Document Type : Original Article

Authors

1 Assistant Professor, Department of Accounting, Isfahan Branch (Khorasgan), Islamic Azad University, Isfahan, Iran.

2 Department of Accounting, Isfahan Branch (Khorasgan), Islamic Azad University, Isfahan, Iran.

3 Professor, Department of Accounting, Isfahan Branch (Khorasgan), Islamic Azad University, Isfahan, Iran.

Abstract

This study aimed to develop an internal control model for the Iranian Social Security Organization with a risk management approach. This exploratory study is applied in terms of objective, and the statistical population comprised 340 employees in the financial department of the Iranian Social Security Organization. The data was collected using interviews and questionnaires, and the hypotheses were tested with inferential statistics and structural equation tests. The results showed that the internal control factors of the Iranian Social Security Organization include the income bank system, the legal obligations system, compensation, the financial bookkeeping system, the movable and immovable property system, the financial management system, and check issuance requirements. The results also showed that the factors affecting internal controls are among the factors influencing risk management. Considering the extent of branches, dimensions, various services including (retirement, disability) and the size and volume of financial operations, as well as the very high budget of the Social Security Organization (for example, in 1401, the budget of the Social Security Organization is 500 thousand billion Rials), there are many factors on the controls Empty and effective risk management. The most important factors affecting the Social Security Organization's internal controls' efficacy are the financial bookkeeping system, Payroll system, And Legal requirements for issuing checks.

Keywords

Introduction                                                                        

Nowadays, issues such as the new corporate management system, risk management, and internal control are so profoundly intertwined with organizational excellence and better operations that neglecting them will indeed mark the end of business success. Nowadays, the world faces many challenges arising from the knowledge-based economy, the staggering intensification of changes in various fields, rising customer expectations and competition in various aspects, the global economy's exacerbating vulnerability, and many other emerging phenomena. Business sustainability in such a turbulent environment certainly requires an effective management system, better risk management, the risk in achieving strategic goals and establishing adequate internal control for reasonable assurance of achieving said goals (Khodamipour et al., 2015). The growing size and complexity of enterprises in today's advanced world, the pressures arising from the shortage of resources, the intensifying competition, and the numerous internal or external financial and administrative business risks that threaten organizational objectives and policies have focused governance bodies on effective control of resources and activities as important issues. Internal controls can be essential a significant factor in optimal organizational management. Good internal controls while strengthening effective and efficient control systems is a clear and necessary issue, and its weakness could result in significant losses (Shirvani & Fathi, 2019).

Therefore, it is considered essential for every organization to establish an internal control system (Moeller, M. 2011). At the same time, identifying and managing risks in organizational planning is unavoidable for managers to make and monitor decisions. Organizations are under intense pressure to identify all the business risks they face (e.g., social, environmental, financial, and operational) and explain how to manage them reasonably. Therefore, organizational risk management has grown due to the recognition of its advantages over supervision-light approaches (Mahama et al., Z.2023). Meanwhile, internal controls help risk management in different ways. Given the critical role of risk management in businesses, including identifying potentially important events, responding adequately to existing risks, and creating reasonable assurance of achieving organizational goals, implementing risk management requires the proper foundation to ensure the achievement of set goals. This platform facilitates risk management (Bierstaker et al., 2022). Analyzing successful businesses' operational, legal, and financial reporting environments suggests that an extensive internal control network pervades all aspects of businesses. Despite differences, the proximity of internal control goals with risk management suggests that implementing risk management based on internal controls can guarantee successful management toward achieving the set objectives (Naderi et al., 2018).

In this regard, some researchers (Khulkhachieva et al., 2022) showed that the developed risk-based internal control model helps to identify organizational problems in risk management to ensure efficient and continuous operation. Hanh & Huy (2021) significantly correlated with corporate internal controls and risk management functions. Bakar et al. (2020) also showed that internal control components are vital to risk management. Moreover, Vakilifard et al. (2013) showed that potential weaknesses of internal control systems increase the systematic corporate risk index. Fenderski & Safarigharayeli's findings (2018) suggest that internal controls effectively reduce the risk of falling stock prices of companies. The literature regarding the factors affecting internal controls and their effect on risk management indicates that there have yet to be comprehensive studies. Therefore, to fill the research gap, this study aims to formulate an internal control model for risk management in the Social Security Organization of Iran. Given the lack of research in the Social Security Organization regarding important internal control factors and their effect on risk management, a model was designed to better introduce internal controls to the Social Security Organization for risk management. It was the result of the opinions of various experts and presents a comprehensive perspective regarding internal controls and the required mechanisms to ensure its efficacy for risk management in the Social Security Organization, allowing the target population to discover its needs and strive to succeed in this field. To this end, all the important factors in the Social Security Organization's risk management and internal controls were examined by reviewing the literature and extracting the measurement indicators of risk management and internal controls in the Social Security Organization. Then, interviews were held with experts to identify the causal factors and components of risk management and factors affecting internal controls in the Social Security Organization. Next, a qualitative questionnaire was designed to model structural equations, and the final model was implemented after collecting and analyzing data from experts to confirm the model.

