Date post: | 06-Apr-2018 |
Category: |
Documents |
Upload: | lahore1142 |
View: | 223 times |
Download: | 0 times |
of 53
8/3/2019 project incomplete
1/53
AN INVESTIGATION INTO HOW EFFECTIVE SYSTEM OF RISKAN INVESTIGATION INTO HOW EFFECTIVE SYSTEM OF RISK
MANAGEMENT MAY CONTRIBUTE FOR SAFEGUARING ASSETS ATMANAGEMENT MAY CONTRIBUTE FOR SAFEGUARING ASSETS AT
PAK SUZUKI MOTORS (LTD.)PAK SUZUKI MOTORS (LTD.)
D I S S ER TA T I OND I S S ER TA T I ON
1
8/3/2019 project incomplete
2/53
AN INVESTIGATION INTO HOW EFFECTIVE SYSTEM OF RISKAN INVESTIGATION INTO HOW EFFECTIVE SYSTEM OF RISK
MANAGEMENT MAY CONTRIBUTE FOR SAFEGUARING ASSETS ATMANAGEMENT MAY CONTRIBUTE FOR SAFEGUARING ASSETS AT
PAK SUZUKI MOTORS (LTD.)PAK SUZUKI MOTORS (LTD.)
T A B L ET A B L E O FO F C O N T E N T SC O N T E N T S
CCHAPTERHAPTER DDESCRIPTIONESCRIPTIONPPAGEAGE
##
1.0 INTODUCTIONINTODUCTION 3
1.1 RESEARCH BACKGROUNG:RESEARCH BACKGROUNG: 31.3 Research Questions:Research Questions: 41.4 RESEARCH OBJECTIVES:RESEARCH OBJECTIVES: 52.0 LITERATURE REVIEWLITERATURE REVIEW 6
2.1
CORELATION BETWEEN RISKCORELATION BETWEEN RISKMANAGEMENT AND GOVERNANCE INMANAGEMENT AND GOVERNANCE IN
CORPORATE ENVIRONMENTCORPORATE ENVIRONMENT6
2.2
NATIONAL CULTURE OF PAKISTAN ANDNATIONAL CULTURE OF PAKISTAN ANDAPPROACH TOWARDS RISKAPPROACH TOWARDS RISK
MANAGEMENT SYSTEMSMANAGEMENT SYSTEMS
7
2.3 FRAUDS AND RISK MANAGEMENTFRAUDS AND RISK MANAGEMENT 83.0 RESEARCH DESIGNRESEARCH DESIGN 113.1 RESEARCH METHODOLOGYRESEARCH METHODOLOGY 11
3.1.1POSITIVISM AND QUANTITATIVEPOSITIVISM AND QUANTITATIVE
METHODSMETHODS11
3.1.2INTERPRETIVISM AND QUALITATIVEINTERPRETIVISM AND QUALITATIVE
METHODSMETHODS12
3.2INDUCTIVE REASONING AND DEDECTIVEINDUCTIVE REASONING AND DEDECTIVE
REASONING APPROACHREASONING APPROACH12
3.3RESEARCH DATA COLLECTIONRESEARCH DATA COLLECTION
METHODOLOGYMETHODOLOGY13
3.4DATA ANALYSIS TECHNIQUES ANDDATA ANALYSIS TECHNIQUES AND
PROCEDURESPROCEDURES14
4.0SUITABILITY OF PROPOSEDSUITABILITY OF PROPOSED
RESEARCHRESEARCH16
5.0 ACCESS AND ETHICAL ISSUESACCESS AND ETHICAL ISSUES 176.0 REFERENCESREFERENCES 18
7.0 BIBILOGRAPHYBIBILOGRAPHY 19
2
8/3/2019 project incomplete
3/53
1.0: INTODUCTION1.0: INTODUCTION
Risk management is defined by Jason (2004) as theRisk management is defined by Jason (2004) as the
measures taken by responsible individuals to minimize themeasures taken by responsible individuals to minimize the
probability of happening unfavourable events. An effectiveprobability of happening unfavourable events. An effective
system of internal controls provide reasonable assurancesystem of internal controls provide reasonable assurance
that organizational assets are secure, it also ensurethat organizational assets are secure, it also ensure
effectiveness of operations and also decreaseseffectiveness of operations and also decreases
opportunity for frauds.opportunity for frauds.
1.1: INTRODUCTION TO THE PROBLEM1.1: INTRODUCTION TO THE PROBLEM
This research concentrates on improving the standards ofThis research concentrates on improving the standards of
internal controls currently in place at Suzuki Motorsinternal controls currently in place at Suzuki Motors
Pakistan for safeguarding organizational assets. AccordingPakistan for safeguarding organizational assets. According
toto Ministry of Commerce Pakistan (2010)Ministry of Commerce Pakistan (2010) audit of Suzukiaudit of Suzuki
Motors revealed different types of fraudulent activitiesMotors revealed different types of fraudulent activities
resulting aggregated loss of more than US$56 millionresulting aggregated loss of more than US$56 million
during the year 2009. Moreover managers have beenduring the year 2009. Moreover managers have been
found abusing the authority by various means.found abusing the authority by various means.
Unauthorised disposition of assets, use of organizationalUnauthorised disposition of assets, use of organizational
resources and reputation for their personal gains was aresources and reputation for their personal gains was a
major element of this cause.major element of this cause.
Suzuki Motors also facing the public scandal of child labourSuzuki Motors also facing the public scandal of child labour
now a day.now a day. Faudziah (2005),Faudziah (2005), Child labour is very commonChild labour is very common
3
8/3/2019 project incomplete
4/53
in Emirates culture but strictly prohibited by local andin Emirates culture but strictly prohibited by local and
international laws. All these elements are not only causinginternational laws. All these elements are not only causing
fatal injury to the stake holders interests but alsofatal injury to the stake holders interests but also
destructing financial and strategic assets of thedestructing financial and strategic assets of the
organization at the same time.organization at the same time. Norman (2010),Norman (2010), the Chiefthe Chief
Executive Officer of Suzuki Motors acknowledged in aExecutive Officer of Suzuki Motors acknowledged in a
presspress interview that management proceduresinterview that management procedures involved ininvolved in
internal control systems were inefficient tointernal control systems were inefficient to protectprotect
organizational assets and compliance with laws andorganizational assets and compliance with laws and
regulations.regulations.
The issueThe issue not only affectednot only affected the Suzuki Motors but also castthe Suzuki Motors but also cast
deep impression on the Suzuki Motorss global financialdeep impression on the Suzuki Motorss global financial
position. The issue of child labour was specificallyposition. The issue of child labour was specifically
highlighted in the western print media and Suzuki Motorshighlighted in the western print media and Suzuki Motorsfaced a lot of criticism.faced a lot of criticism.
1.2: ORGANIZATIONS BACKGROUND1.2: ORGANIZATIONS BACKGROUND
Suzuki Motors is one of the worlds most famousSuzuki Motors is one of the worlds most famous
multinational conglomerates. The organization wasmultinational conglomerates. The organization was
founded by Michio Maruti Suzuki in 1909 as Suzuki Loomfounded by Michio Maruti Suzuki in 1909 as Suzuki Loom
Works. Today after a history of centuries Suzuki MotorsWorks. Today after a history of centuries Suzuki Motors
has produced a lot of automobiles with positive socialhas produced a lot of automobiles with positive social
impact. During 1935 to 1945 as the world economyimpact. During 1935 to 1945 as the world economy
expanded, Suzuki Motors launched new automobiles withexpanded, Suzuki Motors launched new automobiles with
creative ideas and dominated European markets. Bycreative ideas and dominated European markets. By
4
8/3/2019 project incomplete
5/53
1980s Suzuki Motors had become worlds one of the1980s Suzuki Motors had become worlds one of the
largest business organizations. In the beginning of 21stlargest business organizations. In the beginning of 21st
century the organization developed three years strategiccentury the organization developed three years strategic
plan that ended in 2004 to focus 21st century consumerplan that ended in 2004 to focus 21st century consumer
needs.needs.
Today Suzuki Motors owes more than fifty models of Today Suzuki Motors owes more than fifty models of
automobiles and enigines with existence in more than fiftyautomobiles and enigines with existence in more than fifty
three countries of the world. In the year 2010 Suzukithree countries of the world. In the year 2010 Suzuki
Motorss revenue was recorded approximately US$64,000Motorss revenue was recorded approximately US$64,000
million. Total employees are over four hundred andmillion. Total employees are over four hundred and
seventy thousands across the world.seventy thousands across the world.
