When Internal Control Meets Internal Audit: Conflict or Combine? ()
1. Introduction
The five ministries including finance issued “enterprise internal control the sup- porting guidelines” in April 2010, and pointed out that the construction of internal control is an important foundation for the development of enterprises. The COSO committee published a new framework in 2013; it redefined internal control and guided the behavior of enterprises more effectively. In August 2013, the China Institute of Internal Audit promulgated the new internal audit standards, which fits into the international practice and improves the applicability and operability of the guidelines. In recent years, Chinese enterprises have quickly established internal control system and internal audit institution under the guidance and requirement of the law, which has attracted the scholars’ extensive research.
In regard to the relationship between internal control and internal audit, some scholars think internal control and internal audit fall into a vicious cycle of mutual inhibition. For example, internal auditing is the supervision of internal control and act as the role of “police” in the corporate governance, so some things inevitably cause internal control department’s dissatisfactions and even conflict, which isn’t conducive to the development of the enterprise [1] . Internal audit can effectively monitor the operation of the internal control especially fraud, which lets the internal control and internal audit at opposite ends [2] . Internal audit is the confirmer of internal control, supervises evaluates as well as propo- ses amendments. In traditionally, internal audit is considered to be a trouble maker and excluded by other departments even trigger conflict [3] . A scholar regards the internal audit as a game that between internal auditors and other departments and a bit inadvertent could put it into a “besieged” situation [4] . In the development of China’s enterprises, enterprise managers while enhanced the importance of internal control and internal audit, but didn’t pay attention on the integration of the two aspects, usually would both divide and rule [5] .
And other scholars suggest that integration of internal control and internal audit can create value for enterprises. For instance, the relationship between internal control and internal audit is interdependent and you are in me and I have you [6] . Internal audit and internal control is closely related, internal audit tests the effectiveness of internal control and puts forward the corresponding amend- ments to improve the internal control to create value for the company [7] . There is a mutual promotion of internal audit, internal control reform can bring the change of internal audit and internal audit effectiveness inspection of internal control, finally the two work together to protect the enterprise healthy and rapid operation [8] . An effective internal audit system to help company cope with risks, in turn, a strong internal control can provide support for the internal audit work, which was verified by data [9] . Two scholars used data found that the head of the internal audit professional ability can significantly improve the quality of internal control [10] . Scientific and standardized internal audit procedures, perfect internal audit methods can have a significant role in promoting the effectiveness of internal control [11] .
The above shows the development of internal control and internal audit in the theoretical circle, some persons are in favor of conflict relationship and others propose integration relationship. So what’s the relationship between the two in practice field? I believe that one thousand companies will have one thousand different answers. In this paper, CIMC as an example, in-depth researched that in practice field the relationship between internal control and internal audit is inhibition or fusion, and enrich the academic research of internal control and internal audit.
2. Case Overview―CIMC
2.1. The Synopsis of CIMC
China International Marine Containers (Group) Ltd. (CIMC) is a world leading supplier of logistics and energy equipment, headquartered in Shenzhen of China. CIMC is dedicated to supplying high-quality and reliable equipment and services, including containers, vehicles, energy, chemical and food equipment, offshore, logistics services, airport facilities, etc. CIMC was founded in January 1980 as a joint venture invested by China Merchants Group and East Asiatic Company in Shenzhen and was initially managed by EAC executives. It came to be listed in SZSE in 1994 and listed in SEHK in December 2012. Currently, CIMC is a public A+H share listed company, whose main shareholders are China Merchants Group, China Ocean Shipping (Group) Company, Hony Capital, etc. Stimulated by the deep-seated international genes since its establishment, supported by the outstanding governance structure and propelled by the endless pursuit of technological innovation and management efficiency, CIMC has rapidly grown into a prominent company that stands the leading place in many global industries.
2.2. The Development of Internal Control and Internal Audit
CIMC’s internal control system and internal audit system has been in continuous development and updating, as Mai Boliang said: “the biggest challenge and the biggest risk of CIMC are in their own and within the group. Therefore, regulations and loyalty are particular important, humanity must accept supervision and restraint.” The company internal control system can meet the requirements of risk control before 2007, but as the company’s growth the original internal control system couldn’t meet the demand. According to the situation of the company and regulatory requirements, CIMC set up internal control system construction committee in 2007 and improved and perfected the internal control process in accordance with the internationally accepted the COSO framework. About internal audit, the board of directors meeting decided to set up an internal audit institution-audit supervision department in December 30, 2007.
In 2008, CIMC regarded completing the framework of the internal control system as the focus, continued to improve internal risk control system and achieved great results. Company further defined the connotation of risk control, put forward three strategies of open source, throttle, risk prevention and specific action of the nine key actions as well as set up a task force mode. Based on the effectiveness of the internal control system, CIMC could take decisive measures when encountered the 2008 financial crisis and the actual capital expenditure budget reduced by 47%. For internal audit, the group only deepened the improvement of the internal audit system in 2008, but didn’t pay enough attention in practice filed.
