This study can be described as a descriptive single-case study. The aim of the study is to describe and understand the risks and internal controls in the case company's sales process and to suggest improvements to the controls where necessary. The theoretical frame for the study is largely based on risk management and internal auditing literature. Majority of the data collection for the study is performed through theme interviews with different level employees of the case company whom are considered knowledgeable to evaluate the existing risks and controls in the examined sub-processes. The study first pinpoints and analyses the main risks inherent to the case company's sales process after which internal controls over those perceived risks are discussed: whether they are considered effective at present or whether they should be further strengthened. Based on this discussion, improvement suggestions and actual improvements to internal controls are made. By the end of this case study, five out of the fourteen internal controls that were considered to re-spond to medium- or higher level risks were strengthened whereas four of the controls were con-sidered effective enough as they were. Some means of improvement were suggested for the rest of the internal controls. However, due to the highly context-specific nature of internal controls, the findings presented in this study are unlikely to be directly applicable to other settings. Some inter-esting observations were made during the study. These included the importance of maintaining sound internal control documentation, the ambiguity of the concept of internal control and the con-venience of building controls into systems where possible.
展开▼