The global Suzuki Motors network has been divided intoThe global Suzuki Motors network has been divided into
following three regions for administrative and reportingfollowing three regions for administrative and reporting
purpose;purpose;
Suzuki Motors Asia and JapanSuzuki Motors Asia and Japan
Suzuki Motors AmericaSuzuki Motors America
Suzuki Motors EuropeSuzuki Motors Europe
Suzuki Motors Asia controls Suzuki Motors Pakistan whoseSuzuki Motors Asia controls Suzuki Motors Pakistan whose
one production plant is operating in Karachi known as Pakone production plant is operating in Karachi known as Pak
Suzuki Motors. This is the specific region where SuzukiSuzuki Motors. This is the specific region where Suzuki
Motors is currently facing problems as discussed above.Motors is currently facing problems as discussed above.
Suzuki Motors Pakistan has more than twenty fourSuzuki Motors Pakistan has more than twenty four
thousand employees with an average turnover ofthousand employees with an average turnover of
US$6,640 million over the last five years. Suzuki MotorsUS$6,640 million over the last five years. Suzuki Motors
5
8/3/2019 project incomplete
6/53
Pakistan has its head office in Karachi with one fullPakistan has its head office in Karachi with one full
capacity production plant in Karachi.capacity production plant in Karachi.
Ref: George, O. (2011), Who we are?. Available:Ref: George, O. (2011), Who we are?. Available:
http://www.suzuki.com, Last accessed 17http://www.suzuki.com, Last accessed 17
thth
Dec 2011)Dec 2011)
1.3: RESEARCH PURPOSE1.3: RESEARCH PURPOSE
Generally research has been carried out to explore theGenerally research has been carried out to explore the
methods of good governance and an effective approachmethods of good governance and an effective approach
towards internal controls in Pakistan. More specifically thistowards internal controls in Pakistan. More specifically this
research will identify material flaws in the current riskresearch will identify material flaws in the current risk
management system implemented in Pakistan. Thismanagement system implemented in Pakistan. This
research will investigate how other global companies likeresearch will investigate how other global companies like
Suzuki Motors operate effective internal control systems inSuzuki Motors operate effective internal control systems in
Pakistan. Hence identification of a benchmark of riskPakistan. Hence identification of a benchmark of risk
management system will help to provide valuablemanagement system will help to provide valuable
recommendations as to how these internal controls mayrecommendations as to how these internal controls may
be improved to safeguard assets and stakeholdersbe improved to safeguard assets and stakeholders
interest at Pak Suzuki Motors.interest at Pak Suzuki Motors. Delbert (2002)Delbert (2002)
acknowledges that already a number of researchers haveacknowledges that already a number of researchers have
been working on the area of internal controls but only inbeen working on the area of internal controls but only in
Europe and America.Europe and America.
This research specifically focuses the safeguarding of This research specifically focuses the safeguarding of
organizational assets through effective risk managementorganizational assets through effective risk management
particularlyparticularlyin the culture of South Asia. According toin the culture of South Asia. According to KamKam
et al (2008),et al (2008), Pakistan is facing worlds next largestPakistan is facing worlds next largest
financial crisis rapidly. Many multinational organizationsfinancial crisis rapidly. Many multinational organizations
6
8/3/2019 project incomplete
7/53
have already setup their global head offices out fromhave already setup their global head offices out from
Pakistan and many intend for the same in future. ThisPakistan and many intend for the same in future. This
research will add to the existing knowledge specifically forresearch will add to the existing knowledge specifically for
the Pakistan to practice effective controls through goodthe Pakistan to practice effective controls through good
governance.governance. Talha (2007),Talha (2007), Pakistan is a country wherePakistan is a country where
most of the people responsible for internal controls are notmost of the people responsible for internal controls are not
those who are trained and qualified for it. Successfulthose who are trained and qualified for it. Successful
research will provide benchmark for governance andresearch will provide benchmark for governance and
internal control practices that will be very helpful for allinternal control practices that will be very helpful for all
the conglomerates operating in that region. Besides this, athe conglomerates operating in that region. Besides this, a
thorough research will be helpful for the researcher tothorough research will be helpful for the researcher to
pursue his professional career in Pak Suzuki Motorspursue his professional career in Pak Suzuki Motors
Limited.Limited.
1.3: RESEARCH QUESTIONS:1.3: RESEARCH QUESTIONS:
The researcher intends to carry out this research with aThe researcher intends to carry out this research with a
motive to answer following questions;motive to answer following questions;
How do public listed multinational conglomeratesHow do public listed multinational conglomerates
maintain effective controls system that ensures goodmaintain effective controls system that ensures good
governance and safeguarding of assets?governance and safeguarding of assets?
What are the links between control environment,What are the links between control environment,
good governance and safeguarding assets?good governance and safeguarding assets?
What is the correlation between national culture ofWhat is the correlation between national culture of
Pakistan and approaches towards risk management?Pakistan and approaches towards risk management?
7
8/3/2019 project incomplete
8/53
Why did Pak Suzuki fail to detect lack of complianceWhy did Pak Suzuki fail to detect lack of compliance
and frauds that took place over the last two years?and frauds that took place over the last two years?
1.4: RESEARCH OBJECTIVES:1.4: RESEARCH OBJECTIVES:
Establishing a benchmark how multinationalEstablishing a benchmark how multinational
conglomerates maintain effective system of controlsconglomerates maintain effective system of controls
and risk management to safeguard their assets onand risk management to safeguard their assets on
behalf of stakeholders in Pakistan?behalf of stakeholders in Pakistan?
Analyse correlation between system of controls,Analyse correlation between system of controls,
corporate governance and safeguardingcorporate governance and safeguarding
organizational assets against misuse.organizational assets against misuse.
Explain the affect of national culture of Pakistan onExplain the affect of national culture of Pakistan on
the approaches to risk management.the approaches to risk management.
Critical evaluation of Pak Suzukis failure to detectCritical evaluation of Pak Suzukis failure to detect
fraudulent activities that took place and itsfraudulent activities that took place and its
apparently ineffective system of controls.apparently ineffective system of controls.
Make recommendation to the Pak SuzukisMake recommendation to the Pak Suzukis
management to improve its governance and controlmanagement to improve its governance and control
system.system.
CHAPTER TWOCHAPTER TWO
8
8/3/2019 project incomplete
9/53
LITERATURELITERATUREREVIEWREVIEW
2.0 LITERATURE REVIEW2.0 LITERATURE REVIEW
2.2 INTRODUCTION:2.2 INTRODUCTION:
Risk Management is defined by James (2004) as theRisk Management is defined by James (2004) as the
methods and measures taken by an organization tomethods and measures taken by an organization to
monitor assets, prevent frauds, minimize errors and verifymonitor assets, prevent frauds, minimize errors and verify
correctness of financial statements.correctness of financial statements. Internal Controls haveInternal Controls have
also been defined precisely with broader meanings byalso been defined precisely with broader meanings by
Dent (2002)Dent (2002)as any activity, action or decision that boardas any activity, action or decision that board
of governors, management or other responsible personsof governors, management or other responsible persons
take to minimize prevailing, foreseeable or potential risktake to minimize prevailing, foreseeable or potential risk
to the organization. Graham (2006)to the organization. Graham (2006) adds existence ofadds existence of
effective internal controls increase the probability ofeffective internal controls increase the probability of
accomplishment of the corporate goals in an agreed way.accomplishment of the corporate goals in an agreed way.
9
8/3/2019 project incomplete
10/53
Suzanne et al (2010),Suzanne et al (2010),Maintaining effective control processMaintaining effective control process
within the organization reasonably ensures thatwithin the organization reasonably ensures that
organizational operations and activities are consistentorganizational operations and activities are consistent
with applicable laws and regulations, activities are beingwith applicable laws and regulations, activities are being
performed in fusion of efficiency and effectiveness. Itperformed in fusion of efficiency and effectiveness. It
ultimately ensures smooth achievement of organizationalultimately ensures smooth achievement of organizational
goals and objectives.goals and objectives.
Yass (2007)Yass (2007),, establishing and maintaining effectiveestablishing and maintaining effective
internal controls system ultimately safeguardsinternal controls system ultimately safeguards
organizational assets. Assets are,organizational assets. Assets are, Antonino (2010) Antonino (2010),,
anything under the organizations control and ownershipanything under the organizations control and ownership
that brings future economic benefits to the organization.that brings future economic benefits to the organization.
Assets can be tangible and intangible like businessAssets can be tangible and intangible like business
reputation.reputation.
Internal controls can never provide absolute assuranceInternal controls can never provide absolute assurance
that all elements of fraud or misstatement will bethat all elements of fraud or misstatement will be
discovered but they can only provide assurance to somediscovered but they can only provide assurance to some
acceptable extent against wasteage, abuse and misuse ofacceptable extent against wasteage, abuse and misuse of
organizational resources.organizational resources.
