Presenting an Optimal Model of Internal Controls to Reduce the Risk of Enterprises

Various models have been designed and introduced for internal controls. These systems always have strengths and weaknesses. The most important reasons for the weakness of internal control systems in business units are the traditional systems and their lack of upgrades. The main purpose of this paper is to present an optimal model of internal controls in order to reduce the risk of enterprises. This research is a qualitative research that has been done using an approach based on data foundation theory. The statistical population consisted of experts and professors from the field of auditing and related experts who using a purposeful sampling approach, a total of 12 people were selected as participants in the study. Data were collected through semi-structured interviews. The final conceptual model of this research has been developed in the form of statistics of causal conditions, background conditions, mediators, strategies and consequences of implementing the desired internal control. In this research, Maxqda software has been used to encode and analyze the data. The results of this study showed that from the perspective of professional institutions, factors such as governing laws and regulations, the commitment of executive officials to accountability, accounting and financial reporting system and control and monitoring methods, as well as from the perspective of information users Financial factors such as long-term profitability, prevention of any embezzlement and fraud, preparation of reliable financial and management reports, can be as causal factors affecting the quality of internal control to reduce the risk of businesses. Finally, considering the mediating conditions and its context and considering the localized pattern in the study, strategies to increase the effectiveness of internal control at five levels of necessary solutions in the control environment, risk assessment, control activities, information and communication and Then monitoring activities were presented.