The Development of The Development of The Development of The Development of the Controller Functionthe Controller Functionthe Controller Functionthe Controller Function

(1)

Master Thesis

Master of Science in Business Administration

Organizational & Management Control

The Development of

the Controller Function

---- The Influence of Corporate

The Influence of Corporate

The Influence of Corporate Governance

Governance

Governance ----

(2)

The development of the controller function: the influence of corporate governance

Master Thesis

Master of Science in Business Administration

Specialization Organizational & Management Control

Title: The development of the controller function: the influence of corporate governance

Name: A.C.M. de Bont Student number: 1651064 Telephone: +31(0)648237727

E-mail RuG: A.C.M.de.Bont@student.rug.nl E-mail EY: Anouk.de.Bont@nl.ey.com

Rijksuniversiteit Groningen Faculty of Economics and Business MSc Business Administration OMC

Ernst & Young Advisory Multi National Clients Boompjes 258, Rotterdam

Supervisor Rug: dr. S. Tillema

Second evaluator Rug: prof. dr. J. van der Meer-Kooistra

Supervisor Ernst & Young: drs. C.H. Oosters RA, drs. S.P. Kersemaekers

(3)

Preface

The following report is my final master thesis for the Master of Science degree in Business Administration at the University of Groningen. After my graduation in Organization Studies from Tilburg University, I continued my studies at the University of Groningen. The first year I started in the pre-master program of Business Administration, during which I attended several courses in preparation for the master year. Hereafter, I enrolled in master courses for Organizational & Management Control, a specialization within Business Administration. During this year I learned a lot about management accounting & control, finance and corporate governance. The second part of the year I dedicated to writing this individual master thesis. Overall, studying at Groningen has been a valuable and instructive experience for me.

I wrote this master thesis during an internship at Ernst & Young Advisory from March to August 2008. The Ernst & Young team had started a research about the development of the role of the controller, which was of great interest to me. The study anticipated on the recent developments of corporate governance and linked these changes to the controller’s role. Moreover, the topic was in line with what I learned in my courses Organizational & Management Control and Corporate Governance at the university and provided me the opportunity to apply this knowledge. During my internship at Ernst & Young I was a member of the research team which investigated the role of the controller. The research was carried out in conjunction with VU University Amsterdam. During this study, I was the main person responsible for writing the different parts that in the end formed the final research. This research project subsequently enabled me to write this master thesis.

I would not have been able to write this thesis without the support of a number of people. Therefore, I would like to thank them all for their great support. First of all, I would like to thank Ernst & Young for giving me the opportunity to combine my graduation with an internship, and to become acquainted with the work of advisors. Special thanks go to Corine Oosters and Saskia Kersemaekers, my supervisors at Ernst & Young, who gave me useful ideas, feedback and support. Of course, I would also like to express thanks to the rest of the research team, consisting of Frans Roozen, Bert Steens, and Luc Quadackers for their great cooperation, expertise and useful advice. Not to be forgotten, I would like to thank all other colleagues from Ernst & Young Advisory.

Moreover, I would like to express gratitude to the interviewees of DSM and Shell for their time, input and feedback. I would also like to thank Sandra Tillema, my supervisor at the University of Groningen, for her feedback, suggestions and thoughts about the research, which were very useful for me. Her critical comments made me think more accurately about certain aspects of my thesis. Finally, I would like to thank Jan, my family and friends for their support and interest during this graduation period.

Anouk de Bont

(4)

Chapter 1 Introduction

1.1 Introduction of the research problem

Over the last two decades many studies were conducted on the development of the role of the controller within organizations (e.g. Colton, 2001; Hopper, 1980; Roozen & Steens, 2006; Sathe, 1982). Traditionally, the controller was regarded as the financial conscience of the organization (Maas, 2005). He was primarily responsible for the accuracy and reliability of financial reporting to the management. This was based on the perception that the important decisions of the higher management are partly based on the information provided by the controller. However, the role of the controller has developed strongly throughout the years.

Nowadays, the role of the controller has turned into a more advising role to the management, as a result of an increasing company size and complexity, and several environmental influences (Sathe, 1982: 45). Controllers have become more and more involved in helping managers make good business decisions (Merchant & Van der Stede, 2007: 632). Some even predict that the controller will become the real strategist behind the board’s plans (Kaplan, 1995). Numerous authors agree that the role of the controller has become broader (e.g. Baken, 2006; Bots, 2006; Burns, Scapens & Turley, 1996; Colton, 2001; Granlund & Lukka, 1998; IFAC, 2002; Van der Meer-Kooistra, 1999; Riedijk, Tillema & Moen, 2002; Roozen & Steens, 2006; Ten Rouwelaar, 2007; Sathe, 1982; Waal, 2006).

(7)

that the main focus of the controlling function within most companies is still on the reliability of the information (Bots, 2006; Roozen & Steens, 2006).

Looking at the development of the role of the controller over the years, as described above, two common responsibilities can be distinguished that are not fully corresponding. On the one hand, the controller is held responsible for financial reporting and internal control and has to be independent. On the other hand, the controller is held responsible for delivering management-service and has to be involved. Sathe (1982) emphasizes the basic tension between these two roles. It is argued that there is a need for both types of controllers, and that the emphasis on either aspect is dependent on characteristics of the company’s environment and organization.

Roozen and Steens (2006) investigated the effect of an organizational characteristic, the governance and control regime of a company, on both the role and the job requirements of senior controllers. They considered corporate governance practices, an environmental factor, as an important influence on the governance and internal control regime of an organization. They assumed differences in the controller’s role due to the tightness of the governance and internal control regime, in which they operate. Based on the results of their study, they recommended six hypotheses for further research. This thesis further explores and tests two of these hypotheses, particularly focusing on the influence of the governance and control regime of an organization on the role of the controller.

1.2 Research goal and questions

The two different roles of the controller, on the one hand, and the recent changes in the field of corporate governance, on the other hand, have led to the following research goal and questions.

