Class 1
BIV-AIS: Risk, Behaviour and Control
Session 1 – Introduction
1. Course Setup
Coaches, not teachers
Analogy to sports: we coach you in knowledge & skills.
You must combine and apply these in the exam and case study.
Interactive element: self-introductions.
2. Why Corporate Governance & Internal Control Matter
Increasing importance and complexity.
Both are aimed at ensuring organizations achieve their objectives through appropriate
controls.
3. Corporate Governance
Definition (The Chartered Governance Institute UK & Ireland):
Processes through which objectives are set & pursued within social, regulatory,
and market contexts.
Ensures trust from stakeholders.
Rules, practices, processes by which a company is directed & controlled.
Identifies power, accountability, and decision-making.
A “toolkit” for management & board to handle challenges effectively.
Ensures balanced interests: shareholders, employees, suppliers, customers,
community.
4. Internal Control
, Same objective as governance:
Help management achieve objectives through broad control measures.
Relation between Governance & Internal Control:
Example: Hitachi corporate structure.
Governance = strategic/tactical level → creates structures & direction.
Internal control = tactical/operational level → ensures effectiveness.
5. Why the Focus Now?
Failures & risks highlight the need for stronger governance and control:
ESG (Environmental, Social, Governance) issues
Privacy challenges
Corporate scandals: FTX, Wirecard
Leads to the need for complementary perspectives.
6. Different Views on Control Problems
Behavioral view
People, culture, and behavior in AIS.
Process view
Processes as central in AIS.
Data & systems view
Technology, systems, and information flows in AIS.
Each view → different solutions, often complementary.
7. Governance & Frameworks
Importance of Internal Control
Critical for organizational success and risk management.
Models & Frameworks
1. Three Lines Model (IIA)
Management: responsible for processes.
Governing body: supervision role.
, Independent advisory/assurance roles.
Class notes:
First line - production related controls, is production working as expected
Second line - related to the assessment if the first line operations and controls are
working as expected.
Third line - internal audit, continuously monitoring the whole process and reporting to
the governing body. They are not part of the production process.
2. WBCSD & IIA Adaptation
Applies equally to financial and sustainability objectives.
Key concepts: materiality, impact of environment ↔ company.
Sustainability objectives require same governance logic.
3. COSO Framework (Committee of Sponsoring Organizations of the Treadway
Commission)
Widely adopted model.
Emphasizes governance structures, objective setting, risk assessment, monitoring.
Flexible across domains.
8. Auditors’ Perspective on Internal Control
, ISA 315 → requires understanding internal control.
Knowledge of organization → informs risk analysis of financial statements.
One of the most important ISAs.
9. What is an Internal Control Problem?
A gap, weakness, or risk in achieving objectives.
Requires structured analysis & solution.
10. Exam & Class Guidance
Steps to tackle cases/exam problems:
1. Keep the organization’s objectives in mind.
If unclear → start a discussion.
2. Identify RISKS to those objectives.
3. Choose the appropriate model (each fits specific problems).
4. Explain the model briefly (not a literature exam).
5. Apply the model to the case.
Connect problem ↔ theoretical framework.
6. Make specific solutions.
Avoid vague “organization must do something about…”
Indicate what must be done and why.
7. Suggest related problems, follow-ups, or alternative models.
11. Learning Outcomes
Success: linking theory with practice, applying models effectively.
Failure: staying abstract, not connecting objectives ↔ threats ↔ controls.
Framework Comparison
1. Three Lines Model (IIA)
BIV-AIS: Risk, Behaviour and Control
Session 1 – Introduction
1. Course Setup
Coaches, not teachers
Analogy to sports: we coach you in knowledge & skills.
You must combine and apply these in the exam and case study.
Interactive element: self-introductions.
2. Why Corporate Governance & Internal Control Matter
Increasing importance and complexity.
Both are aimed at ensuring organizations achieve their objectives through appropriate
controls.
3. Corporate Governance
Definition (The Chartered Governance Institute UK & Ireland):
Processes through which objectives are set & pursued within social, regulatory,
and market contexts.
Ensures trust from stakeholders.
Rules, practices, processes by which a company is directed & controlled.
Identifies power, accountability, and decision-making.
A “toolkit” for management & board to handle challenges effectively.
Ensures balanced interests: shareholders, employees, suppliers, customers,
community.
4. Internal Control
, Same objective as governance:
Help management achieve objectives through broad control measures.
Relation between Governance & Internal Control:
Example: Hitachi corporate structure.
Governance = strategic/tactical level → creates structures & direction.
Internal control = tactical/operational level → ensures effectiveness.
5. Why the Focus Now?
Failures & risks highlight the need for stronger governance and control:
ESG (Environmental, Social, Governance) issues
Privacy challenges
Corporate scandals: FTX, Wirecard
Leads to the need for complementary perspectives.
6. Different Views on Control Problems
Behavioral view
People, culture, and behavior in AIS.
Process view
Processes as central in AIS.
Data & systems view
Technology, systems, and information flows in AIS.
Each view → different solutions, often complementary.
7. Governance & Frameworks
Importance of Internal Control
Critical for organizational success and risk management.
Models & Frameworks
1. Three Lines Model (IIA)
Management: responsible for processes.
Governing body: supervision role.
, Independent advisory/assurance roles.
Class notes:
First line - production related controls, is production working as expected
Second line - related to the assessment if the first line operations and controls are
working as expected.
Third line - internal audit, continuously monitoring the whole process and reporting to
the governing body. They are not part of the production process.
2. WBCSD & IIA Adaptation
Applies equally to financial and sustainability objectives.
Key concepts: materiality, impact of environment ↔ company.
Sustainability objectives require same governance logic.
3. COSO Framework (Committee of Sponsoring Organizations of the Treadway
Commission)
Widely adopted model.
Emphasizes governance structures, objective setting, risk assessment, monitoring.
Flexible across domains.
8. Auditors’ Perspective on Internal Control
, ISA 315 → requires understanding internal control.
Knowledge of organization → informs risk analysis of financial statements.
One of the most important ISAs.
9. What is an Internal Control Problem?
A gap, weakness, or risk in achieving objectives.
Requires structured analysis & solution.
10. Exam & Class Guidance
Steps to tackle cases/exam problems:
1. Keep the organization’s objectives in mind.
If unclear → start a discussion.
2. Identify RISKS to those objectives.
3. Choose the appropriate model (each fits specific problems).
4. Explain the model briefly (not a literature exam).
5. Apply the model to the case.
Connect problem ↔ theoretical framework.
6. Make specific solutions.
Avoid vague “organization must do something about…”
Indicate what must be done and why.
7. Suggest related problems, follow-ups, or alternative models.
11. Learning Outcomes
Success: linking theory with practice, applying models effectively.
Failure: staying abstract, not connecting objectives ↔ threats ↔ controls.
Framework Comparison
1. Three Lines Model (IIA)