In 2009, CIMC improved the internal control system in accordance with the “internal control basic norms”, and began to issue internal control self-assess- ment report. The construction of internal control system achieved fruitful results. The company formed internal audit and internal control method that had its own characteristics, and assembled a team of staffs with high quality who can battle-hardened. CIMC audit supervision department extended in order to meet the needs of the development of the company, and carried out regular review, audit as well as audit value-added service work to implement the audit functions.
In 2010, this enterprise completed most domestic subsidiaries’ internal control construction, and strengthened internal control system construction work of overseas subsidiaries. In order to achieve internal control, CIMC took the rectification results of internal control and internal control risk events as one of key evaluation indexes of each subsidiary. Audit supervision department expanded and completed a total of about 300 kinds of internal control and value-added services, reported summary problems and rectification progress quarterly.
In 2011, CIMC became one of the CSRC Shen Zhen jurisdiction motherboard 22 key pilot companies. Company attached internal control work into the assessment of accountability and formulated a set of complete CIMC internal control methodology. This year the development of internal audit was relatively quickly, launched bottom-up internal control self-assessment work and formed company internal control self-assessment report. CIMC has created a method that construction of internal control system and internal audit closely combined, so risk control can carry out roundly and deeply. CIMC has obtained the result of “1 + 1 > 2”.
Since 2012, the company achieved the goal that full coverage of internal control of domestic enterprises and the basic coverage of internal control of overseas enterprises. CIMC internal audit has made great progress that took internal audit as an important part of CIMC 5S (strategic planning and investment, the annual plan and budget, management reporting, internal control and internal audit and evaluation) management system, and gave full play to the “internal audit is spear, internal control is the shield” effect. CIMC actively explored the combination between internal audit of S and the other 4 “S” for the sake to take 5S system as a whole to play a role, and further enhance internal control set and the brand value.
In 2015 and 2016, in order to establish a long-term mechanism of internal control system and enhance the value of internal control work, CIMC further promoted the internal talent incubation system, the hierarchical model of internal control manual, internal control compliance and internal control information engineering work, and achieved remarkable results. About internal audit, CIMC actively explored internal control audit function line and affect as the role of security. Internal audit department focused on the two work, one is to promote upgrade of internal control, process basis for 5S system run efficiently and promote advance risk prevention; another is to explore the strategic risk that is oriented by control, carry out the economic responsibility audit of manger, make the 5S system form a complete closed loop for the first time, and become the model of industry.
3. Relationship between Internal Control and Internal Audit
3.1. Analysis from the Development
The above reviews the development of CIMC internal control and internal audit, and we can see that the internal audit plays an indispensable role in the development of CIMC. The construction of the internal audit has been raised with the establishment and perfection of internal control system, the relationship between the two has experienced from the process of inhibition to fusion over the years.
In early 2008 audit supervision department was set up which is affiliated with the board of directors so that the independence of the internal auditor is well protected. Due to the internal audit was set up soon so enterprise only focus on the improvement of the theory of the system, and the internal audit in the actual operation was not be so smooth. Internal control staff could be inconsistent with the internal audit work even intensifies the contradiction, so at this point the internal audit was to inhibit the development and improvement of the internal control.
In 2009 and 2010 CIMC did not pay enough attention to the internal audit so that the development of internal audit in the past two years was relatively slow, and the main focus of audit supervision department were on the review, regular audit and value-added services, etc. Therefore, between internal control and internal audit still existed mutual inhibition effects, and even audit supervision department did not give full play to the effectiveness of internal audit.
2011 was a pioneering year to CIMC. The development of internal audit was more rapid, such as firm actively publicized the knowledge of the internal control of internal audit and carried out top-down work of self-evaluation of internal control, and ultimately the position of internal audit was promoted. Because CIMC created closely with the method of internal control and internal audit, coupled with the perfection of regulations, the inhibition of relationship between internal control and internal audit was slowly ease until disappear.
Since 2012, CIMC has continued to combine internal and internal audit to do projects and broke both contradictory and restrain each other, the two promote each other to create more value for the company. Internal control and internal audit work at the same time just as combination with point and plane, so that company can effective supervise and control in advance and timely detect errors and correct them, finally enhance the ability of enterprise to deal with risks. Combination of internal control and internal audit make risk management into daily operations and the two are almost synchronous in enterprise, so that the process and results are confirmed by each other and reduced some losses which were caused by the process does not accord with the results, eventually become the core competitiveness of CIMC.
3.2. Analysis from Relevant Organization Structure of CIMC
Apart from the development history to see the relationship between internal control and internal audit in CIMC, this paper also analyzes from organization framework about related to internal control and internal audit in CIMC to check the relationship between both in now, which is shown in Figure 1.