Research goal:

The purpose of this research is to explain the role of the controller in different organizations. In particular, it investigates whether a relationship exists between the governance and internal control regime of an organization and the degree of independence and involvement of its controller.

Research question:

What is the influence of the governance and internal control regime of a company on the role of the controller?

Sub-questions:

- Which roles of controllers can be distinguished?

(8)

- What are the effects of those differences on the controller’s role according to the literature? - Are these effects on the role of the controller empirically confirmed?

1.3 Relevance of the research

With this research a contribution will be made to the management accounting literature that already exists on this topic. Roozen and Steens (2006), for example, indicate that after the research of Vijay Sathe into controller involvement in 1982, no rigorous research into the controller’s profession has been executed. According to Ten Rouwelaar (2007), academic, empirical studies which actually measure and try to explain the variations in controller involvement in management by empirically testing hypotheses are not available (except for the recent study of Zoni and Merchant in 2007, based upon a small sample of 17 large Italian industrial firms). So this research, which will empirically test hypotheses about controller involvement and independence, will be highly relevant.

Furthermore, this research focuses on the recent developments in the environment of companies. Due to recent accounting scandals, laws and regulations related to corporate governance received renewed emphasis. As a result of these changes, companies are starting to pay more attention to their corporate governance structure, which might affect the role of the controller.

Finally, the practical relevance of this research consists of the insights general managers and controllers can gather about the effects of governance on the role of the controller.

1.4 Structure of the thesis

(9)

Chapter 2 Theoretical framework

This chapter explains the theoretical framework concerning the building concepts of this research. It should be noticed that the main focus is the influence of governance and control regimes on the role of the controller. This chapter starts by defining the controller function in section 2.1. Section 2.2 presents an overview of the development of control, the different roles of controllers, and indicates several factors that may influence these roles. Hereafter, section 2.3 discusses the upcoming interest in corporate governance. This section emphasizes the changing demands concerning governance and internal control regimes. Next, section 2.4 discusses the main questions derived from the literature review, which are relevant for the empirical study. The chapter ends with a short conclusion.

2.1 The controller

The main focus of this study is on the controller function. Section 2.1.1 introduces the various definitions used to describe a controller and the tasks of the controller. Hereafter, the distinctive levels on which the controller is active will be explained in section 2.1.2.

2.1.1 Definitions

There are several definitions for the term controller in the management accounting literature (Ten Rouwelaar, 2006). Moreover, several professionals and business associations have wrestled with the difficulty of establishing a benchmark for defining the controller’s role in an organization (Knight, 1982). The reason for this could be that there is a wide range of tasks and competences associated with the controller’s job (Maas, 2006). Some even state that the one controller does not exist, because there is no legally determined job description of a controller (e.g. Bots, 2006). That is why many institutes and other people in the Netherlands use the job description of the VRC (the Dutch association of Chartered Controllers). The VRC (2007) typifies the controller as “the economic conscience of the organization”.

Another widely used and more detailed definition is from Zimmerman (2006: 784). He states that the controller is “the person in charge of both management accounting and financial accounting in an organization; usually the chief accountant. Also called comptroller”.

Hilton (2002: 836) defines the controller as “the top managerial and financial accountant in an organization. He supervises the accounting department and assists management at all levels in interpreting and using managerial accounting information”. This definition of Hilton (2002) is more directional because it also specifies the tasks and roles of the controller. Therefore, this description is also employed in this study.

(10)

statements and reports, design and operate management control systems, prepare and analyze performance reports, supervise internal audit and accounting control procedures, and develop personnel in the controller organization (Anthony & Govindarajan, 2007: 110). Most controllers are also a member of the management team.

2.1.2 Corporate controller vs. business unit controller

The controller function can be centralized, but in large firms this function is usually decentralized. According to Sathe (1983: 31) all companies have a controller at corporate headquarters, the corporate controller. He also argues that the typical organization has controllers at several organizational levels. According to Merchant and Van der Stede (2007) divisionalized companies often have controllers in most of their profit centers and in some of their large cost centers. Therefore, each of the company’s business units may have a controller too. They operate between headquarters and operating company level, and therefore have to balance the strategic, operating and financial aspects of control (Roozen & Steens, 2006). Depending on the organization, there may also be a group controller for each group of business units, controllers in the manufacturing plants, and controllers in the marketing or purchasing departments (Sathe, 1983). This research focuses on controllers in senior positions on different levels within the organization. Therefore, controllers on business unit level, business group level, and corporate level are included. The choice for these types of controllers will be further substantiated in chapter 3.

According to Anthony and Govindarajan (2007: 111-112) business unit controllers have divided loyalties. On the one hand, they owe some allegiance to the corporate controller, who is responsible for the overall operation of the control system. On the other hand, they owe some allegiance to the business unit managers to whom they provide management assistance. The dual allegiance and the hierarchical position of the controller are in line with the two general ways of reporting, solid-line reporting and dotted-line reporting. The choices that corporate headquarters make with respect to the controller’s accountability relationship at the business unit level determine to whom the controller should report. This accountability relationship is also able to steer the role of the controller in a certain direction.

2.2 The role of the controller

(11)

describe the roles of the controller. Section 2.2.3 concludes with describing the determinants of the controller’s role.

2.2.1 The development of control Developments in the field of controlling

From the fifties onwards several developments have taken place in the field of controlling. Three periods can be distinguished (cf. Bots, 2006): the fifties and sixties, the seventies, and the present. The fifties and sixties can be characterized by ‘traditional control’. According to Simons (1995: 80) the fundamentals of control were developed in the 1950s and 1960s for machinelike bureaucracies. In that era, managers told employees what to do and punctually monitored this. Prior to 1960 most theorists tended to assume that organizations could be understood apart from their environments (Otley, Broadbent & Berry, 1995: 35). So, the focus of control was on important internal processes and events within organizations.

