Internal Control Of A Group Company Accounting Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.


Today, the debate of internal control is increasingly important to group companies. It is commonly believed that a group is quite complex which would cause a difficult in managing risks between different parts. The bankruptcy of Enron Corporation in 2001 is a milestone in the growth history of internal control. After that incident many institutions in the world published their reports for instructing corporations' internal control. This dissertation introduces the idea of internal control, and the relative supporting theories of constructing an internal control. Also, explore the structure of a group company, and its concern of how to establish an inside internal control system. Finally, give a constructive conclusion of a group's internal control by a case study of BP group.


Total Words: 10221

List of figures

Figure 1¼šThe COSO Cube

Figure 2¼šDesign of balanced scored card

Figure 3¼šBP's system of internal control

Figure 4¼šCurrent ratio of BP Group 1

Figure 5¼šCurrent ratio of BP Group 2

Figure 6¼šReturn on assets of BP Group (2007-2011)

Figure 7: Daily Stock price change of BP Group, compared with the FTSE all share from 2008 to 2012

Chapter 1 Introduction

1.1 Objectives of the study

In this day and age, the issue of internal control is increasingly important to group companies. It is commonly believed that a group is so complicated which may causing a difficult of managing the risk occurs between the inside parts of a group. The bankruptcy of Enron Corporation in 2001 is a milestone in the development history of internal control. After that amazing financial fraud case, SEC (Securities and Exchange Commission, U.S) passed the Sarbanes-Oxley Act to regulate listed companies in order to achieve a financial transparency. Among the act, section 404 (SOX 404) proposes the issue of 'internal control', it requires each annual report should contain an internal control report which shall firstly 'state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting, and secondly contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting' (Nadler and Kros, 2008:243). According to this SOX 404 act, different specific institutions in different countries make out the detailed guidelines for corporations. For example, in U.S. COSO (Committee of Sponsoring Organizations of the Treadway Commission) proposed guidelines in 1992 and 2004 for managing a firm's risk and regulating their internal control system. In United Kingdom, FRC (Financial Reporting Council) makes out the Turnbull guidance as a governance code of internal control. Those two are similar in contents.

1.2 Organisation of the dissertation

This dissertation is divided into seven chapters and organised as follows.

Chapter 1 reports the backgrounds and objectives of this study.

Chapter 2 is a literature review about the relative studies of internal control and group structure.

Chapter 3 introduces the definition and how to implement an internal control by integrating COSO and Turnbull guidance, which includes the purposes, principles, and components of internal control activities.

Chapter 4 is about a study of supporting theories and their implications for establishing an internal control system, which including agency problems, portfolio theories, institutional economics, LLSV theories and Balanced scorecard.

Chapter 5 emphasises the internal control in a 'group' company and the importance of strategy of a firm by explaining the definition, characteristics and an internal control frame for a group company.

Chapter 6 is a case study of BP Group as the research methodology, by investigating and researching BP group`s internal control structure; collecting relative financial data to verify the effectiveness of BP group`s internal control activities.

Chapter 7 proposes a conclusion.

Chapter 2 Literature Review

Because of the subject of this dissertation is 'internal control of a group company', thus there are mainly two kinds of articles are being collected. One is the papers about how to establish an internal control system, and the other is about the structure of a group company.

Bower and Echlosser's 'internal control - its true nature' in 1965 is commonly believed as the earliest article in discussing the internal control issue. This article debates the notion of internal control. He pointed out the purposes of internal control are to make financial information system more reliable and to safeguard assets. In addition, the true nature of internal control could be defined and saw by setting a financial information system. It is commonly believed that a financial information system can operate with little or no internal control. However, the financial information system can be reinforced by adding an internal control. Also, adding internal control duties could directly strengthen the financial system. Such duties can decrease the errors and fraud causing by people. 'Internal control duties are necessary because of the mental, moral, and physical weaknesses inherent in people' (Bower and Echlosser, 1965:339). Nevertheless, due to the early time of this article, the authors did not discuss the application of internal control on corporations.

Gauthier (2006:11) in his article of 'Understanding internal control' points out that the concept of internal control is not new. This article observes what each public sector financial manager and board member should know about internal control. Finish examining the essential reasons of financial reports which with a fraud; the Treadway Commission believes that it is due to a lack of internal control system. Therefore, organizations supported the Treadway Commission to design a Committee of Sponsoring Organizations (COSO) to regulate business operations in enterprises. COSO defined five essential components to guarantee a framework of internal control inside a company is acceptable or comprehensive: a. control environment, b. risk assessment, c. control activities, d. communication, and e. monitoring. However, there is no perfect framework of internal control. Internal control's nature is risks' diversification, rather than avoidance.

Spira and Page (2003) hold the view that the release of the Turnbull guidance is a plan of the UK government, which intend to strengthen corporations' internal control. The guidance aligns internal control with risk management. Also, this article discovers the change of constructing the debate about internal control and risk management with the UK company governance arena by applying a sociological view on risk. In addition, this article provides an important support on the UK companies' internal control frame.

Soderquist (2000:375) points that 'the current legal conception of the corporation is simple: a corporation is an artificial person, and the question for legislatures, courts, and lawyers is whether this conception serves their needs.' This article mainly discusses different hypotheses in constructing corporations, provides useful information for researching the structure of corporations. Furthermore, this essay observes the existing legal conception, measuring its usefulness and revealing its limits, thereby proposing a sound corporation conception.

Chandler (1992) examines business companies' operations and practices from a historical perspective. He in addition explores the value of the firm from four economic theories, which are the neoclassical, the principal-agent, the transaction cost and the evolutionary (Chandler, 1992:484). Moreover, explaining the beginning and growth of modern industrial corporations. This article also provides a useful idea in explaining internal control in different types of group companies.