There is a clear need for an internal control system in the organization (Belina et al., D. V. 2022). Proper design and implementation of the internal control system will improve the accuracy and efficiency of information systems and the organization's reporting quality to comply with the relevant rules. Therefore, it is crucial to design and implement internal controls for organizations properly. By designing and implementing a suitable internal control system, managers should ensure with reasonable certainty that the predicted goals are achieved, all activities are appropriately implemented, any financial violations, fraud, and misuse of resources and assets are prevented, and to ensure accountability for activities (Esmailikia & Soleimanizadeh, 2018). Moreover, sound internal control can lead to adopting the correct and risky management decisions, increasing the likelihood of failure. At the same time, the pressures of lacking resources, intensifying competition, and various risks in all areas threaten organizational objectives and policies internally and externally. All these factors have caused management to focus on numerous problems, making direct control and personal risk management practically impossible. The indirect control of organizational operations and the senior management's avoidance of all business activities have led management to consider establishing an effective internal control system as an integral part of the efficient management system to fulfill its stewardship duties (Zabihzadeh et al., 2020).

Since most of the Social Security Organization's activities are focused on finance, an internal control system is essential for financial monitoring and risk management. Hence, various models have been designed and introduced for internal controls with specific weaknesses and strengths. The most important reasons for poor internal control systems in the Social Security Organization are the system's traditional and outdated nature. The model proposed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) is the most important and well-known internal control system regarding comprehensiveness, effectiveness, and widespread adoption (Moeller, M. 2011). This study aimed to develop an internal control model for risk management in the Social Security Organization. Therefore, the main research question is, what is the optimal internal control model for risk management in the Social Security Organization? Identifying the factors affecting internal controls and their potential impact on risk management could be essential for the Social Security Organization since identifying these factors can stop the waste of resources and reduce violations of ethical and legal norms in administration, finance, and organizational risk management.

Thus, the following will present the theoretical background, including existing views on the risk management impact of internal controls, followed by the literature review to state the primary research objective. The following section will present the research methodology and findings; the last section will present the research conclusions and recommendations.

Literature Review

In recent years, internal controls have become increasingly important due to their essential role in improving financial reporting quality and financial statement reliability. Legislators and professional organizations have also started to pay attention to and evaluate internal controls. Based on the internal guidelines and monitoring of the publishers listed on the Tehran Stock Exchange and Farabourse, the board of directors must implement the appropriate and effective internal control system to achieve the goals and protect the organizations' assets. The provisions of this guideline require management to evaluate the organization's internal control system at a minimum interval of one year and submit an internal control report to investors and shareholders. Independent auditors should also report and comment on the adequacy and effectiveness of internal controls (Nikjo et al., 2021). Adequate organizational internal controls will mean managers will make better use of accounting and financial reports in decision-making and reasonably ensure the exact and regular implementation of financial and administrative procedures in the organization. An efficient internal control system makes accounting reports more credible (Arjomandnejad, 2016).

This idea for the internal control framework is based on control, meaning that any deficiency, inefficiency, and poor performance in achieving objectives is an integral component of the control system. However, environmental changes, including rapid technological and IT breakthroughs, have imposed an environment of competition on businesses and various operational and financial risks. To withstand various risks, businesses should establish effective risk management, and managing, controlling, and reducing risks requires an effective internal control system (Woods et al., 2008). Risk management is a dynamic and recurring process for identifying and analyzing risks toward achieving organizational goals. Generally, there may be a need to revise internal controls in the risk management department to investigate new risks or risks previously considered uncontrollable in appropriate ways. Moreover, in the new framework, inherent risk and fraud risk (manipulation) are more important in risk management, including risk identification, analysis, and response (Sarraf et al., 2015).

After a string of business scandals and failures, such as Enron in 2001 and WorldCom in 2002, there was a demand for more advanced risk management and corporate governance systems. To address the need for principles-based guidance to assist businesses in designing and implementing an enterprise-wide risk management approach, COSO published the report titled "Enterprise Risk Management—Integrated Framework (ERM)." This report was published in 2004 in association with Price Waterhouse Coopers. This developed framework considers internal control an integral part of enterprise risk management. This framework was developed based on internal control concepts and focused on enterprise risk management (COSO, 2004). Enterprise risk management is broader than internal control. In other words, organizational risk management explains internal control and directly focuses on risk. While internal control is integral to enterprise risk management, enterprise risk management is part of the governance process (Moeller, 2011).