2.3 PROCESS OF RISK MANAGEMENT2.3 PROCESS OF RISK MANAGEMENT
2.3.1 PREVENTIVE CONTROLS2.3.1 PREVENTIVE CONTROLS
Preventive controls are the policies and proceduresPreventive controls are the policies and procedures
designed to prevent irregularities and unfavourable eventsdesigned to prevent irregularities and unfavourable events
10
8/3/2019 project incomplete
11/53
from occurring. Proactive organizations apply preventivefrom occurring. Proactive organizations apply preventive
controls. Preventive controls reduce correction costs.controls. Preventive controls reduce correction costs.
Following are few examples of preventive internalFollowing are few examples of preventive internal
controls;controls;
Duties segregationDuties segregation
Resources authorizationResources authorization
Process of standardizationProcess of standardization
Physical controlsPhysical controls
Computerized access control systemComputerized access control system
2.3.2 DETECTIVE CONTROLS2.3.2 DETECTIVE CONTROLS
Procedures and policies designed to investigate theProcedures and policies designed to investigate the
reasons why an undesirable event took place are called asreasons why an undesirable event took place are called as
detective controls. Detective controls are applied afterdetective controls. Detective controls are applied after
fraud or irregularity has already occurred in thefraud or irregularity has already occurred in the
organization. It helps to design preventive controls for theorganization. It helps to design preventive controls for the
future. Detective controls are least effectives as they arefuture. Detective controls are least effectives as they are
applied after the undesirable event has occurred.applied after the undesirable event has occurred.
Reconciliations and quality reviews are typical examplesReconciliations and quality reviews are typical examples
of detective controls.of detective controls.
2.3.3 CORRECTIVE CONTROLS2.3.3 CORRECTIVE CONTROLS
Corrective controls are the policies and proceduresCorrective controls are the policies and procedures
applied after irregularities have been identified. Theseapplied after irregularities have been identified. These
11
8/3/2019 project incomplete
12/53
controls are designed to minimize the effects ofcontrols are designed to minimize the effects of
irregularities or frauds.irregularities or frauds.
2.4 RISK DIVERSIFICATION:2.4 RISK DIVERSIFICATION:
Risk examinerRisk examiner Marco et al (2006)Marco et al (2006)acknowledges that risksacknowledges that risks
and internal controls have a very deep correlation.and internal controls have a very deep correlation.
Therefore the researcher feels an intense importance toTherefore the researcher feels an intense importance to
elaborate the risk and its diversification to the users of thiselaborate the risk and its diversification to the users of this
report.report.
Chris et al (2005)Chris et al (2005) defines risk as the likelihood thatdefines risk as the likelihood that
hazards will result into a disaster. Describing in somehazards will result into a disaster. Describing in some
simple words, likelihood of a disaster to take place issimple words, likelihood of a disaster to take place is
called as risk. Risk is prevailing in every endeavour ofcalled as risk. Risk is prevailing in every endeavour of
corporate strategy. And all those actions anticipated tocorporate strategy. And all those actions anticipated to
stop a disaster from happening, or to reduce its harm ifstop a disaster from happening, or to reduce its harm if
disaster takes place, are termed as Controls.disaster takes place, are termed as Controls. BryanBryan
(1992)(1992)adds that risk can be systematic and unsystematic.adds that risk can be systematic and unsystematic.
Lynford (2008),Lynford (2008),Systematic risk comes from the elementsSystematic risk comes from the elements
substantially beyond the control of those charged with thesubstantially beyond the control of those charged with the
responsibility of corporate management, significantresponsibility of corporate management, significant
political changes is one of its example. Systematic riskpolitical changes is one of its example. Systematic risk
influences overall assets of all the organizations at theinfluences overall assets of all the organizations at the
same time. Unsystematic risk is also termed specific risksame time. Unsystematic risk is also termed specific risk
sometimes. This type of risk affects a specific class ofsometimes. This type of risk affects a specific class of
organizational assets.organizational assets.
12
8/3/2019 project incomplete
13/53
2.4.1 TYPES OF RISK:2.4.1 TYPES OF RISK:
Risk can be of various types and different in nature,Risk can be of various types and different in nature,
however researcher will only discuss the following fourhowever researcher will only discuss the following four
types of risks related to this report that bring utmosttypes of risks related to this report that bring utmost
disaster on the organizational assets;disaster on the organizational assets;
According toAccording to Herbst (2004),Herbst (2004), these are the risks associatedthese are the risks associated
with the long term strategic decisions of the organization.with the long term strategic decisions of the organization.
Strategic risks are externally driven by competition,Strategic risks are externally driven by competition,
customer demand, changes in customer patterns etc, andcustomer demand, changes in customer patterns etc, and
internally driven by changes in intellectual capital andinternally driven by changes in intellectual capital and
corporate merger and acquisition activities.corporate merger and acquisition activities.
2.4.1.1 STRATEGIC RISK:2.4.1.1 STRATEGIC RISK:
InIn Marks (2007)Marks (2007) point of view, the managers shouldpoint of view, the managers should
broadly concentrate on the evaluation and implementationbroadly concentrate on the evaluation and implementation
of controls designed for unsystematic risks.of controls designed for unsystematic risks.
2.4.1.2 COMPLIANCE RISK:2.4.1.2 COMPLIANCE RISK:
Vithal (1997)Vithal (1997) describes compliance risks are associateddescribes compliance risks are associated
with business requirement to operate in compliance withwith business requirement to operate in compliance with
the applicable laws and regulations, such as health andthe applicable laws and regulations, such as health and
safety and employment law etc. These regulations andsafety and employment law etc. These regulations and
operational standards are usually set by the governingoperational standards are usually set by the governing
13
8/3/2019 project incomplete
14/53
bodies of the country an organization operates in.bodies of the country an organization operates in.
Compliance risk is also termed as legislative risks.Compliance risk is also termed as legislative risks.
2.4.1.3 FINANCIAL RISK:2.4.1.3 FINANCIAL RISK:
Risks associated with the business financial transactionsRisks associated with the business financial transactions
are recognised as financial risks.are recognised as financial risks. Loraine (2006)Loraine (2006)holds thatholds that
financial risks are externally driven by changes infinancial risks are externally driven by changes in
monetary policy in general and interest rate, foreignmonetary policy in general and interest rate, foreign
exchange and credit regulation of the economy in specific.exchange and credit regulation of the economy in specific.
Internally, poor liquidity and cash flow managementInternally, poor liquidity and cash flow management
increases such risks as well.increases such risks as well.
2.4.1.4 OPERATIONAL RISKS:2.4.1.4 OPERATIONAL RISKS:
InIn Yasss (2007)Yasss (2007)point of view, operational risks arise withpoint of view, operational risks arise with
the poor administrative and operational procedures. Majorthe poor administrative and operational procedures. Major
cause of operational risks includes; poor recruitmentcause of operational risks includes; poor recruitment
practices, lack of governance structure and obsoletepractices, lack of governance structure and obsolete
information system etc.information system etc.
Managers and those entrusted with the responsibility ofManagers and those entrusted with the responsibility of
governance should examine these risks on recurring basis.governance should examine these risks on recurring basis.
They must highlight the probable and existing risks. They must highlight the probable and existing risks.
Managers must prioritise risk management in their areasManagers must prioritise risk management in their areas
of operation and they should make necessary provisionsof operation and they should make necessary provisions
to safeguard overall financial and strategic assets of theto safeguard overall financial and strategic assets of the
organization.organization.
14
8/3/2019 project incomplete
15/53
2.5 LINK BETWEEN RISK MANAGEMENT SYSTEMS2.5 LINK BETWEEN RISK MANAGEMENT SYSTEMS
AND GOVERNANACE IN MULTINATIONALSAND GOVERNANACE IN MULTINATIONALS
Lynford (2008)Lynford (2008) defines Internal Controls as the set ofdefines Internal Controls as the set of
procedures to protect an organization from loss or misuseprocedures to protect an organization from loss or misuse
of its assets. It also ensures that organizational policiesof its assets. It also ensures that organizational policies
are in consistentare in consistent conformityconformity with the applicable laws andwith the applicable laws and
regulations.regulations.