Tsay (2010) deeply researches the Sarbanes-Oxley Act of 2002 (SOX). He points that the section 302 of the Sarbanes-Oxley Act requires management of listed public companies should disclose every change of their internal control systems. SOX section 404 additionally requires that a management has an obligation on assessing the effectiveness of its internal control systems and the valuation report should be audited by a registered accounting firm (Tsay, 2010:53). In January 2009 the Committee of Sponsoring Organisation of the Treadway Commission (COSO) published Guidance on Monitoring Internal Control Systems. The guidance runs a model to plan and implement an internal control valuation program for the management of a firm. Also, this article gives a precious advice on combining COSO guidance and corporations' internal control system. More specifically, the paper solves the problem of how to apply COSO's five components (control environment, risk assessment, control activities, communication, and monitoring) with a corporation's internal control system.

Kiyak (2004:3) proposes 'a theory-driven, testable, unified framework that specifies the interrelationships between key strategic constructs that define a global company: corporate global strategy, organizational structure, management processes, organizational culture, corporate leadership, and financial and market performance'. The paper develops common definitions of the strategic constructs, and further runs an empirical work by using a web-based cross-sectional survey in American multinational corporations. As the conclusion Kayak points that the process of corporate globalization is a complicated interaction of multiple dimensions. 'Skillful coordination and configuration of these key aspects are necessary to achieve the desired benefits of globalization in multinational corporations' (ibid). This paper provides a useful advice on corporations' globalization from perspectives of global strategy, firm culture and market.

Chapter 3 What is internal control?

3.1 Introductions

In this day and age the issue of enterprises' internal control has become a hot debate during both academic and practical level, because of the rapid developed management theories and information technology. Those new changes demand enterprises to establish the modern corporation system which indeed includes an internal control system, for avoiding the occurrence of financial or non-financial disasters. A sound effective internal control system could help corporations enhance the quality of accounting information, protect the investors and minimise the operation risks.

In this chapter, the definition of internal control would be discussed firstly, and then there are the reasons why a company need internal control. Finally, are the principles, purposes and components of establishing an internal control system inside a corporation.

3.2 Definition of internal control

The earliest concept of 'internal control' occurred in 18th century, at that time businessmen used the simple manner which is to clarify accountants and cashiers, for preventing fraud and guaranteeing the accuracy of accounts. But with the increased scale of business, the above simple method is becoming increasingly ineffective in dealing with complicated affairs inside company. More and more academics focus on researching for a better management of firms. Consequently, in 1949, the American Institute of Certified Public Accountants issued a specific report entitled "Internal Control" defining it as a "safeguarding of assets", the "ensuring of the accuracy and reliability of accounting data", the "promotion of operational efficiency" and the "adherence to prescribed management policies" (ABeam Consulting, 2009:2). However, this definition was criticised by some academics for the scope of responsibility of auditors was extended too far, for causing arguments in favour of a narrower explanation of the concept of internal control. Bower and Echlosser (1965:338) pointed out that the last 2 of the above 4 aspects of the definition of internal control, the "promotion of operational efficiency" and the "adherence to prescribed management policies", have created many problems of interpretation for auditors. In order to clarify the confusion, Statements on Auditing Procedure (SAP) No.33 and No.29 divide internal control into two parts, "accounting controls" and "administrative controls". In addition, SAP No.33 further pointed out that the independent auditor is firstly concerned with accounting controls, the reason of which is that auditors bear directly on the reliability of the financial data.

Accounting controls comprise the plan of organization and all methods and procedures that are concerned mainly with, and relate directly to, safeguarding of assets and the reliability of the financial records. They generally include such controls as the system of authorization and approval, separation of duties concerted effort with record keeping and accounting reports from those worried with operations or assets custody, physical controls over assets, and internal auditing (Bower and Echlosser, 1962:338).

Administrative controls comprise the plan of organization and all methods and procedures that are concerned mainly with operational efficiency and adherence to managerial policies and usually relate only indirectly to the financial records. They generally include such controls as statistical analyses, time and motion studies, performance reports, employee training programmed, and quality controls (ibid).

However, Bower and Echlosser believed that the dichotomy of the above two controls is just cloud the debates, not solve the problem. The purpose of internal control is to safeguard assets, and to ensure the reliability of accounting information. However, 'because of the mental, moral and physical weakness inherent in people, it is necessary to establish a system of internal control in accounting report procedures' (ibid:339). By combining their research Bower and Echlosser redefined the concept of internal control as follows:

Internal control comprises the plan of organization and all of the coordinate methods adopted within a business to safeguard its assets, check the accuracy and reliability of the information produced by the financial information system (ibid).

Furthermore, Bower and Echlosser (1965: 340) believed that auditors should finish seven internal control duties, they are:


Clerical proof

Acknowledging performance

Transferring responsibility

Protective measure


Verification and evaluation

In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released a report named internal control--Integrated Framework which has been widely used in America and adapted by many other countries. This report provided a fundamental guidance for establishing and implementing effective internal control. In this document, COSO defined internal control as follows:

Internal control is a process, effected by an entity's board of directors, management and other personnel, designed to provide resalable assurance regarding the achievement of objectives in the following categories:

Effectiveness and efficiency of operations

Reliability of financial reporting

Compliance with applicable laws and regulations (COSO, 1992).

This framework is significant in the evolution of internal control, because it breaks out the tradition way that AICPA dominates the relative research, therefore making out a more specific and applicable framework. By concluding the COSO's definition, it could be summarised into the following points:

First, everyone inside the corporation is the participant, including directors, management and employees. Furthermore, all the participant of internal control is fighting for the three objectives (Effectiveness and efficiency of operations, Reliability of financial reporting, Compliance with applicable laws and regulations). Finally, internal control is not a separate part of a firm's affair, while it is a process, which running through the whole management and administration of corporations.