Risk management works with a holistic approach to optimal performance control. Implementing a risk management system will improve organizational performance and its status in accordance with the growth of active industries and competitors (Hosseini et al., 2014). Risk management considers four management objectives: macro-level strategic goals, operational efficacy and efficiency, reporting reliability, and compliance with rules and regulations. Gelinas & Dull (2008) and Merna & Al-Thani (2008) believe the risk management process should be dynamic and regularly reviewed. Risk management is a way to mitigate any risks that could harm the organization as it tries to achieve its goals, and it enables the organization to manage common operating risks properly. In other words, risk management refers to risk assessment and implementing appropriate strategies. Risk management helps organizations to achieve their vision while avoiding risks and surprises in the process (Panter, 2012). Organizations are constantly seeking ways of dealing with operating uncertainties. Here, risk management has been introduced as an effective tool for managers. In fact, risk management is risk assessment and devising risk identification strategies. Risk identification and management is a novel approach to strengthening and improving organizational efficacy (Babaei & Vazir Zanjani, 2005). Meanwhile, management will be responsible for corporate risk management. Therefore, the management needs assistance in evaluating projects, monitoring services, and proposing solutions, and the internal control system could help managers address their needs (Staciokas & Rupsys, 2005).

Sutarto & Murtaqi (2022) sought to see whether risk management and internal control are correlated with goal achievement and the degree of correlation. The results showed that risk management and internal control have a moderate and robust correlation with goal achievement. Risk management and internal control also have a strong correlation with goal achievement.

Khulkhachieva et al. (2022) presented a risk-based internal control model to correctly identify the risk factors affecting an agricultural organization's output and financial results. The results showed that the developed risk-based internal control model helps to identify organizational problems in risk management to ensure the efficient and continuous operation of the agricultural organization.

Valinia et al. (2022) investigated the effect of poor internal controls on stock return fluctuations, realized profit management, and corporate risk. The results indicated that the weak internal control structure significantly impacts the stock return fluctuations of investigated companies. Additionally, companies with a poor internal control structure intervene further in actual activities (natural profit management) and face greater financial risk.

Hanh & Huy (2021) investigated the relationship between internal control, internal audit, and risk management in Vietnamese companies. The results showed that internal control helps to protect company assets, ensure information reliability, and improve organizational efficacy. The results also showed a positive correlation between internal audit and internal control with good governance. Furthermore, the results showed a significant correlation between corporate internal controls and risk management functions.

Ghafari Ghaziani et al. (2021) presented the internal control weakness model based on the accounting quality index control criteria. The results showed a significant correlation between the disclosure of risk components and the weakness of internal controls. However, there was no significant correlation between corporate governance structure (independence of the board of directors, institutional ownership) and the weakness of internal controls. There was also no significant correlation between operational risk and poor internal controls.

Mortazavi et al. (2021) identified the essential factors in establishing the internal control system in banks based on Iran's environmental characteristics. Out of the 119 indicators obtained as influential factors in establishing an internal control system in Iranian banks, the results showed that 113 indicators (the establishment of the control environment (26 indicators), the establishment of risk assessment (26 indicators), the establishment of control activities (27 indicators), the establishment of information and communication (21 indicators), and the monitoring activities (13 indicators) obtained the Delphi process consensus. The factor analysis showed that all 113 were significant.

Bakar et al. (2020) used the multiple linear regression model to test whether internal control components affect risk management and which internal control components are the main determinants of risk management. The results showed that internal control components, especially business structure, business philosophy, and allocation of power and responsibility, are vital components of risk management. This suggests that organizations should consider the role of internal controls in risk management.

Lisnawati & Apollo's study (2020) investigated the relationship between implementing internal control, regulations, and fraud with risk management. The research models somewhat support the hypotheses that a positive and statistically significant correlation exists between internal control, regulation, risk management, and fraud.

Thabit et al. (2019) investigated the effectiveness of internal controls on organizational risk management based on COSO recommendations. The results showed that by strengthening the role of the internal auditor and raising independence and objectivity, internal auditors are essential to improving organizational risk management and internal controls.

Fendereski and Safarigharayeli (2018) studied the correlation between internal control efficacy and the risk of falling stock prices. The research findings suggest that internal control effectively reduced the risk of falling company stock prices. While filling the research gap, these findings can be helpful in the decision-making of investors, capital market legislators, and audit market regulators.

Beyrami et al. (2018) concluded that internal control influences financial reporting and risk management indicators, which is particularly important. In addition, it can positively affect shareholder rights regarding corporate governance and improve shareholder satisfaction.

Vakilifard et al. (2012) investigated the correlation between weak internal controls and systematic risk. The results showed that potential weaknesses of internal control systems increase the systematic corporate risk indicator.

