Tax Control Frameworks
Explaining the design of a TCF of a Dutch
insurance company
Student number: Martijn Joshua de Kleine
Student name: S3457753
Faculty: Faculty of Economics and Business
Institution: University of Groningen/Rijksuniversiteit Groningen
Study: MSc (Accountancy) & Controlling
Address: Schelp 1
Zip code: 8271 KP, IJsselmuiden
Phone number: +316 11195890
Student mail: M.j.de.kleine@student.rug.nl
Course: Master Thesis
Supervisor: Prof. dr. I.J.J. Burgers
Co-Supervisor: Dr. S. Girdhar
Date: 12-06-2019
Table of Content GLOSSARY ... 3 INTRODUCTION ... 4 2. THEORETICAL BACKGROUND ... 9 LEGITIMACY THEORY ... 9 STAKEHOLDER THEORY ... 10
NEW PUBLIC MANAGEMENT THEORY ... 11
(ENTERPRISE) RISK MANAGEMENT ... 12
2.2 CONTROL FRAMEWORKS ... 14
REPORTING ... 16
INTERNAL ENVIRONMENT ... 16
OBJECTIVE SETTING AND EVENT IDENTIFICATION ... 17
RISK ASSESSMENT AND RISK RESPONSE ... 18
CONTROL ACTIVITIES ... 18
INFORMATION AND COMMUNICATION ... 19
MONITORING ACTIVITIES ... 19
3. RESEARCH DESIGN ... 21
3.1 RESEARCH QUESTION ... 21
3.2 METHODOLOGY ... 22
4. RESULTS ... 24
4.1 DIFFERENCES BETWEEN THE PRIVATE AND PUBLIC SECTOR ... 25
4.1.1 MANAGEMENT CONTROL SYSTEMS ... 25
4.2 THE GUIDANCE FOR A TCF ... 29
4.3 WHAT DISCLOSES A DUTCH SEMI-PUBLIC ORGANIZATION IN THEIR TCF? ... 32
4.4 THE INFLUENCE OF COSO ON THE TCF DESIGN ... 41
5. CONCLUSION & DISCUSSION ... 49
REFERENCES ... 54
APPENDIX 1 – INTERVIEW GUIDE – COMPANY Y & X ... 60
APPENDIX 2 – INTERVIEW GUIDE – DUTCH TAX AUTHORITY ... 62
GLOSSARY
Tax Control Framework TCF
Dutch Tax Authority DTA
New Public Management NPM
Enterprise Risk Management ERM
Tax Risk Management TRM
Internal Control (Framework) IC(F)
Business Control Framework BCF
Management Control System MCS
Value-Added Tax VAT
Corporate Income Tax CIT
Global Head of Tax GHT
INTRODUCTION
he world economy is going from one economic crisis situation to the other. There is a continuous fear that the compromised trust in the monetary system
leads to an economic recession (Commissie Horizontaal Toezicht
Belastingdienst, 2012). People have probably never been so aware of the value of trust, both in social, economic and financial perspective as the current generation. Without trust, the interrelation between companies and people is blocked or vanishes. Examples of this phenomenon, regarding compromised trust, are companies not paying/reporting their fair share of taxes or those that are not in control regarding their tax position.
Nowadays there is an increased focus on an organization’s tax compliance. In 2004 the OECD encouraged organizations to establish an enhanced-relationship. This relationship had to be established with large business taxpayers. In 2013 the OECD revised this report and changed the ‘enhanced-relationship’ into ‘co-operative compliance’, which is according to the OECD: ‘[…] the co-operation is assuring compliance, which is to say payment of the right amount of tax at the right time’ (p. 13), and that tax risks may not arise due to a lack of control (OECD, 2016). Furthermore, the Netherlands introduced the Horizontal Supervision in 2005. Companies willing to participate in Horizontal Supervision must implement a Tax Control Framework (TCF). The Tax Administration expects an adequate TCF in place to ensure that a company’s tax risks are known and controlled for. Horizontal supervision is a form of corporate governance. As Symons, Dierckx and Van der Enden (2008) notice: ‘We believe the framework can apply to the tax communications of all companies … the TCF has an important role in building up, strengthening trust and enhance stakeholder value.’ This approach is the main reason why private, public, small and/or large organizations are putting (more) efforts in their TCF (Bakker & Kloosterhof, 2009). Taxation is also an important feature in the functioning of the market mechanism, in a fair society (European Commission, 2019). The European Commission (2015) has made transparency a priority, putting more pressure on firms to pay a fair share of tax, therefore corporate taxation has become a significant public interest (PWC, 2013). Taxes have also become a reputational issue, most likely because of the media. Negative media attention as a result of failing to contribute to the reporting of tax revenue are common, and have the potential to negatively impact an organization reputation and profitability (Lavermicocca & Buchan, 2015).
According to De Ridder & Bulman (2016) tax risk is the risk of: financial loss in the form of increased tax costs, interest and penalties; suboptimal commercial outcomes due to missed
opportunities to structure arrangements in an efficient manner; and a restricted ability to achieve goals due to damaged reputation and relationships with stakeholders. According to Elgood (2004) tax risk has a different meaning to different people. Elgood states: ‘we need to start with a common understanding of what it is we are talking about. Only then can we address how tax risk can be managed (Elgood, 2004:3). In Tax Risk Management literature (Elgood, 2004:4 & Wunder, 2009) there are seven areas of tax risks that can be identified and have to be assessed by organization. Four of these are specific risk areas and the other three are broader and more generic:
- Specific risk areas
o Transactional risk (Acquisitions and mergers)
o Operational risk (e.g., new business ventures, new operating models and new operating structures)
o Compliance risk (e.g., weak records and controls, data integrity issues and legislative changes)
o Financial accounting risk (e.g., changes in systems and policies) - Generic risk areas
o Portfolio risk (e.g., combination of any of the risks)
o Management risk (e.g., changes in personnel, new/inexperienced resources) o Reputational risk (revenue authority investigation, press comment and legal
actions)
Companies should be able to detect, document and report all relevant types of tax risks timely to the tax authority by using a TCF (OECD, 2016). The TCF is a framework, which includes a set of processes, and internal control procedures for ensuring that for an organizations tax risks are known and can be controlled. It is an internal control instrument that focuses specifically on a business’s tax processes and forms an integral part of a company’s Business or Internal Control Framework (ICF) (Visser, 2008). In the book Tax Risk Management – From risk to opportunity by Bakker and Kloosterhof (2010) the following definition a TCF is provided: ‘A TCF should result in an effective, efficient and transparent tax function. In this tax function, risks that are not the counterpart of an opportunity are avoided to an efficient extent. All opportunities are made transparent as to risk and reward (taking into account the strategy of the organization) so that a reasoned decision can be made on which opportunities to pursue (and risks to take on) and which opportunities not to pursue. In a TCF for each process in an organization, the roles and responsibilities as to the tax aspects are set and
responsibilities should be made in such a way that all opportunities and risks are spotted. Subsequently, in a TCF all of the above is properly documented and reported.’