In 1999, Turnbull Committee issued the Guidance for Directors on the Combined Code (1999) also known as the "Turnbull Report", which is a document designed for the listed companies of London Stock Exchange. This publication defined internal control as well as COSO, from aspects of accounting information reliability, internal control procedure, objectives and principles. However, Turnbull report has the innovation parts compared with the COSO 1992. It proposed that an enterprise' internal control activities should be viewed as the necessary component of their culture, because internal control system reflects the firm's operating environment. The report also pointed that internal control as a significant part of risk management of an enterprise, would be helpful for fulfilling its strategic goal. The establishment of internal control system would help the enterprise to minimise the financial loss, in order to prevent the strategic goal from influencing by a possible bad financial performance. Furthermore, the report believed that internal control activities could promote working efficiency and outcome, safeguard assets and detect fraud timely. Additional, because of the continually developing risk faced by a firm, internal control system reduces, but cannot eliminate the possibility of poor judgement in decision-making; human error; control processes being deliberately circumvented by employees and others; management overriding controls; and the occurrence of unforeseeable circumstances (Financial Reporting Council, 2005). A good system of internal control thus provides reasonable, but not absolute guarantee of a firm which will not be hindered in achieving its business objectives.

3.3 Reasons why companies need internal control

Internal control system is an important management tool for safeguarding and protecting assets, especially in the big, complicated corporation. Generally speaking, a reasonable application of internal control system could reduce losses in producing activities, and prevent the inside participants breach laws or regulations. Also, it helps to create an environment in which employees feel fair. Following are some detailed points of why companies need internal control.

First of all, internal control keeps a high quality of a firm's internal and external accounting information. Under the internal control system, each accounting procedure runs carefully and conservatively, thereby leading a true, fair and accurate accounting report, which makes inside directors and outside investors clear with the true operating circumstance of the firm.

Secondly, internal control plays a key role of decreasing a firm's operating risk. It is commonly believed that a lack of supervision results in financial mistakes, which even threats the going concern of a firm. The idea of internal control gives firms' internal auditors the guidance; provides them a series of judgement codes in each process of business, to better supervise relative personnel.

Furthermore, a sound internal control system is a demand of a firm's achievement of long-term strategic goal (ibid). Long-time going concern of a firm requires it has the ability of bearing enormous operating pressures. This pressure could be financial or non-finical. For example, a firm should not only focus on the external change of economic, policies and marketing evolution, but also notice the change of inside personnel, the build of enterprise culture. Internal control system as a multifunction tool unifies the above demands.

Finally, in order to keep assets' accurate and complete, internal control system provides efficient management and supervision manners, to prevent the human errors or mistakes from harming the safety of assets. Additional, internal control could decrease the affairs of wasting resources because it includes the control of cost as its contents.

3.4 Principles of internal control

The principle of internal control means the guidelines or standards of how to build an internal control system.

In the first place, internal control activities must consider their availability (Spira and Page, 2003). It requires the firm makes out reasonable and suitable control regulations for implementing. The control regulations should be written in the documents as firms' disciplines. However, the regulations should be neither too rigor nor too loose, because that would affect employers and employees' zeal of performing works.

In addition, designing an internal control system should fully consider the cost. The primary objective of internal control is to minimise the possible risk of losses. If the internal control activities' cost exceeds the control gains, it would become an unfavourable action. Thus, corporations should expend wisely when designing their internal control system.

Furthermore, internal control of corporations should not cover every aspect of activities. However, it should focus on the crucial procedures which will deeply affect the firm operating. For instance, auditors might pay more attention on the judgement of firm's investment and financing activities because those affairs are usually company with risks, while, for the low-risk daily routines, too much investment equals a waste of resources.

3.5 Purpose and Components of internal control

There are many interpretations about the purposes of internal control. Among them, the COSO report gives the most widely recognised and reasonable one:

…provide reasonable assurance of achieving corporate mission, objectives, goals and desired outcome while adhering to laws and regulations; allow the company to accurately report successes and outcomes to the public and interested third parties. Serve as a common basis for managements, directors, regulators, academics and others to better understand enterprise risk management, its benefits and limitations, and to effectively communicate about enterprise risk management (COSO, 1992).

The components of internal control are usually including control environment, risk assessment, control activities, information&communication, and monitoring (ibid). Those five parts explain what factors a sound internal control system should cover.

Figure 1¼šThe COSO Cube

(Source from:, 2012)

â… . Control environment

Control environment is the foundation of all the other components, it concludes the factors that would affect the firm's operating procedures such as a firm's integrity and ethical values, set of board of directors & audit committee, management's philosophy and operating manners, organizational structure, assignment of authority and responsibility and human resource policies and processes (ibid).

A complete, reasonable environment is the guarantee and foundation of a sound control system, because it makes internal control system easy to be established.

â…¡. Risk Assessment

Risk means a kind of unexpected status of things, and risks happen anytime and anywhere. A corporation may under the risks from both internal and external in anytime (Gauthier, 2006:13). Therefore, a firm needs to assess the possible risks. More specifically, a firm should identify and analyse risks which may occur in operating activities and financial reports. Identification is to recognise and prepare enough measures in advance for the possible risks. For instance, a firm should assess the possible risks of changes in information about external competitions, macro-economic policies and the trend of developing technology. Furthermore, the internal policies, personnel, and the operating structure. Analysing risks means to evaluate the probability of risks and how the risks can affect the firm, and how the firm can minimise the loss of adverse influence.