Neil (2010)Neil (2010) explains, governance is the way how executiveexplains, governance is the way how executive
committee and the board of governors/directors influencecommittee and the board of governors/directors influence
on their organization. According toon their organization. According to Matthew (2008)Matthew (2008)
internal controls are an integral part of organizationalinternal controls are an integral part of organizational
governance in multinational conglomerates and helps ingovernance in multinational conglomerates and helps in
detection of frauds and technical errors. Governancedetection of frauds and technical errors. Governance
responsibilities regarding control environment must beresponsibilities regarding control environment must be
documented in organizational constitution. Actions anddocumented in organizational constitution. Actions and
behaviours adopted by the governance committee have abehaviours adopted by the governance committee have a
significant impact on the workforce and othersignificant impact on the workforce and other
management regarding their performances. It gives rise tomanagement regarding their performances. It gives rise to
a basic control environment within the organization.a basic control environment within the organization.
According toAccording to Spencer (1999),Spencer (1999), the report published by thethe report published by the
Institute of Internal Auditors, United Kingdom, details theInstitute of Internal Auditors, United Kingdom, details the
key actions the governing body of a multinationalkey actions the governing body of a multinational
organization must take for maintaining effective controlorganization must take for maintaining effective control
environment as;environment as;
15
8/3/2019 project incomplete
16/53
Board of governors must approve and monitorBoard of governors must approve and monitor
organizations strategic plans on recurring basis.organizations strategic plans on recurring basis.
Executive committee must develop, practice andExecutive committee must develop, practice and
implement organizations ethical code of conduct.implement organizations ethical code of conduct.
Board of governors must oversee seniorBoard of governors must oversee senior
managements decisions with professionalmanagements decisions with professional
scepticism.scepticism.
In multinational conglomerates, board shouldIn multinational conglomerates, board should
develop high level policies and effectivedevelop high level policies and effective
organograms.organograms.
Create an environment to ensure that managementCreate an environment to ensure that management
and those responsible for governance are fairlyand those responsible for governance are fairly
accountable to the stakeholders.accountable to the stakeholders.
Managing directors should watch over theManaging directors should watch over the
management actions and business process onmanagement actions and business process on
recurring basis.recurring basis.
Senior Auditor at Deloitte, United Kingdom,Senior Auditor at Deloitte, United Kingdom, Warren (2009)Warren (2009)
explains, conglomerates maintaining effective system ofexplains, conglomerates maintaining effective system of
internal controls enjoy following four major benefits;internal controls enjoy following four major benefits;
16
8/3/2019 project incomplete
17/53
Achieve economic efficiency and the quality ofAchieve economic efficiency and the quality of
products and services remains consistent with theproducts and services remains consistent with the
organizations mission.organizations mission.
Avoid wastage, misuse and abuse of assets to aAvoid wastage, misuse and abuse of assets to a
remarkable extent and decrease the likelihood ofremarkable extent and decrease the likelihood of
potential frauds.potential frauds.
Establish coherence among organizations operationsEstablish coherence among organizations operations
and applicable regulations and corporate directives.and applicable regulations and corporate directives.
Financial and management statements remainFinancial and management statements remain
accurate and up to date.accurate and up to date.
All the members and stakeholders have a contribution inAll the members and stakeholders have a contribution in
maintaining a strong internal control system. Effectivenessmaintaining a strong internal control system. Effectiveness
of internal controls has a complex correlation with theof internal controls has a complex correlation with the
peoples attitude about it. Board of governors must adoptpeoples attitude about it. Board of governors must adopt
organizations tone to support internal controls. If boardorganizations tone to support internal controls. If board
does not develop clear and strong support for controldoes not develop clear and strong support for control
environment, the organization can never achieve a goodenvironment, the organization can never achieve a good
practice of controls. Board should oversee that managerspractice of controls. Board should oversee that managers
should never override any control activity. It is onlyshould never override any control activity. It is only
possible if the executive management emphasizes thepossible if the executive management emphasizes the
value of internal controls and analyzes the employeesvalue of internal controls and analyzes the employees
activities.activities.
17
8/3/2019 project incomplete
18/53
Michael (2007)Michael (2007) believes that top executive committee inbelieves that top executive committee in
the organization has responsibility for;the organization has responsibility for;
Reviewing internal controls system.Reviewing internal controls system.
Communicating management policies to all theCommunicating management policies to all the
individuals in the organization.individuals in the organization.
Encourage training and education regarding internalEncourage training and education regarding internal
control evaluation.control evaluation.
Board should designate an internal control officer toBoard should designate an internal control officer to
constantly look after control activities and he/sheconstantly look after control activities and he/she
should report to the board of governors/Directors.should report to the board of governors/Directors.
HoweverHowever Stephen (1997)Stephen (1997)disagrees withdisagrees with Michael (2007)Michael (2007),, inin
his opinion reviewing internal controls, andhis opinion reviewing internal controls, and
communicating management policies regarding controlcommunicating management policies regarding control
activities are solely the responsibility of the internalactivities are solely the responsibility of the internal
controls officer. Board should appoint an appropriatecontrols officer. Board should appoint an appropriate
independent person for this position and all otherindependent person for this position and all other
activities concerning maintaining an effective system ofactivities concerning maintaining an effective system of
control should rest with the appointed officer. Internalcontrol should rest with the appointed officer. Internal
controls officer is an important team member whocontrols officer is an important team member who
improves and evaluates the effectiveness of internalimproves and evaluates the effectiveness of internal
control system and assists senior management and thecontrol system and assists senior management and the
board of directors in this regard.board of directors in this regard.
18
8/3/2019 project incomplete
19/53
Researcher personally believes that every member of theResearcher personally believes that every member of the
organization has a role to maintain and ensureorganization has a role to maintain and ensure
effectiveness of internal controls; however substantialeffectiveness of internal controls; however substantial
responsibility rests with the managers. Managers shouldresponsibility rests with the managers. Managers should
assure that all the individuals within the organization haveassure that all the individuals within the organization have
proper knowledge, experience and training for their areasproper knowledge, experience and training for their areas
of responsibilities.of responsibilities.
Workforce should be provided with recurring trainingsWorkforce should be provided with recurring trainings
where necessary. Constant monitoring and performancewhere necessary. Constant monitoring and performance
evaluation of every individual provide reasonableevaluation of every individual provide reasonable
assurance that organization will accomplish its objectives.assurance that organization will accomplish its objectives.
Internal control officers must be independent in theInternal control officers must be independent in the
activities being performed by them in their domains.activities being performed by them in their domains.
2.5.1: GOVERNANCE PHILOSOPHY AND INTERNAL2.5.1: GOVERNANCE PHILOSOPHY AND INTERNAL
CONTROLS:CONTROLS:
Governance style and philosophy directly affects internalGovernance style and philosophy directly affects internal
control systems. Governance style represents basiccontrol systems. Governance style represents basic
strategy regarding how individuals and activities of thestrategy regarding how individuals and activities of the
organization should be administered.organization should be administered.
Warren (2009),Warren (2009),there is different governance philosophies.there is different governance philosophies.
It is difficult to decide which one is the best although someIt is difficult to decide which one is the best although some
may be more effective than the other varying from onemay be more effective than the other varying from one
organization to another. Executive committee shouldorganization to another. Executive committee should
practice the most effective governance style thatpractice the most effective governance style that
19
8/3/2019 project incomplete
20/53
constructively affects all the individuals and enhancesconstructively affects all the individuals and enhances
ethical values of the organization. Senior managementethical values of the organization. Senior management
should demonstrate these values to the workforce andshould demonstrate these values to the workforce and
must evaluate the effectiveness of such governancemust evaluate the effectiveness of such governance
philosophy on periodical basis.philosophy on periodical basis.
Yan (1997)Yan (1997) argues that to maintain effective system ofargues that to maintain effective system of
controls governance philosophy should be demonstratedcontrols governance philosophy should be demonstrated
in the following areas;in the following areas;
Management attitude towards recognizing risks andManagement attitude towards recognizing risks and
its response.its response.
Acceptance of externally imposed regulatoryAcceptance of externally imposed regulatory
controls.controls.
Behaviour towards external and internal reporting.Behaviour towards external and internal reporting.
Use of the required generally accepted financialUse of the required generally accepted financial
reporting standards.reporting standards.
Individuals support and response towards internalIndividuals support and response towards internal
audit and external audit evaluation.audit and external audit evaluation.
InIn Beths (2002)Beths (2002)point of view, ethical norms and integritypoint of view, ethical norms and integrity
forms standards of employees conduct. It has inevitableforms standards of employees conduct. It has inevitable
contribution towards good control environment. Seniorcontribution towards good control environment. Senior
management can encourage the following attributes in themanagement can encourage the following attributes in the
20
8/3/2019 project incomplete
21/53
8/3/2019 project incomplete
22/53
As internal controls provide reasonable assurance thatAs internal controls provide reasonable assurance that
organizations objectives will be accomplished withoutorganizations objectives will be accomplished without
significant risks, hence senior management must adopt asignificant risks, hence senior management must adopt a
supportive attitude for such activities.supportive attitude for such activities. Jan (2009),Jan (2009), SeniorSenior
management must set a tone to enforce importance ofmanagement must set a tone to enforce importance of
internal controls. Such a tone can be adopted by;internal controls. Such a tone can be adopted by;
Strictly avoiding control overrideStrictly avoiding control override
Encouraging recurring control self assessments andEncouraging recurring control self assessments and
internal audit activities.internal audit activities.