Research Methodology

This study aimed to provide an internal control model for risk management in the Social Security organization and presented a new model, making it an exploratory study. Exploratory research aims to identify unfamiliar phenomena and expand knowledge by theorization. Given its exploratory nature, qualitative methods such as observation and interview were used for data collection. Thus, this qualitative study identifies the primary risk management indicators in the Social Security Organization by examining the literature, and the qualitative stage will follow. In this case, the study will be qualitative-quantitative. The combined use of the qualitative and quantitative methods makes this a mixed-method study that characteristically uses the mixed exploratory design. The researcher selected the mixed-method research strategy (mixed method strategy and action research strategy) since, in this strategy, the researcher collects qualitative and quantitative information to explain, examine, and understand a phenomenon. Combining these two types of information provides a better understanding of the problem than merely focusing on one data type. The mixed methods strategy includes The explanatory mixed method design, the exploratory mixed method design, the embedded mixed method design, and the pluralistic mixed method design. The researcher employed the exploratory mixed method design and can also combine the qualitative exploratory data and the quantitative data.

The expansion of insurance and welfare coverage and social security increases life expectancy, improves the conditions and quality of life, and generally improves different (socio-economical) aspects of life. The Social Security Organization of Iran is the largest institution regarding the population covered. Social security is essential to the development of all countries. It is, therefore, essential to identify the factors affecting internal controls in the social security organization and their potential impact on risk management. Therefore, this study selected the social security organization as the statistical population. The statistical population comprised 2000 Social Security Organization financial department employees. The Cochran formula was used to set the size of the research sample. Since there were a total of 2000  participants in the statistical population, the sample size based on the Cochran formula should be 322 as a minimum. A total of 340 questionnaires were distributed and collected from the sample members. The random sampling method was used to determine the sample members. The data was collected through interviews and questionnaires. First, the factors affecting internal controls in the social security organization were obtained from interviews. After identifying the important factors of internal controls, the researcher-made questionnaire for each factor was designed with suitable items after consulting the supervisor and other experts based on the main research questions using the 5-point Likert scale. To evaluate the content and face validity, the questionnaire was delivered to several experts and professors to present their views and recommendations for its improvement. The questionnaire's reliability was also investigated using Cronbach's Alpha at the beginning after the preliminary implementation and collection of the first questionnaires.

Research Stages

There are five stages to this study:

Stage One: Obtaining the primary indicators from the theoretical background (studying written sources)

First, all written sources, including relevant articles, books, and theses, were studied to discover the scientific boundaries and reach theoretical adequacy. Thus, all existing risk management and internal control models in the Social Security Organization were studied, and risk management and internal control measurement indicators in the Social Security Organization were obtained.

Stage Two: Conducting interviews to identify the critical risk management factors in the Social Security Organization.

Since this study was conducted at the organizational level, experts were selected for interviews. Then, the list of primary criteria obtained with the literature review is used as a guide for interviewing experts, which continues until the answers from interviews converge. Then, the structural equation method in PLS is used to analyze interviews and obtain the risk management model's critical factors in the Social Security Organization based on expert opinion.

Stage Three: Classifying and Identifying Model Components

To identify the model's components, after formulating a questionnaire and evaluating its validity and reliability, data is collected from the statistical population using the snowball sampling method, which is a non-probability method with random selection. Snowball sampling is suitable when the members of a population or group cannot be easily identified. This method is also used for identifying experts in specific fields. Then, exploratory factor analysis is used to analyze the data and classification and identify the model's components. The conceptual model is presented at this stage.

Stage Four: Determining the intensity of correlation between model criteria and components

In this stage, the correlation intensity between the conceptual model's components and criteria was determined using the data from stage three and the structural equation concepts. Then, the collected data was analyzed, and the resulting output produced the final risk management and internal control model in the Social Security Organization.

Stage Five: Ranking the risk management and internal control indicators in the Social Security Organization by applying structural equation modeling

A qualitative questionnaire is designed to model structural equations, and the final model is implemented after collecting and analyzing data from experts to confirm the model.

Data Analyses

This study first examined the written sources, including relevant articles, books, and theses, to examine all the important factors in risk management and internal controls in the Social Security Organization and obtain measures of risk management and internal control in the Social Security Organization. Since this study was conducted at the organizational level, experts were selected for interviews using snowball sampling. First, an expert manager with sufficient education and experience was selected, interviewed, and then asked to introduce other individuals with knowledge on the subject. To further enhance the study, there was an attempt to interview knowledgeable and experienced individuals with personal experience. This process continued until the theoretical saturation of data, and finally, data collection ended after interviewing 18 people. At the beginning of the interviews, the study's overall purpose was mentioned while stressing that the interviews would only be used for research purposes while keeping the identity of the individuals confidential in research reports and published articles. After interviews with experts, risk management and factors affecting internal controls in the Social Security Organization were identified. The demographic information of interviewees is as follows:

Table 1. Demographic Information of Interviewees

Main Criterion

Gender

Field of Study

Degree

Work Experience

Secondary Classification Criteria

Male

Female

Accounting and auditing

Management and Finance

Master’s Degree

PhD

15-20 years

21-25 years

Over 25 years

QTY

15

3

6

12

11

7

6

8

4

This study investigated the proposed internal control model for risk management in the Social Security Organization. The descriptive statistics of research variables are as follows:

Table 2. The Mean and Standard Deviation of Internal Control and Risk Management Scores

Scale

Mean

Standard Deviation

Internal Controls

3.67

0.77

Risk Management

3.33

0.72

Cronbach's alpha and the composite reliability test were used to assess construct validity (convergent and divergent validity) and the reliability of research variables. Table (3) presents the validity and reliability of research variables:

Table 3. Cronbach's Alpha, Composite Reliability, and Average Variance Extracted from Variables

Construct

Cronbach's Alpha

Number of Items

Composite Reliability

AVE

Confirmed/Rejected

Internal Control

0.926

36

0.941

0.695

Confirmed

Risk Management

0.811

8

0.863

0.563

Confirmed

Reliability of Research Variables

According to Table (3), Cronbach's alpha of all constructs is above 0.70, which is the threshold for accepting Cronbach's alpha and suggests that the model is reliable. The results also show that each construct's composite reliability for the excellent model fit is 0.7. According to these values, this relationship is established for all constructs. Table (3) also shows that the average variance extracted for checking the convergent validity of all constructs is more significant than 0.5, suggesting a good construct fit.

Divergent Validity

Finally, divergent validity is the third index for analyzing the fit of measurement models in PLS. There are two methods of evaluating divergent validity in PLS:

  1. A) The Fornell & Larcker Criterion

Table 4. The Fornell & Larcker Table

 

 

1

2

1

Risk Management

0.750

 

2

Internal Control

0.387

0.833

As this Table obtained from Fornell & Larcker (1981) shows, the root mean variance of research variables located in the main diagonal entries of the matrix is more significant than their correlation arranged in the lower-left entries of the main diagonal. Therefore, this model's constructs interact more significantly with their criteria than others. In other words, the model has a reasonable divergent Validity. In this model, the highest value is 0.833, and the lowest is 0.387.

  1. B) The Mutual Factor Loadings Method

Factor loadings are obtained by measuring the correlation of a construct's criteria with that structure. Values equal to or greater than 0.4 indicate that the variance between the construct and its criteria is greater than the variance of its measurement error, and the reliability of that model is acceptable. However, some authors, such as Rivard & Huff (1988), have stated 0.5 as the measure of factor loadings.


Evaluation of Factor Loadings: The following Figure shows the analysis of factor loadings for each measurement model. 

 

Figure 1. Measurement of Factor Loading (Research Measurement Model)

 

As shown in Figure (1), for factor loadings of variables to remain in the model, they must be greater than 0.5; otherwise, they will be excluded from the model. However, no variable was removed from this model. In other words, the results and expert interviews showed that the internal control factors of the Social Security Organization include the income bank system, the legal obligations system, compensation, the financial bookkeeping system, the movable and immovable property system, the financial management system, and check issuance requirements. Among these, the financial bookkeeping system has the highest factorial loading. According to interviewees, these are the main factors affecting the Social Security Organization's internal controls, which significantly impact this organization's internal controls.

According to Figure (1), the financial bookkeeping system (0.871), the income bank system (0.864), the financial management system (0.860), the movable and immovable property system (0.834), check issuance requirements (0.812), compensation (0.791), and the legal obligations system (0.798) respectively have the highest impact factor on internal controls, and consequently on risk management in the Social Security Organization.

Structural Equation Modeling 

This section presents the structural equation modeling. First, the model's fit is examined, followed by examining the model with significance numbers (rejecting or confirming the hypotheses). Finally, the model is put in the path coefficient and coefficient of determination mode. 

Model Fit

The PLS examines the model fitness criterion using the goodness of fit index. After evaluating the fit of the measurement and structural sections, the researcher can use this index to control the overall fit of the research model. Wetzels et al. (2009) introduced 0.01, 0.25, and 0.36 as weak, medium, and intense goodness of fit values​. After the calculations, this research model's goodness of fit value was 0.218. Since this value is less than 0.25, the model has a good fit.

 

Figure 2. The Model in the Significance Values Mode

As this Figure shows, the 95% confidence interval requires the significant numbers to be greater than 1.96 to confirm the central hypothesis. As the model's significance values show, the effect of internal control on risk management is confirmed for this variable. As mentioned earlier, this study mainly aimed to investigate the efficacy of internal control on risk management. Table 5 shows the results of examining the main objective.