â…¢. Control activities

Control activities are proposed to achieve detailed control objectives in order to minimise the risks. They are the particular procedures, policies and practices that are planned to safeguard business objectives. The control activities are wide-ranging, includes the following parts.

a. Sufficient Segregation of Duties

In a firm, works of authorization, recordkeeping, and custody should separate from each other to keep the independence of department. For example, cashiers and accountants' works should be separated clearly in order to prevent a financial chaos.

b. Suitable Authorization of Dealings and Activities

Inside the corporation, there are two kinds of authorisation: general and specific, the former is acceptable for routine actions for which there are general policies to follow. However, for some specific transactions, particular authorisation is required on a case-by-case basis.

c. Sufficient Documents and Records

During the firm's operating, there would generate huge number of financial or non-financial documents and records. Internal control activities require successive documents so lost items are noticed. Furthermore, it requires the economic data are prepared as near to the dealing time as possible. Moreover, the format of records requires well-designed instructions and proper spaces.

Establishment of procedures and policies

Internal control activities need a set of procedures to guide the practices. In addition, backup and recovery procedures are also necessary for the unexpected risk.

e. Independent Performance Checks

Employers may forget or deliberately fail to obey procedures, or they may be careless unless someone regulates and observes their routine works (Gauthier, 2006:13). Therefore, independent check is an indispensable procedure.

â…£. Information and Communication

Information and communication support internal control by transmitting orders from management to employees in a form and a time frame that allow them to conduct their control activities effectively (COSO, 1992).


Mentoring is a procedure to evaluate the quality of internal control periodically through ongoing and specific assessments. Monitoring could include both internal and external supervision of internal control by management, employees, or outside parties. For many corporations, especially large ones, it is indispensable to build an internal audit department for a better monitor.

Chapter 4 Supporting theories and their implications for establishing an internal control system

4.1 Introduction

In this chapter, some interesting theories would propose to explain how internal control is generated, and provide academic support for a corporation to establish its internal control system.

4.2 Agency theory

The root of agency problem is the separation of ownership and management. After 19 century, companies began to expand their marketing because of a development of technology. The traditional style of family firms which combining ownership and management became increasingly unfavourable for collecting money for expansion ( ma ). In order to solve this problem, partnership, then corporations occurred. Stakeholders provide the necessary funds and a separated management takes responsibility for managing the company. This separation could make full use of shareholders' capital and the management's knowledge.

However, there is a new problem when separating ownership and management. First of all, the shareholders intend to do is to maximum their own wealth, and gain the best return of the investment. However, the management of a firm prefers to consider its own benefits, such as the bonus, reputation, working environment, holidays and so on. Thus, it is not possible to eliminate the agency problem totally.

Furthermore, the shareholders as the investors in marketing can use portfolio to minimise their risks, so they hope the management invests the high return project. However, the management is difficult to diversify their input. Therefore, comparing with shareholders, management are risk-averse, and they usually give up those high risk projects although which could increase the wealth of shareholders.

Moreover, information asymmetry exists between shareholders and management. Management participate the daily operation of a firms, know the current financial and operating information, while the owners lack the professional knowledge, and they do not directly participate the management work, thus cannot make a fair judgement of the work of management. In addition, because of an already authorisation, the owner could not conduct a total supervision. Thus the action of adverse selection and moral hazard would be done by management.

Through the brief summary of agency problem, a result is that it is necessary for a firm to establish a sound internal control system, to coordinate the conflict of wealth between the ownership and management. Although an internal control may increase the cost of operating, a company still needs it to prevent fund frauds and lower financial risks. In addition, through long-time internal control activities companies would find equilibrium between agency cost and value maximum.

4.3 Financial risk and portfolio theories

4.3.1 Definition of risk

'Risk is a term often used to imply downside risk, meaning the uncertainty of a return and the potential for financial loss' (Verschoor, 2006). The result of a risk might be good, or not. Following are some characters of risks. Firstly, risks are objective, every company cannot totally eliminate them. Additionally, risks are also uncertain, they occur anywhere and anytime. Thirdly, risks are related to the return of projects. ( fm ). It means when a subject bears a high risk, it may gain a high return. That is why someone feels like risking.

4.3.2 The type of risks

a. risk of macro environment

This is a comprehensive risk implicate the outside economic environment of firms' target country, such as the political risk and social economic risk ( ibf ).

b. risk of profession

Because of the economic cycle of a profession, corporations may face the possible cycling recession which would bring the decrease of profits. For example, the market of general tourism would bear a slack season in winter.

c. risk of micro environment

This risk particularly occurs in the specific firms during their operating activities, because of the mistakes of employees, the failure in business decision of management and so on ( ibf ).

4.3.3 The measure of risk

Scholars tend to use math models to evaluate the risk during the business operating. By evaluating the possibility of different situations may occur, an expected return can be calculated by the following equation:

E(R) - expected return

Rn - project n's return rates

Pn - the possibility of project n

It is commonly believed that a variance (VAR) of the equation represents the risk, thus:

( fm )

Through this simple equation people could calculate the risk easily, but this method is unreliable because of the error in calculation.

4.3.4 Special concern: the financial risk of a firm

'Financial risk an umbrella term for multiple types of risk associated with financing, including financial transactions that include company loans in risk of default' (Investopedia, 2011).

Markowitz (1952) reported that 'a science has evolved around managing market and financial risk under the general title of modern portfolio theory'. He also pointed that 'in modern portfolio theory, the variance of a portfolio is used as the definition of risk (ibid). There are mainly three detailed risks as follows:

Credit risk is most simply defined as the potential that a bank borrower or counterparty will fail to meet its obligations in accordance with agreed terms (Basel Committee, 1999). 

Investment risk refers to the possible failure in the projects investment. It may destroy a whole corporation due to an inaccurate calculation of the expected return of projects.