In the seventies controlling was illustrated as a cybernetic system. The cybernetic approach was also concerned with closed systems, and a stable goal and environment. Though, at this time, the employees were granted more freedom by the management. The norms were given to the employees and it was their task to obtain the objective. Although this time period considered the environment as stable too, it became increasingly recognized that organizations were interdependent with their environments. As a consequence, the insights of cybernetics extended to a more open perspective.

The nature of the current environment and the needs involved today are significantly different from those that determined and developed the earlier control approaches (Otley et al., 1995). The environment has become more complex, uncertain and diverse, and it has been recognized that organizations operate highly interdependent with their environments. For that reason, this time period can be typified by organizations that demand flexibility, innovation and creativity. Simons (1995) distinguished four levers of control which were regarded equally important in exercising adequate control in that kind of business environment: the diagnostic control system, belief system, boundary system and interactive control system. The diagnostic control system is comparable with the cybernetic system of the seventies.

Developments of the role of the controller

(12)

Traditionally, the controller’s role has been characterized as ‘bookkeeper’, ‘scorekeeper’, ‘beancounter’, ‘corporate policeman’, ‘corporate cop’ and ‘financial historian’ (Colton, 2001; Merchant & Van der Stede, 2007; Russell, Siegel & Kulesza, 1999; Van der Meer-Kooistra, 1999). In this traditional role the controller was primarily responsible for the accuracy and reliability of financial reporting. He provided an assurance of security and credibility to the basic financial process (Sathe, 1982). Therefore, the controller was seen as the financial conscience of the organization (Maas, 2005). After all, important decisions of the higher management are partly based on the information provided by the controller. In the traditional role, a strong emphasis is placed on the independence of the controller, because this makes the chance smaller that the preparation of financial statements and reports, the controller’s primary task, will be manipulated in favor of the affiliated management. So, an independent controller provides an assurance of security and credibility to the basic financial process.

(13)

the results measures that they are expected to oversee and report to corporate (Merchant & Van der Stede, 2007: 633).

The latest development of the role of the controller is the result of higher demands concerning corporate governance. High profile corporate scandals have led to increased government and public scrutiny of accounting practices and procedures (Feeney & Pierce, 2007: 20). This has resulted in a growing emphasis on compliance and transparency which places increased pressures on the organization’s control function (Feeney & Pierce, 2007: 21). These strict laws and compliance guidelines can have an important impact on the role of the controller and might contribute to the fact that the main focus of the controlling function within most companies is again on the reliability of information (Bots, 2006; Roozen & Steens, 2006). Therefore, due to the increased importance of reliable and honest financial data, the controller’s independence becomes more important again.

To conclude, the core activities of the controller have moved from a traditional role, which emphasized financial knowledge and independence, to a management support role, in which decision-making support and involvement were placed central. So, it seems evident that the controller’s role has expanded over the last decade. Nowadays, due to the influence of environmental factors, the traditional role becomes more important again. The twofold nature of these controller’s tasks, the traditional role and the management support role, has got a lot of attention in the literature (Granlund & Lukka, 1998). The next section further elaborates on these roles.

2.2.2 Classifications of the controller’s roles

As mentioned before, several attempts have been made over the past decades to cluster the tasks of the controller into two or more roles (Maas, 2006). Below, an overview is given of the categorizations made of the controller’s role. In the end, it will be argued which classification is used in this study.

(14)

Overall, these classifications all emphasize that the controller has the responsibility of being both independent from management (corporate policeman, chief accounting officer, control role, fiduciary role, oversight role) and involved with management (business advocate, chief performance officer, support role, service role). The independent role coincides with the traditional controller, who is held responsible for providing reliable and honest financial data. The involved role is more present in the controller as business partner, who provides decision-making support for the affiliated management.

Sathe (1982), one of the first researchers into controller involvement in management, already pointed out these two major responsibilities of involvement and independence and their inconsistency. Based on that notice, he distinguished four ideal types of controllers.

First, there is the involved controller, who is actively involved in the business decision making process. He recommends courses of action and challenges the plans and actions of operating executives using prospective information (Sathe, 1983: 36). However, the controller’s involvement might restrain operating executives’ exercise of creativity and initiative.

Second, he describes the independent controller. As the person responsible for the financial reporting and internal control activities, the controller has to be objective and independent in dealing with affiliated management (Sathe, 1983: 36). This results in a greater assurance concerning the accuracy of financial reporting and the integrity of internal control. However, it may also lead to a situation in which the controller is seen as an ‘outsider’ by the management, and may be denied access to sensitive information. This can lead to reactive or ‘after the fact’ control, which means that the controller can only check compliance after certain decisions have already been made because he uses retrospective information.

Third, Sathe (1983: 36) distinguishes the split controller. In this role, the two major responsibilities of, on the one hand, management service and, on the other hand, financial reporting and control are divided among two individuals. In this way, every responsibility receives sufficient attention. However, there are also some potential drawbacks. First, both roles have partly the same information and analysis as a basis, so the split role may lead to extra effort and resources. Second, this approach weakens the coordination between the different activities of the controller function. Third, the person responsible for the financial reporting and control might be isolated by management, while the other person gets all the sensitive management information. Finally, the management involvement might restrain management’s creativity and initiative.

(15)

Overall, it can be concluded that most researchers distinguish two main responsibilities. First, the controller has the responsibility of being involved with the management by providing management service. Second, the controller is responsible for reliable and independent financial reporting and the integrity of internal control. These two roles are not fully consistent because they have a twofold nature. In the first role the controller needs to be involved and in the second role the controller needs to be independent. Due to the importance and the contrast of these two roles in the classification of Sathe (1982), this classification will be used in the remainder of this study.

2.2.3 Determinants of the controller’s role

The developments of the role of the controller, described in section 2.2.1, are the result of influences of external factors. In Sathe’s (1982: 45-48) research into controller involvement in management, he argues that controller involvement is contingent or dependent on the situation or the context in which the controller operates. These findings provide support for the ‘contingency’ or ‘situational’ perspective on organizational behavior, which implies that the controller’s role is determined by contextual factors. In the literature, a variety of factors that affect the role of the controller has been pointed out. This section gives an overview of the general determinants of the controller’s role. The next section (2.3) discusses the relevant factors concerning this research.