In the private and in the public sector, organizations use a mix of different control types to mitigate and/or eliminate these risks. I focus on the concept of TCFs as control type. There is much to learn about how organizations engage in the development of a TCF. There are remarkably few studies on TCF implementation. In particular, prior studies have devoted inadequate attention to the distinction between the private organizations and the public organization. The research available on the TCF initiative has, for example been done by Netherlands Tax and Customs Administration (2008), Bakker and Kloosterhof (2010) and Bronzewska and Van der Enden (2014). These researchers all mentioned COSO as a logical starting point in the TCF, and described current procedures, applicable laws and regulations related to tax processes, but they did not provide any information on whether TCFs for the public sector (could) differ from TCFs for private organization.
The Dutch tax authority (DTA) requires organizations that want to participate in Horizontal Supervision to implement a TCF. The DTA states that an organization shall be deemed to be in control of their internal environment due to their TCF (Belastingdienst, 2008). The tax authorities are allowed to pose such a request due to the discretionary power of the tax inspector to require taxpayers to provide all information necessary for levering tax (Art. 49 – AWR). The statutory law thus allows the tax administration to ask for a TCF. The tax administration gives little guidance concerning the content of a TCF. The only information
can be found in the 2008 brochure of the DTA (2008). The DTA and researchers refer to the
COSO-ERM framework (Burgers & Van der Meer, 2018) and the Simons’ levers of control (Visser, 2008). COSO is internationally seen as a logical starting point for a TCF, and therefore this COSO (ERM) literature will be included in this thesis. The COSO ERM Framework is discussed in section 2.2. According to Moeller (2011) and Van Stapel (INTOSAI) (2016), the COSO ERM framework is capable of helping all relevant managers within an enterprise to better understand and assess risks from an enterprise perspective. According to COSO (2004) and Moeller (2011) there is a need to better understand risk-related control environment factors. The COSO ERM framework element ‘reporting’ and components ‘risk assessment, risk response and control activities’ can therefore be used to properly inform internal actors about their roles and responsibilities and other stakeholders. These perspectives can be linked to hard and soft controls in the internal control literature
(Chtioui & Thiéry-Dubuisson, 2011). Hard controls can also be referred to as ‘formal’ controls, for example current procedures and applicable laws and regulations. Chtioui & Thiéry-Dubuisson (2011) describe reporting procedures, access controls and the organization’s information systems as hard controls. Unlike formal control systems, which tend to supervise and monitor the behavior through systems using explicit measures, informal controls enable the control of the attitudes of the actors of the company through values, beliefs and unwritten traditions (Falkenberg & Herremans, 1995). Simons’ levers of control (1995) consist of belief systems, boundary systems, interactive control systems and diagnostic control systems. Belief systems communicate organization’s core values; for example a set of organizational definitions communicated by senior management. Boundary systems communicate the organizational risks that have to be avoided, for example through a code of conduct within the organization. Interactive controls on the other hand focus on the strategic uncertainties and are for example formal information systems that managers use to make decisions. Last control is the diagnostic control, being a set of performance measures.
TCFs not only are implemented because of the requirements for participating in Horizontal Supervision. The Dutch Corporate Governance Code, which has been revised in 2016, requires an organization to have certain governance. This report requires an organization to report on their Internal Controls. According to the 2016 Dutch Corporate Governance Code an organization is required:
1) To have an adequate internal risk management and control system, including the monitoring of the management. By monitoring the Code states that management has to carry out all material control measures relating to strategic, operational, compliance, and reporting risks (Code 2016, principle 1.2. p 15) and;
2) To report Internal Control weaknesses and report on any significant changes made to the systems and/or planned improvements to the Internal Controls regarding the reported weaknesses (Code 2016, principle 1.3.5 & 1.4.2. p 15).
Managing an organization’s taxes and a TCF are not just restricted to the tax department. Taxes belong to the entire organization and the TCF forms an integral part of a company’s Internal Control Framework (ICF) (Visser 2008), as to control the tax system and report a reliable, right and complete amount of all taxes due (Van der Laan & Weerman, 2008). The OECD (2013) emphasizes that TCFs are an integral part of an organization’s ICF, and adds that this is the responsibility of the board that the tax strategy should be aligned with
corporate governance rules. So in order for organizations to have proper corporate governance (including tax governance), they also have to adequately set-up their TCF, as it forms an important part of an organizations Business/Internal control.
For this research I draw on Legitimacy theory, Stakeholder theory, New Public Management theory and Enterprise Risk Management theory. These theories can be useful in explaining the design of a control framework by a Dutch semi-public organization. NPM-literature explains that practices and models from the private sector can help to shape the control models in the public sector (Lane, 2000). Yet, up to my knowledge, no evidence can be found in literature when and why (semi-public) organizations would adopt a TCF. Moreover, specific guidance in respect of the design of a TCF for public organizations is lacking. Without making a distinction between public and private organizations, the OECD and DTA emphasize the use of COSO.
It has been proposed that there are no general requirements for a TCF, but that it depends on the work environment of the organization (Belastingdienst, 2008). This research aims to fill this gap in literature through a case study aiming to find the explanatory factors what determines the design of a TCF in the insurance sector. In order to investigate the aforementioned, I performed an in-depth case study in Dutch insurance organizations. Reason for the choice of a (semi-)public insurance companies is their obligation to be legitimate to society, which means being in control of their tax position and payment of a fair share of tax. Past research did not pay attention to what explains the design of a TCF of a (semi-)public organization. Thus, the research question in this thesis is:
This research is a response to a recommendation done by the OECD (2013) on the increased documentation, assessment and guidance requirements in business. This proposed research is expected to deliver a new valuable contribution to the existing literature by investigating the design of a TCF of a (semi-)public organization. Willingness to provide the necessary disclosures and transparency are important means, based on trust (OECD, 2016). A properly designed control in an organization will offer valuable information to the stakeholders of the organization and to the organization itself in case of the taxes. Stakeholders can use the information offered in this thesis to enhance/improve their decision-making and their
‘What explains the design of a Tax Control Framework for a Dutch semi-public insurance organization?’
interpretation of the organization. This thesis also makes a contribution to the question what a (semi-)public organization discloses in its TCF, why it develops a TCF and what the differences and/or similarities are with the TCFs in the private sector.
