Table of contents
1 Exam papers 2021 ................................................................................................................................. 3
1 Lecture week 1 ...................................................................................................................................... 4
1.1 Part 1 - Introduction ...................................................................................................................... 4
1.2 Part 2 – Lecture W1 ....................................................................................................................... 4
1.3 Paper Lecture W1: B. Flyvbjerg - Five Misunderstandings About Case-Study Research............... 9
2 Seminar week 1 ................................................................................................................................... 12
2.1 Paper 1: Bryan (2008) - Core methods in the Research Papers: The Nature of qualitative
methods (background reading) ............................................................................................................... 12
2.2 Paper 2 - Spira and Page (2003): Risk management – The reinvention of internal control and
the changing role of internal audit .......................................................................................................... 14
3 Lecture week 2 .................................................................................................................................... 18
3.1 Lecture W2 – Part 1 information ................................................................................................. 18
3.2 Lecture W2 – Part 2 information ................................................................................................. 21
3.3 Q1: EXAM: Lecture Paper W2: Gabionetta et al. (2013) – The influence of the institutional
context on corporate illegality ................................................................................................................ 25
4 Seminar week 2 ................................................................................................................................... 29
4.2 Q1: EXAM: Paper 1: Gendron & Spira (2009) – What went wrong? The downfall of Arthur
Andersen and the construction of controllability boundaries surrounding financial auditing. .............. 29
4.3 Paper 2: Neu et al. (2018) – Internal Auditing and Corruption within Government: Th case of
the Canadian sponsorship program* ...................................................................................................... 34
5 Lecture week 3 .................................................................................................................................... 41
5.1 Part 1 – Focus .............................................................................................................................. 41
5.2 Part 2 – The Six Mistakes Executives Make in Risk Management ............................................... 49
5.3 Lecture paper W3: Micheal Power (2009) – The Risk Management of Nothing........................ 52
6 Seminar week 3 ................................................................................................................................... 57
6.2 Paper 1 - Arena, Arnaboldi & Azzone (2010) - The organizational dynamics of Enterprise Risk
Management. .......................................................................................................................................... 57
6.3 Q2: EXAM: Paper 2 - Hayne and Free (2014) – Hybridized professional groups and institutional
work: COSO and the rise of enterprise risk management....................................................................... 64
7 Lecture week 4 .................................................................................................................................... 71
7.1 Part 1 - Focus ............................................................................................................................... 71
7.2 Q2: EXAM: Lecture paper W4 – Climate risk reporting: O’Dwyer & Unerman (2020) - shifting
the focus of sustainability accounting from impacts to risks and dependencies: researching the
transformative protentional of TCFD reporting ...................................................................................... 76
8 Seminar week 4 ................................................................................................................................... 81
1
, 8.2 Paper 1 - Caldarelli et al. (2016) – Managing risk in credit cooperative banks: lessons from a
case study ................................................................................................................................................ 81
8.3 Q2: EXAM: Paper 2 - Humphrey et al. (2017) - Re-theorizing the configuration of organizational
fields: the IIRC and the pursuit of ‘Enlightened’ corporate reporting..................................................... 86
9 Lecture week 5 .................................................................................................................................... 94
9.1 The nature of responsible investment ........................................................................................ 94
9.2 Q3: EXAM: Lecture paper W5: Clune and O’Dwyer (2020) - Organizing dissonance through
institutional work: the embedding of social and environmental accountability in an investment field 99
10 Seminar week 5 ............................................................................................................................. 105
10.2 Q3: EXAM: Paper 1 - Diouf and Boiral (2017) – The quality of sustainability reports and
impression management: a stakeholder perspective ........................................................................... 105
10.3 Q3: EXAM: Paper 2 - Kreander and McPhail (2019) – State investment and human rights? The
case of the Norwegian Government Pension Fund Global ................................................................... 110
11 Lecture week 6 .............................................................................................................................. 117
11.1 Holding the accounting profession to account - The UK context.............................................. 117
11.2 Holding the accounting profession to account – The US context ............................................. 118
11.3 Holding the accounting profession to account – The Dutch context ........................................ 119
11.4 Q4: EXAM: Lecture paper W6: Canning & O’Dwyer (2016) – Institutional work and regulatory
change in the accounting profession .................................................................................................... 121
12 Seminar week 6 ............................................................................................................................. 126
12.1 Paper 1 - Hazgui & Gendron, Y. (2015) – Blurred roles and elusive boundaries: On
contemporary forms of oversight surrounding professional work ....................................................... 126
12.2 Q4: EXAM: Westermann et al. (2019) – PCAOB Inspections: Public Accounting Firms on “Trial”
130
2
,1 Exam papers 2021
QUESTION 1: Accountability, internal control and fraud
Gabbioneta, C., Greenwood, R., Mazzola, P. and Minoja, M. (2013). The influence of the
institutional context on corporate illegality, Accounting, Organizations and Society, 38(6–7),
484-504.
