ISSN (Online): 2321-3418
server-injected
Economics and Management
Open Access

Evaluation and Formulation of Risk Management Strategies in the Management of Advance Payments for Activities at Universitas Kristen Indonesia

, ,
DOI: 10.18535/ijsrm/v14i06.em06· Pages: 10750-10756· Vol. 14, No. 06, (2026)· Published: June 5, 2026
PDFAuto
Views: 42 PDF downloads: 32

Abstract

This study aims to analyze the management of advance payments for activities at Universitas Kristen Indonesia during the 2022–2025 period, focusing on the evaluation of risks related to delays in accountability reports (LPJ) and the effectiveness of internal controls. The research adopts a descriptive quantitative approach using secondary data consisting of 6,428 transactions, with a sample of 100 transactions determined through the Slovin formula and stratified proportional sampling. Data analysis was conducted using a risk management framework based on ISO 31000:2018 and the COSO ERM (2017) internal control model. The findings reveal that delays in LPJ submission exceeding 60 days ranged between 23% and 32% annually, with an average likelihood of 26.75%. This indicates that the risk is recurring rather than incidental. Risk assessment produced a score of 12 (Likelihood 3 × Impact 4), placing it in the High Risk category. The results also show that the primary risk does not lie in the amount of advance funds, but rather in the delays in LPJ completion. Furthermore, the year 2023 was identified as a risk hotspot, with the highest delay rate of 32%. Evaluation of internal controls indicates that the efast system has been effective in the approval stage but remains weak in monitoring and post-control functions. A significant gap was also found between SOPs and operational implementation, particularly in timely reporting and administrative compliance. In conclusion, the management of advance payments at Universitas Kristen Indonesia is still categorized as high risk. Strengthening internal control systems, enhancing system-based monitoring, and optimizing compliance with SOPs are required to improve the effectiveness of financial governance.

Keywords

Advance payments accountability report (LPJ) operational risk COSO ERM ISO 31000 internal control

1. Introduction

Financial management in higher education institutions plays a strategic role in supporting the continuity of both academic and non-academic activities. Universities are required to apply the principles of good university governance through accountable, transparent, effective, and efficient financial administration. One common mechanism employed is the provision of advance payments, which serve as initial funds allocated to work units to accelerate the implementation of activities in accordance with the budget.While this mechanism enhances operational flexibility, it also carries potential risks such as delays in accountability reporting, discrepancies in fund utilization, incomplete supporting documents, recording errors, and outstanding advances. These issues may affect the quality of financial statements, the effectiveness of internal controls, and the overall accountability of the institution.According to the concept of risk management (ISO 31000:2018; Kaplan & Mikes, 2012), risks do not only stem from external factors but also from weaknesses in internal processes. Therefore, the management of advance payments needs to be integrated with the Enterprise Risk Management (ERM) approach as developed by COSO (2017). ERM emphasizes organizational culture, capabilities, and practices that are aligned with strategy and performance to manage risks and safeguard organizational value. This study highlights the importance of applying COSO ERM in the management of advance payments in higher education institutions as a means to strengthen internal control, accountability, and the effectiveness of achieving organizational objectives.Advance payment management in universities is a crucial mechanism for operational flexibility but also entails risks that must be effectively controlled. The approval and authorization of transactions prior to fund disbursement form part of internal control, ensuring alignment with budgets, activity needs, and applicable authority. Once funds are utilized, work units are required to submit accountability reports in accordance with regulations, making oversight of advance settlement critical to prevent outstanding balances that could compromise financial accuracy and increase administrative or financial risks.Compliance with standard operating procedures (SOPs) is also essential to maintain process consistency, clarify responsibilities, and reduce potential irregularities. Poorly monitored outstanding advances may pose risks to cash management effectiveness and organizational accountability. Moreover, advance payment management carries operational risks such as delayed accountability reports, recording errors, incomplete supporting documents, and misuse of funds. The risk of fraud may also arise if monitoring and internal controls are not effectively implemented.The COSO Enterprise Risk Management (ERM) framework is relevant as it encompasses control activities, monitoring, compliance with policies, and integrated risk assessment aligned with organizational strategy and performance. This approach is more comprehensive than traditional controls, as it not only focuses on risk identification but also evaluates the effectiveness of internal controls and organizational processes. ISO 31000 serves as a supporting framework for risk identification and analysis, while COSO ERM functions as the primary framework for risk evaluation and internal control assessment.Previous studies have shown that weak internal controls and poor implementation of risk management increase the likelihood of fraud and organizational inefficiency. Conversely, effective ERM implementation strengthens oversight of operational risks and enhances decision-making quality. Universitas Kristen Indonesia, as a higher education institution, faces similar challenges in maintaining effective financial management, particularly in the administration of advance payments involving multiple work units, administrative processes, and financial approval systems.Based on these conditions, this study aims to conduct a comprehensive risk analysis of advance payment management at Universitas Kristen Indonesia by assessing risk levels, evaluating the effectiveness of internal controls, and examining the alignment between SOP implementation and actual practices. The data used include advance payment transactions from 2022–2025, SOPs, business process flows, and financial approval systems. The research is conducted through document analysis and process evaluation based on data, without involving interviews or questionnaires.

