Internal Control Analysis
Inhoudsopgave
Internal Control Analysis...................................................................1
Blok A – Theoretische kaders voor Internal Control & interne risicobeheersing...........................3
Week A1 – Het vak en het vakgebied.....................................................................................3
COSO, COSO ERM, Three Lines of Defence.......................................................................6
Tekathen & Dechow (2013) – ERM: a German Case.........................................................9
Spira & Page (2003) – The reinvention of IC...................................................................10
Week A2– Accountability over interne risicobeheersing aan de hand van de Corporate
Governance Code 2025 & De Verklaring over de Risicobeheersing...............................12
Hardy, Maguire, Power & Tsoukas (2020) – Organizing Risk: Organization and
Management Theory for the Risk Society.................................................................16
Week A3 – DSM opdracht......................................................................................................17
Week A4 – Strategie & Internal Control (strategie, alignment, risico’s en control)..............17
Miles & Snow (2003) – Organizational Strategy, Structure and Process.........................24
Treacy & Wiersema (1995) – Customer intimacy and other value disciplines................25
Porter – Vijfkrachtenmodel..............................................................................................27
Mitzberg & Lampel (19919) - Strategische scholen: Wegen in strategievorming..........29
Simons (1994) – How New Top Managers Use Control Systems – Levers of Control......34
Maes, R. (2003) – Strategic Alignment – Amsterdamse negenvlaksmodel.....................36
L. Spoor (2004) – Periodieke bestuurlijke informatie: de methode Interne Berichtgeving
..................................................................................................................................37
Blok B – Inrichting en analyse van systemen van interne risicobeheersing...............................38
Week B6 – Bouwstenen van interne risicobeheersing..........................................................38
Merchant & vd Stede – Inrichten van een besturingssysteem van een organisatie.......40
Week B7&B8 – Het beheersen van processen......................................................................46
Blok C – Verantwoording en evaluatie over systemen van interne risicobeheersing.................54
Week C10 – Fraude en corruptierisico’s................................................................................54
Andere soorten fraude....................................................................................................54
Fraude & corruptie in de CG-code en de VOR.................................................................54
Bonrath & Eulerich (2024) – Internal auditing’s role in preventing and detecting fraud:
An empirical analysis................................................................................................56
Murphy & Dacin (2011). Psychological Pathways to Fraud.............................................58
1
,Gerged & Ghazwani (2025). Corporate anti-corruption disclosure and corporate
sustainability performance in the United Kingdom: Does sustainability governance
matter?.....................................................................................................................59
2
, Previtali, P., & Cerchiello, P. (2023). Corporate governance and anti-corruption
disclosure..................................................................................................................61
Power (2013). The Apparatus of Fraud Risk....................................................................62
Trompeter et al. I (2013) – Synthese van Fraud-Related Research................................63
Trompeter et al. II (2014) – Wat We Leren uit Andere Disciplines..................................63
Model van Dorminey et al.- Meta Model of Fraud & White Collar Crime.........................64
Romney & Steinbart – Time-based model of information security.................................64
Week C11 – Shell opdracht...................................................................................................65
Week C12 – Toepassen van AI bij risico-analyse en -evaluatie.............................................65
DNA van een accountant................................................................................................65
Week C13 – Gastcollege Eneco – Toepassing IAF.................................................................67
Corporate Governance Code 2025 / VoR........................................................................67
Verschillen tussen Interne en Externe Audit...................................................................68
3
, Blok A – Theoretische kaders voor Internal Control & interne
risicobeheersing
Week A1 – Het vak en het vakgebied
Inhoud blok A
- Strategic control
- Strategic alignment
- Strategie en bijbehorende informatiebehoeften
o Doorvertaling van missie, visie, doelen van de organisatie en de wijze waarin de
organisatie dit wil bereiken middels concrete doelstellingen en een strategie in enge
zin
Risk society and the fear for fraud?
- Reporting risk
- Operations risk
- Compliance risk
- Strategic performance risk
- Other risk?
o External risks
Vak in 1 slide samengevat
- Risicomanagement door bedrijven (waar de accountant iets van moet vinden)
- Dat is zo ontstaan na de zogenaamde internal control explosion rond de eeuwwisseling
- Het vak gaat over risicomanagement door bedrijven (waar de accountant iets van moet
vinden)
- Dat is zo ontstaan na de zogenaamde internal control explosion rond de eeuwwisseling
- En dat is nooit meer weg gegaan, zelfs verstevigd
- Zie ontwikkelingen rondom rapportageverplichtingen m.b.t. ESG en de Verklaring omtrent
de
- Risicobeheersing (waar de accountant iets van moet vinden)
- En als je als accountant ergens iets van moet vinden heb je een norm cq standaard nodig
- En de standaard is COSO of daaraan gerelateerd of van afgeleid:
o Internal Control Integrated Framework
o Enterprise Risk Management
o Fraud Risk Management
o ESG
o Corporate Governance
The assumption that reveals everything
Internal control has its principal aim in the management of risks. We can assume that a company
has effective internal controls if it has a rigorous risk management system.
Development of the scope of Internal Control
The trend away from a narrow internal control scope with a high level of reporting requirements
towards a broader scope with less stringent reporting is illustrated in Figure 1.