This research focused on the design behavior of the (semi-)public sector in the Netherlands. The research has been conducted through interviews with the Financial-tax specialist and Manager Governance, Risk & Compliance (Man. GRC) from a semi-public health-organization, the Global Tax Director (GHT) of a Dutch insurance-organization and an accountant of the DTA. Five organizations were chosen to be able to compare the drivers of design and/or to determine differences. An interview with the accountant of the DTA, who focuses on the public sector, was conducted to gain additional knowledge on general practices of the TCF.
The remainder of this thesis is structured as follows. In the next section the theoretical background for this research in provided. In section 3 the research methodology will be described, including the research design. Section 4 the results of this research will be provided followed by the conclusion and discussion in section 5.
2. THEORETICAL BACKGROUND
2.1 Legitimacy theory, stakeholder theory, public management theory and risk management theory
In this sub-chapter legitimacy, stakeholder, public management theory and risk management theory will be highlighted. Both legitimacy and stakeholder theory provide a good base to use in tax research, for example according to An et al. (2011) both theories are concerned with accountability. Additionally, An et al. (2011) states that in regard of key concepts these theories have interrelated concepts concerning accountability and organizational legitimacy (p. 580). Risk management theory provides us with a general overview of risk, but also the mechanisms that an organization can use to limit risk. As part of risk management theory, tax risk management has been elaborated.
Legitimacy theory
Legitimacy theory is based on the concept of the social contract (Patten, 1992), being the provision of economic, social and political benefits to society distributed from the organization (Shocker & Sethi, 1973, Patten 1992). Legitimacy theory can – as part of the stakeholder theory – be deemed as a systems-oriented theory. In the relationships between organizations, the State, individuals and other groups, a systems-oriented theory of the organization and its stakeholders (e.g., society) permits us to focus on the role of information and disclosures (Gray et al. 1996, Deegan 2002). Specifically, if society perceives that the
organization has breached its social contract, it is considered that the organizations survival is threatened (Deegan, 2002), meaning that this theory is build on the idea that an organization exists because of the society. According to An et al. (2011) the social contract alone is not enough for an organization in order to be legitimate. Rather the organization should take all precautions to assure that the organization lives up to the norms, values and expectations (An et al. 2011, Patten 1992). So the level of congruence between the organization’s activities and the expectations of society are determinants of the amount of legitimacy, meaning that the level of congruence is a direct reflection of its legitimacy (Cho et al. 2012). Therefore, this theory provides a useful base to understand tax developments (e.g., disclosures and legislation), regarding transparency and disclosure. The organization has to disclose information for society. Cho et al. (2012) found that organizations – testing legitimacy theory arguments – have an incentive to disclose environmental spending amounts to counter costly regulatory actions (e.g., facing a higher degree of regulatory scrutiny, (Cho et al. 2012), and disclosing environmental issues to increase legitimacy (Hopwood, 2009). We assume the same is true for the disclosing of tax issues as Hopwood argued, that being more transparent results in fewer investigations by tax authorities (2009).
Stakeholder theory
In the mid-1980 a new movement came up following a publication of R.E. Freeman, entitled Strategic Management – A Stakeholder Approach (1984). He is generally credited for popularizing the stakeholder concept (Fontaine, Haarman & Schmid, 2006). According to Freeman (1984) a stakeholder can be defined as: ‘any group or individual who can affect or is affected by the achievement of the organization’s objectives.’ Stakeholder theory is used for many purposes in a wide array of disciplines, for example Wasieleksi and Weber (2017) add a business view: ‘Business is about how customers, suppliers, employees, financiers (e.g., stockholders, bondholders, banks), communities, and managers interact and create value. To understand a business is to know how these relationships work. The executive or entrepreneur’s job is to manage and shape these relationships or: ‘managing for stakeholders’’ (p.3). Organizations should pursue stakeholder value according to the stakeholder theory and pay reasonable attention to their full range of interests (Freeman, 2013), and should attempt to meet multiple goals of a wide range of stakeholders (An et al. 2011). As argued by Blair (1995), ‘what is optimal for shareholders often is not optimal for other actors such as employees, government, customers, suppliers, bankers and local communities.’ Jensen (2001) states that an organization is not able to maximize value if it ignores the interests of the other stakeholders. This is an important corporate issue, because
corporate reputation depends on how the different stakeholders value the organization (Capriotti, 2009). Friedman (2006) is considering groups of people who have classifiable relationships with the organization a common way of differentiating them. Stakeholders can be categorized into two separate groups, being primary stakeholders and secondary stakeholders. Primary stakeholders are for example, customers, employees, local communities, suppliers and distributors and shareholders (Fontaine, Haarman & Schmid, 2006). These primary stakeholders can directly influence firm performance and are directly affected by firm decisions/actions. Secondary stakeholders are actors that do not directly provide any essential means of support for the organization, for example economic transactions, but still have enough influence to merit being considered more than just interested parties. Secondary stakeholders can include government, regulators, policymakers, academics, media, environmental pressure groups and other individuals (Garvare & Johansson, 2010). According to An et al. (2011) the stakeholder theory often uses and refers to accountability. Moreover, how taxes are managed and the extent to which the organization exposes shareholders and other agents to greater risk has become an increasingly concern (Wunder, 2009). Therefore this theory adds an additional useful base for the subject of tax, because accountability refers to the responsibility of an organization to disclose fair information of its performance and financials, other researchers for example Guthrie et al. (2006) adds that stakeholder theory can be used to interpret the intellectual capital disclosure practices of an organization, through the processes, procedures, systems and routines of an organization (An et al. 2011).