Assets impairment risk refers to the loss of tangible or intangible assets due to uncertain factors. For example, a replacement commodity maybe a strong challenge for the original producers. Also, new technology and product life cycle would be a threat for enterprisers.

4.3.5 Management of risk

There are some manners for corporations to deal with the above risks: Hedging, Reduction, insurance and acceptation.

Hedging refers to avoiding risks by using compensatory actions, for instance, do not issue securities in countries that have severe inflation; close the subsidiaries in politics unstable countries (ibf).

Reduction means take actions to lower the risk, for instance, using hedging contract to avoid foreign exchange risk.

Insurance is a way to transfer the risk by purchasing suitable insurance products. In this situation, the risk of a firm will transfer to others.

Acceptation refers to fully accept the risk of operating activities. It requires a firm has a strong capital reserve. In general, a firm rarely chooses to accept risks.

Institutional Economics

Institutional economics emphases learning, evolution, and restricted rationality. It initial occurred on the 20th century, and the representative economists are Thorstein Veblen, John R. Commons, and Wesley Mitchell (Rutherford, 2008).

Hamilton (1987) pointed that 'old institutionalism rejects the reduction of institutions to simply tastes, technology, and nature. Tastes and expectations of the future, habits and motivations, are not only determined by the nature of institutions, but also limited and shaped by them'. When people live and work in institutions on a regular basis, it shapes their world views. Basically says that traditional institutionalism focus on the lawful foundations of an economy and the evolutionary, used, and deliberate process. The fluctuations of the institutions are certainly a consequence of the very incentives shaped by such institutions, and are therefore endogenous (ibid). Categorically, institutionalism is a traditional way to response the current economic orthodoxy.

4.5 LLSV theory

In 1997, four famous law and finance scholars, La Porta, Lopez-de-Silanes, and Shleifer are from Harvard University, and Vishny is from the University of Chicago, issued the article 'Legal Determinants of External Finance'. LLSV (1997:1149) reported that countries with poorer investor protections, measured by both the character of legal rules and the quality of law enforcement, have the smaller and narrower capital markets. In particular, French civil law countries have both the weakest investor protections and least developed capital markets, especially as compared to common law countries. LLSV (ibid) further discussed the relationship of law and external finance, they pointed out that the legal environment has a huge effect in the size of capital markets over countries.

LLSV (1998:1151) examines legal rules covering the protection of corporate shareholders and creditors, the origin of these rules, and the quality of their implementation in 49 countries. The results display that common-law countries usually have the strongest, and French civil-law countries the weakest, legal protections of investors, with German and Scandinavian civil law countries located in the middle. They also notice that concentration of ownership of shares in the largest public companies is negatively related to investor protections, while consistent with the hypothesis that small, diversified shareholders are improbable to be important in countries that fail to guard their rights.

4.6 Balanced scorecard

The idea of Balanced Scorecard was proposed initially in 1992 by Kaplan & Norton. They claimed that traditional financial accounting measures such as return-on-investment ratio and earnings-per-share rate might offer confusing signals for companies` continuous improvement and innovation (Kaplan and Norton, 1996). 'The traditional financial performance measures worked well in the industrial era, but they are out of step with the skills and competencies companies are trying to master today' (Kaplan and Norton, 1992:71). It means that the traditional fiscal accounting techniques focus on recording and estimating the past economic activities of corporations while it cannot provide a completely advice about companies' current and future financing and investing events. Moreover, in the current society of business information, companies should take several factors such as customers, suppliers, employees, innovation into consideration (ibid). Therefore, balanced scorecard was offered from four main perspectives to evaluate firms' performance: the financial, customer, internal business process, innovation and learning (ibid). The aim of balanced scored card is to take firms' visions into actions (Kaplan and Norton, 1996).

Figure 2¼šDesign of balanced scored card

Balanced score card requires individuals inside the group establish their own scorecards, and occasionally check the performance of scored cards. This outcome is related to their personal bonus. Score cards are usually built based on four aspects: financial, customer, internal business process, innovation and learning. Firstly, to enumerate non-financial data, 'What you measure is what you get' (Kaplan and Norton, 1992:71). It means to interpret groups' objects and ideas into a series of objectives, measures, goals and initiatives, which makes non-financial elements visible and assessable (Kaplan and Norton, 1996).

The above theories' practical implications for internal control

In order to detect how internal control is generate, and why corporations should establish a sound internal control system for keeping a good business operation, the above part introduces theories including agency problem, financial risk and portfolio theory, Institutional Economics, LLSV theory and balanced scorecard. From a comprehensive perspective, following are some practical implications of the theories for internal control.

In the first place, agency problem requires an internal control to protect the company owner`s benefits. In other words, agency problem is the root of internal control. Economists assume that resources can be divided into the following three: land, capital and technology, and assume that what people pursue is to maximise their own utility. With the continuous development of productive forces, the scale of production of enterprises continuously expand, the owners of the company, though they have the economic resources such as land and capital, but not necessarily have the ability to manage a business; However, managers occupy technical resources, but no capital. In order to allocate resources efficiently, the owners hire managers who have the ability to represent them to take responsible for the operation of the enterprise. This action produces a separation of ownership and management. But, the goal of operators is not consistent with business owners. The owner intend to maximise the value and create wealth for themselves, while the goal of corporate managers are higher incomes, benefits and reputation, which is consistent with the assumption of economic man in the economics, that is pursuit of their own utility maximization. Furthermore, because of managers take responsible for daily business activities, they are able to reach and grasp more business financial information than the corporate owner, this is an information asymmetry. Asymmetric information can easily let managers to make adverse selection and moral hazard, also say that business managers use private information to pursue individual utility maximisation, the results of that may damage the enterprise's value. Thus, agency theories provide academic support for the rationality of internal control. Also, internal control as a powerful tool has utilised by the enterprise owners for a better monitor.