Quick responsiveness to the audit evaluationQuick responsiveness to the audit evaluation
observationsobservations
Educating individuals to ensure their understandingEducating individuals to ensure their understanding
and contribution towards internal control system.and contribution towards internal control system.
In an article Manmohan et al (2006)In an article Manmohan et al (2006) argues that inargues that in
multinational conglomerates, internal controls and risksmultinational conglomerates, internal controls and risks
are dynamically linked with organizations strategicare dynamically linked with organizations strategic
objectives. According toobjectives. According to Suzanne et al (2010)Suzanne et al (2010) any changeany change
in the corporate objectives must be considered forin the corporate objectives must be considered for
corresponding re-evaluation of risks and internalcorresponding re-evaluation of risks and internal
controls.controls. Re-evaluation of risk determines significance ofRe-evaluation of risk determines significance of
the risks over the organization. Level of risk significancethe risks over the organization. Level of risk significance
determines whether to accept the risks or to takedetermines whether to accept the risks or to take
22
8/3/2019 project incomplete
23/53
precautionary actions to avoid them. Risk re-evaluationprecautionary actions to avoid them. Risk re-evaluation
should be done by assessing the changes in theshould be done by assessing the changes in the
consequences and likelihood of each risk. It should thenconsequences and likelihood of each risk. It should then
be assessed with the new business objective to decide asbe assessed with the new business objective to decide as
to which one of the risks can potentially affect itsto which one of the risks can potentially affect its
achievement.achievement. Warren et alWarren et al (2009)(2009) suggests that in globalsuggests that in global
organizations senior management must undertake risksorganizations senior management must undertake risks
and controls re-evaluation as a continuous part ofand controls re-evaluation as a continuous part of
corporate planning process.corporate planning process.
Michael (2007)Michael (2007) emphasises that governance process is theemphasises that governance process is the
responsibility of senior executives and internal controls isresponsibility of senior executives and internal controls is
the responsibility of all the members (as discussedthe responsibility of all the members (as discussed
earlier). Mark et al (2007) strongly disagrees with Michael,earlier). Mark et al (2007) strongly disagrees with Michael,
he believes that only internal auditors should behe believes that only internal auditors should be
responsible for checks and controls. He insists that seniorresponsible for checks and controls. He insists that seniormanagement and departmental heads can providemanagement and departmental heads can provide
consultation and advise however major role regardingconsultation and advise however major role regarding
maintaining an effective system of controls rests with themaintaining an effective system of controls rests with the
appointed internal auditors.appointed internal auditors.
Erich (2007)Erich (2007) adds that internal controls are directlyadds that internal controls are directlyintegrated with all other corporate governance objectivesintegrated with all other corporate governance objectives
as detailed above byas detailed above by SuzanneSuzanne.. DentDent (2002)(2002) disagrees withdisagrees with
Erich (2007) and Mark (2007) and he insists that internalErich (2007) and Mark (2007) and he insists that internal
control and corporate governance should be treated ascontrol and corporate governance should be treated as
separate issues and other governance objectives canseparate issues and other governance objectives can
never be linked with them.never be linked with them. He furtherHe further elaborates thatelaborates thatinternal control is an operating activity like many otherinternal control is an operating activity like many other
23
8/3/2019 project incomplete
24/53
activities in the organization and the purpose of thisactivities in the organization and the purpose of this
activity is to bring efficiency. It means that internal controlactivity is to bring efficiency. It means that internal control
is not always meant for preventing frauds, but it alsois not always meant for preventing frauds, but it also
detects human error,detects human error, DentDent believes unlike otherbelieves unlike other
researches that executive management has really nothingresearches that executive management has really nothing
much to do with this activity.much to do with this activity.
However after an intensive research on literature, theHowever after an intensive research on literature, the
researcher personally agrees with researcher personally agrees with MichaelMichael that internalthat internal
control is the responsibility of all the members working incontrol is the responsibility of all the members working in
the organization including the executive management. Inthe organization including the executive management. In
contrast withcontrast with Sweatman et als (2002)Sweatman et als (2002)opinion, researcheropinion, researcher
agrees that it is the internal auditors who can assist theagrees that it is the internal auditors who can assist the
executive management with their advice and expertiseexecutive management with their advice and expertise
but the actual role to enforce effective system of internalbut the actual role to enforce effective system of internal
control rests with those empowered with governance.control rests with those empowered with governance.
2.6:2.6: CORPORATE CULTRE OF PAKISTAN &CORPORATE CULTRE OF PAKISTAN &
APPROACHS TOWARDS RISK MANAGEMENTAPPROACHS TOWARDS RISK MANAGEMENT
Pakistan is situated in South East Asia. It has five statesPakistan is situated in South East Asia. It has five states
and considered culturally and financially a rich country inand considered culturally and financially a rich country in
the region till 2005. The country has the moderate mixedthe region till 2005. The country has the moderate mixed
economy in the South Asia.economy in the South Asia.
2.6.1: CORPORATE MANAGEMENT & INTERNAL2.6.1: CORPORATE MANAGEMENT & INTERNAL
CONTROL TRENDS IN PAKISTAN:CONTROL TRENDS IN PAKISTAN:
24
8/3/2019 project incomplete
25/53
Article written by Kristy (2008)Article written by Kristy (2008) refers towards a recentrefers towards a recent
research byresearch by Price Waterhouse CoopersPrice Waterhouse Coopers highlighting thathighlighting that
there are more than six hundred multinationals operatingthere are more than six hundred multinationals operating
in the Pakistan and more than fifty multinationalin the Pakistan and more than fifty multinational
conglomerates have established their businesses inconglomerates have established their businesses in
Pakistan. After decades of existence, worlds one of thePakistan. After decades of existence, worlds one of the
developing mixed economy is still unable to establish adeveloping mixed economy is still unable to establish a
professional institution to direct and regulate riskprofessional institution to direct and regulate risk
managers in the region, still discussions are underway tomanagers in the region, still discussions are underway to
establish it. Not only for Risk Management, but also noestablish it. Not only for Risk Management, but also no
other professional body exists in the country to regulateother professional body exists in the country to regulate
any category of professionals assuming various corporateany category of professionals assuming various corporate
responsibilities in different organizations apart fromresponsibilities in different organizations apart from
accountants.accountants.
Manmohan (2006),Manmohan (2006), according to an independent survey,according to an independent survey,
more than eighty five percent managers working inmore than eighty five percent managers working in
different organizations of Pakistan are those who weredifferent organizations of Pakistan are those who were
brought up and completed their professional educationbrought up and completed their professional education
outside the PAKISTAN. Another report published by theoutside the PAKISTAN. Another report published by the
Institute of Internal Auditors, PAKISTAN Chapter, revealsInstitute of Internal Auditors, PAKISTAN Chapter, reveals
remarkable shortage of audit talent in the Pakistan.remarkable shortage of audit talent in the Pakistan.
Norman (2010)Norman (2010)seven out of every ten organizations in theseven out of every ten organizations in the
PAKISTAN do not have internal audit departments. FortyPAKISTAN do not have internal audit departments. Forty
three percent of multinational conglomerates operating inthree percent of multinational conglomerates operating in
the Pakistan do not have appointed internal controlthe Pakistan do not have appointed internal control
officers who can solely look after the control activities.officers who can solely look after the control activities.
25
8/3/2019 project incomplete
26/53
Another report by Deloitte throws some more light on theAnother report by Deloitte throws some more light on the
issue,issue, Don (2009),Don (2009), individuals entrusted with the internalindividuals entrusted with the internal
controls evaluation and implementation in the topcontrols evaluation and implementation in the top
multinationals in the PAKISTAN do not have any formalmultinationals in the PAKISTAN do not have any formal
qualification of internal controls. Most of them arequalification of internal controls. Most of them are
qualified by experience and do not have sufficientqualified by experience and do not have sufficient
expertise to face the challenges. Members of executiveexpertise to face the challenges. Members of executive
committee of such organizations are not aware of theircommittee of such organizations are not aware of their
must to do control activities and all the responsibilitymust to do control activities and all the responsibility
usually rests with the control officers or internal auditors.usually rests with the control officers or internal auditors.