The redefinition of internal control as risk management
emphasizes links to strategy formulation and
characterizes internal control as a support for
4
Inhoudsopgave
Internal Control Analysis...................................................................1
Blok A – Theoretische kaders voor Internal Control & interne risicobeheersing...........................3
Week A1 – Het vak en het vakgebied.....................................................................................3
COSO, COSO ERM, Three Lines of Defence.......................................................................6
Tekathen & Dechow (2013) – ERM: a German Case.........................................................9
Spira & Page (2003) – The reinvention of IC...................................................................10
Week A2– Accountability over interne risicobeheersing aan de hand van de Corporate
Governance Code 2025 & De Verklaring over de Risicobeheersing...............................12
Hardy, Maguire, Power & Tsoukas (2020) – Organizing Risk: Organization and
Management Theory for the Risk Society.................................................................16
Week A3 – DSM opdracht......................................................................................................17
Week A4 – Strategie & Internal Control (strategie, alignment, risico’s en control)..............17
Miles & Snow (2003) – Organizational Strategy, Structure and Process.........................24
Treacy & Wiersema (1995) – Customer intimacy and other value disciplines................25
Porter – Vijfkrachtenmodel..............................................................................................27
Mitzberg & Lampel (19919) - Strategische scholen: Wegen in strategievorming..........29
Simons (1994) – How New Top Managers Use Control Systems – Levers of Control......34
Maes, R. (2003) – Strategic Alignment – Amsterdamse negenvlaksmodel.....................36
L. Spoor (2004) – Periodieke bestuurlijke informatie: de methode Interne Berichtgeving
..................................................................................................................................37
Blok B – Inrichting en analyse van systemen van interne risicobeheersing...............................38
Week B6 – Bouwstenen van interne risicobeheersing..........................................................38
Merchant & vd Stede – Inrichten van een besturingssysteem van een organisatie.......40
Week B7&B8 – Het beheersen van processen......................................................................46
Blok C – Verantwoording en evaluatie over systemen van interne risicobeheersing.................54
Week C10 – Fraude en corruptierisico’s................................................................................54
Andere soorten fraude....................................................................................................54
Fraude & corruptie in de CG-code en de VOR.................................................................54
Bonrath & Eulerich (2024) – Internal auditing’s role in preventing and detecting fraud:
An empirical analysis................................................................................................56
Murphy & Dacin (2011). Psychological Pathways to Fraud.............................................58
1
,Gerged & Ghazwani (2025). Corporate anti-corruption disclosure and corporate
sustainability performance in the United Kingdom: Does sustainability governance
matter?.....................................................................................................................59
2
, Previtali, P., & Cerchiello, P. (2023). Corporate governance and anti-corruption
disclosure..................................................................................................................61
Power (2013). The Apparatus of Fraud Risk....................................................................62
Trompeter et al. I (2013) – Synthese van Fraud-Related Research................................63
Trompeter et al. II (2014) – Wat We Leren uit Andere Disciplines..................................63
Model van Dorminey et al.- Meta Model of Fraud & White Collar Crime.........................64
Romney & Steinbart – Time-based model of information security.................................64
Week C11 – Shell opdracht...................................................................................................65
Week C12 – Toepassen van AI bij risico-analyse en -evaluatie.............................................65
DNA van een accountant................................................................................................65
Week C13 – Gastcollege Eneco – Toepassing IAF.................................................................67
Corporate Governance Code 2025 / VoR........................................................................67
Verschillen tussen Interne en Externe Audit...................................................................68
3
, Blok A – Theoretische kaders voor Internal Control & interne
risicobeheersing
Week A1 – Het vak en het vakgebied
Inhoud blok A
- Strategic control
- Strategic alignment
- Strategie en bijbehorende informatiebehoeften
o Doorvertaling van missie, visie, doelen van de organisatie en de wijze waarin de
organisatie dit wil bereiken middels concrete doelstellingen en een strategie in enge
zin
Risk society and the fear for fraud?
- Reporting risk
- Operations risk
- Compliance risk
- Strategic performance risk
- Other risk?
o External risks
Vak in 1 slide samengevat
- Risicomanagement door bedrijven (waar de accountant iets van moet vinden)
- Dat is zo ontstaan na de zogenaamde internal control explosion rond de eeuwwisseling
- Het vak gaat over risicomanagement door bedrijven (waar de accountant iets van moet
vinden)
- Dat is zo ontstaan na de zogenaamde internal control explosion rond de eeuwwisseling
- En dat is nooit meer weg gegaan, zelfs verstevigd
- Zie ontwikkelingen rondom rapportageverplichtingen m.b.t. ESG en de Verklaring omtrent
de
- Risicobeheersing (waar de accountant iets van moet vinden)
- En als je als accountant ergens iets van moet vinden heb je een norm cq standaard nodig
- En de standaard is COSO of daaraan gerelateerd of van afgeleid:
o Internal Control Integrated Framework
o Enterprise Risk Management
o Fraud Risk Management
o ESG
o Corporate Governance
The assumption that reveals everything
Internal control has its principal aim in the management of risks. We can assume that a company
has effective internal controls if it has a rigorous risk management system.
Development of the scope of Internal Control
The trend away from a narrow internal control scope with a high level of reporting requirements
towards a broader scope with less stringent reporting is illustrated in Figure 1.
The redefinition of internal control as risk management
emphasizes links to strategy formulation and
characterizes internal control as a support for
4