(16)

Figure 2.1 Factors influencing controller involvement (Sathe, 1983, p.46)

Van der Meer-Kooistra (1999) makes another distinction of factors that influence the controller’s role. Just like Sathe (1982), she describes both changes inside organizations and influences from outside organizations that have an effect on the role of the controller in the organization (Van der Meer-Kooistra, 1999). However, she uses another classification. The most important external factors, which can be compared with the third class of Sathe (1982), she mentions are: government measures, market developments, developments in technology and changes in the field of management accounting. These external developments lead to internal changes. Next to the external factors, there are also internal factors that can affect the controller’s role and position. These internal factors can be compared with the first and second class of Sathe (1982), about the characteristics of the controller and the management. Van der Meer-Kooistra (1999) distinguishes the following internal factors: type of the organization, strategic position, size of the company and personal characteristics of the controller.

As could be read in section 2.2.1, the environment of the organization plays an important role in both the organization and the controller. This study focuses on the influence of both environmental characteristics and organizational characteristics on the controller’s role. In particular, the developments in the field of corporate governance (an environmental factor) will be discussed, as well as the role of an organization’s governance and internal control regime (an organizational factor), because these factors can be seen as important determinants of the controller’s role. These factors will be further described in the next section.

2.3 Corporate governance

(17)

corporate governance. Hereafter, the developments in the field of corporate governance and its influence on an organizational characteristic, the governance and internal control regime of a company, are being discussed in section 2.3.2 and 2.3.3.

2.3.1 Definitions

There are many definitions of corporate governance. Shleifer and Vishny (1997: 737) work with a fairly narrow definition: “Corporate governance deals with the ways in which suppliers of finance to corporations assure themselves of getting a return on their investment”. The equity- and debt holders can be seen as the suppliers of finance. Though, the corporate governance issues refer in the first place to equity holders, and not to the suppliers of debt. The focus on equity holders can be based on the fact that unlike other stakeholders, shareholders do not have a clearly defined relationship with the company, particularly in terms of rights and obligations (Cools, 2006: 133). Shareholders are not entitled to a predefined return; in advance they only know exactly what they have to supply (the price of the share). Therefore, shareholders want to have other means or powers at their disposal to force the management to offer them a reasonable return on their investment (Cools, 2006: 134). Shleifer and Vishny’s (1997) focus on debt holders is remarkable, because their relation with the company is clearly defined. However, it is also understandable because debt holders have large investments in the firm, and also want to see the returns on their investments materialize.

The definition used by the Cadbury Committee (1992: 15) and the OECD (Organization for Economic Co-operation and Development) (1999) also includes the element of control, which can be linked with the assurance of suppliers of finance described by Shleifer and Vishny (1997), but also addresses the direction of the company. They define corporate governance as “the system by which companies are directed and controlled”.

A broader definition is provided by Merchant and Van der Stede (2007: 577), who describe corporate governance as “the set of mechanisms and processes that help ensure that companies are directed and managed to create value for their owners while concurrently fulfilling responsibilities to other stakeholders”. They have a broader perspective because they also include the stakeholders of the company in their definition.

(18)

2.3.2 The development of corporate governance

The foundations of corporate governance can be recovered in the agency theory. The essence of the agency theory is the separation of ownership and control (Shleifer & Vishny, 1997). The agency theory identifies the agency relationship where one party, the principal, delegates work to another party, the agent. In this context, the agents are the managers and the principals are the shareholders. The agency problem is about how the shareholders can assure themselves that their funds are not expropriated or wasted on unattractive projects. Other main theories that can be associated with the development of corporate governance are transaction cost economics, the stakeholder theory and the stewardship theory (Mallin, 2007).

The last couple of years the attention for corporate governance has increased enormously in Europe and the United States (Cools, 2007). This upcoming prominence of corporate governance practices is particularly caused by the high-profile collapses of a number of large US and European firms. The major business scandals that were uncovered in the early 2000s, including Enron, WorldCom, Tyco, Parmalat, Société Generale and Royal Ahold, and other abuses, such as late trading and market timing in the investment industry, resulted in the fact that the interest in corporate governance has skyrocketed (Merchant & Van der Stede, 2007).

Due to the financial scandals and corporate collapses many countries introduced a corporate governance code for listed companies. These codes contain principles and best practice provisions for good corporate governance. Corporate governance approaches and mechanisms vary widely across countries (Merchant & Van der Stede, 2007: 577). Especially, the Anglo-Saxon and the Rhineland approaches have some substantial differences, like the rules-based vs. the principles-based approach, the unitary vs. the dual board structure, the shareholder vs. the stakeholder orientation, and the market vs. the network orientation. Since both approaches will be used in this research, their differences are further discussed in Appendix A.

Despite the variety of legal backgrounds, cultural and political contexts, business forms and share ownership, generally, all countries have the same motivation for introducing their governance codes (Mallin, 2007). They desire more transparency and accountability and want to win back the investors’ confidence in the stock market as a whole. They also want to prevent corporate collapses in the future. Therefore, “good entrepreneurship, including integrity and transparency of decision-making by the management board, and proper supervision thereof, including accountability for such supervision, are essential if the stakeholders and shareholders are to have confidence in the management board and supervision” (Tabaksblat, 2003: 3). The various international codes were established to safeguard these two pillars on which good governance rests.

(19)

which contained principles concerning the audit committee, the board and the external accountant. Despite these broad corporate governance aspects, the main focus of SOx is on financial reporting, based on the objectives of the COSO (The Committee of Sponsoring Organizations of the Treadway Commission) model of 1992 on internal control. To guarantee the accuracy of the financial reporting a scheme of internal controls has to be employed. The introduction of these new responsibilities for the trustworthiness and reliability of financial reports (Section 302) and new requirements for internal controls (Section 404) directly impacted the finance function (Busco, Giovannoni, Riccaboni, Franceschi & Frigo, 2007).