Table 5. Examining the Research Objective

The Effect of Component

On Component

Coefficient of Determination

Significance Level

Regression Coefficient

Result

Internal Control

Risk Management

0.150

0.001

0.387

Confirmed

According to the results, the significance level was 0.001, and the p-value was 7.462. Thus, the correlation between internal controls and risk management is confirmed. The coefficient of determination of 0.150 indicates that the independent variable determines 15% of the changes in the dependent variable. The path coefficient of 0.387 indicates a positive and good influence, meaning that one unit of increase in internal control results in a 0.387 increase in risk management.

Conclusion

The results of expert interviews showed that the income bank system, legal obligations system, compensation, financial accounting system, movable and immovable property system, financial management system, and check issuance requirements were significant factors in internal controls and can be used as causal factors and components for identifying and explaining risk management in the Social Security Organization. The results indicate that the financial bookkeeping system, the income bank system, the financial management system, the movable and immovable property system, check issuance requirements, compensation, and the legal obligations system, respectively, have the most significant impact on internal controls and, consequently, on risk management in the Social Security Organization. Internal controls are the procedures and policies used to identify the risks in achieving organizational goals. Internal controls are effective in all organizational functions and an integral part of organizational management, which provides reasonable assurance about the organization achieving its objectives. Given their awareness of the difficulty of achieving the organization's primary objectives and minimizing unexpected events without an effective internal control system, the managers of the Social Security Organization are always trying to determine the best internal controls, which will increase efficiency, reduce possible financial violations and risk of asset loss, and provide reasonable assurance regarding the reliability of financial statements and compliance with laws and regulations. The results shown in Figure (1) present the factors influencing the efficacy of internal controls that also have the most significant effect on risk management in the Social Security Organization. By order of effect, these factors include controls related to the financial bookkeeping system (such as checking and controlling bank balances for issuing checks and checking and controlling issued checks), the income bank system (such as checking the discrepancy in income statements (recording possible discrepancies and controlling the amounts recorded in financial books regarding insurance premium and commission by telegraphed receivables), the financial management system (such as checking and controlling the transfer of revolving funds to units, checking and controlling the number of employees, skills, and motivations), the movable and immovable property system (such as constant control and review of property inventory (location and recipient), control and follow-up of cash discrepancies between the bookkeeping system and the movable property system), check issuance requirements (such as the presence of supporting documents for payment and issuance of checks, issuance of checks by the highest authority in the department), compensation (checks and controls regarding the non-payment of allowances and benefits to employees, continuous review and control of salaries, and employee benefits based on regulations with the compensation system), and the legal obligations system (such as examining the use of new banking services regarding the payment of pensions, matching the costs stated in the legal obligations system with the bookkeeping system).

Internal control is a coherent set of financial, operational, and other continuous control processes developed by senior managers to ensure the set objectives are achieved and implemented throughout the Social Security Organization. Therefore, an effective internal control system will improve efficiency and effectiveness and help maintain credibility and goodwill. Indeed, there are several possible functions for an effective internal control system, including achieving proper monitoring and accountability of managers, helping the decision-making process, and achieving effective organizational management, improving the mechanisms related to the proper management of operating risks, strengthening control structures and operations, including segregation of duties for observing the process for obtaining permits and approved rules, resolving discrepancies and reviewing operating performance, improving control measures to prevent, identify, and correct inadequacies in a timely manner, including mistakes, violations, and embezzlement, improving communication and proper and timely and reliable information transfer among all levels of the social security organization, improving the timely and reliable reporting and information system of the Social Security Organization to the relevant authorities, and finally, ensuring that the Social Security Organization observes the rules, regulations, requirements, guidelines, and communications at all levels. Therefore, the operating model explains that the internal control system is expected to influence the risk management approach of the social security organization. The results of this study are statistically consistent with studies by Valinia et al. (2022), Ghafari Ghaziani et al. (2021), Fendereski & Safarigharayeli (2018), Beyrami et al. (2018), Sotaro and Martaghi (2022), Hanh & Huy (2021), and Thabit et al. (2019).

According to the results obtained from research objectives, to ensure the specified goals are achieved to some extent, managers in the Social Security Organization should pay attention to the proper execution of operations in all areas, preventing embezzlement, fraud, and misuse of resources and assets, risk management, and realizing operating accountability, making proper use of the funds to improve internal controls related to the income bank system, legal obligations system, compensation, financial accounting system, movable and immovable property system, financial management system, and check issuance requirements as factors influencing internal controls.

The results of the impact factor of the financial bookkeeping system showed that it has the most significant impact on internal controls as a component of internal controls. Given the effect of internal controls on risk management, it is recommended that managers of the Social Security Organization pay attention to controls regarding financial bookkeeping (checking and controlling account balance for check issuance, checking and controlling issued checks (to the order of sellers and the keeping of check bottoms), checking and controlling administrative costs based on transactional instructions, checking and controlling the non-use of unauthorized accounts, and checking the unknown balance of annual incomes to the current year's balance). This will improve the effectiveness of controls related to the financial bookkeeping system on internal controls, thereby increasing the effectiveness of internal controls on risk management.