Among them, the relevant departments functions respectively as follows: 1) The Board of Supervisors: responsible for overseeing the company senior man-
![]()
Figure 1. Relevant organization structure of CIMC.
agement personnel who shall perform their duties according to law in the process of establishment and implementation of internal control. 2) The Audit Committee: responsible for review and supervise the implementation of the internal control and internal control self assessment, coordinate the internal control audit, etc. 3) The Board of Directors: responsible for the establishment of the internal control system, sound and effective implementation. 4) President: lead the construction of internal control, supervise and urge formulation, implementation and improvement of each major system of risk management and control system. 5) The Board Secretary Office: in charge of internal control information disclosure content are true, accurate, timely and complete. 6) The Division Audit and Supervision: the secretary department of the internal control auditing committee. a) Construction of internal control and evaluation aspects: be responsible for the supervision, guidance, inspection and evaluation to the construction of each unit. b) Internal control audit aspects: to check on the operation of the internal control and audit on a regular basis. 7) The Internal Control Audit Committee: responsible for the medium and long term planning of internal control and put forward opinions to the President; Review the annual internal control work plan and summary; Coordinate and solve the group internal control important matters which across different plates, headquarters departments.
From Figure 1, we can see that the Audit Supervision in CIMC is led directly by the top management, rather than directly attributable to the Audit Committee or the Board of Directors, which can able to clear who is responsible for the internal audit and to ensure the daily operation of internal audit. Between internal audit department and audit committee of the board, CIMC increases two processes―internal control audit committee and president, which can make the audit more strictly and enhance the feasibility of the plan. In now, internal control and internal audit functions mutual confluence and the relationship become combine, which can make two departments play their effect, so as to create value for the enterprise.
From the above, the relationship between the internal control and internal audit of CIMC is not invariable and syncretic at the beginning, but the combination of both is more harmonious after two or three years of running in period as well as with the enterprise strategic adjustment. CIMC has created a high level of internal control personnel and created a suitable set of internal control management system in order to cope with the changing of outside environment. In CIMC, internal control grasps the whole and internal audit probes deeply, the organic combination of the two help firm implement internal control construction and risk control do deeply. Internal control is the guide and guarantee of internal audit and internal audit is a ruler and an important component of internal control, that form a harmonious development between the internal control and internal audit restrict and promote each other, complement each other. CIMC is not satisfied with the status quo and timely pays attention to the latest development of internal control, carries out regular interaction about internal control and internal audit with other enterprises, then combines with their own situation to update and improve internal control system and internal audit system.
4. Conclusions and Implications
Through the analysis of development of internal control and internal audit of CIMC, we can see that relationship between the two from inhibition to fusion clearly. CIMC combines internal control and internal audit together to implement creatively, which ensures the healthy and stable development of the enterprise. The combination of CIMC internal control and internal audit sets a good example to other enterprises, and its own system is in constant modified and perfected at the same time.
The innovation of this article is that study through the development of a specific company’s internal control and internal audit to discuss the relationship between them, which not only enriched the academic research of internal control and internal audit, but also found the relationship between internal control and internal audit is not invariable. CIMC internal control and internal audit have experienced the qualitative change that from mutual inhibition to the integration, so that both the escort for the continued steady and fast development of CIMC. The case of CIMC could provide reference to the implement the internal control and internal audit of other enterprises, and is conducive to enhancing enterprise core competitive ability, and finally it ensures the long-term stable development of Chinese enterprises.
This paper provides the following suggestions for the construction of an internal audit of other enterprises through researched: 1) Improve managers’ cog- nition. In the process of development, China’s enterprises need to constantly improve managers’ cognition, so as to better the integration of internal control and internal audit. First of all, managers have to improve attention to the internal audit and internal control, and formulate corresponding regulations. Second, managers need to improve the importance of the fusion, and to formulate corresponding measures to promote the integration of the two, such as incentive system and management system, etc. 2) Establish a sound and unique internal control system. A company establishing an effective internal control system should be combined with its own scale, the nature of the business and so on. Strengthen independence of internal audit and quality of internal audit staff. The establishment of internal audit institution has various forms, such as an audit supervision department which belongs to the board of directors so that the independence of this internal audit is greatly increased. Companies should be strict with their internal auditors, enhance staffs’ professional abilities and strengthen risk awareness, which can reduce business risks. 3) Let staff understand and participate in the construction of internal control and internal audit. The constructions of internal control and internal audit can’t be successful if just rely on managers, which should all employees are involved in. A firm is supposed to take internal control and internal audit as a kind of enterprise culture to promote, so that staffs understand and conscientiously to fulfill the responsibilities, and creates an atmosphere of “everyone involves, everyone supervises”. 4) Combine internal control and internal audit. In an enterprise, internal control and internal audit should have the same status and there is no distinction between the higher and lower. A company ought to pay an equal attention to the construction and improvement of internal control and internal audit. The relationship between internal control and internal audit has a direct effect on the effectiveness of the institution. The way that combines internal control with internal audit can urge their fusion and decrease the mutual inhibition, therefore supplement each other and give full play to the utility of “1 + 1 > 2”.
Deficiencies of this paper is that simply from the change in the internal control and internal audit system and corresponding implementation effect to judge the enterprises in the two relations, so the conclusion is lack of data support. The future direction of the research: 1) Scholars can be to interview CIMC relevant personnel, further use the obtained information to test the relationship of internal control and internal audit. 2) Scholars can use a lot of empirical data to test the change in the relationship between internal audit and internal control of the listed company, and the influence of a different relationship to the enterprise development.