is the specific region where Suzuki

Motors is currently facing problems as discussed above.Motors is currently facing problems as discussed above.

Suzuki Motors Pakistan has more than twenty fourSuzuki Motors Pakistan has more than twenty four

thousand employees with an average turnover ofthousand employees with an average turnover of

US$6,640 million over the last five years. Suzuki MotorsUS$6,640 million over the last five years. Suzuki Motors

5


6/53

Pakistan has its head office in Karachi with one fullPakistan has its head office in Karachi with one full

capacity production plant in Karachi.capacity production plant in Karachi.

Ref: George, O. (2011), Who we are?. Available:Ref: George, O. (2011), Who we are?. Available:

http://www.suzuki.com, Last accessed 17http://www.suzuki.com, Last accessed 17

thth

Dec 2011)Dec 2011)

1.3: RESEARCH PURPOSE1.3: RESEARCH PURPOSE

Generally research has been carried out to explore theGenerally research has been carried out to explore the

methods of good governance and an effective approachmethods of good governance and an effective approach

towards internal controls in Pakistan. More specifically thistowards internal controls in Pakistan. More specifically this

research will identify material flaws in the current riskresearch will identify material flaws in the current risk

management system implemented in Pakistan. Thismanagement system implemented in Pakistan. This

research will investigate how other global companies likeresearch will investigate how other global companies like

Suzuki Motors operate effective internal control systems inSuzuki Motors operate effective internal control systems in

Pakistan. Hence identification of a benchmark of riskPakistan. Hence identification of a benchmark of risk

management system will help to provide valuablemanagement system will help to provide valuable

recommendations as to how these internal controls mayrecommendations as to how these internal controls may

be improved to safeguard assets and stakeholdersbe improved to safeguard assets and stakeholders

interest at Pak Suzuki Motors.interest at Pak Suzuki Motors. Delbert (2002)Delbert (2002)

acknowledges that already a number of researchers haveacknowledges that already a number of researchers have

been working on the area of internal controls but only inbeen working on the area of internal controls but only in

Europe and America.Europe and America.

This research specifically focuses the safeguarding of This research specifically focuses the safeguarding of

organizational assets through effective risk managementorganizational assets through effective risk management

particularlyparticularlyin the culture of South Asia. According toin the culture of South Asia. According to KamKam

et al (2008),et al (2008), Pakistan is facing worlds next largestPakistan is facing worlds next largest

financial crisis rapidly. Many multinational organizationsfinancial crisis rapidly. Many multinational organizations

6


7/53

have already setup their global head offices out fromhave already setup their global head offices out from

Pakistan and many intend for the same in future. ThisPakistan and many intend for the same in future. This

research will add to the existing knowledge specifically forresearch will add to the existing knowledge specifically for

the Pakistan to practice effective controls through goodthe Pakistan to practice effective controls through good

governance.governance. Talha (2007),Talha (2007), Pakistan is a country wherePakistan is a country where

most of the people responsible for internal controls are notmost of the people responsible for internal controls are not

those who are trained and qualified for it. Successfulthose who are trained and qualified for it. Successful

research will provide benchmark for governance andresearch will provide benchmark for governance and

internal control practices that will be very helpful for allinternal control practices that will be very helpful for all

the conglomerates operating in that region. Besides this, athe conglomerates operating in that region. Besides this, a

thorough research will be helpful for the researcher tothorough research will be helpful for the researcher to

pursue his professional career in Pak Suzuki Motorspursue his professional career in Pak Suzuki Motors

Limited.Limited.

1.3: RESEARCH QUESTIONS:1.3: RESEARCH QUESTIONS:

The researcher intends to carry out this research with aThe researcher intends to carry out this research with a

motive to answer following questions;motive to answer following questions;

How do public listed multinational conglomeratesHow do public listed multinational conglomerates

maintain effective controls system that ensures goodmaintain effective controls system that ensures good

governance and safeguarding of assets?governance and safeguarding of assets?

What are the links between control environment,What are the links between control environment,

good governance and safeguarding assets?good governance and safeguarding assets?

What is the correlation between national culture ofWhat is the correlation between national culture of

Pakistan and approaches towards risk management?Pakistan and approaches towards risk management?

7


8/53

Why did Pak Suzuki fail to detect lack of complianceWhy did Pak Suzuki fail to detect lack of compliance

and frauds that took place over the last two years?and frauds that took place over the last two years?

1.4: RESEARCH OBJECTIVES:1.4: RESEARCH OBJECTIVES:

Establishing a benchmark how multinationalEstablishing a benchmark how multinational

conglomerates maintain effective system of controlsconglomerates maintain effective system of controls

and risk management to safeguard their assets onand risk management to safeguard their assets on

behalf of stakeholders in Pakistan?behalf of stakeholders in Pakistan?

Analyse correlation between system of controls,Analyse correlation between system of controls,

corporate governance and safeguardingcorporate governance and safeguarding

organizational assets against misuse.organizational assets against misuse.

Explain the affect of national culture of Pakistan onExplain the affect of national culture of Pakistan on

the approaches to risk management.the approaches to risk management.

Critical evaluation of Pak Suzukis failure to detectCritical evaluation of Pak Suzukis failure to detect

fraudulent activities that took place and itsfraudulent activities that took place and its

apparently ineffective system of controls.apparently ineffective system of controls.

Make recommendation to the Pak SuzukisMake recommendation to the Pak Suzukis

management to improve its governance and controlmanagement to improve its governance and control

system.system.

CHAPTER TWOCHAPTER TWO

8


9/53

LITERATURELITERATUREREVIEWREVIEW

2.0 LITERATURE REVIEW2.0 LITERATURE REVIEW

2.2 INTRODUCTION:2.2 INTRODUCTION:

Risk Management is defined by James (2004) as theRisk Management is defined by James (2004) as the

methods and measures taken by an organization tomethods and measures taken by an organization to

monitor assets, prevent frauds, minimize errors and verifymonitor assets, prevent frauds, minimize errors and verify

correctness of financial statements.correctness of financial statements. Internal Controls haveInternal Controls have

also been defined precisely with broader meanings byalso been defined precisely with broader meanings by

Dent (2002)Dent (2002)as any activity, action or decision that boardas any activity, action or decision that board

of governors, management or other responsible personsof governors, management or other responsible persons

take to minimize prevailing, foreseeable or potential risktake to minimize prevailing, foreseeable or potential risk

to the organization. Graham (2006)to the organization. Graham (2006) adds existence ofadds existence of

effective internal controls increase the probability ofeffective internal controls increase the probability of

accomplishment of the corporate goals in an agreed way.accomplishment of the corporate goals in an agreed way.

9


10/53

Suzanne et al (2010),Suzanne et al (2010),Maintaining effective control processMaintaining effective control process

within the organization reasonably ensures thatwithin the organization reasonably ensures that

organizational operations and activities are consistentorganizational operations and activities are consistent

with applicable laws and regulations, activities are beingwith applicable laws and regulations, activities are being

performed in fusion of efficiency and effectiveness. Itperformed in fusion of efficiency and effectiveness. It

ultimately ensures smooth achievement of organizationalultimately ensures smooth achievement of organizational

goals and objectives.goals and objectives.