Secondly, financial risk and portfolio theories propose to what extend internal control activities should achieve. The agency problems lead to an occurrence of agency cost, the existence of agency cost brings the risk for owners. Thus the owners establish internal control system for regulating managers. Based on the relative investment theory, in the same return rate, people prefer to choose a project with smaller risk. Although there exists risk of internal control costs, considering the reality that investors usually cannot fully invest portfolios effectively to reduce a risk, internal control risk is still to be considered when judging an enterprise.

Furthermore, institutional economics makes internal control well organised. In order to reduce the agency problem caused by the risk, owners would automatically monitor and control managers, ask them to guarantee and be responsible for the business results. Some financial scandals show that the voluntary established internal control system does not meet the requirements of the owners on the risk control. Gradually, internal control system is developing to legal provisions inside corporations. The institutionalisation of internal control is the result of business expansion. In turn, the institutionalisation of internal control strengthens the protection of the owner.

Moreover, LLSV theory of investor protection points out that when the capital market develops to a certain extent, the requirement of protecting investors in capital markets in different countries and different economic system is the same. The significance of establishing internal control is to protect investors effectively. According to the theory of LLSV, mature capital markets require the mature internal control system, and internal control system standards in developing capital market will gradually become strict as the mature market.

Finally, balanced score card is a good practical mode of internal control. Balanced Scorecard (BSC) is a core strategic management and implementation tool. It divides information into 4 dimensions, and makes it easy to be measured. The main purpose of BSC is to convert the enterprise strategy into detailed actions, to highlight the comparable advantage. Inside the balanced scorecard, the factor of 'financial' and 'internal process' require enterprises establish sound internal control system, in order to guarantee the achievement of enterprise strategy.

Chapter 5 Internal control towards Group companies


With the increasingly integrated global economy, the competition between nations is actually a contest between big companies and groups. In recent years, the group company has become an important force and indisputably occupies a significant position in the whole economy, no matter in its size, efficiency or impact.

However, after the lessons of Enron, Barings Bank and other serious incidents, it is concluded that: the success of internal control of a corporation is directly related to the company's fate. Corporations should quickly establish a reasonable system of internal control. The construction of corporations' internal control system should firstly ensure the subsidiary operating as a self-financing independent identity. Secondly, pursue the group's overall interests. However, the solution to the problem of the effectiveness of internal controls of the whole corporation is not simple, due to the many layers of management inside the corporation, managers in the headquarter could only through the indirect command and control to constraint and monitor subsidiaries.

The establishment of the group's effective internal control system is a key to continuously improve the overall value of a corporation and enhance the core competitiveness of the group. In this chapter, firstly introduce the definition and characteristics of a group company. Additionally, the relevant study provides a theoretical basis for further researching the internal control mode. Then, in the last section of this chapter we focus on a strategic direction which combining with features of a corporation to carry out internal control`s relevant frame study.

Definition of group company

Soderquist (2000) believes that a corporation is a constellation of relationships having a varied and varying hierarchical structure. There is an unintelligibly large number of relationships that can take place in corporations, moreover, many of these relationships will continuously vary.

A group is an assemblage of parent and subsidiary companies that function as a solo economic subject via a common source of control (ibid). The notion of a group is often used in the tax law, accounting and firm law to clarify the rights and responsibilities between companies. If a company involves in completely different businesses, it is usually named a conglomerate.

Characteristics of group company

When it comes to group companies, people usually wonder what advanced a small and single organisation to become a multiple and complex group organisation. Chandler (1992) points out that the idea of the group company is an explanation of alternative relationships between market and firms. In other words, the modern multiple enterprises (groups) will replace the traditional small companies when the management and supplement inside a firm could provide higher productivity and profits, lower costs than the coordination of the outside market mechanism. Also, it is a transformation from the market behaviour into corporations` internal purchasing behaviour. For example, previously commercial activities are performed by several business units, now through the restructuring or even merger of corporations to reach a trading internalisation. Such internal transaction brings the following benefits for the expanded enterprise groups: Firstly, transactions between inside units as a routine work, which reduce the transaction costs. Secondly, for the production and marketing's integration, information costs drop significantly. Finally, the coordination of integration makes a firm fully uses social resources, therefore enhancing its efficiency.

In this process, the types of parent and subsidiary companies are the following three: First of all, business expansion. Corporations form a new subsidiary driven by product innovation and industrial upgrading, to reach a horizontal or vertical strategic integration of subsidiaries. Secondly, capital driven. In order to achieve the target of strategic development, corporations use the methods of holding, acquisition, merger and equity participation to control subsidiaries (Soderquist, 2000). Third, regional expansion. The parent company develops specific regional markets, domestic markets or international markets based on the strategy requirements of internal resources sharing, reduction of internal transaction costs and location advantage of market. All in all, no matter what kind of expansion corporations are applying, the essential characteristics of a group company is that there is a parent-subsidiary based vertical organisational structure.

In conclusion, the group does have an independent legal status. More specifically, groups are consisted by a parent company with several subsidiaries, in other words, the group as the parent company includes a number of subsidiary companies. Subsidiaries are controlled by a parent company through holding securities. Furthermore, equity and property rights are the link between a parent company and its subsidiaries. Moreover, from the perspective of internal organisational relationships, on the one hand, the parent company and subsidiaries both have the independent legal status; on the other hand, the parent company vertically controls subordinate enterprises by occupying equity or property rights.

Financial Risks of a group company

Due to the large number of subsidiaries, it is difficult to fully integrate the resources inside a group. In addition, the features of financial risks of a group are also different from traditional enterprises and harder to solve.