Gendron, Y., and Spira, L.F. (2009). What went wrong? The downfall of Arthur Andersen
and the construction of controllability boundaries surrounding financial auditing.
Contemporary Accounting Research, 26(4), 987-1027.
QUESTION 2: Accountability for Sustainable Business 1: Expansions in risk management
practice and disclosure
Hayne, C., and Free, C. (2014). Hybridized professional groups and institutional work: COSO
and the rise of Enterprise Risk Management. Accounting, Organizations and Society, 39(5), 309-
330.
Humphrey, C., O’Dwyer, B., and Unerman, J. (2017). Re-theorizing the configuration of
organizational fields: the IIRC and the pursuit of ‘Enlightened’ corporate reporting. Accounting
and Business Research, 47(1), 30-63.
O’Dwyer. B. and Unerman, J. (2020). Shifting sustainability accounting’s focus from impacts to
risks and dependencies: Researching the transformative potential of TCFD reporting. Accounting,
Auditing & Accountability, 33(5), 1113-1141.
QUESTION 3: Accountability for Sustainable Business 2: The rise of responsible
investment and its implications for organizational accountability
Clune, C. and O’Dwyer, B. (2020). Organizing dissonance through institutional work: the
embedding of social and environmental accountability in an investment field. Accounting,
Organizations and Society. 85.
Diouf, D. and Boiral, O. (2017). The quality of sustainability reports and impression
management: A stakeholder perspective. Accounting, Auditing & Accountability Journal, 30(3),
643-667.
Kreander, N. and McPhail, K. (2019). State investments and human rights? The case of the
Norwegian Government Pension Fund Global, Accounting, Auditing & Accountability Journal,
32(6), 1742-1770.
QUESTION 4: Accountability of the accounting profession
Canning, M. and O’Dwyer, B. (2016). Institutional work and the regulation of the accounting
profession, Accounting, Organizations and Society, 54, 1-21.
Westermann, K., Cohen, J., and Trompeter, G. (2019). PCAOB Inspections: Public Accounting
Firms on “Trial”. Contemporary Accounting Research, 36(2), 694-731.
3
,1 Lecture week 1
1.1 Part 1 - Introduction
Core objectives of the course:
- Develop knowledge of academic research and related practice in accountability and risk
management.
- Develop knowledge of social and organizational theory in accountability and risk management
- Develop the ability to read and critique qualitative academic accounting research
1.2 Part 2 – Lecture W1
1. Accountability and corporate governance
2. Risk management and corporate governance
3. The nature of accountability
4. The nature of risk management
5. The evolution of risk management
1.2.1 The boundaries of corporate governance (Cadbury, 1999)
Corporate governance is an umbrella term – It’s a very broad term
- It includes specific issues arising from interactions of individuals, among senior management,
shareholders, boards of directors, and other corporate stakeholders.
‘Cadbury says that: Cooperate governance is concerned with holding the balance between economic and
social goals and between individual and communal goals. The aim is to align as neatly as possible the
interests of individuals, corporations, and society.’
→ So it’s a very broad definition and it aligns with how we look legally at corporate governance
in the Netherlands. It is also about maximizing shareholder value.
1.2.2 The principles underlying corporate governance in NL
When we think about GC in a legal concept in the Netherlands. A company in this case is a long-term
alliance between the various parties involved in the company.
Stakeholders are the groups and individuals who, directly or indirectly, influence – or are influenced by –
the attainment of the company’s objectives (keep in mind for week 3). Influence by stakeholders AND
influence of stakeholders.