Yass (2007)Yass (2007),, establishing and maintaining effectiveestablishing and maintaining effective

internal controls system ultimately safeguardsinternal controls system ultimately safeguards

organizational assets. Assets are,organizational assets. Assets are, Antonino (2010) Antonino (2010),,

anything under the organizations control and ownershipanything under the organizations control and ownership

that brings future economic benefits to the organization.that brings future economic benefits to the organization.

Assets can be tangible and intangible like businessAssets can be tangible and intangible like business

reputation.reputation.

Internal controls can never provide absolute assuranceInternal controls can never provide absolute assurance

that all elements of fraud or misstatement will bethat all elements of fraud or misstatement will be

discovered but they can only provide assurance to somediscovered but they can only provide assurance to some

acceptable extent against wasteage, abuse and misuse ofacceptable extent against wasteage, abuse and misuse of

organizational resources.organizational resources.

2.3 PROCESS OF RISK MANAGEMENT2.3 PROCESS OF RISK MANAGEMENT

2.3.1 PREVENTIVE CONTROLS2.3.1 PREVENTIVE CONTROLS

Preventive controls are the policies and proceduresPreventive controls are the policies and procedures

designed to prevent irregularities and unfavourable eventsdesigned to prevent irregularities and unfavourable events

10


11/53

from occurring. Proactive organizations apply preventivefrom occurring. Proactive organizations apply preventive

controls. Preventive controls reduce correction costs.controls. Preventive controls reduce correction costs.

Following are few examples of preventive internalFollowing are few examples of preventive internal

controls;controls;

Duties segregationDuties segregation

Resources authorizationResources authorization

Process of standardizationProcess of standardization

Physical controlsPhysical controls

Computerized access control systemComputerized access control system

2.3.2 DETECTIVE CONTROLS2.3.2 DETECTIVE CONTROLS

Procedures and policies designed to investigate theProcedures and policies designed to investigate the

reasons why an undesirable event took place are called asreasons why an undesirable event took place are called as

detective controls. Detective controls are applied afterdetective controls. Detective controls are applied after

fraud or irregularity has already occurred in thefraud or irregularity has already occurred in the

organization. It helps to design preventive controls for theorganization. It helps to design preventive controls for the

future. Detective controls are least effectives as they arefuture. Detective controls are least effectives as they are

applied after the undesirable event has occurred.applied after the undesirable event has occurred.

Reconciliations and quality reviews are typical examplesReconciliations and quality reviews are typical examples

of detective controls.of detective controls.

2.3.3 CORRECTIVE CONTROLS2.3.3 CORRECTIVE CONTROLS

Corrective controls are the policies and proceduresCorrective controls are the policies and procedures

applied after irregularities have been identified. Theseapplied after irregularities have been identified. These

11


12/53

controls are designed to minimize the effects ofcontrols are designed to minimize the effects of

irregularities or frauds.irregularities or frauds.

2.4 RISK DIVERSIFICATION:2.4 RISK DIVERSIFICATION:

Risk examinerRisk examiner Marco et al (2006)Marco et al (2006)acknowledges that risksacknowledges that risks

and internal controls have a very deep correlation.and internal controls have a very deep correlation.

Therefore the researcher feels an intense importance toTherefore the researcher feels an intense importance to

elaborate the risk and its diversification to the users of thiselaborate the risk and its diversification to the users of this

report.report.

Chris et al (2005)Chris et al (2005) defines risk as the likelihood thatdefines risk as the likelihood that

hazards will result into a disaster. Describing in somehazards will result into a disaster. Describing in some

simple words, likelihood of a disaster to take place issimple words, likelihood of a disaster to take place is

called as risk. Risk is prevailing in every endeavour ofcalled as risk. Risk is prevailing in every endeavour of

corporate strategy. And all those actions anticipated tocorporate strategy. And all those actions anticipated to

stop a disaster from happening, or to reduce its harm ifstop a disaster from happening, or to reduce its harm if

disaster takes place, are termed as Controls.disaster takes place, are termed as Controls. BryanBryan

(1992)(1992)adds that risk can be systematic and unsystematic.adds that risk can be systematic and unsystematic.

Lynford (2008),Lynford (2008),Systematic risk comes from the elementsSystematic risk comes from the elements

substantially beyond the control of those charged with thesubstantially beyond the control of those charged with the

responsibility of corporate management, significantresponsibility of corporate management, significant

political changes is one of its example. Systematic riskpolitical changes is one of its example. Systematic risk

influences overall assets of all the organizations at theinfluences overall assets of all the organizations at the

same time. Unsystematic risk is also termed specific risksame time. Unsystematic risk is also termed specific risk

sometimes. This type of risk affects a specific class ofsometimes. This type of risk affects a specific class of

organizational assets.organizational assets.

12


13/53

2.4.1 TYPES OF RISK:2.4.1 TYPES OF RISK:

Risk can be of various types and different in nature,Risk can be of various types and different in nature,

however researcher will only discuss the following fourhowever researcher will only discuss the following four

types of risks related to this report that bring utmosttypes of risks related to this report that bring utmost

disaster on the organizational assets;disaster on the organizational assets;

According toAccording to Herbst (2004),Herbst (2004), these are the risks associatedthese are the risks associated

with the long term strategic decisions of the organization.with the long term strategic decisions of the organization.

Strategic risks are externally driven by competition,Strategic risks are externally driven by competition,

customer demand, changes in customer patterns etc, andcustomer demand, changes in customer patterns etc, and

internally driven by changes in intellectual capital andinternally driven by changes in intellectual capital and

corporate merger and acquisition activities.corporate merger and acquisition activities.

2.4.1.1 STRATEGIC RISK:2.4.1.1 STRATEGIC RISK:

InIn Marks (2007)Marks (2007) point of view, the managers shouldpoint of view, the managers should

broadly concentrate on the evaluation and implementationbroadly concentrate on the evaluation and implementation

of controls designed for unsystematic risks.of controls designed for unsystematic risks.

2.4.1.2 COMPLIANCE RISK:2.4.1.2 COMPLIANCE RISK:

Vithal (1997)Vithal (1997) describes compliance risks are associateddescribes compliance risks are associated

with business requirement to operate in compliance withwith business requirement to operate in compliance with

the applicable laws and regulations, such as health andthe applicable laws and regulations, such as health and

safety and employment law etc. These regulations andsafety and employment law etc. These regulations and

operational standards are usually set by the governingoperational standards are usually set by the governing

13


14/53

bodies of the country an organization operates in.bodies of the country an organization operates in.

Compliance risk is also termed as legislative risks.Compliance risk is also termed as legislative risks.

2.4.1.3 FINANCIAL RISK:2.4.1.3 FINANCIAL RISK:

Risks associated with the business financial transactionsRisks associated with the business financial transactions

are recognised as financial risks.are recognised as financial risks. Loraine (2006)Loraine (2006)holds thatholds that

financial risks are externally driven by changes infinancial risks are externally driven by changes in

monetary policy in general and interest rate, foreignmonetary policy in general and interest rate, foreign

exchange and credit regulation of the economy in specific.exchange and credit regulation of the economy in specific.

Internally, poor liquidity and cash flow managementInternally, poor liquidity and cash flow management

increases such risks as well.increases such risks as well.

2.4.1.4 OPERATIONAL RISKS:2.4.1.4 OPERATIONAL RISKS:

InIn Yasss (2007)Yasss (2007)point of view, operational risks arise withpoint of view, operational risks arise with

the poor administrative and operational procedures. Majorthe poor administrative and operational procedures. Major

cause of operational risks includes; poor recruitmentcause of operational risks includes; poor recruitment

practices, lack of governance structure and obsoletepractices, lack of governance structure and obsolete

information system etc.information system etc.