New Public Management theory
NPM was introduced to the public sector in the late 1970s (Diefenbach, 2009). According to Diefenbach (2009) and Kirkpatrick et al. (2005) NPM has been introduced to all public sectors, including health services. The application of business management theories and other practices are nowadays called New Public Management (Tolofari, 2005), and is viewed as a set of assumptions and value statements indicating how public organizations have to be designed, organized, managed and how they should function (Diefenbach, 2009). Diefenbach adds that the basic idea of NPM is to make the public organizations more business- and market-oriented; this includes an orientation on performance, cost and efficiency. One of the key elements of NPM is for example the increased attention to lessons from the private sector (Osborne, 2006). However, shaping the public sector through the NPV initiative is harder compared to the private sector, because public organizations are more based on values, ethical
and professional concepts than private organizations, which caused problems because of a too managerial or instrumental view. But as further elaborated by Diefenbach (2009) NPM could still be of considerable value to the public sector, because it improves organizational processes, performance and knowledge of the market and adopts a more market-oriented view. Moreover, NPM has resulted in significant changes in the public sector; Dunleavy & Hood (2009) for example mention that NPM had a positive impact on tax administrations by adopting private sector practices. Therefore, it adds an additional useful base for tax management. Accountability and the social contract refers to the responsibility of fair tax reporting. Additionally, the introduction of the TCF – being the application of a new control framework – supports the governance for tax in public organizations. Therefore, adopting private sector practices (NPM) could support shaping practices in the public sector.
(Enterprise) Risk Management
The underlying premise of Enterprise Risk Management is that every organization exists to provide value to its stakeholders (INTOSAI, 2016). In order to be able to manage enterprise risks, risk management is necessary. Managing risk is a fundamental concern in today’s dynamic global environment (Gordon et al. 2009) and managing an organizational risk is often referred to as enterprise risk management (ERM). Risk management is a process in which an organization is trying to deal with risks. The organization has to continuously identify, analyze and evaluate these risks factors and their potential impact on the organization (Dobler, 2008). It covers relevant risks (Stein & Wiedemann, 2016). Relevant risks are risks that could reduce corporate value or eventually even destroy the organization. Another important element of risk management is the link between the organization and the environment they operate in. Both financial (e.g., transaction risks, economic market risks, currency risks, tax risks) and non-financial risks (e.g., environmental risks, HR risks, quality risks) (Stein & Wiedemann, 2016) affect the organization and society (Soin & Collier, 2013). For example Domokos et al. (2015) mentions that risk management, including awareness and active control of risks, are not only of best interest for the organizations but also their statutory obligation. In the public sector, the general expectation is that public sector organizations serve to public interest with fairness and manages public resources publicly (Van Stapel, 2016). According to Gordon et al. (2009) ERM is presumed to lower an organization’s overall risk of failure and increase performance and eventually firm value. Gordon et al (2009) and Beasley et al (2005) refer to and use one of most used definition of ERM in literature, this definition is provided by the Committee of Sponsoring Organizations of Treadway Commission (COSO, 2004). COSO (2004, p.2) defines its ERM as follows:
‘A process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.’
Tax Risk Management
Tax Risk Management (TRM) has emerged in the twentieth century. According to Bakker & Kloosterhof (2009) it has now entered both the private and the public sector. According to Arlinghaus (1998) there is no general definition of a tax risk, but states that it is a likelihood that the tax outcome is different from that could have been expected, because of changes in legislation, or an increased intensity of audits. In order to be able to deal with tax risks, organizations first must be able to – as stated above (Gordon et al. 2009) – identify and allocate some of its resources to respond to these risks. In regard of tax, the OECD (2006) has outlined five attributes related to tax risks. The attributes concern: impartiality (e.g., fairness), proportionality (e.g., fairness and justice), openness (e.g., disclosure and transparency) and responsiveness (e.g., quality of the reaction). If an organization is able to show these different attributes, this should basically result in enhanced relationships with stakeholders (e.g., society). Wunder (2009) adds that organizations worldwide nowadays address tax risk as an important element of risk management. An organization has to show these different attributes when dealing with tax. Additionally, Bakker and Kloosterhof (2009) state that this eventually could benefit the organization, in the way that it reduces administrative costs and increase legitimacy.
Based on legitimacy and stakeholder theories that have been described above, organizations have to report and disclose information through a TCF. Because of the social contract that exists with society and the organizations’ stakeholders, this information has to be proportional (fair) and open (transparent) (OECD, 2006), if not this could result in a breached social contract and therefore a loss of legitimacy (Deegan, 2002). To be able to disclose proportional and open information, organizations could use other organizations with a sufficiently designed BCF or ICF (including the TCF) as a best practice or benchmark. However, behind these practices, organizations have to identify their own specific needs, because an organizations’ TCF is unique and never finished. (Belastingdienst 2008, OECD 2016).
2.2 Control frameworks
According to the Dutch Tax Administration (2008) and the OECD (2016), the TCF forms an integral part of a company’s control framework (ICF or BCF). But they point out that there are no general requirements or a required set of controls. Technology, organization structure, environment have been invoked to explain difference in control systems (Otley, 1980). In the tax perspective, all organization face different types of tax risks and therefore, these ask a different control approach. The DTA, in their paper on TCFs, discussed the use of COSO and Simons’ levers of control when developing a TCF (Netherlands Tax and Customs Administration, 2008). Many researchers emphasized the use of COSO in their studies on TCF, because COSO is seen as and is the most often used internal risk control model (Burgers and Van der Meer, 2018; Wunder, 2009; Visser, 2008). COSO is most widely accepted as the authority on internal controls and is incorporated into policies, rules, and regulations used to control, (Romney & Steinbart, 2018) and consist of different control perspectives. The framework is adopted in this thesis, because it encompasses IC, but forms a more robust conceptualization. The ERM framework includes broader objectives and adds more complete (non-)financial information. Additionally, it expands the risk assessment and response (Van Stapel, 2016). In this perspective, the COSO framework is helpful in studying the development of a TCF, because the framework provides us with an overview of which control elements have to be included in order be in control. According to Romney & Steinbart (2018) it defines internal controls and guidance, which can be used to evaluate and enhance the control system. Understanding the internal controls, and therefore also have understanding of the TCF is helpful in determining which information has to be disclosed in shaping the TCF. This will eventually be of value to the organization and firm stakeholders. As indicated before, this research will include the COSO ERM framework. COSO updated the ERM Framework in 2017. Despite this update, I adopted the ‘old’ framework in this thesis because the DTA, OECD and other researchers still refer to this framework. The components intended to use will be explained in detail in the next sub-section.
The COSO ERM framework
The Committee of Sponsoring Organizations (COSO) issued two frameworks: The COSO Internal Control-Integrated Framework (IC) (1992) which is accepted as the authority on internal controls and the COSO Enterprise Risk Management-Integrated Framework (ERM) (2004/2017), and takes a more risk-based approach. The IC-framework consists of five components and the ERM-framework adds three additional components to the framework.