Given the obtained results and the effectiveness of internal controls and effectiveness of internal controls on risk management, it is recommended that the managers of the Social Security Organization pay attention to the income banking system, the financial obligations system, compensation, the financial bookkeeping system, the movable and immovable property system, the financial management system, and check issuance requirements to improve the effectiveness of internal controls and their effect on risk management.

Some conditions in scientific and applied research lie outside the researcher's control and authority. This study is no exception, and one of its most important limitations was the need for similar studies regarding the presentation and explanation of an operational model for internal controls in the Social Security Organization, which limited the researcher in comparing findings. Other limitations of this study were the inability to evaluate and consider the many factors affecting internal controls and the limited data collection period.

 

Declaration of Conflicting Interests

The authors declared no potential conflicts of interest concerning the research, authorship and, or publication of this article.

 

Funding

The authors received no financial support for the research, authorship and, or publication of this article.

Arjomandnejad, Abdolmahdi. (2016). A framework for internal control systems of banks. Tehran, Publications of the Banking Supervision Committee based in the Bank for International Settlements, Central Bank of the Islamic Republic of Iran. (In Persian)
Babaei, Mohammadali; Vazir Zanjani, Hamidreza. (2005). Risk management, a novel approach for improving organizational effectiveness, Tadbir Magazine, No. 170, pp. 14-20. (In Persian)
Bakar, N. S. Jaafar, S. Awaludin, N. Aman, Z. (2020). Risk Management Based on Internal Control Environment for Top Cooperative in Malaysia. Journal of Management & Muamalah 10(1): 2180-1681.
Belina, H., & Rama, D. V. (2022). Early Warnings of SOX 404 Material Weaknesses in Internal Control. Current Issues in Auditing, 16(2), A1-A9.
Beyrami, Laleh; Kiyani, Ali; Beyrami, Vahid; Ghaemiraad, Mohammadhossein. (2018). The effectiveness of the Securities and Exchange Organization’s internal control guidelines in listed cement companies, Journal of Economics, No. (3 & 4), pp. 43-70. (In Persian)
Bierstaker, J. L., Hanes Downey, D., Rose, J. M., & Thibodeau, J. C. (2022). Fraud Risk Assessment: A Story-Based Approach Outperforms the Checklist. Current Issues in Auditing, 16(2), P9-P16.
Committee of Sponsoring Organizations of the Treadway Commission (COSO ((.2004) Enterprise Risk Management—Integrated Framework: Executive Summary. Durham, NC: COSO.
Esmailikia, Gharibeh; Soleimanizadeh, Elham. (2018). Evaluating the status quo of internal controls, identifying the advantages, and determining the requirements of its public sector implementation (Case study: Government agencies in Dehloran County), the 16th National Accounting Conference of Iran, Bueen, and Midandasht. (In Persian)
Fendereski, Ali; Safarigharayeli, Mehdi. (2018). The efficacy of internal controls and the risk of falling stock prices, Journal of Financial Accounting and Auditing Research, Year 10, No. 38, pp. 169-186. (In Persian)
Fornell, C. and Larcker, D. (1981). Evaluating Structural Equation Modeling with Unobserved Variables and Measurement Error. Journal of Marking Research. 18(1): 39-50.
Ghafari Ghaziani, Abbas; Khordyar, Sina; Pourali, Mohammadreza; Samadi, Mahmoud. (2021). Presenting the internal control weakness model based on the control criteria of the accounting quality index, Journal of Accounting and Auditing Science, Year 10, No. 38, pp. 255-267. (In Persian)
Gelinas, U. J. and Dull, R. B. (2008), Accounting Information Systems, 7th edition, Thomson South-western, Mason, Ohio.
Hanh, H. T. Huy, D. T. N. (2021). The potential relationship of internal control, internal audit, and risk management in the company – the case study of Vingroup in Vietnam. Laplage em Revista (International). 7, 20-28.
Hosseini, Seyyed Alireza; Hosseini, Seyyed Mohammadhossein; Seyyed Mottahari; Seyyed Mehdi. (2014). The relationship between employing risk management techniques and the performance of food industry companies, Quarterly Journal of Empirical Studies in Accounting, Year 4, No. 1, pp. 45-60. (In Persian)
Khodamipour, Ahmad; Ebrahimi Romanjan, Mojtaba; Nikandish, Massoud; Ashrafi, Abdolnaser. (2015). Implementing internal controls and their effect on reducing financial violations in government agencies - the perspective of accountants and financial managers, Monthly Journal of Management and Accounting Research, No. 10, pp. 27-39. (In Persian)