Managers and those entrusted with the responsibility ofManagers and those entrusted with the responsibility of

governance should examine these risks on recurring basis.governance should examine these risks on recurring basis.

They must highlight the probable and existing risks. They must highlight the probable and existing risks.

Managers must prioritise risk management in their areasManagers must prioritise risk management in their areas

of operation and they should make necessary provisionsof operation and they should make necessary provisions

to safeguard overall financial and strategic assets of theto safeguard overall financial and strategic assets of the

organization.organization.

14


15/53

2.5 LINK BETWEEN RISK MANAGEMENT SYSTEMS2.5 LINK BETWEEN RISK MANAGEMENT SYSTEMS

AND GOVERNANACE IN MULTINATIONALSAND GOVERNANACE IN MULTINATIONALS

Lynford (2008)Lynford (2008) defines Internal Controls as the set ofdefines Internal Controls as the set of

procedures to protect an organization from loss or misuseprocedures to protect an organization from loss or misuse

of its assets. It also ensures that organizational policiesof its assets. It also ensures that organizational policies

are in consistentare in consistent conformityconformity with the applicable laws andwith the applicable laws and

regulations.regulations.

Neil (2010)Neil (2010) explains, governance is the way how executiveexplains, governance is the way how executive

committee and the board of governors/directors influencecommittee and the board of governors/directors influence

on their organization. According toon their organization. According to Matthew (2008)Matthew (2008)

internal controls are an integral part of organizationalinternal controls are an integral part of organizational

governance in multinational conglomerates and helps ingovernance in multinational conglomerates and helps in

detection of frauds and technical errors. Governancedetection of frauds and technical errors. Governance

responsibilities regarding control environment must beresponsibilities regarding control environment must be

documented in organizational constitution. Actions anddocumented in organizational constitution. Actions and

behaviours adopted by the governance committee have abehaviours adopted by the governance committee have a

significant impact on the workforce and othersignificant impact on the workforce and other

management regarding their performances. It gives rise tomanagement regarding their performances. It gives rise to

a basic control environment within the organization.a basic control environment within the organization.

According toAccording to Spencer (1999),Spencer (1999), the report published by thethe report published by the

Institute of Internal Auditors, United Kingdom, details theInstitute of Internal Auditors, United Kingdom, details the

key actions the governing body of a multinationalkey actions the governing body of a multinational

organization must take for maintaining effective controlorganization must take for maintaining effective control

environment as;environment as;

15


16/53

Board of governors must approve and monitorBoard of governors must approve and monitor

organizations strategic plans on recurring basis.organizations strategic plans on recurring basis.

Executive committee must develop, practice andExecutive committee must develop, practice and

implement organizations ethical code of conduct.implement organizations ethical code of conduct.

Board of governors must oversee seniorBoard of governors must oversee senior

managements decisions with professionalmanagements decisions with professional

scepticism.scepticism.

In multinational conglomerates, board shouldIn multinational conglomerates, board should

develop high level policies and effectivedevelop high level policies and effective

organograms.organograms.

Create an environment to ensure that managementCreate an environment to ensure that management

and those responsible for governance are fairlyand those responsible for governance are fairly

accountable to the stakeholders.accountable to the stakeholders.

Managing directors should watch over theManaging directors should watch over the

management actions and business process onmanagement actions and business process on

recurring basis.recurring basis.

Senior Auditor at Deloitte, United Kingdom,Senior Auditor at Deloitte, United Kingdom, Warren (2009)Warren (2009)

explains, conglomerates maintaining effective system ofexplains, conglomerates maintaining effective system of

internal controls enjoy following four major benefits;internal controls enjoy following four major benefits;

16


17/53

Achieve economic efficiency and the quality ofAchieve economic efficiency and the quality of

products and services remains consistent with theproducts and services remains consistent with the

organizations mission.organizations mission.

Avoid wastage, misuse and abuse of assets to aAvoid wastage, misuse and abuse of assets to a

remarkable extent and decrease the likelihood ofremarkable extent and decrease the likelihood of

potential frauds.potential frauds.

Establish coherence among organizations operationsEstablish coherence among organizations operations

and applicable regulations and corporate directives.and applicable regulations and corporate directives.

Financial and management statements remainFinancial and management statements remain

accurate and up to date.accurate and up to date.

All the members and stakeholders have a contribution inAll the members and stakeholders have a contribution in

maintaining a strong internal control system. Effectivenessmaintaining a strong internal control system. Effectiveness

of internal controls has a complex correlation with theof internal controls has a complex correlation with the

peoples attitude about it. Board of governors must adoptpeoples attitude about it. Board of governors must adopt

organizations tone to support internal controls. If boardorganizations tone to support internal controls. If board

does not develop clear and strong support for controldoes not develop clear and strong support for control

environment, the organization can never achieve a goodenvironment, the organization can never achieve a good

practice of controls. Board should oversee that managerspractice of controls. Board should oversee that managers

should never override any control activity. It is onlyshould never override any control activity. It is only

possible if the executive management emphasizes thepossible if the executive management emphasizes the

value of internal controls and analyzes the employeesvalue of internal controls and analyzes the employees

activities.activities.

17


18/53

Michael (2007)Michael (2007) believes that top executive committee inbelieves that top executive committee in

the organization has responsibility for;the organization has responsibility for;

Reviewing internal controls system.Reviewing internal controls system.

Communicating management policies to all theCommunicating management policies to all the

individuals in the organization.individuals in the organization.

Encourage training and education regarding internalEncourage training and education regarding internal

control evaluation.control evaluation.

Board should designate an internal control officer toBoard should designate an internal control officer to

constantly look after control activities and he/sheconstantly look after control activities and he/she

should report to the board of governors/Directors.should report to the board of governors/Directors.

HoweverHowever Stephen (1997)Stephen (1997)disagrees withdisagrees with Michael (2007)Michael (2007),, inin

his opinion reviewing internal controls, andhis opinion reviewing internal controls, and

communicating management policies regarding controlcommunicating management policies regarding control

activities are solely the responsibility of the internalactivities are solely the responsibility of the internal

controls officer. Board should appoint an appropriatecontrols officer. Board should appoint an appropriate

independent person for this position and all otherindependent person for this position and all other

activities concerning maintaining an effective system ofactivities concerning maintaining an effective system of

control should rest with the appointed officer. Internalcontrol should rest with the appointed officer. Internal

controls officer is an important team member whocontrols officer is an important team member who

improves and evaluates the effectiveness of internalimproves and evaluates the effectiveness of internal

control system and assists senior management and thecontrol system and assists senior management and the

board of directors in this regard.board of directors in this regard.

18


19/53

Researcher personally believes that every member of theResearcher personally believes that every member of the

organization has a role to maintain and ensureorganization has a role to maintain and ensure

effectiveness of internal controls; however substantialeffectiveness of internal controls; however substantial

responsibility rests with the managers. Managers shouldresponsibility rests with the managers. Managers should

assure that all the individuals within the organization haveassure that all the individuals within the organization have

proper knowledge, experience and training for their areasproper knowledge, experience and training for their areas

of responsibilities.of responsibilities.