Examples of reports and codes in Europe are, among others, the Cadbury Report, introduced in the UK in 1992, and the Dutch corporate governance code (Tabaksblat code), initiated in 2003. The UK’s current code, the Combined Code (1998), embodies the findings of three preceding codes: the Cadbury Report (1992), the Greenbury Report (1995) and the Hampel Report (1998) (Mallin, 2007). It consists of a section for companies and a section for institutional investors, and adopts a principles-based approach in the sense that it provides general guidelines for best practice. The Dutch corporate governance code, also called ‘Tabaksblat code’, was originated with the purpose to increase the transparency of the annual accounts, improve the accountability of the supervisory board, and to strengthen the voice and protection of shareholders (Wikipedia, 2008). A more elaborated overview of the SOx and the Tabaksblat code is given in Appendix B, because of their importance in the empirical study.

2.3.3 The governance and internal control regimes of organizations Definitions

Corporate governance systems and management control systems, considered here as a component of internal control, are inextricably linked (Merchant & Van der Stede, 2007: 577). Management control systems focus on the perspective of the top management and look at what can be done to ensure proper behavior of the employees in the organization. Corporate governance systems are a bit broader, because their focus is on controlling the behavior of the top management, and through their direction, also the behavior of all other employees (Merchant & Van der Stede, 2007). Although, much control over top management comes from external forces, such as regulators, boards of directors, and external auditors, there are many overlaps with management control. Therefore, changes in corporate governance mechanisms and practices will usually have immediate and direct effects on the effectiveness of the management control system (Merchant & Van der Stede, 2007). So, it can be assumed that the introduction of best practices for corporate governance has major implications for both the governance and the internal control regime of organizations.

(20)

concerning exercising supervision on the board of the organization, especially by the supervisory board, but also by financiers and other stakeholders (Spoor & Van Nieuw Amerongen, 2007). These two forms of governance can be linked with the two pillars of good corporate governance: good entrepreneurship by the management and proper supervision (Tabaksblat, 2003). So, both internal and external governance are necessary to implement a proper governance regime. Therefore, we believe that both internal and external governance need to be included in this study. The governance regime of an organization can be defined as the regime that “specifies the distribution of rights and responsibilities among different participants in the corporation, such as the board(s), managers, shareholders and other stakeholders, and spells out the rules and procedures for making decisions on corporate affairs” (Clarke, 2004: 1). By doing this, it also provides the internal governance through which the board realizes the goals of the organization and the external governance through which supervision takes place.

As mentioned above, the management control system’s focus is narrower because it looks at the perspective of the top management. The internal control regime, which is used in this research, contains some elements of management control, and some elements of financial reporting and compliance. This regime is mainly influenced by factors inside the organization, and it can be understood as the foundation for good entrepreneurship. Internal control is broadly defined as a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: 1) effectiveness and efficiency of operations, 2) reliability of financial reporting, and 3) compliance with applicable laws and regulations (COSO, 2008; NIVRA, 2002). The first category addresses an organization’s basic business objectives, including performance and profitability goals and safeguarding of resources (COSO, 2008). This category can be characterized as a part of management control because it focuses on achieving the organization’s goals. The second category deals with the preparation of reliable published financial statements, including interim and condensed financial statements and selected financial data derived from such statements, such as earnings releases, reported publicly (COSO, 2008). The third class relates to complying with those laws and regulations to which the organization is subject. These distinct but overlapping categories address different needs and allow a directed focus to meet the separate needs (COSO, 2008). In the rest of this study, these three categories will be referred to as the internal control regime of an organization.

(21)

The influence of corporate governance on the governance and internal control regime

The laws, regulations and guidelines concerning governance have placed high demands on certain aspects of the governance and internal control regime of companies. On the governance side there are demands concerning transparency and disclosure, control and accountability, sound management and board structures. The internal control side has to be concerned with internal control statements, internal control structures, reliable financial information, and compliance with applicable laws and regulations. As a result, organizations have to deal with higher levels of bureaucratization, formal and legalistic approaches and legal codification (Roozen & Steens, 2006). As a consequence, the governance and internal control regime of organizations can become tighter, because there is less room for giving tasks a highly personal interpretation. Instead, the people in the organization have to follow and comply with the established structures, rules and guidelines. It should be noticed that the degree of tightness of the governance and internal control regime is dependent on the governance approach (see Appendix A) and the governance code of a country.

Tight versus loose governance and internal control regime

Although the governance and internal control regimes of organizations are assumed to have become tighter, in this study a distinction is made between organizations with a tight and a loose governance and internal control regime. This makes it possible to measure the influence of the tightness of a governance and internal control regime on the role of the controller. Governance and internal control regime tightness refers to the degree of certainty that people in the organization act according to the wishes of the organization and the governance structure imposed by the corporate governance principles. Thereby, it is assumed that the likelihood of achieving organizational and governance objectives will increase.

A loose regime can be characterized as a regime in which autonomy is allowed, and even encouraged. There is room for entrepreneurship and innovation, and tasks can have a highly personal interpretation. A tight regime, on the other hand, can be characterized as a regime with rigid values and organizational structures, and increased formalization of procedures and standards, in which governance and internal control principles are highly embedded. So, there is less room for own interpretations and decisions-making, due to the strict compliance with rules and procedures.

(22)

when they do not comply, they have to explain why. Therefore, the Dutch corporate governance code is said to be looser.

