publication . Preprint . Research . 2006

Business Process Risk Management, Compliance and Internal Control: A Research Agenda

Rikhardsson, Pall M.; Best, Peter; Green, Peter; Rosemann, Michael;
Open Access
  • Published: 18 Sep 2006
Integration of risk management and management control is emerging as an important area in the wake of the Sarbanes-Oxley Act and with ongoing development of frameworks such as the Enterprise Risk Management (ERM) framework from the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Based on an inductive methodological approach using literature review and interviews with managers engaged in risk management and internal control projects, this paper identifies three main areas that currently have management attention. These are business process risk management, compliance management and internal control development. This paper discusses these ...
free text keywords: Risk management; Internal control; Business processes; Compliance; Sarbanes-Oxley Act; ERP systems; COSO; COBIT
52 references, page 1 of 4

Adams, S. (2004). Age discrimination legislation and the employment of older workers. Labour Economics, vol. 11: 219-241.

Ahrens, T. & C. S. Chapman (2004). Accounting for flexibility and efficiency: A field study of management control systems in a restaurant chain. Contemporary Accounting Research, vol. 21 (2): 271-301.

AICPA & CICA (2003). Trust Services Principles and Criteria: Incorporating SysTrust and WebTrust. American Institute of Certified Public Accountants, Inc. and Canadian Institute of Chartered Accountants. Available from Accessed 3 May 2006.

Anthony, R. & V. Govindarajan (2003). Management Control Systems. New York: MacGraw Hill.

Ashford, N. & C. Caldart (2001). Negotiated environmental and occupational health and safety agreements in the United States: Lessons for policy. Journal of Cleaner Production, vol. 9: 99-120. [OpenAIRE]

Baker, R., W. E. Bealing Jr., D. A. Nelson & A. Blair Staley (2006). An Institutional Perspective of the Sarbanes-Oxley Act. Managerial Auditing Journal, vol. 21 (1): 23-33.

Ballou, B., N. H. Godwin & V. Tilbury (2000). Riverfest: Managing Risk and Measuring Performance at Little Rock's Annual Music and Arts Festival. Issues in Accounting Education, vol. 15: 483-512. [OpenAIRE]

Booker, S., J. Gardner, L. Steelhammer & J. Zumbakvte (2004). What Is Your Risk Appetite? The Risk-IT Model. International Information System and Control Journal, vol. 2: 5-9.

Borodzicz, E. P. (2005). Risk, Crisis and Management. New York: John Wiley & Sons.

Byington, J. R. & J. A. Christensen (2005). SOX 404: How do you control your internal controls? Journal of Corporate Accounting and Finance, May/June: 35-40.

Cannon, D. M. & G. A. Growe (2004). SOA Compliance: Will IT Sabotage your Efforts? Journal of Corporate Accounting & Finance, July/August: 31- 37.

Charette, R. (1990). Applications Strategies for Risk Management. New York: McGraw-Hill.

Chenhall, R. (2003). Management Control Systems Design Within its Organisational Context: Findings from Contingency-Based Research and Directions for the Future. Accounting, Organizations and Society, vol. 28 (2-3): 127-168. [OpenAIRE]

COSO - Committee of Sponsoring Organizations (COSO) (1992). Internal Control - Integrated Framework. Available from Accessed 26 February 2006.

COSO - Committee of Sponsoring Organizations (COSO) (2004). Enterprise Risk Management. Available from Accessed 26 February 2006.

52 references, page 1 of 4
Any information missing or wrong?Report an Issue