Workforce should be provided with recurring trainingsWorkforce should be provided with recurring trainings

where necessary. Constant monitoring and performancewhere necessary. Constant monitoring and performance

evaluation of every individual provide reasonableevaluation of every individual provide reasonable

assurance that organization will accomplish its objectives.assurance that organization will accomplish its objectives.

Internal control officers must be independent in theInternal control officers must be independent in the

activities being performed by them in their domains.activities being performed by them in their domains.

2.5.1: GOVERNANCE PHILOSOPHY AND INTERNAL2.5.1: GOVERNANCE PHILOSOPHY AND INTERNAL

CONTROLS:CONTROLS:

Governance style and philosophy directly affects internalGovernance style and philosophy directly affects internal

control systems. Governance style represents basiccontrol systems. Governance style represents basic

strategy regarding how individuals and activities of thestrategy regarding how individuals and activities of the

organization should be administered.organization should be administered.

Warren (2009),Warren (2009),there is different governance philosophies.there is different governance philosophies.

It is difficult to decide which one is the best although someIt is difficult to decide which one is the best although some

may be more effective than the other varying from onemay be more effective than the other varying from one

organization to another. Executive committee shouldorganization to another. Executive committee should

practice the most effective governance style thatpractice the most effective governance style that

19


20/53

constructively affects all the individuals and enhancesconstructively affects all the individuals and enhances

ethical values of the organization. Senior managementethical values of the organization. Senior management

should demonstrate these values to the workforce andshould demonstrate these values to the workforce and

must evaluate the effectiveness of such governancemust evaluate the effectiveness of such governance

philosophy on periodical basis.philosophy on periodical basis.

Yan (1997)Yan (1997) argues that to maintain effective system ofargues that to maintain effective system of

controls governance philosophy should be demonstratedcontrols governance philosophy should be demonstrated

in the following areas;in the following areas;

Management attitude towards recognizing risks andManagement attitude towards recognizing risks and

its response.its response.

Acceptance of externally imposed regulatoryAcceptance of externally imposed regulatory

controls.controls.

Behaviour towards external and internal reporting.Behaviour towards external and internal reporting.

Use of the required generally accepted financialUse of the required generally accepted financial

reporting standards.reporting standards.

Individuals support and response towards internalIndividuals support and response towards internal

audit and external audit evaluation.audit and external audit evaluation.

InIn Beths (2002)Beths (2002)point of view, ethical norms and integritypoint of view, ethical norms and integrity

forms standards of employees conduct. It has inevitableforms standards of employees conduct. It has inevitable

contribution towards good control environment. Seniorcontribution towards good control environment. Senior

management can encourage the following attributes in themanagement can encourage the following attributes in the

20


21/53


22/53

As internal controls provide reasonable assurance thatAs internal controls provide reasonable assurance that

organizations objectives will be accomplished withoutorganizations objectives will be accomplished without

significant risks, hence senior management must adopt asignificant risks, hence senior management must adopt a

supportive attitude for such activities.supportive attitude for such activities. Jan (2009),Jan (2009), SeniorSenior

management must set a tone to enforce importance ofmanagement must set a tone to enforce importance of

internal controls. Such a tone can be adopted by;internal controls. Such a tone can be adopted by;

Strictly avoiding control overrideStrictly avoiding control override

Encouraging recurring control self assessments andEncouraging recurring control self assessments and

internal audit activities.internal audit activities.

Quick responsiveness to the audit evaluationQuick responsiveness to the audit evaluation

observationsobservations

Educating individuals to ensure their understandingEducating individuals to ensure their understanding

and contribution towards internal control system.and contribution towards internal control system.

In an article Manmohan et al (2006)In an article Manmohan et al (2006) argues that inargues that in

multinational conglomerates, internal controls and risksmultinational conglomerates, internal controls and risks

are dynamically linked with organizations strategicare dynamically linked with organizations strategic

objectives. According toobjectives. According to Suzanne et al (2010)Suzanne et al (2010) any changeany change

in the corporate objectives must be considered forin the corporate objectives must be considered for

corresponding re-evaluation of risks and internalcorresponding re-evaluation of risks and internal

controls.controls. Re-evaluation of risk determines significance ofRe-evaluation of risk determines significance of

the risks over the organization. Level of risk significancethe risks over the organization. Level of risk significance

determines whether to accept the risks or to takedetermines whether to accept the risks or to take

22


23/53

precautionary actions to avoid them. Risk re-evaluationprecautionary actions to avoid them. Risk re-evaluation

should be done by assessing the changes in theshould be done by assessing the changes in the

consequences and likelihood of each risk. It should thenconsequences and likelihood of each risk. It should then

be assessed with the new business objective to decide asbe assessed with the new business objective to decide as

to which one of the risks can potentially affect itsto which one of the risks can potentially affect its

achievement.achievement. Warren et alWarren et al (2009)(2009) suggests that in globalsuggests that in global

organizations senior management must undertake risksorganizations senior management must undertake risks

and controls re-evaluation as a continuous part ofand controls re-evaluation as a continuous part of

corporate planning process.corporate planning process.

Michael (2007)Michael (2007) emphasises that governance process is theemphasises that governance process is the

responsibility of senior executives and internal controls isresponsibility of senior executives and internal controls is

the responsibility of all the members (as discussedthe responsibility of all the members (as discussed

earlier). Mark et al (2007) strongly disagrees with Michael,earlier). Mark et al (2007) strongly disagrees with Michael,

he believes that only internal auditors should behe believes that only internal auditors should be

responsible for checks and controls. He insists that seniorresponsible for checks and controls. He insists that seniormanagement and departmental heads can providemanagement and departmental heads can provide

consultation and advise however major role regardingconsultation and advise however major role regarding

maintaining an effective system of controls rests with themaintaining an effective system of controls rests with the

appointed internal auditors.appointed internal auditors.

Erich (2007)Erich (2007) adds that internal controls are directlyadds that internal controls are directlyintegrated with all other corporate governance objectivesintegrated with all other corporate governance objectives

as detailed above byas detailed above by SuzanneSuzanne.. DentDent (2002)(2002) disagrees withdisagrees with

Erich (2007) and Mark (2007) and he insists that internalErich (2007) and Mark (2007) and he insists that internal

control and corporate governance should be treated ascontrol and corporate governance should be treated as

separate issues and other governance objectives canseparate issues and other governance objectives can

never be linked with them.never be linked with them. He furtherHe further elaborates thatelaborates thatinternal control is an operating activity like many otherinternal control is an operating activity like many other

23


24/53

activities in the organization and the purpose of thisactivities in the organization and the purpose of this

activity is to bring efficiency. It means that internal controlactivity is to bring efficiency. It means that internal control

is not always meant for preventing frauds, but it alsois not always meant for preventing frauds, but it also

detects human error,detects human error, DentDent believes unlike otherbelieves unlike other

researches that executive management has really nothingresearches that executive management has really nothing

much to do with this activity.much to do with this activity.

However after an intensive research on literature, theHowever after an intensive research on literature, the

researcher personally agrees with researcher personally agrees with MichaelMichael that internalthat internal

control is the responsibility of all the members working incontrol is the responsibility of all the members working in

the organization including the executive management. Inthe organization including the executive management. In

contrast withcontrast with Sweatman et als (2002)Sweatman et als (2002)opinion, researcheropinion, researcher

agrees that it is the internal auditors who can assist theagrees that it is the internal auditors who can assist the

executive management with their advice and expertiseexecutive management with their advice and expertise

but the actual role to enforce effective system of internalbut the actual role to enforce effective system of internal

control rests with those empowered with governance.control rests with those empowered with governance.

