The College of Administration and Economics at the University of Baghdad discussed, a PhD dissertation in field of Accounting by the student (Raed Fadel Hamad ) and tagged with (A proposed model for designing an internal control system based on unit size, information technology, and its impact on the effectiveness of risk detection in private banks in Iraq ) , Under supervision of (Assist. Prof. Dr.Salman Hussein Abdullah )
The study aimed to determine the extent to which the design of the internal control system, based on the dimensions of size and information technology, affects the effectiveness of risk detection, represented by suitability, strength, timing, and coverage, for private banks, as a proposed model to be presented to the banks’ boards of directors and risk management to enable them to detect and address risks. To achieve the research objective, the researcher relied on two stages. The first stage is to build the model designed according to the size dimension, represented by the number of customers, type of services, number of branches, international transactions, and net asset value, and the information technology dimension, represented by physical devices, software, protection programs, and networks, in building the designed model that relied on the concept of internal control according to risk management, represented by the updated COSO-ERM 2017, which divides internal control into five axes distributed over twenty principles that determine risks by determining the degree of trust (reliance on internal control and the degree of distrust through which risks are determined (according to what exists and according to the methodology (Wielstra 2014) and according to size (large, medium, small) and according to technology (high, moderate, simple) to determine the risks of the research sample, as inputs to the model. As for the model’s operations, he relied on the risk management model according to the design (the idea is that there is more than one option in dealing with the specified risks, not one option) and according to the model (Leitch 2016). As for the designed procedures, the researcher relied on the best models designed for internal control and according to the tools used by (IFC 2021) to be in line with the special circumstances of the research sample banks to be what is existing and according to the methodology (Wielstra 2014) which numbered )3) banks, which are the Bank of Baghdad. The Gulf Bank and Sumer Bank represent the dimensions of the model in terms of size and technology. The second stage concerns the effectiveness of internal control. The researcher relied on indicators of the effectiveness of achieving objectives in a reasonable manner, based on size and information technology, and on indicators of the effectiveness of the internal control system design. The researcher relied on the component related to the effectiveness of internal control design, according to the comprehensive model (Pendiente 2014) (CAM) to measure the effectiveness of internal control. This was done within the concept of risk management in detecting risks, and according to the situation whose risks are to be identified, and which are specific to private banks (i.e., a dynamic model). This was done to determine the activities designed to suit achieving management’s objectives in effectively resolving risks, based on the existing risks and what should be in their design and measuring their effectiveness. The researcher reached a set of conclusions, the most important of which is that there are features of the design of internal control systems, but not in a uniform manner, which makes it difficult for the Central Bank to control banks, exposing them to penalties for non-compliance, especially in light of changing technologies and the size of the economic unit in the banks in the research sample listed on the Iraq Stock Exchange. These banks also vary in The levels of adoption of unified regulatory systems lead to a gap in diversity, including the fabrication of internal audit reports based on reality and ambition. Based on the researcher’s conclusions, the need for newly designed regulatory systems to keep pace with changes in scale and information technology may alleviate many problems and new risks. A dynamic model capable of accepting and resolving risks is also essential, as is the need for a dedicated department for designing regulatory systems that keeps pace with all technological and financial changes, working to issue reports appropriate for all parties.