The first risk of a group is possible debt default. Because of the so many management layers inside parent company and subsidiaries, the risk of debt default would be magnified (Diana, 2005). For instance, each subsidiary could be a warranty subject, also, could be a borrowing body. Some sorts of disasters such as inappropriate warranty and large scale debt default would occur, causing a bad influence of the whole group's reputation. Even though, result in a collapse of a group.

The second one is a risk of investment failure. Inside a group, the headquarters cannot get all the information of each subsidiary, thus it is difficult to efficiently monitor and evaluate each subsidiary's investment projects (Buehler and Shetty, 1975). Once a failure occurs, the loss of investment would be huge, additionally result in a large number of non-performing assets and bad debts, thereby decreasing the profits of parent company.

Furthermore, the benefit conflict between parent and subsidiary company increases the financial risk of a group. According to the rational man theory, both parent and subsidiary company are pursuing their own benefits maximum, thus causing a lot of conflicts in daily business operating. At the same time, such many layers of management result in a high management cost and low efficiency. All of the above features increase the possibility of a group's financial loss.

Finally, a big group's financial risk would influence the prosperity of regional economy. More specifically, the parent company not only affect the decision of subsidiaries but also affect the steady of regional economy. A collapse of a group would cause a severe social and economic consequence; countless failures of groups in the world have confirmed this view.

Specifications for a group's internal control

It is commonly believed that an internal control system is designed for a particular organisation. However, when talking about a group company's internal control system, things become complicated. It is stupid to use the same internal control contents between a group company and a common enterprise, because they are different in the aspect of organisational structure, financial system and ability of bearing risks. The core of a group's internal control is to utilise conjunct goals or strategies to align and constrict inside subsidiaries. Furthermore, strengthen the training of personnel of internal control system, and complete the mechanism of incentive management. Aiming to reach a consensus of that the group is belong to the entire participant includes investors, management and employees.

Because of the large number of subsidiaries of a group, internal control for a group company may have several special features and specific requirements. First of all, unlike the small simple enterprise, in a group company internal control must cover the whole entity, which including both top-down and down-top control. For instance, the parent company needs to monitor subsidiaries' financial status, vice versa; subsidiaries should also perform control activities towards the decision ordered by the parent company for avoiding an unsuitable order. Secondly, the control powers of different subsidiaries are not same (Spira and Page, 2003). For example, the types of subsidiaries include wholly-owned subsidiaries, joint stock company and holding company. The parent company could only perform a strict control to those close subsidiaries such as whole-owned firms, however, to those weak-linked companies, internal control activities are no need and not possible to be perfect. Furthermore, unlike the common simple enterprise views the accounting and business operation as the core of internal control, a group tends to put 'capital control activities' as its key process. In other words, the objective of a group's internal control is to guarantee a safe transformation of cash flows from subsidiaries to the parent company. Thus this sort of internal control is focusing on the control of capital passes in and out inside subsidiaries. Finally, manners of the parent company performs internal control in subsidiaries are various and different, because the control power is different. For instance, for the wholly-owned subsidiary, the parent company could directly assign CEOs to lead the management, in addition, auditing and monitoring the financial reports and budgets in order to control the capital flow. However, for the joint stock company or holding company, the parent company could use their rights of voting in the general meeting of shareholders, to approach an influence on the decision of targeted subsidiary's business activities.

Chapter 6 Research Methodology - a case study of BP group

After introducing the specifications for a group company, now a famous and typical group company is necessary to be analysed for supporting the points this dissertation proposed. BP group as the sample of this case study is typical and constructive.

In this chapter, we will introduce BP group's internal control structure, and then conduct some data analysis to verify the effectiveness of BP's internal control.

6.1 BP group's system of internal control

In chapter 3 we have briefly introduced the COSO framework and Turnbull report, they are famous instructions to enterprises for establishing an internal control system. However, when applying those instructions into a group company, some revises should be proposed. One of the most important 'revisions' is to clear a long-term 'strategic goal' of a group. The board of BP group takes responsibility for directing and supervising the whole company. The board has proposed a global goal for BP group, which is to maximise long-term shareholder value through the allocation of its resources to activities in the oil, natural gas, petrochemicals and energy businesses (BP PLC, 2010:32).

BP group keeps a broad system of internal control, which includes the general set of management systems, processes, organisational structures, behaviours and standards that are employed to conduct their business and deliver returns for shareholders (ibid). This internal control system is considered to meet the requirements of internal control of the Corporate Governance Code in the UK and of COSO (Committee of Sponsoring Organizations of the Treadway Commission) in the US (ibid). It solves risks and how we can react to them as well as the whole control environment. Core components of the system of internal control are: 'the control environment; the management of risk and operational performance (including in relation to financial reporting); and the management of people and individual performance' (ibid). The following picture shows a comprehensive introduction of BP group's internal control system.

Figure 3¼šBP's system of internal control

(Source from: BP .PLC Annual Report 2010:93)

The detail contents of the control system are showed in the graph. Among the dynamic pie graph the risk management and operational performance should be viewed as a significant part. It includes businesses identify, prioritise, manage, monitor and improve the management of risks on a day-to-day basis to equip them to deal with hazards and uncertainties (BP PLC, 2011:123). This enables the most of important risks can be identified.

Referring to the aspect of monitor, it is important for BP to conduct a centrally control and monitor. BP`s centrally controlled process as a part of internal control system, it consists of the following components:

Accountabilities of personnel of the group, to confirm that there are review and authorisation of proved reserves bookings independent from the working business and that there are effective controls in the approval process and confirmation that the proved reserves estimates and the related financial influences are reported in time (ibid:90).

Capital allocation process, the proxy authority is trained to engage in capital projects that are compatible with the delivery of the group's business plan (ibid). An official review process proposes to ensure that both technical and business standards are met previous to the commitment of capital projects.