2.6:2.6: CORPORATE CULTRE OF PAKISTAN &CORPORATE CULTRE OF PAKISTAN &

APPROACHS TOWARDS RISK MANAGEMENTAPPROACHS TOWARDS RISK MANAGEMENT

Pakistan is situated in South East Asia. It has five statesPakistan is situated in South East Asia. It has five states

and considered culturally and financially a rich country inand considered culturally and financially a rich country in

the region till 2005. The country has the moderate mixedthe region till 2005. The country has the moderate mixed

economy in the South Asia.economy in the South Asia.

2.6.1: CORPORATE MANAGEMENT & INTERNAL2.6.1: CORPORATE MANAGEMENT & INTERNAL

CONTROL TRENDS IN PAKISTAN:CONTROL TRENDS IN PAKISTAN:

24


25/53

Article written by Kristy (2008)Article written by Kristy (2008) refers towards a recentrefers towards a recent

research byresearch by Price Waterhouse CoopersPrice Waterhouse Coopers highlighting thathighlighting that

there are more than six hundred multinationals operatingthere are more than six hundred multinationals operating

in the Pakistan and more than fifty multinationalin the Pakistan and more than fifty multinational

conglomerates have established their businesses inconglomerates have established their businesses in

Pakistan. After decades of existence, worlds one of thePakistan. After decades of existence, worlds one of the

developing mixed economy is still unable to establish adeveloping mixed economy is still unable to establish a

professional institution to direct and regulate riskprofessional institution to direct and regulate risk

managers in the region, still discussions are underway tomanagers in the region, still discussions are underway to

establish it. Not only for Risk Management, but also noestablish it. Not only for Risk Management, but also no

other professional body exists in the country to regulateother professional body exists in the country to regulate

any category of professionals assuming various corporateany category of professionals assuming various corporate

responsibilities in different organizations apart fromresponsibilities in different organizations apart from

accountants.accountants.

Manmohan (2006),Manmohan (2006), according to an independent survey,according to an independent survey,

more than eighty five percent managers working inmore than eighty five percent managers working in

different organizations of Pakistan are those who weredifferent organizations of Pakistan are those who were

brought up and completed their professional educationbrought up and completed their professional education

outside the PAKISTAN. Another report published by theoutside the PAKISTAN. Another report published by the

Institute of Internal Auditors, PAKISTAN Chapter, revealsInstitute of Internal Auditors, PAKISTAN Chapter, reveals

remarkable shortage of audit talent in the Pakistan.remarkable shortage of audit talent in the Pakistan.

Norman (2010)Norman (2010)seven out of every ten organizations in theseven out of every ten organizations in the

PAKISTAN do not have internal audit departments. FortyPAKISTAN do not have internal audit departments. Forty

three percent of multinational conglomerates operating inthree percent of multinational conglomerates operating in

the Pakistan do not have appointed internal controlthe Pakistan do not have appointed internal control

officers who can solely look after the control activities.officers who can solely look after the control activities.

25


26/53

Another report by Deloitte throws some more light on theAnother report by Deloitte throws some more light on the

issue,issue, Don (2009),Don (2009), individuals entrusted with the internalindividuals entrusted with the internal

controls evaluation and implementation in the topcontrols evaluation and implementation in the top

multinationals in the PAKISTAN do not have any formalmultinationals in the PAKISTAN do not have any formal

qualification of internal controls. Most of them arequalification of internal controls. Most of them are

qualified by experience and do not have sufficientqualified by experience and do not have sufficient

expertise to face the challenges. Members of executiveexpertise to face the challenges. Members of executive

committee of such organizations are not aware of theircommittee of such organizations are not aware of their

must to do control activities and all the responsibilitymust to do control activities and all the responsibility

usually rests with the control officers or internal auditors.usually rests with the control officers or internal auditors.

Laura (2003Laura (2003)) discussed that availability of internal controldiscussed that availability of internal control

auditors is much less than demand in Asia and every twoauditors is much less than demand in Asia and every two

out of three organizations dont have people who can testout of three organizations dont have people who can test

and evaluate their system of controls.and evaluate their system of controls.

The researcher feels during this research that in the The researcher feels during this research that in the

Pakistan the executive committees of the multinationalPakistan the executive committees of the multinational

conglomerates are not making contribution to support anconglomerates are not making contribution to support an

effective control environment.effective control environment. Wright (1997)Wright (1997) In theIn the

PAKISTAN, almost all the organizations have virtually thePAKISTAN, almost all the organizations have virtually the

common code of conduct. It causes lack of well structuredcommon code of conduct. It causes lack of well structured

and customised code of conduct fulfilling an organizationsand customised code of conduct fulfilling an organizations

individual requirements. Board of directors adopts a veryindividual requirements. Board of directors adopts a very

casual and informal behaviour towards seniorcasual and informal behaviour towards senior

managements actions.managements actions.

Norman (2010)Norman (2010) identifies a lot of bad internal controlidentifies a lot of bad internal control

practices in the overall PAKISTANs corporatepractices in the overall PAKISTANs corporate

26


27/53

environment. Boards do not clearly describe authorityenvironment. Boards do not clearly describe authority

limits of senior managements and even departmentallimits of senior managements and even departmental

policies are not properly documented. In most of thepolicies are not properly documented. In most of the

organizations, members of executive management do notorganizations, members of executive management do not

assume the responsibility of internal controls.assume the responsibility of internal controls. TalhaTalha

(2007)(2007)a senior auditor in the PAKISTAN, believes that onlya senior auditor in the PAKISTAN, believes that only

a few employees working in the internal audita few employees working in the internal audit

departments play some part in internal control systemsdepartments play some part in internal control systems

however rest of the individuals look at internal controlhowever rest of the individuals look at internal control

activity with a lot of reservations and naturally oppose it.activity with a lot of reservations and naturally oppose it.

Lack of one or more directors independence is veryLack of one or more directors independence is very

common because sometimes they are serving on othercommon because sometimes they are serving on other

companies board or some of them are into tradingcompanies board or some of them are into trading

relationship as main suppliers or customers with therelationship as main suppliers or customers with the

company.company.

2.7: CORELATION BETWEEN RISK MANAGEMENT,2.7: CORELATION BETWEEN RISK MANAGEMENT,

RISK OF FRAUD AND SAFEGUARDING ASSETS;RISK OF FRAUD AND SAFEGUARDING ASSETS;

International standards on auditing (ISA) define theInternational standards on auditing (ISA) define the

phenomenon safeguarding assets as policies andphenomenon safeguarding assets as policies and

procedures that timely prevent or detect unauthorisedprocedures that timely prevent or detect unauthorised

acquisition, disposal or misuse of assets that may haveacquisition, disposal or misuse of assets that may have

material impact on the companys financial position.material impact on the companys financial position.

Hollinger Clark (1983)Hollinger Clark (1983) surveyed 14,000 workers andsurveyed 14,000 workers and

discovered a direct correlation between age and theft,discovered a direct correlation between age and theft,

Hollinger Clarks research concludes that youngerHollinger Clarks research concludes that younger

27


28/53

employees are less committed towards jobemployees are less committed towards job

responsibilities, but on the other side bigger corruptionresponsibilities, but on the other side bigger corruption

usually takes place at higher positions. It is because atusually takes place at higher positions. It is because at

higher positions, managers have wider horizon ofhigher positions, managers have wider horizon of

ostensible authority and minimum supervision. He alsoostensible authority and minimum supervision. He also

argued that corporate frauds takes place due to jobargued that corporate frauds takes place due to job

dissatisfaction.dissatisfaction.