→ employees, shareholders and other lenders, suppliers, customers, the public sector, and civil
society.
The management board and the supervisory board have overall responsibility for weighing up these
interests (almost impossible). → They try to ensure the continuity of the enterprise, while the company
endeavors to create long-term shareholder value. The shareholder is the focus, but the long-term is in
there as well. Now, this is the very broad conceptualization of CG, but the conceptualization is
embedded in the law in the Netherlands and it’s the conceptualization that we take as an overarching
conceptualization when we delve into the issues in this course.
Keep in mind, it’s a long-term focus. It’s very much aligned with many developments occurring
internationally at this moment.
4
,1.2.3 Accountability and corporate governance
Financial scandals have driven evolutions in corporate governance, such as codes, principles, etc.
There are many codes and principles around how you want organizations to account. They are reactive
scandals for example, the SOX is a reaction to the Arthur Andersen/ Enron scandal.
The key focus is on:
- improving transparency, internal control, and;
- accountability for stakeholder groups – Important group, so it can be a very broad concept.
Corporate (organizational) governance is therefore partly aimed at improving corporate (organizational)
accountability. Governance seems to improve accountability. How to implement mechanisms to enable
governance to improve accountability? One mechanism is surrounding risk management.
1.2.4 Risk management and corporate governance
Remember, the purpose of corporate governance is → To facilitate effective, entrepreneurial, and
prudent management that can deliver the long-term success of the company
The board of directors (management board) are, inter alia, responsible for:
- determining the nature and extent of the significant risks they are willing to take in achieving its
strategic objectives, and they also regulate → you need to take risks to make returns, but they
have to be careful of the nature of the risks they take;
- the maintenance of sound risk management and internal control systems (controls to check on
what’s going on in the organization)
In other words, risk management is a core component of corporate governance. A broad conception of
CG partly aims that improve accountability and to improve that accountability governance needs to
include risk management.
Risk management is a response to financial scandals that continually emphasize the role of risk
management in corporate governance. (you need better risk management, you didn’t manage the risks
properly)
Corporate governance failures partly blamed on:
1. Failures in risk management systems - no proper system in place
2. Lack of information about risk exposures reaching boards – no information where you exposed
the risk.
3. Lack of broad monitoring of risk management – Broad ideas about where you are going with risk
4. Lack of disclosure of risks and their management - Don’t disclosure the risks (risk reporting),
crucial issue week 3.
5. Lack of embedding of risk management in strategic decision making – no management of risks
in your decision making and no reporting of that.
1.2.5 Nature of accountability
Accountability and corporate governance
Accountability: fluid concept at the heart of corporate (organizational) governance – People use
accountability in different ways at different times (fluid, it varies a lot).
- The giving and demanding of reasons for conduct. You give an account but also you receive an account.
- Identifying what one is responsible for and then providing information about that responsibility to
those (stakeholders) who have rights to that information (broad definition of accountability).
5
,In CG: Roberts state that “[A]t the heart of accountability is a social acknowledgment and insistence that
one’s actions make a difference both to self and others” (Roberts 1991, p.365) - how u perform in a role
is going to make a difference to you and others, you acknowledge this and u set up an accountability
relation between two entities or individuals.
Two dimensions of accountability:
- Being held to account Holding to account
Looking at the dimensions of accountability, ask the following questions:
Why? Motivation/Drivers Why is accountability required? What’s driving it? (e.g., why do I require
Shell to report on their climate risks?)
To whom? Forms of accountability Who is the accountability oath to? shareholders, creditors,
etc) Forms of accountability.
For what/How? Mechanisms/Initiative What do you do, how do you produce accountability?
Financial reporting/ risk reporting/ sustainability reporting.
Hierarchical Accountability
- Short term functional orientation
- Resource use, immediate quantifiable impacts
- External focus – oversight and control
- Priorities upward, short-term accountability to powerful patrons like shareholders
Holistic accountability
- Augments hierarchical accountability
- Accountability for broader, sustainable impacts
- Embraces accountability to broad sets of stakeholders
- Accountability demands are broadening – see Weeks 4 and 5
1.2.6 Nature of risk management
Risk management (1)
Encompasses the identification of risk factors that form part of the life of a business (this is very
important in risk management). We all live in risk environments; everyone is taking risks. Analyzing those
risk factors is very important as well form part of the life of a business, and also the response to risk
factors that form part of the life of a business (where are risks occurring, what’s the risk of me taking this
accounting treatment vs the other one).