ERM is a more comprehensive framework compared to IC. It provides context for setting strategy, identification of events that may affect the company, assess and manage risk and lastly provide reasonable assurance that the organization can achieve its objectives and goals (Romney & Steinbart, 2018; Van Stapel 2016). In practice, Royal DSMI, LeasePlanII, Siemens N.V.III mention that they use the COSO ERM model.
Because this thesis is focused on company related risks (e.g., tax risks), the ERM model is adopted in this thesis. Figure 1 shows the COSO ERM.
The COSO ERM Framework, which will be a base theoretical framework in this thesis, consists of four columns at the top: strategic, operations, reporting and compliance. At the right are four columns, being: subsidiary, business unit, division and entity-level. COSO ERM also has eight horizontal components: internal
environment, objective setting, event identification, risk assessment, risk response, control activities, information & communication and monitoring. The columns at the top are the objectives that an organization’s management has to meet in order to achieve organizational goals. The columns at the right represent the organization’s units. The eight components at the front have to ensure that the organization is able to achieve the main objectives of Enterprise Risk Management: the achievement of strategic goals, effectiveness and efficiency of operations, reliability of financial reporting and compliance with applicable law and regulations. These are the different control perspectives (Romney & Steinbart, 2018) and can be linked to the aforementioned hard and soft controls, which are necessary for an effective and proper control system (Chtioui & Thiéry-Dubuisson, 2011). Hard controls can be seen as formal controls, for example current procedures and applicable laws and regulations. Chtioui and Thiéry-Dubuisson (2011) describe reporting procedures, access controls and the organization’s information systems as hard controls. These controls have become more important in regard of tax (new laws and regulations) and because the cooperative compliance initiative of the OECD (2013). The remainder of this section consists of the most important components for this research.
Ihttps://annualreport.dsm.com/content/dam/annualreport/ar2018/en_US/downloads/DSM-Annual-Report-2018.pdf IIhttps://www.leaseplan.com/corporate/investors/annual-report-2018/pdf/LeasePlan-Anual-Report-2018.pdf IIIhttp://www.corporate.siemens.nl/pool/siemens_in_nederland/siemens_financieel_jaarverslag.pdf
Reporting
The third element on top of the COSO ERM Framework is reporting (2004). According to COSO this element refers to the internal, external and non-financial reporting to the organization’s stakeholders. This element focuses on reliable and transparent reporting of taxes (COSO, 2013). Internal reporting is generally about short-term financial performance report to be able to direct the firm in the desired direction. The external reporting should be compliant to law and regulations (generally accepted accounting principles), that are both suitable and available/applicable for the organization (Moeller, 2013). In regard of tax, the internal reporting reports should provide the organization with information on their internal control system. The internal tax reporting is driven by the organization’s need to meet the strategic objectives, operating plans and the performance indicators (Moeller, 2013). Moeller (2013) provides a clear view on the external reporting and tax. Moeller mentions that external financing reports may also include financial reports prepared for taxing authorities or regulatory bodies, or requirements established through contracts and agreements. Also the internal and external non-financial reporting is of considerable importance, as internal and external non-financial information also requires reporting on key risks reporting, such as aforementioned tax risks that organizations may face or keep in mind and compliance with applicable law and reporting to regulators.
Internal environment
The internal environment can also been seen as the organization’s culture. The internal environment influences how organizations establish strategies and objectives and consists the following (Romney & Steinbart, 2018):
- Management’s philosophy, operating style and risk appetite; - Commitment to integrity, ethical values and competence; - Internal control oversight by the board of directors; - Organizational structure;
- Methods of assigning authority and responsibility;
- Human resource standards that attract, develop and retain competent individuals; - External influences.
These elements are related to both hard and soft controls. The basic idea here is to guide the behavior of executives, staff and other operating members of an organization, in order to be able to better control the organization and avoid issues. Additionally, the soft controls enable the control of the attitudes of the organizational actors through ethics (e.g., values and beliefs) and (unwritten) procedures (Romney & Steinbart, 2018; Chtioui & Thiéry-Dubuisson, 2011).
Putting the TCF in perspective it can be concluded that also the TCF consists of both hard (for example current procedures and applicable laws and regulations, describe reporting procedures, access controls and the organization’s information systems (Chtioui and Thiéry-Dubuisson 2011) and soft controls. On the one hand the organization’s board wants to control the tax related activities, on the other hand if the management states that paying a fair share of tax is an important organizational feature, which requires sufficient processes (ethics, Christensen & Murphy, 2004), transparency and tax disclosure through a TCF is key.
Objective setting and Event identification
The second and third elements are objective setting and event identification. Objective setting is the second ERM component. The organization’s management determines what the company hopes to achieve. The organization determines what must go right to achieve the objectives and establishes performance measures to determine whether they are met. Romney and Steinbart (2018) identify four types of organizational objectives: strategic objectives, operations objectives, reporting objectives and compliance objectives. This component is not directly related to hard or soft controls. Relating objective setting to tax and the DTA, firms have to ensure accuracy, completeness and reliability (Reporting objectives, e.g., transparency) and have to be compliant with all applicable law and regulations (Compliance objectives). Obligations of the organization to comply with regulations and correctly filling in the tax return forms is for example an important reference to tax compliance (PWC, 2004). The DTA and other stakeholders of the organization can assess whether or not this component of the control system has been established. Event identification is the third ERM component. COSO (Romney & Steinbart, 2018 p. 235; COSO, 2004 p. 2) defines an event as follows: ‘an incident or occurrence emanating from internal or external sources that affects implementation of strategy or achievement of objectives. Events may have positive or negative impacts or both.’ A negative event represents a risk, and a positive event an opportunity. This component is also not directly relatable to hard or soft controls. Relating event identification to tax can be two-sided. On the hand corporate tax compliance and reporting can enhance social legitimacy (Cho et al. 2012), thus can be seen as an opportunity. On the other hand organizations face risk in regard of tax. Taxes have also become a reputational issue, most likely because of the media. Negative media attention may arise because an organization fails to contribute to the reporting of tax revenue. This has the potential to negatively impact an organization reputation and profitability (Lavermicocca & Buchan, 2015).