MohammedMohammed (2004)(2004) conducted a survey of 12,500conducted a survey of 12,500

employees working at different levels in the PAKISTAN andemployees working at different levels in the PAKISTAN and

discovereddiscovered that six out of every ten employees are notthat six out of every ten employees are not

satisfied with their jobs. A majority is not happy when theysatisfied with their jobs. A majority is not happy when they

compare their contribution and remuneration received.compare their contribution and remuneration received.

Comparison ofComparison of Hollinger Clarks (1983) workHollinger Clarks (1983) work andand

Mohammed (2004)Mohammed (2004) extracts that risk of frauds is higher inextracts that risk of frauds is higher in

the PAKISTAN because higher level of job dissatisfactionthe PAKISTAN because higher level of job dissatisfaction

may be a motive for frauds.may be a motive for frauds.

However researcher slightly disagrees personally, andHowever researcher slightly disagrees personally, and

believes it depends upon the controls system of thebelieves it depends upon the controls system of the

organization. It is only the control system that mayorganization. It is only the control system that may

provide opportunities for fraud. If this system is strong andprovide opportunities for fraud. If this system is strong and

effective, frauds are difficult to take place even for theeffective, frauds are difficult to take place even for the

people having strong motive for it.people having strong motive for it.

2.7.1: FRAUD TRIANGLE;2.7.1: FRAUD TRIANGLE;

28


29/53

While writing this report, the researcher went throughWhile writing this report, the researcher went through

extensive literature and found that many authors haveextensive literature and found that many authors have

shared their experiences about the fraud risk and itsshared their experiences about the fraud risk and its

impact. Howeverimpact. However Cressey (1950)Cressey (1950) has presented all in onehas presented all in one

theory known as Fraud Triangle. This theory hastheory known as Fraud Triangle. This theory has

highlighted the environment where frauds take place.highlighted the environment where frauds take place.

Cressey (195O)Cressey (195O) presented a fraud triangle theory.presented a fraud triangle theory.

According to this theory, frauds take place in anAccording to this theory, frauds take place in an

environment that has following three elements;environment that has following three elements;

PressurePressure

OpportunitiesOpportunities

RationalizationRationalization

2.7.1.1 PRESSURE:2.7.1.1 PRESSURE:

Giuseppe (200),Giuseppe (200),Pressure is something that instigates anPressure is something that instigates an

individual to commit fraud. Pressure can be external orindividual to commit fraud. Pressure can be external or

internal. Historically, it has been observed that pressureinternal. Historically, it has been observed that pressure

arises as a result of financial crisis. Often fraudsters feelarises as a result of financial crisis. Often fraudsters feel

that this problem cannot be shared with any one and theythat this problem cannot be shared with any one and they

want their problems to be resolved secretly.want their problems to be resolved secretly.

29


30/53

HoweverHowever Balachandran (2007)Balachandran (2007) disagrees and indicates adisagrees and indicates a

lot of situations where fraud took place solely for thelot of situations where fraud took place solely for the

greed of the fraudsters, having nil pressure behind.greed of the fraudsters, having nil pressure behind.

YanYan (1997)(1997) adds that this pressure may be financial oradds that this pressure may be financial or

work related and an effective combination of preventivework related and an effective combination of preventive

internal controls should be applied for employees not tointernal controls should be applied for employees not to

go under pressure.go under pressure.

2.7.1.2 OPPORTINITY:2.7.1.2 OPPORTINITY:

Opportunity can be explained as an aptitude to commitOpportunity can be explained as an aptitude to commit

fraud.fraud. Nava (2008)Nava (2008) holdsholds that fraudsters commit fraudthat fraudsters commit fraud

only in a situation when they are confident that theironly in a situation when they are confident that their

activities cannot be detected. It only happens when pooractivities cannot be detected. It only happens when poor

risk management procedures, weak managementrisk management procedures, weak management

supervision and misuse of authority collectively providesupervision and misuse of authority collectively provide

opportunities to the fraudsters.opportunities to the fraudsters. Muhammed (2004)Muhammed (2004) addsadds

thatthat opportunity for frauds is the worst element in theopportunity for frauds is the worst element in the

corporate environment and management must havecorporate environment and management must have

sufficient and appropriate controls over it. Organizationssufficient and appropriate controls over it. Organizations

must establish a system to bring the employees out of themust establish a system to bring the employees out of the

position where they can commit frauds.position where they can commit frauds.

Contrary to the discussion in paragraph above,Contrary to the discussion in paragraph above, TalhaTalha

(2007)(2007) argues that risk management procedures mayargues that risk management procedures may

reduce this opportunity to some extent but they cannotreduce this opportunity to some extent but they cannot

30


31/53


32/53

Fraudster takes fraud benefit as a borrowing and heFraudster takes fraud benefit as a borrowing and he

has full intention to return it at some stage.has full intention to return it at some stage.

Fraudster believes the organization owes someFraudster believes the organization owes some

money to him. It is the situation of job dissatisfaction.money to him. It is the situation of job dissatisfaction.

Tumpal (2009)Tumpal (2009) states, the rationalization side of fraudstates, the rationalization side of fraud

triangle consists of feelings like, nobody will get hurt, Itriangle consists of feelings like, nobody will get hurt, I

deserve more or they owe me etc. Specialized detectivedeserve more or they owe me etc. Specialized detective

controls should be incorporated to investigate whycontrols should be incorporated to investigate why

fraudster employees are victim of such rationalization.fraudster employees are victim of such rationalization.

Once the reasons have been identified, then tailoredOnce the reasons have been identified, then tailored

preventive controls should be applied to avoid thispreventive controls should be applied to avoid this

situation in future.situation in future.

Richard (1996)Richard (1996) disagrees with Tumpal (2009). He insistsdisagrees with Tumpal (2009). He insiststhat detective controls should only be designed to detectthat detective controls should only be designed to detect

errors and irregularities. Detective controls have nothingerrors and irregularities. Detective controls have nothing

to do with accessing rationalization side of fraud triangle.to do with accessing rationalization side of fraud triangle.

However in the researchers personal opinion,However in the researchers personal opinion,

TumpalsTumpals approach isapproach ismore practical.more practical.

The researcher has discussed in the Discussion chapterThe researcher has discussed in the Discussion chapter

of this report, about appropriateness of existing riskof this report, about appropriateness of existing risk

management procedures in the context of fraud trianglemanagement procedures in the context of fraud triangle

at Suzuki Motors PAKISTAN. This literature was veryat Suzuki Motors PAKISTAN. This literature was very

helpful to discover which type of controls are the mosthelpful to discover which type of controls are the most

effective in the corporate culture of the Pakistan.effective in the corporate culture of the Pakistan.

32


33/53

Famous auditor Jans (2009)Famous auditor Jans (2009) opinion is against otheropinion is against other

researchers, he considers though sufficient andresearchers, he considers though sufficient and

appropriate internal controls are defence against fraudappropriate internal controls are defence against fraud

and misuse of assets, but poor controls do not mean at alland misuse of assets, but poor controls do not mean at all

that fraud will certainly take place. It actually does openthat fraud will certainly take place. It actually does open

opportunity for frauds a bit wider. Once again existence ofopportunity for frauds a bit wider. Once again existence of

opportunity does not mean that frauds will take place foropportunity does not mean that frauds will take place for

obvious.obvious.