Effective risk management Attempts to control, as much as possible, future outcomes that come in the
future by acting proactively rather than reactively. You can’t look in the future, but you can try as much
as possible to prevent/control the risks. You try to reduce both the possibility of a risk occurring and its
potential impact.
6
,Risk management (2)
A process that allows individual risk events and overall risk to be understood and managed proactively.
Individual risks can build up, overall risk assessments are taken together, and you look at the major risks
in the company.
You want to optimize success by minimizing threats and maximizing opportunities and outcomes. Taking
risks can have positive and negative effects (how organizations make superior returns by taking risk
positive)
- This definition avoids a mitigation mindset by embracing opportunities. It is not about fear and
negativity, also about embracing them.
Risks to be managed?
1 – Preventable risks
They are risks that are internal to the organizations (I can control them)
- Are controllable and ought to be eliminated or avoided
Examples:
- the risks from breakdowns in routine operational processes
- the risks from employees’ and managers’ unauthorized, illegal, unethical, incorrect, or
inappropriate actions ( you can have an internal control system that prevents such actions)
Adopt compliance, rules-based approach to risk management. Use of thick box to check if you covered
everything (e.g. if you go to the hospital and you meet a surgeon, he will ask you all sort of things to
exclude diseases).
2 – Strategy Risks
Not inherently undesirable you like these risks. A company voluntarily accepts some risk to generate
superior returns from its strategy
- banks take on credit risk – Might not receive money from customers
- companies engage in R&D – Might not lead to profit in the future
Strategy risks cannot be managed with compliance, rules-based controls.
Adopt a risk-management system tries to work out how much risk you are willing to take (risk
appetite).
- Designed to reduce the probability that the assumed risks actually materialize
- Improve the company’s ability to manage or contain the risk events should they occur. If
something goes wrong, what are the fallback options? What have I got in place in my system to
ensure that I can manage this very actively and prevent the worst-case scenario?
- Risk review boards (independent experts); risk management groups (facilitators); embedded
experts
3 – External Risks
These risks arise from events outside the company beyond its influence or control
- Natural and political disasters (tsunami at the location where I have got a major supply chain
factory)
- Major macroeconomic shifts
- Climate change
- Pandemics
We cannot prevent such events from occurring => Managing the uncontrollable. It is also problematic to
predict those events.
7
,Hence, risk management must focus on the identification
(they tend to be obvious in hindsight) and mitigation of
the impact of external risks. With this, companies could
use stress testing, scenario analysis, wargaming (so, if
that happened what is the impact of it financially/
operationally/ strategically?). What do we do when a
certain event occurs?
1. normal controls
2. essential for achieving corporate goals
3. can’t control them but you can prepare for them and
look at the impact.
To summarize We are looking at CG from a very broad perspective, a long-term stakeholder view.
Accountability for impacts and performance is a core component of CG but the accountability tends to
be quite broad given the conception of CG that we will be adopting in this course. In the contexts of
trying to be accountable and holding organizations to account, risk management is becoming a central
feature of the processes through which organizations are being held to account
1.2.7 Evolution of Risk Management – The Silo Approach
Evolution of risk Management – Limitations of the Silo Approach
The following table shows “Silo approach” or “Stove-
Pipe” Risk Management often used in practice
whereby risk would be examined separately in separate
areas of an organization like in sales or production or
customer service, finance, etc. That’s problematic,
because for example with legal& compliance and
strategic planning you’ve got a risk of emerging
regulations in international markets which are going to
influence strategic planning. In other examples below,
you have got to completely communicate between those
divisions. The idea of risks and risk management
according to silos is now highly dated and that’s why we
have had the evolution of enterprise risk management systems (ERM).
Eliminating silos: embracing Enterprise Risk Management (ERM)
These ERM systems try and, in some way, create an interconnection between
a process of risk management with all parts of an organization. Risk culture is
focused on to what extend risks are important inside the company. How do
employees look at risks and how do they manage their risks and how do they
mitigate the risks? How important is it in the organization? How are the
‘individual’ risks correlated with each other?