2.4 The influence of governance on the role of the controller

As described in section 2.3.2, the business environment of companies changed due to financial scandals and corporate collapses, which resulted in higher demands concerning corporate governance. Companies had to respond to these developments to stay successful, which led to an increased emphasis on their governance and internal control systems. These changes in the business environment of the controller do not only have an impact on the different tasks of the controller, but will also have an influence on the spread of attention and time between the two different roles of the controller (Ten Rouwelaar, 2006). We assume that the changes in the governance and internal control regimes of organizations have an impact on the controller’s role. In particular, we expect that, due to the increased emphasis on internal control and governance, the controller has to focus much more than before on providing an assurance of security and credibility to the basic financial process, which asks for an independent role, just like the traditional role (see section 2.2.1).

The theoretical framework raises several questions about the relationship between the governance and internal control regime and the role of the controller, which are of direct relevance for the empirical research. First of all, it is important to know whether, and how, the role of the controller has changed due to the introduction of corporate governance codes, and consequently due to changes in governance and internal control regimes. The development of the role of the controller is placed central in this question. It is expected that the controller’s role has become more independent from the management, due to the increased importance of control related tasks. To investigate this development longitudinal data have to be collected. Therefore, interviews will be conducted with several controllers about their perceptions regarding the development of their role. Second, we would like to know whether the governance and internal control regime of an organization is able to influence the preferred role of the controller. It is assumed that different corporate governance codes have a different impact on the tightness of the governance and internal control regimes of organizations. We expect that these differences codes and their tightness influence the degree of involvement and independence of the controller. To test this, we are going to do a cross-sectional experiment, which measures the effect of the tightness of the governance and internal control regime on the controller’s role.

(23)

control regime of a company on the role of the controller. The conceptual model of this study, which can be found in Figure 2.2, shows this relationship. The role of the controller in this model can be divided into the level of independence and the level of involvement.

Figure 2.2 Conceptual model

2.5 Conclusion

In this chapter the theoretical building blocks, the role of the controller and the influence of corporate governance on the organization’s governance and internal control regime, have been placed central. The content and developments of both concepts are described. This has led to the formulation of two important questions about the development and the preferred role of the controller. The following chapter describes the design and the findings of the case study. Hereafter, chapter four discusses the design and the findings of the experiment.

Governance and Internal Control

Regime

(24)

Chapter 3 Case study into the development of the role of the controller

This chapter investigates the perceptions of senior controllers about the development of their role as a result of the current upcoming corporate governance principles. The objective of this qualitative research is to gain a deeper understanding of the business environment and the role of the controller, from the perspective of senior controllers. It is important to investigate the various changes they have experienced as a controller, so that we can compare the current role of the controller with his role in the past. The insights derived from these interviews proofed to be a valuable addition to the cross-sectional experimental research. Moreover, the findings have been used in setting up the organization descriptions for the experiment (see chapter 4). The first section of this chapter describes the methodology and research design used for investigating the development of the role of the controller. The chapter ends with the findings from the interviews.

3.1 Methodology

The focus of this section is on the methods used to carry out this research. The first section (3.1.1) shortly discusses the main aspects of the research design, including the research method, level of analysis, sampling and data collection. Hereafter, section 3.1.2 describes how the validity and reliability were maintained. Finally, the method of data-analysis is brought up in section 3.1.3.

3.1.1 Research design

It was decided to do a multiple case study in order to capture insights and understanding within actual organizational contexts (Otley & Berry, 1994). The case study was multiple because the role of controllers was studied in two different organizations. These organizations were selected, because it was expected that they represented extremes of governance and internal control regime tightness. The first organization, namely DSM, had to comply with the Dutch corporate governance code. The second organization, namely Shell, had to comply with the Sarbanes-Oxley Act. Within these two cases qualitative data were collected, to see how the role of the controller had developed over time.

(25)

The data were collected by means of semi-structured interviews with these four controllers. The interviews lasted approximately one hour. The questions were set up by means of the concepts in the theoretical framework of this study, and served as guidelines during the interviews. Dependent on the course of the conversation also other, more specific, questions were asked. Because the interviews were held in the Netherlands, the conversations were in Dutch. The most important issues were: the controller’s function, the influence of corporate governance on his function and the controller’s degree of involvement and independence. The list of interviewees and the questions used in the semi-structured interviews can be found in Appendix C.

3.1.2 Research quality indicators

Both Yin (2003) and Baker (1999) state that the quality tests internal validity, external validity and reliability are relevant for case studies. In qualitative research the internal validity is dependent on the interpretations of the researcher concerning the collected data. The validity can be increased by consulting other people. This research has included the interpretations of supervisors and research participants of the university and Ernst & Young to secure the validity. Moreover, the internal validity of the data themselves was increased by means of data triangulation. For example, the interviewees within the same organization sometimes provided the same information.

As the organizational settings of the controllers were rather specific, the findings lack generalizability. Moreover, the research was conducted in only a few settings and had a non-probability design. Although case studies often cannot be used to make statistical generalizations, they can make analytical generalizations. This means that the results can be generalized to some broader theory (Lukka and Kasanen, 1995). Also in this study analytical generalizations will be made. The research only used two cases, but covers broader theoretical issues about the controller’s role. A replication of this study can enhance the analytical generalization.

There may be some concern about the reliability of the data being gathered. Generally, this reliability can be increased through the use of a ‘case study protocol’ (Yin, 2003). In this study, every step that was taken can be followed by an external observer. This ranges from the original research question and the research goal to the theoretical framework, data-selection, and finally the conclusions. Moreover, the researcher has kept careful notes and an audit trail. So, a later investigator should be able to conduct a similar research. Moreover, all interviewees received a report about the conversation and could give feedback on this report.

3.1.3 Data analysis

(26)

analysis. In the first step open coding was used, which means that all field notes were read in depth to identify and formulate ideas, themes or issues. Hereafter, memos were used to give an explanation and interpretation of the data. From the memos, themes have been developed which stand out and form the core ideas of the observation. Finally, the data were interpreted and linked with the literature study, after which conclusions were drawn.

3.2 Findings

This section discusses the findings from the interviews. The first section discusses the findings from DSM. Hereafter, section 3.2.2 presents the findings from Shell. These first two sections also discuss the link of the empirical findings with the academic literature. The last section (3.2.3) compares the findings of both organizations and draws conclusions.