Risk assessment and Risk response
The fourth and fifth component of the ERM framework is risk assessment and risk response. The component risk assessment of the ERM framework identifies risks, analyzes these risks and determines how these risks should be managed or mitigated. The assessment of risks in regard of tax it is an important component. Organizations should be able to detect, document and report all relevant types of tax risks timely to the tax authority by using a TCF (OECD, 2016). Additionally, companies that are willing to participate in Horizontal Monitoring must implement a TCF, the Tax Administration expects an adequate TCF in place to ensure that a company’s tax risks known and controlled for. In line with the component, organizations have to identify the tax risks that they face. Organizations can face different tax related risks, such as: transactional risk, operational risk, compliance risk, financial accounting risk, portfolio risk, management risk and reputational risk (Bakker and Kloosterhof, 2010; Elgood, 2004; Wunder, 2009). Ahmedi & Vladi (2017) identified compliance risk, reputational risk, operational risks and financial risks as risks that public organizations face and state that these risks can be enormous, but that there is a lack in risk management to mitigate or limit them (Brown & Osborn, 2011). Compliance risk deals with the process of corporate compliance with tax regulations, so the implementation of the tax law in the organization. For example correctly filling in the tax return forms, and an up-to-date system that contains the right tax related figures and information. Reputational risk is the risk that the social legitimacy or image of the organization is damaged by its actions, by compromising its social contract. As PWC (2015) notices: ‘With the renewed focus on taxation as a source of funding public goods and services, companies that are perceived as not contributing their fair share of taxes face not only increased compliance risks but also reputational risks’ (p. 2). Operational risk is similar to compliance risk in that it is concerned with adherence to the tax laws and decisions about the management of the final tax charge (Elgood, 2004; Bakker & Kloosterhof, 2010). Financial accounting risk is related to the accuracy and completeness the accountants in the financial reports. But financial accounting risk also include: accounting procedures and policies being incomplete, inadequate internal controls (e.g., IFRS, SOX compliance). The aim is to control for these inadequacies, and internal controls need to be implemented in order to be able to mitigate this risk.
Control activities
The next component of the COSO ERM Framework is control activities. An organization controls for activities through the implementation of policies, procedures and rules. Their goal is to provide reasonable assurance that controls objectives are met and risk responses are carried out, this is management’s responsibility. The management has to make sure that (Romney & Steinbart, 2018):
- Controls are selected and developed to help reduce risks to an acceptable level; - Appropriate general controls are selected and developed over technology;
- Control activities are implemented and followed as specified in the policies and procedures.
The goal of these COSO control activity principles is to reduce risks in order to achieve the financial reporting objectives (Moeller, 2013). Alongside the assessment of tax risks, management should also respond to the risks. Adequate responding to the tax risks relates to putting into effect actions that are needed to accept or avoid the risk, and management should develop activities to avoid them. The control activities completeness and accuracy, which have been prescribed by COSO (2013), can be linked directly to taxes.
Information and communication
The information and communication component of the COSO ERM Framework refers to the communication of information, which is internally and externally needed to carryout day-to-day internal activities (2018). The internal communication of information, including the objectives and responsibilities of the organization are necessary to support the other components of internal control. Reporting of information will contribute to organizational actors be informed of tax related matters, such as new applicable laws and regulations. The implementation of new laws and regulations in procedures and processes will eventually mitigate for example financial accounting risks, reputational risks and compliance risks (Elgood, 2004; Wunder, 2009). For organizations to effectively report on tax related matters, organizations need to include these controls in their TCF (OECD, 2016).
Monitoring activities
The internal control system that has been developed and implemented by the organization has to be continuously monitored. Monitoring is closely related to the previous component of information and communication, because in the information and communication section the focus is on errors, deficiencies and other causes of error. Monitoring activities assess whether the other components of COSO 2004 are functioning and assesses the deficiencies (Moeller,
2013). The internal control system of an organization will often change over time, and the objectives and components of the control system might also change. Again, this is relatable to tax, which has already been explained in the aforementioned components. Because tax is a constantly changing environment, information and communication is critical, but also the monitoring of these activities is of considerable concern for organizations (OECD, 2016; Moeller, 2013).
3. RESEARCH DESIGN
This section indicates how the different sub-questions will be approached and their contribution for answering the research question. Additionally, this section will indicate why and how the research was conducted and provides a description of the conducted research method. Moreover, a description will be provided how the received data has been processed.
3.1 Research question
Because there are no general requirements prescribed by the DTA or OECD for developing a TCF (OECD, 2016; Netherlands Tax and Customs Administration, 2008) the question why and how an organization designs a TCF remains unanswered. Moreover, specific guidance in respect of the design of a TCF for public organizations is lacking. To answer and investigate the general research question ‘What explains the design of a Tax Control Framework for a Dutch semi-public insurance organization?’ four sub-questions have been drafted:
The answer to sub-question 1 explains the difference in management control systems between the private sector and the public sector. Moreover, it provides indications how these differences have impact on the control framework. Sub-question 2 provides important information for answering the general research question, because if the semi-public insurance organization adopts the guidance and principles provided by the DTA and/or the OECD this could explain the design of a TCF. Adopting the provided guidance and principles could show stakeholders (e.g., society, shareholders, banks & governmental institutions; Wasieleksi & Weber, 2017) that the organization is in control of tax and legitimatizes their operations (Cho et al., 2012). The third sub-question provides us with knowledge about the information that an insurance organization discloses in their TCF. This is a direct follow-up question of the previous question. The second and third sub-question combined give a direct answer to the research question, because if the organization discloses information that is in line with the guidance and principles provided for shaping the TCF, it is likely that this could explain the design of the TCF of an insurance organization. Finally, analyzing and comparing existing COSO models adopted in the investigated practices identified to what extent the TCFs are influenced by COSO based on the assumption that it is the leading framework in the TCF
1. How does the Management Control System in the public sector differ from the Management Control System in the private sector and why?
2. What guidance for a TCF do the Dutch Tax authority and the OECD provide? 3. What does a Dutch semi-public insurance organization disclose in their TCF? 4. How and why, does COSO influence the TCF in the selected organizations?
practice (Belastingdienst, 2008; OECD 2016). After answering this sub-question the answer to the general research question became more relevant because it explained the focus of these different sectors.