2.8: SUMMARY2.8: SUMMARY

After intensive critical evaluation of the related material,After intensive critical evaluation of the related material,

the researcher is able to summarise the key points asthe researcher is able to summarise the key points as

follows to the best of his knowledge and understanding.follows to the best of his knowledge and understanding.

Internal controls are the key element to safeguardInternal controls are the key element to safeguard

organizational assets. An effective combination oforganizational assets. An effective combination of

preventive, detective and corrective controls providespreventive, detective and corrective controls provides

reasonable assurance that organizational assets are safe.reasonable assurance that organizational assets are safe.

It avoids unauthorised acquisition, disposal and misuse ofIt avoids unauthorised acquisition, disposal and misuse of

assets. Maintaining an effective system of controls isassets. Maintaining an effective system of controls is

primarily the responsibility of board of governors. Theseprimarily the responsibility of board of governors. These

controls are dynamically linked with organizationalcontrols are dynamically linked with organizational

objectives. Changes in objectives require an immediateobjectives. Changes in objectives require an immediate

reassessment of relevant controls. Douglasreassessment of relevant controls. Douglas (2000),(2000), it isit is

important to assess the control environment to developimportant to assess the control environment to develop

effective internal controls.effective internal controls. Yan (1997)Yan (1997),, controlcontrol

environment consists of organizational culture, internalenvironment consists of organizational culture, internal

policies, organizational structure and managementpolicies, organizational structure and management

33


34/53

perception in governance. Denis et alperception in governance. Denis et al (2002)(2002) argues thatargues that

culture has direct effect over the controlculture has direct effect over the control

environment.environment. MichaelMichael (2008)(2008) emphasises that beforeemphasises that before

implementing controls it is very important to criticallyimplementing controls it is very important to critically

identify risks in achieving objectives.identify risks in achieving objectives. SpencerSpencer

(1999)(1999) discovered that failure to access inherent risksdiscovered that failure to access inherent risks

means that the organization will develop controls thatmeans that the organization will develop controls that

would not prevent frauds. Relevant controls should bewould not prevent frauds. Relevant controls should be

established to minimize specific risks.established to minimize specific risks.MarcoMarco (2006)(2006)

suggests that msuggests that management should ensure whetheranagement should ensure whether

significant changes into internal and external environmentsignificant changes into internal and external environment

have been incorporated into internal controlshave been incorporated into internal controls

system.system. Antonino et al (2010) Antonino et al (2010): Failure to maintain an: Failure to maintain an

effective system of internal controls cannot preventeffective system of internal controls cannot prevent

frauds, which results in the lack of stakeholdersfrauds, which results in the lack of stakeholders

confidence.confidence. In the corporate culture of Pakistan, internalIn the corporate culture of Pakistan, internal

control activity is not regarded as important as it shouldcontrol activity is not regarded as important as it should

be. Authority limits are not well defined and incompetentbe. Authority limits are not well defined and incompetent

audit and control officers are exposing organizationalaudit and control officers are exposing organizational

assets to utmost risk.assets to utmost risk. Kwansagool et al (2009)Kwansagool et al (2009) adds thatadds that

controls that do not appreciate segregation of duties like;controls that do not appreciate segregation of duties like;

making bank deposits, posting them into accounts andmaking bank deposits, posting them into accounts and

performing reconciliation etc, results high risk ofperforming reconciliation etc, results high risk of

frauds.frauds.Dorothy (1996)Dorothy (1996) adds poor physical controls overadds poor physical controls over

blank cheques and inventory provides an idealblank cheques and inventory provides an ideal

environment for fraud.environment for fraud.

34


35/53

Internal controls and risks have inevitable correlations.Internal controls and risks have inevitable correlations.

Poor controls exposes high risk and high risk ultimatelyPoor controls exposes high risk and high risk ultimately

expose organizational assets to potential losses.expose organizational assets to potential losses.

CHAPTER THREECHAPTER THREE

RESEARCHRESEARCH

DESIGNDESIGN

3.0: RESEACH DESIGN3.0: RESEACH DESIGN

This chapter provides details how research has been This chapter provides details how research has been

conducted. According toconducted. According to Neil (2010)Neil (2010) research design is aresearch design is a

set of methods, approaches and strategies employedset of methods, approaches and strategies employed

toto

complete the research. It includes all the procedurescomplete the research. It includes all the procedures

involved in writing a research report.involved in writing a research report.

The researcher has discussed systematic process, The researcher has discussed systematic process,

methodology and approaches to achieve researchmethodology and approaches to achieve research

objectives. He has also explained reasons for not using theobjectives. He has also explained reasons for not using the

alternative forms of research methods. Data collectionalternative forms of research methods. Data collection

35


36/53

procedures and data analysis techniques have also beenprocedures and data analysis techniques have also been

address later in this chapter.address later in this chapter.

3.1: RESEARCH METHODOLOGY3.1: RESEARCH METHODOLOGY

3.1.1: POSITIVISM3.1.1: POSITIVISM

This is a philosophical approach to research through This is a philosophical approach to research through

efficient, orderly and scientific methods. According toefficient, orderly and scientific methods. According to

Delbert (2002),Delbert (2002), this approach recognises that knowledgethis approach recognises that knowledge

based on experience and positive verification is the onlybased on experience and positive verification is the only

authentic knowledge. Scientific method tries to discoverauthentic knowledge. Scientific method tries to discover

the laws of occurring physical and human events.the laws of occurring physical and human events.

Positivism emphasizes gathering facts and analysing thePositivism emphasizes gathering facts and analysing the

relationship between different set of these facts. Therelationship between different set of these facts. The

researchers, following the positivism approach, analysedresearchers, following the positivism approach, analysed

numerical and statistical data through various techniquesnumerical and statistical data through various techniques

to conclude generally quantifiable results. This approachto conclude generally quantifiable results. This approach

blindly accepts wrongness of deviance and entirelyblindly accepts wrongness of deviance and entirely

ignores the subjectivity of the deviant, by assuming theignores the subjectivity of the deviant, by assuming the

absolute objectivity, whereas it never addresses it inabsolute objectivity, whereas it never addresses it in

detail.detail.

While conducting a research through positivism,While conducting a research through positivism,

researcher has to analyse observable fact in terms ofresearcher has to analyse observable fact in terms of

variables.variables. Margo (2006)Margo (2006)adds the first step in this type ofadds the first step in this type of

research is to start with a theory then data is collectedresearch is to start with a theory then data is collected

and tested against them and finally researchers refine theand tested against them and finally researchers refine the

36


37/53

existing theories and laws they started with and veryexisting theories and laws they started with and very

highly structured research process is used.highly structured research process is used.

Most of the data collected to complete this research isMost of the data collected to complete this research is

qualitative data. Researcher personally agrees that truequalitative data. Researcher personally agrees that true

objectivity is impossible and during the research it is veryobjectivity is impossible and during the research it is very

important to consider subjective side of the deviance.important to consider subjective side of the deviance.

Researcher also fears that by positivism approach,Researcher also fears that by positivism approach,

understanding of social interactions will be quite difficult.understanding of social interactions will be quite difficult.