Enterprise Risk Management – embedded in business frameworks
Heineken’s systems of risk management and internal control. It is Based on the COSO Enterprise Risk
Management and Internal Control Reference model (see Weeks 2 and 3). ItForms a fundamental part of
the Heineken Business Framework.
8
,1.3 Paper Lecture W1: B. Flyvbjerg - Five Misunderstandings About Case-Study
Research
1. The nature of case study research – Different forms in different papers we read.
2. Five misunderstandings about case study research
1.3.1 Case Studies
The academic papers we study are case studies. Case studies focus on:
- bounded and particular organizations, events or phenomena, (something in a specific context, it
might be a process or the formation of an organization, or how an accounting profession has
shifted due to changes in regulation, etc.), and
- scrutinize the activities and experiences of those involved, their perceptions and experiences
that count.
- as well; the context in which these activities and experiences occur is really important.
Characteristics of Case Studies
Case study research starts from the same compelling feature:
The desire to derive a(n) (up-)close or otherwise in-depth understanding of a single or small
number of “cases”, set in their real-world contexts
That closeness aims to produce a deep understanding:
- An insightful appreciation of the “case(s)”
- Resulting in new learning about real-world behavior and its meaning
It is important to focus on the meaning rather than a pure focus on the results of the papers discussed in
the course.
Methods of Case Study Research
Involvement of the researcher in case studies:
- Outsider, visitor, facilitator of the risk management process, participant, actor (researchers are
actively involved in case studies)
Forms of evidence
- Questionnaires, interviews, observing actions and meetings, outcomes of actions,
correspondence (email), documents
Modes of analysis
- Single case –> one organization and how it implements risk management
- Comparative cases three different organizations and will look at risk management and how it
is implemented in those organizations and compare it.
- Longitudinal cases look at the process to which risk reporting is developed in the Netherlands
or other processes, process through which response for investment are studied in relation with
risks.
Case study Categories
Discovery studies
- With these studies, you have little prior theory that exists, the basis for starting with theory
development. Don’t really know what you are trying to do with theory, so you try to discover
what happened. And maybe you will develop some process or theory from your data,
questionnaire, surveys, interviews.
9
, Theory refinement studies
- Applying existing theory to cases
• We take the theory and move on to the illustration: take an existing theory and show
that it helps in understanding what is going on
- Finally, specification: take an existing theory and adjust it/ develop it based on the case results
Theory refutation studies
- Show through a case study that a theory is flawed – refute the theory (Not in our cases)
1.3.2 Five misunderstandings about case study research - Flyvbjerg (2006) paper
What’s in the slide is all we need to know about the paper, the 5 misunderstandings are the most important.
Misunderstanding 1
General (context-independent) knowledge is more valuable than concrete, practical (context-dependent)
knowledge. Some of the case studies are about getting about knowledge on the ground (context-based)
there is a misunderstanding that more general knowledge is more valuable (Flyvberg claims this).
Flyvbjerg’s (2006) revision:
- Predictive theories and universals cannot be found in the study of human affairs ‘noisy, fallible
and biased knowledge prevails’
- Concrete, context-dependent knowledge is, therefore, more valuable than the vain search for
predictive theories and universals - ‘nuanced views of reality’
Misunderstanding 2
One cannot generalize on the basis of an individual case; therefore, the case study cannot contribute to
scientific development using individual case studies. However, this is a misunderstanding in accordance
with Flyvbjerg.
Flyvbjerg’s (2006) revision:
One can often generalize on the basis of a single case
- as ‘Black Swans’ – falsification There was a case where they assumed that all swans in the
world are white, a black swan was discovered and the whole theory/ hypothesis blown out. All
swans are not white. Falsify a generally held belief with one case.
- Physics of Newton; Galileo challenging Aristotle’s law of gravity. Again, one case, one experiment
the feather and the piece of metal (weight doesn’t count).
- ‘most discoveries have arisen from intense observations’
The case study may be central to scientific development via generalization as a supplement or
alternative to other methods it can be used to help us provide more nuance, but formal
generalization is overvalued as a source of scientific development. Because he says:
- Science’ is about gaining and accumulating knowledge – formal generalization is only one way
- “the force of example” is underestimated, it can undermine previously held believes. He does
not say you can do it always, it’s just sometimes.
10