Laura (2003Laura (2003)) discussed that availability of internal controldiscussed that availability of internal control
auditors is much less than demand in Asia and every twoauditors is much less than demand in Asia and every two
out of three organizations dont have people who can testout of three organizations dont have people who can test
and evaluate their system of controls.and evaluate their system of controls.
The researcher feels during this research that in the The researcher feels during this research that in the
Pakistan the executive committees of the multinationalPakistan the executive committees of the multinational
conglomerates are not making contribution to support anconglomerates are not making contribution to support an
effective control environment.effective control environment. Wright (1997)Wright (1997) In theIn the
PAKISTAN, almost all the organizations have virtually thePAKISTAN, almost all the organizations have virtually the
common code of conduct. It causes lack of well structuredcommon code of conduct. It causes lack of well structured
and customised code of conduct fulfilling an organizationsand customised code of conduct fulfilling an organizations
individual requirements. Board of directors adopts a veryindividual requirements. Board of directors adopts a very
casual and informal behaviour towards seniorcasual and informal behaviour towards senior
managements actions.managements actions.
Norman (2010)Norman (2010) identifies a lot of bad internal controlidentifies a lot of bad internal control
practices in the overall PAKISTANs corporatepractices in the overall PAKISTANs corporate
26
8/3/2019 project incomplete
27/53
environment. Boards do not clearly describe authorityenvironment. Boards do not clearly describe authority
limits of senior managements and even departmentallimits of senior managements and even departmental
policies are not properly documented. In most of thepolicies are not properly documented. In most of the
organizations, members of executive management do notorganizations, members of executive management do not
assume the responsibility of internal controls.assume the responsibility of internal controls. TalhaTalha
(2007)(2007)a senior auditor in the PAKISTAN, believes that onlya senior auditor in the PAKISTAN, believes that only
a few employees working in the internal audita few employees working in the internal audit
departments play some part in internal control systemsdepartments play some part in internal control systems
however rest of the individuals look at internal controlhowever rest of the individuals look at internal control
activity with a lot of reservations and naturally oppose it.activity with a lot of reservations and naturally oppose it.
Lack of one or more directors independence is veryLack of one or more directors independence is very
common because sometimes they are serving on othercommon because sometimes they are serving on other
companies board or some of them are into tradingcompanies board or some of them are into trading
relationship as main suppliers or customers with therelationship as main suppliers or customers with the
company.company.
2.7: CORELATION BETWEEN RISK MANAGEMENT,2.7: CORELATION BETWEEN RISK MANAGEMENT,
RISK OF FRAUD AND SAFEGUARDING ASSETS;RISK OF FRAUD AND SAFEGUARDING ASSETS;
International standards on auditing (ISA) define theInternational standards on auditing (ISA) define the
phenomenon safeguarding assets as policies andphenomenon safeguarding assets as policies and
procedures that timely prevent or detect unauthorisedprocedures that timely prevent or detect unauthorised
acquisition, disposal or misuse of assets that may haveacquisition, disposal or misuse of assets that may have
material impact on the companys financial position.material impact on the companys financial position.
Hollinger Clark (1983)Hollinger Clark (1983) surveyed 14,000 workers andsurveyed 14,000 workers and
discovered a direct correlation between age and theft,discovered a direct correlation between age and theft,
Hollinger Clarks research concludes that youngerHollinger Clarks research concludes that younger
27
8/3/2019 project incomplete
28/53
employees are less committed towards jobemployees are less committed towards job
responsibilities, but on the other side bigger corruptionresponsibilities, but on the other side bigger corruption
usually takes place at higher positions. It is because atusually takes place at higher positions. It is because at
higher positions, managers have wider horizon ofhigher positions, managers have wider horizon of
ostensible authority and minimum supervision. He alsoostensible authority and minimum supervision. He also
argued that corporate frauds takes place due to jobargued that corporate frauds takes place due to job
dissatisfaction.dissatisfaction.
MohammedMohammed (2004)(2004) conducted a survey of 12,500conducted a survey of 12,500
employees working at different levels in the PAKISTAN andemployees working at different levels in the PAKISTAN and
discovereddiscovered that six out of every ten employees are notthat six out of every ten employees are not
satisfied with their jobs. A majority is not happy when theysatisfied with their jobs. A majority is not happy when they
compare their contribution and remuneration received.compare their contribution and remuneration received.
Comparison ofComparison of Hollinger Clarks (1983) workHollinger Clarks (1983) work andand
Mohammed (2004)Mohammed (2004) extracts that risk of frauds is higher inextracts that risk of frauds is higher in
the PAKISTAN because higher level of job dissatisfactionthe PAKISTAN because higher level of job dissatisfaction
may be a motive for frauds.may be a motive for frauds.
However researcher slightly disagrees personally, andHowever researcher slightly disagrees personally, and
believes it depends upon the controls system of thebelieves it depends upon the controls system of the
organization. It is only the control system that mayorganization. It is only the control system that may
provide opportunities for fraud. If this system is strong andprovide opportunities for fraud. If this system is strong and
effective, frauds are difficult to take place even for theeffective, frauds are difficult to take place even for the
people having strong motive for it.people having strong motive for it.
2.7.1: FRAUD TRIANGLE;2.7.1: FRAUD TRIANGLE;
28
8/3/2019 project incomplete
29/53
While writing this report, the researcher went throughWhile writing this report, the researcher went through
extensive literature and found that many authors haveextensive literature and found that many authors have
shared their experiences about the fraud risk and itsshared their experiences about the fraud risk and its
impact. Howeverimpact. However Cressey (1950)Cressey (1950) has presented all in onehas presented all in one
theory known as Fraud Triangle. This theory hastheory known as Fraud Triangle. This theory has
highlighted the environment where frauds take place.highlighted the environment where frauds take place.
Cressey (195O)Cressey (195O) presented a fraud triangle theory.presented a fraud triangle theory.
According to this theory, frauds take place in anAccording to this theory, frauds take place in an
environment that has following three elements;environment that has following three elements;
PressurePressure
OpportunitiesOpportunities
RationalizationRationalization
2.7.1.1 PRESSURE:2.7.1.1 PRESSURE:
Giuseppe (200),Giuseppe (200),Pressure is something that instigates anPressure is something that instigates an
individual to commit fraud. Pressure can be external orindividual to commit fraud. Pressure can be external or
internal. Historically, it has been observed that pressureinternal. Historically, it has been observed that pressure
arises as a result of financial crisis. Often fraudsters feelarises as a result of financial crisis. Often fraudsters feel
that this problem cannot be shared with any one and theythat this problem cannot be shared with any one and they
want their problems to be resolved secretly.want their problems to be resolved secretly.
29
8/3/2019 project incomplete
30/53
HoweverHowever Balachandran (2007)Balachandran (2007) disagrees and indicates adisagrees and indicates a
lot of situations where fraud took place solely for thelot of situations where fraud took place solely for the
greed of the fraudsters, having nil pressure behind.greed of the fraudsters, having nil pressure behind.
YanYan (1997)(1997) adds that this pressure may be financial oradds that this pressure may be financial or
work related and an effective combination of preventivework related and an effective combination of preventive
internal controls should be applied for employees not tointernal controls should be applied for employees not to
go under pressure.go under pressure.
2.7.1.2 OPPORTINITY:2.7.1.2 OPPORTINITY:
Opportunity can be explained as an aptitude to commitOpportunity can be explained as an aptitude to commit
fraud.fraud. Nava (2008)Nava (2008) holdsholds that fraudsters commit fraudthat fraudsters commit fraud
only in a situation when they are confident that theironly in a situation when they are confident that their
activities cannot be detected. It only happens when pooractivities cannot be detected. It only happens when poor
risk management procedures, weak managementrisk management procedures, weak management
supervision and misuse of authority collectively providesupervision and misuse of authority collectively provide
opportunities to the fraudsters.opportunities to the fraudsters. Muhammed (2004)Muhammed (2004) addsadds
thatthat opportunity for frauds is the worst element in theopportunity for frauds is the worst element in the
corporate environment and management must havecorporate environment and management must have
sufficient and appropriate controls over it. Organizationssufficient and appropriate controls over it. Organizations
must establish a system to bring the employees out of themust establish a system to bring the employees out of the
position where they can commit frauds.position where they can commit frauds.
Contrary to the discussion in paragraph above,Contrary to the discussion in paragraph above, TalhaTalha
(2007)(2007) argues that risk management procedures mayargues that risk management procedures may
reduce this opportunity to some extent but they cannotreduce this opportunity to some extent but they cannot
30
8/3/2019 project incomplete
31/53
8/3/2019 project incomplete
32/53
Fraudster takes fraud benefit as a borrowing and heFraudster takes fraud benefit as a borrowing and he
has full intention to return it at some stage.has full intention to return it at some stage.