3.2.1 DSM

DSM was originally founded as a state-owned mine company. Later on DSM also ended up in the gas and oil sector. Today, DSM is active in nutrition, pharma, performance materials and industrial chemicals. These four clusters consist of business groups, which are profit, loss and strategy responsible. These business groups are subsequently made up of several business units that are profit and loss responsible. DSM is listed on the AEX, has to comply with the Dutch corporate governance code, and has a dual board structure. The basic organizational structure of DSM is described in Figure 3.1. The departments of the controllers interviewed are represented in red: the senior manager corporate risk management and the business group controller food specialties. These controllers will be referred to as, respectively, corporate controller and business group controller.

DSM Nutrition Pharma Intermediates Performance Materials Nutritional Products Industrial Chemicals Corporate Risk Management

Food Specialties Special Products

Savoury Ingredients Dairy Ingredients Enzymes Functional Food Ingredients Ingredients Development Unit DSM Nutrition Pharma Intermediates Performance Materials Nutritional Products Industrial Chemicals Corporate Risk Management

Food Specialties Special Products

Savoury Ingredients Dairy Ingredients Enzymes Functional Food Ingredients Ingredients

Development Unit

Figure 3.1 Basic organizational structure DSM1

(27)

Corporate risk management, established in 2007, is an independent staff department of DSM and is globally responsible for compliance and internal control matters. According to the corporate controller DSM’s risk management has a broad focus: “We don’t want to restrict ourselves to financial reporting”. Therefore, DSM applies the COSO enterprise risk management report. Corporate risk management has been working on implementing control designs and corporate requirements, embedding controls into the standard business processes, and compliance. The corporate risk management department reports to the CFO.

The business group Food Specialties (DFS) is a global supplier of advanced ingredients for the food industry. The business group controller of DFS has a team of ten controllers, including plant controllers, product-market controllers and business unit controllers, who are occupied with operational discussions, such as pricing, contracts, cost management, and cost accounting. They have a hierarchical line with the business group controller and a functional line with their business unit manager. In the literature this is called solid-line reporting (Merchant & Van der Stede, 2007). In this case the business group controller defines the business unit controllers’ tasks and evaluates them. The business group controller himself is responsible for the whole business group in the field of the control framework, compliance, work processes and strategy. He also has a controlling role in the management team of DFS. He reports hierarchically to the business group manager and functionally to the corporate controller/CFO. In the literature this is called dotted-line reporting (Merchant & Van der Stede, 2007). In this case the business unit manager decides what the activities of the controller are and evaluates his performance. So the reporting lines of the business units and the business group are the other way around. Though, according to the business group controller, there is a strong, direct and open functional line with the CFO. “The finance & control discipline is strong, I see myself in the first place as a member of DSM and in the second place as a member of DFS”.

(28)

analyse the situation objectively. When a controller becomes too independent he is often experienced as distant and unengaging. So, it is hard to balance these two roles well. This field of tension is always around; it is part of the controller function”. Personally, he never experienced situations where people crossed the lines of integrity within DSM.

According to the business group controller, the role of the controller has become broader. “In the past, the controller was responsible for bookkeeping and transparency, and this is still the basis of his role. Since a few decennia, however, the controller developed towards a business partner. Nowadays, he is also responsible for the internal control tasks”. These statements correspond with the literature that states that the role of the controller has developed. Based on the literature it was expected that the controller would be more occupied with compliance, financial reporting and internal control. Within DSM business group controllers did have to deal with these issues more often, though they get some assistance by means of an internal control officer.

The corporate controller illustrated DSM’s development in the field of standardization and internal control. In the nineties, all business groups were given more responsibilities, on the advice of McKinsey. At that time, the business groups were granted too much freedom according to the corporate controller. Also the provision of information was not well arranged. Subsequently, SAP, a single software program for the whole organization, was implemented. At the end of the nineties DSM realized that it needed to standardize its processes in order to be able to keep producing at low cost. So, at the beginning of 2000 DSM started to develop standard business processes.

As a result of the financial scandals in America, the increasing pressure on financial reporting and compliance with codes, and DSM’s shortcomings in the field of internal control, DSM started a compliance project in 2005, called True Blue. This project aimed at implementing their control designs and corporate requirements into the standard business processes that were developed from the year 2000. As part of this two-year project they improved and reformulated the corporate requirements. The summaries of these requirements for all processes were distributed among senior managers, and teams went around the world to implement the requirements. In the end, DSM had a reasonable robust risk management system. The corporate controller stated that “by implementing the corporate requirements, DSM also complied with the demands of Tabaksblat”. The True Blue project was aimed at compliance, but was also directed at efficiency. Overall, the Tabaksblat code was an important cause for improving DSM’s internal control structure.

(29)

DSM (live the values, comply with the requirements, apply the practices and manage your risks) are also a powerful foundation for compliance”.

DSM is an advocate of the principles-based orientation of Tabaksblat. According to the business group controller “the rules-based systems in America are not consistent with DSM’s culture. DSM wants to have a system in which people have to use their common sense and in which ‘substance over form’ applies”. They want to create a structure that complies with the codes and regulations and at the same time also creates value within DSM. DSM does not want to implement too many rules, but, instead, it wants to find a balance between regulation, on the one hand, and improvement of the business processes and flexibility, on the other hand. Therefore, the internal processes need to be well organized, according to the corporate controller.

The division of independence and involvement has not changed for the controllers due to the introduction of Tabaksblat, according to the corporate controller. “Though, more attention has been drawn to the responsibilities of the controllers. They have become more aware of this”. Corporate governance, the requirements and True Blue have also contributed to this by creating a clear structure. “Sometimes it is just easier to have clear, objective and business rules to hold on”, states the business group controller. Based on the literature we expected that the importance of independence would increase due to the implementation of a governance code. Within DSM independence is seen as an important responsibility, which forms the basis of the controller’s role. This is supported by the corporate requirements and True Blue, so controllers have become more aware of it. Nevertheless, nowadays the management primarily stimulates involvement and sees independence as a qualifier.