Khulkhachieva, G. Badmahalgaev, L and Berikova, N. (2022). Development of methodological approaches to risk management within the system of internal control of agricultural organizations. BIO Web of Conferences 43, 1-10.
Lisnawati, E., & Apollo, A. (2020). The Relationship Between Internal Control, Regulation, And Fraud With Ridk Management As A Moderating Variable. Dinasti International Journal of Education Management and Social Science, 1(6), 968-980.
Mahama, H., & Wang, Z. (2023). Impact of the interactive and diagnostic uses of performance measurement systems on procedural fairness perception, cooperation, and performance in supply alliances. Accounting & Finance.
Merna, T. and Al-Thani, F. F. (2008) , Corporate Risk Management, 2nd edition, John Wiley & Sons Ltd. , Chichester, United Kingdom.
Moeller, M. (2011). COSO Enterprise Risk Management: Establishing Effective Governance, Risk, and Compliance (GRC) Processes, 2nd Edition. Wiley and Son. PP. 72-74.
Mortazavi, Seyyed Morteza; Shokarkhah, Javad; Bolo, Ghasem. (2021). A model for establishing the internal control system in Iranian banks, Journal of Financial Accounting, Year 8, No. 4, pp. 1-40. (In Persian)
Naderi Noureyni, Mohammadmehdi; Khanzadeh, Mohammad. (2018). From ISO to COSO: The journey ahead, Journal of Accounting and Auditing Studies, No. 27, pp. 63-74. (In Persian)
Nikjo, Mehdi; Ghanbari, Mehdi; Jamshidi Navid, Babak; Masoudi, Javad. (2021). Designing the model of the effect of managers’ personality traits and leadership style on the weakness of internal controls, Journal of Financial Accounting, Year 8, No. 3, pp. 81-124.(In Persian)
Panter, Allen. (2012). Risk management and financing, Translation: Hadi Aslsarai and Mohammad Hassan, Tehran: Insurance Research Institute.
Rivard, S., and Huff, S. l. (1988). Factors of success for end-user computing. Communication of the ACM, 31950, 552-570.
Sarraf, Fatemeh, Seyyed Salehian, Maryamosadat; Horabadi Farahani, Hossein; Mohammad Hassanzadeh, Soheyl. (2015). Comparing integrated COSO-internal control frameworks in 2013 and organizational risk management in 2004, Journal of Accounting Science and Research No. 33, pp. 35-45. (In Persian)
Shirvani, Alireza; Fathi, Ali. (2019). Investigating the impact of internal audit quality on preventing financial violations (Case study: Department of Tax Administration of Chaharmahal and Bakhtiari Province), Second International Conference on Management, Industrial Engineering, Economics and Accounting, Tbilisi-Georgia, Permanent Secretariat in cooperation with Imam Sadiq University. (In Persian)
Staciokas R. Rupsys R. (2005). Application of Internal Audit in Enterprise Risk Management, Engineering Economics. 2 (45): 20-25.
Sutarto, B. J. and Murtaqi, I. (2022). The Correlation of Risk Management and Internal Control in Budget RKAP 2020 PT Hutama Karya (Persero). European Journal of Business and Management Research 7(2): 19-22.
Thabit, H. Solaimanzadah, A. Mohammed, A. (2019). Determining the Effectiveness of Internal Controls in Enterprise Risk Management Based on COSO Recommendations. International Conference on Accounting, Business, Economics, and Politics. 7, 381-390.
Vakilifard, Hamidreza; Ohadi, Fereydon; Karimi Hesari, Farshad. (2013). The relationship between the weakness of internal controls and systematic risk, Journal of Quantitative Studies in Management, Year 4, No. 1, pp. 117-134. (In Persian)
Valinia, Seyyed Nima; Ranjbar, Mohammadhossein; Khodadadi, Davood; Salari, Hojjatollah. (1401). Investigating the effect of weak internal controls on stock return volatility, real profit management, and corporate risk, Quarterly Scientific-Research Journal of Investment Science, Year 11, No. 3, pp. 563-578. (In Persian)
Wetzels, M., G. -Schroder, C., & Van Oppen. (2009). Using PLS path modeling for assessing hierarchical construct models: Guidelines and empirical illustration. Management Information Systems Quarterly, 33(1), 177-95.
Woods, M; Peter K and Linsley P. (2008). International Risk Management: Systems, Internal Control, and Corporate Governance. CIMA Publishing is an imprint of Elsevier, First Edition.
Zabihzadeh, Abdollah; Pouraghajan, Abbas Ali; Ramezani, Javad; Abbasian, Mohammadmehdi. (2020). Designing a ranking model of the factors affecting the internal control system with a hybrid intelligent model, Auditing Science, Year 20, No. 80, pp. 383-425. (In Persian)