3.2 Methodology
The first and second sub-question were investigated by conducting a literature review. The first sub-question was investigated by using Simons’ Levers of Control, as the OECD and DTA refer to this model. The second sub-question was investigated by further analyzing the guidance and principles provided by both the DTA and OECD related to the TCF and a literature review on the TCF. In order to answer the third sub-question and an important part of the general research question structured interviews were conducted. The semi-structured interview method provided the opportunity to ask all relevant questions, with an elastic agenda of open-ended questions that allow extended probing (Adams, 2015). Also, it was used to pursue existing opinions as well as to obtain reactions for new ideas and brainstorming. Using the described theories in sections 2, the formulated research and sub-questions, an interview guide (e.g., agenda & a list of questions) was developed (Appendix 1&2). The interview guide was developed on the basis of important aspects such as the internal environment, risk assessment and response, control activities, compliance incentives and reporting procedures and the TCF in general. Additionally, I used a content analysis. The 2018 annual reports of 5 organizations were analyzed. Three out of five organizations were chosen from the VBDO Tax Transparency Benchmark of 2018. These firms scored above the benchmark-average and are therefore qualified for tax research (VBDO, 2018). During this content analysis I used the general risk management section to find tax related issues. In order to find tax-related and risk management-related information, I used the word ‘Tax and Risk management’ as main reference. Due to a time constraint, it was not possible to analyze more insurance companies. Finally, the fourth sub-question has been answered through a data-analysis of the interview results and a content data-analysis of the annual report. The literature regarding TCFs describes COSO as a leading standard (Netherlands Tax and Customs Administration, 2008). Through this analysis the influence of COSO on a TCF can be found. The interviews were conducted with the Financial-tax specialist and Manager Governance, Risk & Compliance of an semi-public insurance organization, the Global Tax Director of an insurance organization and an accountant of the DTA. This allowed me to conduct a face-to-face interview. The main advantage of a face-to-face-to-face-to-face interview is the presence of the interviewer and respondent, which makes it easier to receive more clarification and extensive sets of information (Encyclopedia of Survey Research Methods, 2008). Prior to the
interviews, I received interview training and received relevant feedback on the interview skills. During this interview training the interview guide - formulated using relevant literature - was discussed and has been reviewed by my supervisor. For this research I was interested in the reasons behind the design of TCFs. The interviews gave a practical view and the practical relevance of a TCF and its elements. Incentives for compliance, risk reporting and response and being in control allowed me to gain insights in the aspects that determine the design of a TCF. Therefore, I chose to interview a Financial-tax specialist and Manager Governance, Risk & Compliance of a Dutch semi-public insurance organization, the Global Tax Director of a Dutch insurance-organization and a specialized TCF-accountant of the DTA. These interviews allowed me to gain knowledge about the aspects, elements and drivers of a TCF design and compare the explanatory factors of both designs. Additionally, the opportunity presented itself to interview an accountant of the DTA. This accountant is a specialist on Horizontal Supervision for public organizations in the Netherlands. This interview was conducted to gain additional insight in the concept of a TCF, from the perspective of a professional from the DTA.
Interviewee Company Duration Function Turnover Employees
1 Company Y +/- 50 minutes Man. GRC +6.000m +/- 1.600 2 Company Y +/- 30 minutes Financial-tax specialist ‘’ ‘’ 3 Company X +/- 50 minutes GHT +31.000m +/- 4.300 4 DTA +/- 40 minutes TCF Accountant X X
Table 1. Interview sample
Some of the data have been anonymized due to sensitive information and privacy according to the General Data Protection Regulation (a regulation in EU law on data protection and privacy, 2018). Prior to the interviews the participants were asked to sign a letter of consent. This letter of consent guaranteed the participants privacy and that he/she participated on a voluntary base (Appendix 3). During the interviews a recorder was used, which enabled me to focus on listening and interacting instead of writing down the given answers. The duration of the interviews was approximately 1 hour. After the interviews I produced transcripts based on the recordings. In order to ensure unbiased interview results, colleague master students were asked to validate the transcripts.
The interpretative methodology was used reviewing the transcripts. Because of the used research methods (literature review, interviews & content analysis) this thesis qualifies as
qualitative research. The aim of qualitative research is understanding a research query as a humanistic or idealistic approach (Pathak et al., 2013). Moreover, it has the ability to test current theory and create new forms of theory (Eisenhardt & Graebner, 2007). Creating new theories was beyond the scope of this research. However, this research tended to provide more understanding about the explanatory factors of the design of a TCF. Furthermore, qualitative research can be used to answer open, explanatory research questions, clarifying the uses of certain strategies to enhance the credibility of designs (Elliot, 1999). I was interested in finding motivational groundings for the design of a TCF. The internal environment, objectives and events are different for every organization, mapping these resulted in a risk assessment and particular response. Asking the aforementioned during the interviews provided the base for the data-input. The data received during the interviews were used in the third and fourth sub-question. This analysis has been presented in the result section (4.3 & 4.4). At the end of every sub-question a conclusion has been added.
4. RESULTS
4.1 Differences between the private and public sector
In this section the fist sub-question is answered: ‘How does the Management Control System in the public sector differ from the Management Control System in the private sector, and why?’ The answer is divided into two parts: the first part provides the general definition of a MCS. The second part highlights the characteristics of both sectors. Additionally, the effect of these differences on both MCSs are discussed and compared.
4.1.1 Management control systems
There are a number of definitions and descriptions of MCS (Malmi & Brown, 2008). Malmi and Brown (2008) define a MCS as: ‘all devices and systems managers use to ensure that the behaviours and decisions of their employees are consistent with the organization’s objectives and strategies. (p.290)’ Merchant and Van der Stede (2007, p.8) defined a MCS as follows: ‘Everything managers do to help ensure that their organization’s strategies and plan are carried out or, if conditions warrant, that they are modified’ and suggest that a MCS is a collection of control mechanisms. In addition, Simons (1990,p.128) provided the following description on MCSs: ‘management control systems are the formalized procedures and systems that use information to maintain or alter patterns in organizational activity.’