3.2.2 Shell

The Shell organization as known today was established through a joint venture between the Dutch “Koninklijke Nederlandse Petroleum Maatschappij N.V.” and the UK “Shell Transport and Trading Company Ltd.”. Nowadays, Royal Dutch Shell is a global group of energy and petrochemical companies. The core activities of Shell in the Netherlands are almost all represented in: upstream, downstream, other divisions and supporting functions. These core activities can be divided into five segments. Other divisions are, amongst others, Global Solutions, Renewables and of course the corporate supporting staff. Shell is listed on the NYSE, has to comply with the Sarbanes-Oxley Act and has a dual board structure. The basic organizational structure of Shell is described in Figure 3.2. The departments of the controllers I spoke with are represented in red: the controller of SNR and the controller of SNV.

(30)

some smaller classes of business. Besides that, the controllers department of SNR is responsible for compliance with IFRS, SOx and the manual of authority. Also the SAP Security system is part of their tasks.

Shell

Upstream Downstream Other

Oil Products Chemicals

Manufacturing (SNR) Marketing (SNV)

Exploration &

Production Gas & Power

Shell

Upstream Downstream Other

Oil Products Chemicals

Manufacturing (SNR) Marketing (SNV)

Exploration &

Production Gas & Power

Figure 3.2 Basic organizational structure of Shell2

Shell Nederland Verkoopmaatschappij (SNV) sells fuel and lubricants and also arranges the purchase of raw materials and the transport and storage of Shell-products. The controller of SNV, who is also the controller of EuroShell and Lubricants, has a team of six financial and management accountants. The controllers department is responsible for the quarterly external reporting and the internal reporting for each class of business. SNV also consists of several classes of business: retail, lubricants, marine, aviation, commercial road transport, commercial fuels, distribution and supply. Moreover, the controllers department is also responsible for compliance with the accounting standards, such as the NL GAAP (Dutch Generally Accepted Accounting Principles) and IFRS (International Financial Reporting Standards), and country rules. The controller of SNV is also involved in implementing new projects, staff management, and controls.

Both SNR and SNV are in the middle of a migration of their controlling tasks to a shared service center in Poland. After this migration, only the controllers of SNR and SNV themselves and their deputy controller will remain active in the Netherlands. From then on, they will be responsible for monitoring and communicating with the business and the shared service center.

As a result of a reserve-issue of Shell in 2002, in which reserves were reported that were too high, and the financial scandals of Enron and WorldCom at that time, Shell decided to set up a separate controllers organization. This independent organization is responsible for compliance and reporting. This means that all controllers within Shell primarily report to a controller at a higher level within the controllers organization, and are completely independent from the Shell organization. Next to this controllers organization, each class of business has a business finance organization, which is responsible

(31)

for management reporting, business support etc. So by splitting up the controller and the business finance function, there is a clear separation between independence and involvement. This separation coincides with the ‘split controller’ Sathe (1983) describes. In this role, the two major responsibilities of, on the one hand, management service and, on the other hand, financial reporting and control are divided among two individuals. In this way, every responsibility receives sufficient attention (Sathe, 1983). The controllers of SNV and SNR are both pleased with their independent role. The controller SNR states that “when there is discussion with the business finance function about what to report, our numbers are always leading”. Nevertheless, the controllers also have a functional relationship with management. This implies that the controllers have to report solid-line. In this case, the corporate controller defines the business group controllers’ tasks and evaluates them.

Although the responsibilities of independence and involvement are split up within Shell, there sometimes are discussions between business finance and the controllers. Then, they have to find a solution that is both workable and covers all risks. Thereby, business finance also understands the position of the controllers, according to the controller SNV.

(32)

The development of the controller function: the influence of corporate governance RDS Controls RDS Controls Key FCM Controls Key FCM Controls FCM Controls FCM Controls Business Controls Business Controls RDS Controls RDS Controls Key FCM Controls Key FCM Controls FCM Controls FCM Controls Business Controls Business Controls

High risk, ≥ 50 million impact

High risk, ≥ 10 million impact

Low risk, ≤ 10 million impact

Low risk, small impact

Figure 3.3 Shell’s risk-based approach of controls

Based on the literature we expected that the corporate governance discussion has influenced the governance and internal control regimes of organizations and has made them tighter. Within Shell this proves to be right. Overall, the introduction of SOx had changed a lot within Shell, according to both controllers. There is more awareness for control and everything is more formalized. In the beginning this cost a lot of extra time and money. There are tighter reviews, controls, documentation and evidencing. Nevertheless, both controllers see this as a positive development for Shell. Now, everyone is more aware of certain risks and the controllers can do accounting based on good and reliable numbers.

Based on the literature it was expected that the controller would be more occupied with compliance, financial reporting and internal control. This is confirmed by the controller SNV. He states: “controls have become an important part of my work, the monitoring of the controls as well as the controls on my own activities. A lot of controls apply to financial reporting.”

3.2.3 Conclusion

The Development of The Development of The Development of The Development of the Controller Functionthe Controller Functionthe Controller Functionthe Controller Function

Master Thesis

Master Thesis

Master Thesis

Master Thesis

Master of Science in Business Administration

Master of Science in Business Administration

Master of Science in Business Administration

Master of Science in Business Administration

Organizational & Management Control

Organizational & Management Control

Organizational & Management Control

Organizational & Management Control

The Development of

The Development of

The Development of

The Development of

the Controller Function

the Controller Function

the Controller Function

the Controller Function

---- The Influence of Corporate

The Influence of Corporate

The Influence of Corporate

The Influence of Corporate Governance

Governance

Governance

Governance ----

Preface

Table of contents

Chapter 1

Introduction

Chapter 2

Theoretical framework

Chapter 3

Case study into the development of the role of the controller