2. Research Methodology

This study adopts an evaluative descriptive approach using quantitative methods based on secondary data. The objective is to portray the actual condition of advance payment management while simultaneously assessing the effectiveness of internal controls and organizational risk management. Secondary data were chosen because the research focuses on organizational documents, financial transactions, and existing information systems, particularly the efast system, which is integrated and paperless.The research was conducted at Universitas Kristen Indonesia, covering data from 2022 to 2025. The object of study includes the entire process of advance payment management, starting from submission, approval and disbursement, activity implementation, up to the submission of accountability reports. The analysis also emphasizes the efast system as the primary platform supporting authorization, monitoring, and organizational information flow.Data sources consist of accountability reports, advance payment transaction records, standard operating procedures (SOPs), internal audit reports, and digital records from the efast system. Data were collected through documentation and system observation, ensuring that the study relies on objective, historical, and documented evidence.The research variables include the effectiveness of advance payment management, financial risk, and internal control. Effectiveness is measured through the timeliness of accountability reports, conformity of realization with the budget, compliance with SOPs, and completeness of digital documentation. Financial risk is analyzed using the ISO 31000 framework through likelihood and impact indicators, while internal control is evaluated based on the five components of COSO ERM.Data analysis was conducted descriptively to illustrate actual conditions, followed by SOP compliance analysis, risk analysis using a risk matrix, and internal control evaluation based on COSO. Gap analysis was applied to compare actual practices with ideal standards, while process analysis mapped the efast workflow and control points that may generate risks. The validity of findings was strengthened through data triangulation by comparing SOPs, transactions, accountability reports, audit results, and digital system workflows.

a. Research Analytical Framework

The analytical framework of this study is designed to provide a systematic evaluation of advance payment management, internal control, and organizational risk management. The analysis begins with the identification of workflows within the efast system, followed by data collection through documentation and system observation. Descriptive analysis is then applied to transaction data to reveal patterns in fund utilization, delays in accountability reports (LPJ), and budget conformity. Business processes are evaluated to assess workflow effectiveness and control points. Operational, compliance, and financial risks are identified and analyzed using the ISO 31000 approach, focusing on likelihood and impact indicators. Internal control evaluation is conducted based on the five COSO components: control environment, risk assessment, control activities, information and communication, and monitoring. Gap analysis is employed to compare actual practices with ideal standards, and the results serve as the foundation for formulating risk management strategies and recommendations for strengthening internal controls.

b. Population and Sample

The study applies a combination of risk-based sampling and stratified sampling to select advance payment transactions for analysis. The population consists of 6,428 transactions recorded between 2022 and 2025. Using the Slovin formula with a 10% margin of error, the minimum sample size is approximately 98 transactions; however, 100 transactions were chosen to enhance representativeness. Sampling was stratified by risk level: high-risk transactions (around 60%) characterized by LPJ delays exceeding 60 days and weak documentation; medium-risk transactions (around 25%) involving units with high activity frequency and significant fund values; and low-risk transactions (around 15%) selected randomly as a comparison group. This approach aligns with ISO 31000 principles, which emphasize focusing on areas with the highest risk exposure to ensure that the evaluation of internal control effectiveness is relevant and comprehensive.