Fraudster believes the organization owes someFraudster believes the organization owes some
money to him. It is the situation of job dissatisfaction.money to him. It is the situation of job dissatisfaction.
Tumpal (2009)Tumpal (2009) states, the rationalization side of fraudstates, the rationalization side of fraud
triangle consists of feelings like, nobody will get hurt, Itriangle consists of feelings like, nobody will get hurt, I
deserve more or they owe me etc. Specialized detectivedeserve more or they owe me etc. Specialized detective
controls should be incorporated to investigate whycontrols should be incorporated to investigate why
fraudster employees are victim of such rationalization.fraudster employees are victim of such rationalization.
Once the reasons have been identified, then tailoredOnce the reasons have been identified, then tailored
preventive controls should be applied to avoid thispreventive controls should be applied to avoid this
situation in future.situation in future.
Richard (1996)Richard (1996) disagrees with Tumpal (2009). He insistsdisagrees with Tumpal (2009). He insiststhat detective controls should only be designed to detectthat detective controls should only be designed to detect
errors and irregularities. Detective controls have nothingerrors and irregularities. Detective controls have nothing
to do with accessing rationalization side of fraud triangle.to do with accessing rationalization side of fraud triangle.
However in the researchers personal opinion,However in the researchers personal opinion,
TumpalsTumpals approach isapproach ismore practical.more practical.
The researcher has discussed in the Discussion chapterThe researcher has discussed in the Discussion chapter
of this report, about appropriateness of existing riskof this report, about appropriateness of existing risk
management procedures in the context of fraud trianglemanagement procedures in the context of fraud triangle
at Suzuki Motors PAKISTAN. This literature was veryat Suzuki Motors PAKISTAN. This literature was very
helpful to discover which type of controls are the mosthelpful to discover which type of controls are the most
effective in the corporate culture of the Pakistan.effective in the corporate culture of the Pakistan.
32
8/3/2019 project incomplete
33/53
Famous auditor Jans (2009)Famous auditor Jans (2009) opinion is against otheropinion is against other
researchers, he considers though sufficient andresearchers, he considers though sufficient and
appropriate internal controls are defence against fraudappropriate internal controls are defence against fraud
and misuse of assets, but poor controls do not mean at alland misuse of assets, but poor controls do not mean at all
that fraud will certainly take place. It actually does openthat fraud will certainly take place. It actually does open
opportunity for frauds a bit wider. Once again existence ofopportunity for frauds a bit wider. Once again existence of
opportunity does not mean that frauds will take place foropportunity does not mean that frauds will take place for
obvious.obvious.
2.8: SUMMARY2.8: SUMMARY
After intensive critical evaluation of the related material,After intensive critical evaluation of the related material,
the researcher is able to summarise the key points asthe researcher is able to summarise the key points as
follows to the best of his knowledge and understanding.follows to the best of his knowledge and understanding.
Internal controls are the key element to safeguardInternal controls are the key element to safeguard
organizational assets. An effective combination oforganizational assets. An effective combination of
preventive, detective and corrective controls providespreventive, detective and corrective controls provides
reasonable assurance that organizational assets are safe.reasonable assurance that organizational assets are safe.
It avoids unauthorised acquisition, disposal and misuse ofIt avoids unauthorised acquisition, disposal and misuse of
assets. Maintaining an effective system of controls isassets. Maintaining an effective system of controls is
primarily the responsibility of board of governors. Theseprimarily the responsibility of board of governors. These
controls are dynamically linked with organizationalcontrols are dynamically linked with organizational
objectives. Changes in objectives require an immediateobjectives. Changes in objectives require an immediate
reassessment of relevant controls. Douglasreassessment of relevant controls. Douglas (2000),(2000), it isit is
important to assess the control environment to developimportant to assess the control environment to develop
effective internal controls.effective internal controls. Yan (1997)Yan (1997),, controlcontrol
environment consists of organizational culture, internalenvironment consists of organizational culture, internal
policies, organizational structure and managementpolicies, organizational structure and management
33
8/3/2019 project incomplete
34/53
perception in governance. Denis et alperception in governance. Denis et al (2002)(2002) argues thatargues that
culture has direct effect over the controlculture has direct effect over the control
environment.environment. MichaelMichael (2008)(2008) emphasises that beforeemphasises that before
implementing controls it is very important to criticallyimplementing controls it is very important to critically
identify risks in achieving objectives.identify risks in achieving objectives. SpencerSpencer
(1999)(1999) discovered that failure to access inherent risksdiscovered that failure to access inherent risks
means that the organization will develop controls thatmeans that the organization will develop controls that
would not prevent frauds. Relevant controls should bewould not prevent frauds. Relevant controls should be
established to minimize specific risks.established to minimize specific risks.MarcoMarco (2006)(2006)
suggests that msuggests that management should ensure whetheranagement should ensure whether
significant changes into internal and external environmentsignificant changes into internal and external environment
have been incorporated into internal controlshave been incorporated into internal controls
system.system. Antonino et al (2010) Antonino et al (2010): Failure to maintain an: Failure to maintain an
effective system of internal controls cannot preventeffective system of internal controls cannot prevent
frauds, which results in the lack of stakeholdersfrauds, which results in the lack of stakeholders
confidence.confidence. In the corporate culture of Pakistan, internalIn the corporate culture of Pakistan, internal
control activity is not regarded as important as it shouldcontrol activity is not regarded as important as it should
be. Authority limits are not well defined and incompetentbe. Authority limits are not well defined and incompetent
audit and control officers are exposing organizationalaudit and control officers are exposing organizational
assets to utmost risk.assets to utmost risk. Kwansagool et al (2009)Kwansagool et al (2009) adds thatadds that
controls that do not appreciate segregation of duties like;controls that do not appreciate segregation of duties like;
making bank deposits, posting them into accounts andmaking bank deposits, posting them into accounts and
performing reconciliation etc, results high risk ofperforming reconciliation etc, results high risk of
frauds.frauds.Dorothy (1996)Dorothy (1996) adds poor physical controls overadds poor physical controls over
blank cheques and inventory provides an idealblank cheques and inventory provides an ideal
environment for fraud.environment for fraud.
34
8/3/2019 project incomplete
35/53
Internal controls and risks have inevitable correlations.Internal controls and risks have inevitable correlations.
Poor controls exposes high risk and high risk ultimatelyPoor controls exposes high risk and high risk ultimately
expose organizational assets to potential losses.expose organizational assets to potential losses.
CHAPTER THREECHAPTER THREE
RESEARCHRESEARCH
DESIGNDESIGN
3.0: RESEACH DESIGN3.0: RESEACH DESIGN
This chapter provides details how research has been This chapter provides details how research has been
conducted. According toconducted. According to Neil (2010)Neil (2010) research design is aresearch design is a
set of methods, approaches and strategies employedset of methods, approaches and strategies employed
toto
complete the research. It includes all the procedurescomplete the research. It includes all the procedures
involved in writing a research report.involved in writing a research report.
The researcher has discussed systematic process, The researcher has discussed systematic process,
methodology and approaches to achieve researchmethodology and approaches to achieve research
objectives. He has also explained reasons for not using theobjectives. He has also explained reasons for not using the
alternative forms of research methods. Data collectionalternative forms of research methods. Data collection
35
8/3/2019 project incomplete
36/53
procedures and data analysis techniques have also beenprocedures and data analysis techniques have also been
address later in this chapter.address later in this chapter.
3.1: RESEARCH METHODOLOGY3.1: RESEARCH METHODOLOGY
3.1.1: POSITIVISM3.1.1: POSITIVISM
This is a philosophical approach to research through This is a philosophical approach to research through
efficient, orderly and scientific methods. According toefficient, orderly and scientific methods. According to
Delbert (2002),Delbert (2002), this approach recognises that knowledgethis approach recognises that knowledge
based on experience and positive verification is the onlybased on experience and positive verification is the only
authentic knowledge. Scientific method tries to discoverauthentic knowledge. Scientific method tries to discover
the laws of occurring physical and human events.the laws of occurring physical and human events.
Positivism emphasizes gathering facts and analysing thePositivism emphasizes gathering facts and analysing the
relationship between different set of these facts. Therelationship between different set of these facts. The
researchers, following the positivism approach, analysedresearchers, following the positivism approach, analysed
numerical and statistical data through various techniquesnumerical and statistical data through various techniques
to conclude generally quantifiable results. This approachto conclude generally quantifiable results. This approach
blindly accepts wrongness of deviance and entirelyblindly accepts wrongness of deviance and entirely
ignores the subjectivity of the deviant, by assuming theignores the subjectivity of the deviant, by assuming the
absolute objectivity, whereas it never addresses it inabsolute objectivity, whereas it never addresses it in
detail.detail.