AsAs John (2009) John (2009) says,says, positivism cannot reveal peoplespositivism cannot reveal peoples

interaction towards any social trend.interaction towards any social trend.

The issues like good governance and its role in The issues like good governance and its role in

multinational conglomerates or critical evaluation ofmultinational conglomerates or critical evaluation of

national culture of PAKISTAN and its effect on internalnational culture of PAKISTAN and its effect on internal

controls etc are difficult to address solely by positivism.controls etc are difficult to address solely by positivism.

Hence for the purpose of this research, positivismHence for the purpose of this research, positivism

approach has not been given first priority, however,approach has not been given first priority, however,

scientific methods have also been considered wherescientific methods have also been considered where

necessary.necessary.

3.1.2: INTERPRETIVISM:3.1.2: INTERPRETIVISM:

It is described by Thomas et al (2006), interpretivismIt is described by Thomas et al (2006), interpretivism

emphasises the importance of considering peoplesemphasises the importance of considering peoples

thoughts and ideas to understand the happening of anythoughts and ideas to understand the happening of any

37


38/53

event. John (2009) adds that interpretivism recognisesevent. John (2009) adds that interpretivism recognises

that knowledge obtainedthat knowledge obtained from interpretation andfrom interpretation and

meaningful nature of individuals participation is importantmeaningful nature of individuals participation is important

for investigation purpose because using only scientificfor investigation purpose because using only scientific

methods is inappropriate.methods is inappropriate.

Following this approach, issues are analysed to constructFollowing this approach, issues are analysed to construct

knowledge.knowledge. Janina (2009), Janina (2009), this research method startsthis research method starts

from knowledge of realism, including the phenomenon offrom knowledge of realism, including the phenomenon of

human action. In simple words this approach tries tohuman action. In simple words this approach tries to

understand issues by considering the meanings theunderstand issues by considering the meanings the

participants assign to them.participants assign to them.

Since internal control is an area wherein success dependsSince internal control is an area wherein success depends

upon the participation of all individuals in the organization,upon the participation of all individuals in the organization,

the researcher strongly believes that for this particularthe researcher strongly believes that for this particular

research of Suzuki Motors PAKISTAN, observation ofresearch of Suzuki Motors PAKISTAN, observation of

employees thoughts, ideas, behaviours and actions areemployees thoughts, ideas, behaviours and actions are

very vital to reach some conclusive findings. To assessvery vital to reach some conclusive findings. To assess

how multinational conglomerates operate internal checkhow multinational conglomerates operate internal check

and control systems with a view to ensuring governanceand control systems with a view to ensuring governance

and securing their assets. And why Suzuki Motorsand securing their assets. And why Suzuki Motors

PAKISTAN failed to prevent and detect frauds that tookPAKISTAN failed to prevent and detect frauds that took

place, interpretivism approach is much more effective asplace, interpretivism approach is much more effective as

compared to positivism.compared to positivism.

The researcher had to analyse qualitative data rather thanThe researcher had to analyse qualitative data rather than

quantitative data. Further that, application of onlyquantitative data. Further that, application of only

38


39/53

scientific tools may not be exhaustive. Hence thescientific tools may not be exhaustive. Hence the

researcher preferred to conduct substantial part of hisresearcher preferred to conduct substantial part of his

research by following the assumption of interpretivism.research by following the assumption of interpretivism.

3.1.3: QUALITATIVE:3.1.3: QUALITATIVE:

In Bryans (1992) point of view, qualitative researchIn Bryans (1992) point of view, qualitative research

involves analysis of the culture, surrounding environment,involves analysis of the culture, surrounding environment,

behaviours, feelings or processes etc. It does not includebehaviours, feelings or processes etc. It does not include

the analysis of numerical data. This type of researchthe analysis of numerical data. This type of research

involves field work. The primary aim of this type ofinvolves field work. The primary aim of this type of

research is to complete a detailed description. In theresearch is to complete a detailed description. In the

qualitative research the researcher does not have aqualitative research the researcher does not have aclearclear

idea of what he/she is actually looking for. The researcheridea of what he/she is actually looking for. The researcher

himself acts as a data collection tool.himself acts as a data collection tool.

To fulfil the objectives of this research, qualitative dataTo fulfil the objectives of this research, qualitative data

was of extreme importance. Interpretation of events,was of extreme importance. Interpretation of events,

observing the processes and in-depth interviews are ofobserving the processes and in-depth interviews are of

key importance to critically evaluate Suzuki Motorskey importance to critically evaluate Suzuki Motors

PAKISTANs failure to safeguard its financial and strategicPAKISTANs failure to safeguard its financial and strategic

assets. Qualitative analysis of literature and operationalassets. Qualitative analysis of literature and operational

manuals of different other multinational are also importantmanuals of different other multinational are also important

to recommend improved internal control and governanceto recommend improved internal control and governance

system to Suzuki Motorss management. Therefore thesystem to Suzuki Motorss management. Therefore the

researcher prefers qualitative data and methodology toresearcher prefers qualitative data and methodology to

complete this research.complete this research.

39


40/53


41/53

gathering certain set of observations. Inductive reasoninggathering certain set of observations. Inductive reasoning

is also called as bottom-up approach as it starts fromis also called as bottom-up approach as it starts from

observations that further define the patterns andobservations that further define the patterns and

ultimately develop a generalized theory or fact.ultimately develop a generalized theory or fact.

For the purpose of research carried out, the researcherFor the purpose of research carried out, the researcher

uses inductive reasoning approach, starting by identifyinguses inductive reasoning approach, starting by identifying

good governance styles and control environment ofgood governance styles and control environment of

different multinational conglomerates and ultimatelydifferent multinational conglomerates and ultimately

conclude that what is a good practice to safeguard assetsconclude that what is a good practice to safeguard assets

by effective system of checks and controls. It will alsoby effective system of checks and controls. It will also

highlight credible logic why a big multinational concernhighlight credible logic why a big multinational concern

having its presence worldwide, was unable to prevent andhaving its presence worldwide, was unable to prevent and

detect fraudulent activities. The advantage of using thisdetect fraudulent activities. The advantage of using this

approach is that true and absolute events are establishedapproach is that true and absolute events are established

objectively.objectively.

3.2.2: DEDUCTIVE REASONING APPROACH;3.2.2: DEDUCTIVE REASONING APPROACH;

According to Graham (2006), deductive approach wasAccording to Graham (2006), deductive approach was

developed by ancient Greeks. This approach is closelydeveloped by ancient Greeks. This approach is closely

associated with mathematics. This type of research startsassociated with mathematics. This type of research starts

from more general to more specific. It relates at-least twofrom more general to more specific. It relates at-least two

general concepts to a specific case. It evaluates deductivegeneral concepts to a specific case. It evaluates deductive

arguments. For detective reasoning, arguments based onarguments. For detective reasoning, arguments based on

laws, rules and accepted principles are generally used.laws, rules and accepted principles are generally used.

The research to be carried out will be using less deductiveThe research to be carried out will be using less deductive

41


42/53

approach and more inductive approach as discussedapproach and more inductive approach as discussed

above.above.

However the researcher used deductive reasoning whileHowever the researcher used deductive reasoning while

comparing g

Date post:	06-Apr-2018
Category:	Documents
Upload:	lahore1142
View:	223 times
Download:	0 times

project incomplete

Documents