4.1.2 Characteristics of public and private organizations
To be able to compare both types of organizations, their characteristics need some highlighting. In the public sector, organizations are primarily driven by ethical values. Furthermore, public organizations need to follow prescribed formal procedures, rules, laws and regulations, Simons (1995) refers to this as boundary systems. These regulations can be formulated internally, but can also be formulated by governmental institutions. Secondly, public organizations are largely funded by the government (taxation) rather than customer payments and are primarily controlled by political forces instead of market forces (Boyne, 2002). So the constraints come from the political system. Comprehensibly, public organizations are not profit-based compared to their private counterparts (Merchant & Van der Stede ,2007; SMB, 2018), but have other objectives that require monitoring (diagnostic controls). Resources in public organizations generally embody public money and therefore these organizations exist to serve the corporate interest. Hence, control systems require special care (Van Stapel, 2016) and integrity is key (Boyne, 2002). Furthermore, the organizational goals in public organizations differ from those of private organizations. They do not strive for equity or accountability, but according to Boyne (2002) their goals stem from
the common ownership of the organizations and achievement of collective purposes. This is believed to require distinctive management control processes because of the dilemmas faced (e.g., political conflict, customer & citizen, balance of interest, p.63-64, Ranson & Stewart, 1994; Boyne, 2002). Private organizations on the other hand, are positioned in a fast changing and sometimes-unstable market. The market is rapidly changing because of the presence of competitive pressures. Hence, they pursue a single goal of effectiveness, efficiently and profit. This is the goal of a private organization. The shareholders should know what to expect, meaning that the performance of the organizations is key. To measure the performance, the organizations need formulated performance indicators (Ferreira & Otley, 2009). The public sector is also subject to constant change. For public organizations to be able to tackle financial, social and political challenges they also have to adjust their processes (Jurisch et al., 2013). Jurisch et al., continues that public sector organizations have turned to the private sector to find solutions. This increasingly market-oriented perspective is called NPM (Speklé & Verbeeten, 2014). The basic idea of NPM is to make the public organizations more business- and market-oriented; this includes an orientation on performance, cost and efficiency (Diefenbach, 2009). One of the key elements of NPM is for example the increased attention to lessons from the private sector (Osborne, 2006), so the public sector becomes more result-oriented. However, the differences that exist between both sectors will influence the design of the management control system (Boyne, 2002), which are discussed in the following section.
4.1.3 The private sector’s MCS and public sector’s MCS
Simons (1995) has developed a framework that is important in the pursued of strategic organizational objectives and the design of the MCS. The purpose of Simons’ framework is to implement management tools, which should be able to manage or change the organizational behavior (Peljhan & Sevic, 2008), to implement the organizational strategy (Fauzi & Rahman, 2008). The core principal Simons’ framework is an interaction between instrumental and oriented control mechanisms aimed on organizational actors (Simons, 1995). As it is about the interaction between instrumental mechanisms and organizational actors, the control system should encompass the following levers: Belief systems, Boundary systems, Diagnostic Control systems and Interactive Control systems. Interaction between all levers can eventually lead to the improved corporate performance, when reinforcing one another; the organizational objectives can be achieved more effectively (Fauzi & Rahman, 2008). However, as argued the public and private organizations differ, which influences the design of the MCS.
Belief systems
Encouragement of individuals, seeking new opportunities, and create value to commit to organizational objectives are concerns of belief systems (Simons, 1995). They communicate the core values of the organization, and are communicated formally by the management to give direction to the organization (Tessier & Otley, 2012). According to Simons, the organizational actors need to have a (strong) identification with the strategic organizational values or core values. In this public and private organizations differ. The core values of a public organization should be driven by their legitimacy and their goal serving the public interest. Private organizations on the other hand have different beliefs. Private organizations tend to pursue the highest amount of value in profit for their shareholders; therefore the strategic objectives are different. As a result of these different beliefs, the public and private organizations shape their MCS in a different manner. Chenhall (2003) mapped the aspects that influence the design of a MCS, one of these being organizational culture (e.g., core values). Organizational culture is an important aspect because it explains why two organizations with two possibly identical systems may differ in actual control mechanisms. An organizations tax strategy can be deemed a Belief system. Organizations, especially public organization, generally want to be seen as a responsible taxpayer, which then can be seen as a ‘core-value’.
Boundary systems
Boundary systems communicate the risks that have to be avoided (Tessier & Otley, 2012). Those risks should be reduced through frameworks, conditions, rules, procedures and a code of conduct. Boundary systems are implemented to mitigate the risks, and are limitations for the behavior of employees. Boundary systems can be viewed as more similar for both private and public organizations. Organizations have to implement control measures that identify, assess, manage and monitor.
Diagnostic control systems
These systems communicate the performance indicators formulated by the management (Simons, 1995) and are used to monitor, evaluate and correct deviations in the pre-set objectives, the data to monitor should be accurate (Tessier & Otley, 2012; Canonico & Söderlund, 2010). The diagnostic systems are also used to motivate employees to show appropriate behavior, which is inline with the core values of the organization. The employees in this dimension are deemed to provide information about their individual and organizational performance and should be reported to management. Moreover, the organization will be able to pay more attention to under-performing aspects. The diagnostic control are also used to measure output variables, performance and strategies (Canonico & Söderlund, 2010). Strategy
is one of the aspects mentioned by Chenhall (2003) that influences the design of a MCS, and therefore there are differences in respect of public and private organizations, because the controls should be tailored to the specific organizational strategy. The strategy of public and private sector organizations differ in respect of tasks, key success factors, behaviors and perspectives. Private sector organizations are more focused on serving society, while on the other hand private organizations are driven by equity and profit for their stakeholders, which requires different controls mechanisms.
Interactive control systems
These systems are focused on the strategic uncertainties organizations face, but Simons (1995) has also added the strategy development process into this system and is therefore also used for organization-wide improvements and learning of strategies. The interactive control systems put pressure on managers at all organizational levels to motivate information gathering on the opportunities and threats an organization faces (Kominis & Dadau, 2012). The interactive control systems are a continuous interaction of top management and other parts of the organization to recognize inside and outside signals and to respond to the organizational strategy. Inside signals are for example information about the effectiveness and efficiency of the processes, which can be deemed as equal for both sector organizations. Outside signals however are to be seen differently. As aforementioned, public organizations as opposed to their private counterparts are highly influenced by governmental institutions by (new) laws and regulations. Laws and regulations are outside signals that can evoke new strategic uncertainties because it can influence a business’ operations significantly. On the other hand, private organizations are influenced through the fast-changing market they participate in. Therefore both sectors face strategic uncertainties, but these uncertainties arise due different characteristics of both market sectors. In order to deal with the uncertainties, managers can use interactive control systems to learn about opportunities and threats and competitive conditions. These systems can help the organization to respond proactively (Simons 2000, p.220) to create new actions plans.
4.1.4 Conclusion
The organization’s management should first provide the core-values, formulated from the organizational culture. Furthermore the management has to set the boundaries for the employees and limit their behavior. Through the formulation of diagnostic controls the management sets the performance indicators by which the organizational performance in measured in terms of the overall strategy and has to be inline with the core-values. Lastly, the interactive controls should be focused on the communication between the managers and the