While conducting a research through positivism,While conducting a research through positivism,
researcher has to analyse observable fact in terms ofresearcher has to analyse observable fact in terms of
variables.variables. Margo (2006)Margo (2006)adds the first step in this type ofadds the first step in this type of
research is to start with a theory then data is collectedresearch is to start with a theory then data is collected
and tested against them and finally researchers refine theand tested against them and finally researchers refine the
36
8/3/2019 project incomplete
37/53
existing theories and laws they started with and veryexisting theories and laws they started with and very
highly structured research process is used.highly structured research process is used.
Most of the data collected to complete this research isMost of the data collected to complete this research is
qualitative data. Researcher personally agrees that truequalitative data. Researcher personally agrees that true
objectivity is impossible and during the research it is veryobjectivity is impossible and during the research it is very
important to consider subjective side of the deviance.important to consider subjective side of the deviance.
Researcher also fears that by positivism approach,Researcher also fears that by positivism approach,
understanding of social interactions will be quite difficult.understanding of social interactions will be quite difficult.
AsAs John (2009) John (2009) says,says, positivism cannot reveal peoplespositivism cannot reveal peoples
interaction towards any social trend.interaction towards any social trend.
The issues like good governance and its role in The issues like good governance and its role in
multinational conglomerates or critical evaluation ofmultinational conglomerates or critical evaluation of
national culture of PAKISTAN and its effect on internalnational culture of PAKISTAN and its effect on internal
controls etc are difficult to address solely by positivism.controls etc are difficult to address solely by positivism.
Hence for the purpose of this research, positivismHence for the purpose of this research, positivism
approach has not been given first priority, however,approach has not been given first priority, however,
scientific methods have also been considered wherescientific methods have also been considered where
necessary.necessary.
3.1.2: INTERPRETIVISM:3.1.2: INTERPRETIVISM:
It is described by Thomas et al (2006), interpretivismIt is described by Thomas et al (2006), interpretivism
emphasises the importance of considering peoplesemphasises the importance of considering peoples
thoughts and ideas to understand the happening of anythoughts and ideas to understand the happening of any
37
8/3/2019 project incomplete
38/53
event. John (2009) adds that interpretivism recognisesevent. John (2009) adds that interpretivism recognises
that knowledge obtainedthat knowledge obtained from interpretation andfrom interpretation and
meaningful nature of individuals participation is importantmeaningful nature of individuals participation is important
for investigation purpose because using only scientificfor investigation purpose because using only scientific
methods is inappropriate.methods is inappropriate.
Following this approach, issues are analysed to constructFollowing this approach, issues are analysed to construct
knowledge.knowledge. Janina (2009), Janina (2009), this research method startsthis research method starts
from knowledge of realism, including the phenomenon offrom knowledge of realism, including the phenomenon of
human action. In simple words this approach tries tohuman action. In simple words this approach tries to
understand issues by considering the meanings theunderstand issues by considering the meanings the
participants assign to them.participants assign to them.
Since internal control is an area wherein success dependsSince internal control is an area wherein success depends
upon the participation of all individuals in the organization,upon the participation of all individuals in the organization,
the researcher strongly believes that for this particularthe researcher strongly believes that for this particular
research of Suzuki Motors PAKISTAN, observation ofresearch of Suzuki Motors PAKISTAN, observation of
employees thoughts, ideas, behaviours and actions areemployees thoughts, ideas, behaviours and actions are
very vital to reach some conclusive findings. To assessvery vital to reach some conclusive findings. To assess
how multinational conglomerates operate internal checkhow multinational conglomerates operate internal check
and control systems with a view to ensuring governanceand control systems with a view to ensuring governance
and securing their assets. And why Suzuki Motorsand securing their assets. And why Suzuki Motors
PAKISTAN failed to prevent and detect frauds that tookPAKISTAN failed to prevent and detect frauds that took
place, interpretivism approach is much more effective asplace, interpretivism approach is much more effective as
compared to positivism.compared to positivism.
The researcher had to analyse qualitative data rather thanThe researcher had to analyse qualitative data rather than
quantitative data. Further that, application of onlyquantitative data. Further that, application of only
38
8/3/2019 project incomplete
39/53
scientific tools may not be exhaustive. Hence thescientific tools may not be exhaustive. Hence the
researcher preferred to conduct substantial part of hisresearcher preferred to conduct substantial part of his
research by following the assumption of interpretivism.research by following the assumption of interpretivism.
3.1.3: QUALITATIVE:3.1.3: QUALITATIVE:
In Bryans (1992) point of view, qualitative researchIn Bryans (1992) point of view, qualitative research
involves analysis of the culture, surrounding environment,involves analysis of the culture, surrounding environment,
behaviours, feelings or processes etc. It does not includebehaviours, feelings or processes etc. It does not include
the analysis of numerical data. This type of researchthe analysis of numerical data. This type of research
involves field work. The primary aim of this type ofinvolves field work. The primary aim of this type of
research is to complete a detailed description. In theresearch is to complete a detailed description. In the
qualitative research the researcher does not have aqualitative research the researcher does not have aclearclear
idea of what he/she is actually looking for. The researcheridea of what he/she is actually looking for. The researcher
himself acts as a data collection tool.himself acts as a data collection tool.
To fulfil the objectives of this research, qualitative dataTo fulfil the objectives of this research, qualitative data
was of extreme importance. Interpretation of events,was of extreme importance. Interpretation of events,
observing the processes and in-depth interviews are ofobserving the processes and in-depth interviews are of
key importance to critically evaluate Suzuki Motorskey importance to critically evaluate Suzuki Motors
PAKISTANs failure to safeguard its financial and strategicPAKISTANs failure to safeguard its financial and strategic
assets. Qualitative analysis of literature and operationalassets. Qualitative analysis of literature and operational
manuals of different other multinational are also importantmanuals of different other multinational are also important
to recommend improved internal control and governanceto recommend improved internal control and governance
system to Suzuki Motorss management. Therefore thesystem to Suzuki Motorss management. Therefore the
researcher prefers qualitative data and methodology toresearcher prefers qualitative data and methodology to
complete this research.complete this research.
39
8/3/2019 project incomplete
40/53
8/3/2019 project incomplete
41/53
gathering certain set of observations. Inductive reasoninggathering certain set of observations. Inductive reasoning
is also called as bottom-up approach as it starts fromis also called as bottom-up approach as it starts from
observations that further define the patterns andobservations that further define the patterns and
ultimately develop a generalized theory or fact.ultimately develop a generalized theory or fact.
For the purpose of research carried out, the researcherFor the purpose of research carried out, the researcher
uses inductive reasoning approach, starting by identifyinguses inductive reasoning approach, starting by identifying
good governance styles and control environment ofgood governance styles and control environment of
different multinational conglomerates and ultimatelydifferent multinational conglomerates and ultimately
conclude that what is a good practice to safeguard assetsconclude that what is a good practice to safeguard assets
by effective system of checks and controls. It will alsoby effective system of checks and controls. It will also
highlight credible logic why a big multinational concernhighlight credible logic why a big multinational concern
having its presence worldwide, was unable to prevent andhaving its presence worldwide, was unable to prevent and
detect fraudulent activities. The advantage of using thisdetect fraudulent activities. The advantage of using this
approach is that true and absolute events are establishedapproach is that true and absolute events are established
objectively.objectively.
3.2.2: DEDUCTIVE REASONING APPROACH;3.2.2: DEDUCTIVE REASONING APPROACH;
According to Graham (2006), deductive approach wasAccording to Graham (2006), deductive approach was
developed by ancient Greeks. This approach is closelydeveloped by ancient Greeks. This approach is closely
associated with mathematics. This type of research startsassociated with mathematics. This type of research starts
from more general to more specific. It relates at-least twofrom more general to more specific. It relates at-least two
general concepts to a specific case. It evaluates deductivegeneral concepts to a specific case. It evaluates deductive
arguments. For detective reasoning, arguments based onarguments. For detective reasoning, arguments based on
laws, rules and accepted principles are generally used.laws, rules and accepted principles are generally used.
The research to be carried out will be using less deductiveThe research to be carried out will be using less deductive
41
8/3/2019 project incomplete
42/53
approach and more inductive approach as discussedapproach and more inductive approach as discussed
above.above.
However the researcher used deductive reasoning whileHowever the researcher used deductive reasoning while
comparing g