A Research Proposal
Presented to the
Faculty of the School of Business and Economics
University of San Carlos
Cebu City, Philippines
In Partial Fulfilment
of the Requirements of the Course
MAC 601 (Accounting Research)
HONEYLET L. QUIMILAT
MARY GLEE L. SEGUN
Month and Year Completed
Rationale of the Study
The current economic crisis highlights the disastrous results when risks associated with strategies are ignored or ineffectively mismanaged. Most companies failed because of the absence or lack of proper risk management.
Risk management is “a process of understanding and managing the risks that the entity inevitably subject to in attempting to achieve its corporate objectives. For management purposes, risks are usually divided into categories such as operational, financial, legal, compliance, information and personnel. One example of an integrated solution to risk management is enterprise risk management” (CIMA, 2005). Effective risk management involves risk assessment, risk evaluation, risk treatment and risk reporting. The focus of good risk management is the identification and treatment of these risks in accordance with the organization’s risk appetite. These risks need to be managed and controlled in order to prevent vibrant organizations from catastrophic losses and help them achieve their goals and objectives.
Accounts Payable is a part of the expenditure cycle, which is prone and susceptible to risks. The expenditure cycle is a subsystem of the both the cash management system and the accounting system. The other parts of the expenditure cycle are purchasing, receiving, and warehousing. Each of these subsystems should have controls to ensure that its overall objective will be met. Moreover, these subsystems have individual risks associated to it which can be affect the whole process in the organization, as well as other processes outside Accounts Payable, which can arise from an event or condition, external and internal factors, and decisions and choices made by people within in the organization. It can be grouped into three major components: (1) a variety of people responsible for extracting, assembling, aggregating, and analyzing data. (2) The processes and timelines by which this data is obtained and reported and (3) the systems that crunch the financial information and distil it into meaningful form. (Deloitte Development LLC, 2010)
An organization needs to understand its mission and articulate it clearly. This makes it easier to recognize the risks associated and areas of improvement with the mission. Once an organization identifies its mission, it can begin its evaluation by listing the possible risks that threaten the business with the aim of identifying high priority threats and focusing on those first. Risks should be prioritized, depending on their impact to the overall business and the effectiveness by which these are managed. Risk mitigation strategies should be developed, updated and continuously reviewed for effectiveness, and should be monitored through various control mechanisms.
Internal control on the other hand, is “the whole system of controls, financial and otherwise, established in order to provide reasonable assurance of: (a) effective and efficient operation; (b) internal financial control; (c) compliance with laws and regulations” (CIMA, 2006)
The weaknesses of many companies’ control systems have been highlighted due to the big financial scandals of recent years (between 2001 and 2003) and as a result increased attention on risk management, internal controls, internal audit and their role in modern organizations.
The implementation of the Sarbanes-Oxley Act 2002 (SOX), which was enacted by the...