Internal audit is to examine whether the group's internal control system is well designed and operating effectively to satisfactorily respond to risks that are important to BP (ibid).

6.2 A verification of the effectiveness of BP's internal control

On April 20th 2010 that was a disaster for BP group, due to the leak oil of Mexico gulf. This incident brought a disastrous result of which BP had to pay millions pounds to restore the environment of Mexico gulf. However, from the prospect of this dissertation, it is a good chance to verify and examine the effectiveness of internal control system of the target company after experienced such a risk.

6.2.1 Liquidity analysis

This part aims to test the ability of cashing of BP. Due to an incident of leak oil, BP must allocate huge number of money to pay the restoration work. Thus a data analysis towards BP's liquidity could be a judgement for BP's periodical internal control performance. Current ratios are viewed a ruler of a company's liquidity. Following are graph of current ratio of BP Group.

Figure 4¼šCurrent ratio of BP Group 1

(Data from:, 2012)

Figure 5¼šCurrent ratio of BP Group 2

(Data from:, 2012)

Form the picture above, it is clear that in the second quarter of 2010 the current ratio dropped obviously from 1.13 to 0.96, mainly because of a huge cash expenditure of environment restoration work. While, from the third quarter of 2010 the ratio had a steady increase from 1.01 to 1.25 (till quarter 2 of 2011). It is showed that BP group use almost 1 year to increase their liquidity for the possible payment for the restoration work. After the quarter 3 of 2011, the current ratio restored to the normal value (around 1.15, above 1) as shows before the incident. To conclude, from the prospect of liquidity data, BP's internal control system was effective and showed a quick reaction to the incident in adjusting their liquidity.

6.2.2 Profitability and stock value analysis

In this part, return on asset rate and stock price would be used to examine BP's profitability and shareholders' confidence.

Figure 6¼šReturn on assets of BP Group (2007-2011)

(Data from: Thomson ONE Banker, 2012)

It is clear that in 2010 the return on assets was minus (-1.22) due to a large number of compensation payments decrease the return rate. However, just 1 year past in 2011 BP kept their return on assets rate to be 8.98%. It is unbelievable for a company to have such strong recovery ability but BP did it. It also shows the risk management work of BP is excellent.

Figure 7: Daily Stock price change of BP Group, compared with the FTSE all share from 2008 to 2012

(Data from: Thomson ONE Banker, 2012)

However, the shareholders seemed not to be that confident with BP. According to the stock price graph, it is easy to be concluded that before the Mexico incident, the stock performance of BP were always better than the whole stock market, however, after the oil leak incident the stock performed worse than the FTSE all shares. Thus, it shows that investors' are not that confident with BP group. Due to shareholders' low-key reaction to the stock, it shows that the internal control of BP has a problem in communication with public. Therefore, BP needs a more comprehensive enhancement in communication with shareholders, investors and citizens.

6.3 Limitations

There are mainly two limitations about this case study. First of all, the data collected from the annual report would not represent the real business circumstances. It is commonly believed that before a listed company releases its report they would employ accounting firms to prettify their financial reports, thereby causing an error between written and true performance. Therefore, the analysis based on this would not achieve a complete fair.

In addition, the stock market performance cannot 100% shows the true valuation of a company. From the view of psychology, investors have a 'Herd behaviour', which means people tend to conduct the same actions as most of market participants conduct. Take BP for an example, after the leak oil incident all the people plans to sell the stocks, thus causing an unreasonable continuous low price of stock.

Moreover, a poor performance of BP's stocks is not only due to the Mexico incident, but also the global economic recession. Thus it would influence the fairness of the researching result.

6.4 Conclusion

Although a sound internal control system has been established inside BP group, it is still difficult to easily deal with the disastrous incident. Furthermore, the protecting function of internal control it is still limited because risk cannot be totally eliminated. However, the substance of internal control is a diversification of risks, not avoidance. Thus, via the financial data analysis, the effectiveness of BP group's internal control is basically satisfied.

Chapter 7 Conclusion

This dissertation firstly reviews the concept of internal control, and then introduces relative supporting theories of internal control. In addition, research the structure of a group company, and its issue of how to establish an inside internal control system. Moreover, a case study of BP group is showed to deepen the points proposed in the former part.

After the case study of BP group, some valuable views and innovations about how to perfect a group's internal control are concluded as the conclusion part.

In chapter 3 we have introduced the COSO framework and Turnbull report, they are detailed instructions to firms for establishing an internal control system. Here, we will discuss a group company's internal control components by combining the COSO and Turnbull instructions.

When talking about a groups' internal control, we must first determine the objectives of internal control. COSO (1992) defined the objectives of internal controls from three aspects: economy and efficiency of operations, reliability of financial and management reports and compliance with laws and regulations. Although the diversity goals set by the COSO report can be more oriented to the internal control, but triggered a chaos of goals in coordination. COSO (2004) reports amended 'reliability of financial and management reports' into 'reliability of reports', this new definition of 'reports' covers enterprises' all reports, including financial reports. In addition, the COSO (2004) newly added one objective, namely, strategic goals. However, these goals are designed for a common enterprise, cannot instruct a groups` internal control. Therefore, in setting the goal of a group's internal control, we need to make the necessary correction that is to set both the overall and the specific objective of internal control of the corporation. The company's long-term strategic objective should be viewed as the overall objective. However, the specific objectives are designed for detailed subsidiaries according to COSO: objectives of efficiency operation, reliability and compliance with laws.

In addition, the internal control environmental would impact the business activities, risk identification and assessment, and the formulation of groups' strategies and objectives (Kiyak, 2004). Similarly, the internal control environment will also be influenced by the history and cultural of a group. The concept of internal control environment consists of many elements, including the ethics of the enterprise, emp