3. Advance Payment Management Data

Table 1 Advance Payment Management Data
Year Advance Payment Value Number of Submissions LPJ > 60 Days Percentage
2022 Rp 21,057,538,896 1,592 451 28%
2023 Rp 15,555,959,337 1,617 520 32%
2024 Rp 18,328,157,089 1,725 405 23%
2025 Rp 14,092,093,797 1,494 354 24%

Transactions are not always linear with the value of advance payments. In 2024, the highest number of submissions was recorded (1,725 transactions), yet the total value of advance payments was not the largest. This indicates that the intensity of activities is not always proportional to the size of the budget, reflecting variations in activity characteristics across different years.

The value of advance payments experienced significant fluctuations. In 2022, the highest allocation was recorded at approximately Rp 21.05 billion, while in 2025 the lowest allocation was noted at Rp 14.09 billion. This dynamic reflects changes in budget allocation patterns, activity intensity, and possible internal policy adjustments in managing operational funds.

Delays in accountability reports (LPJ) exceeding 60 days remained consistently high.

Table 2 Persentase keterlambatan LPJ
Year LPJ >60 Days
2022 28%
2023 32%
2024 23%
2025 24%

The delay rate ranged between 23–32%, with an average of 26.75%. From the perspective of ISO 31000:2018, this figure indicates a recurring risk, meaning a risk that reappears annually and is not incidental. The probability of delay falls into the medium-to-high category. Meanwhile, under the COSO ERM (2017) framework, LPJ delays are classified as both an operational risk, arising from weaknesses in internal processes, and a compliance risk, due to non-adherence to organizational SOPs. These findings point to weaknesses in control activities and monitoring activities. Thus, LPJ delays are not merely an administrative issue but serve as an early indicator of deficiencies in the internal control system, which must be addressed promptly to safeguard accountability and ensure the effectiveness of financial management for institutional activities.

a. Operational Risk Analysis

Referring to the COSO ERM (2017) framework, the risks arising in advance payment management fall under the category of operational risk, which stems from weaknesses in internal processes. The primary risks identified include delays in the submission of accountability reports (LPJ), discrepancies between budget realization and planned allocations, unresolved outstanding advances, and inadequate system monitoring. These findings indicate that the risks are not merely administrative in nature but also structural, as they are directly connected to the effectiveness of the organization’s internal control system.

b. Risk Analysis (ISO 31000:2018)

The likelihood of LPJ delays was calculated based on historical data from 2022–2025. Using the formula:

Likelihood = 28+32+23+24 4 = 107 4 =26.75 %

This result shows that, on average, more than one out of four transactions experienced LPJ delays. The risk is recurring and falls into the moderate to high likelihood category.

The impact of this risk includes disruptions in financial reporting, audit findings, potential fraud, and delays in cash flow. According to the COSO ERM classification, these consequences are considered high impact (score = 4).

By combining likelihood (score = 3) and impact (score = 4), the risk score is calculated as:

Risk Score =3×4=12

This score places LPJ delays in the High Risk category, meaning they require immediate mitigation. The findings confirm that the issue is not merely administrative but reflects weaknesses in internal control activities and monitoring processes. Strengthening these components is essential to safeguard accountability and ensure the effectiveness of financial management.

c. Internal Control Evaluation (COSO ERM) – Control Activities

The approval and disbursement of funds have been carried out digitally through the efast system. However, the controls applied after disbursement remain weak, creating gaps in the post-control mechanism. This situation shows that while the system ensures proper authorization at the initial stage, the monitoring and accountability processes following disbursement are not sufficiently robust, leaving room for recurring risks such as delayed accountability reports, incomplete documentation, and unresolved outstanding advances.

d. Monitoring

From the monitoring perspective, accountability reports (LPJ) submitted beyond 60 days remain at a high level, ranging between 23% and 32%. This indicates that the monitoring process has not yet been effective and lacks a preventive function.

e. Compliance SOP

There is approximately 25% non-compliance across transactions, which reflects the existence of a compliance gap.

f. Gap Analysis

Table 3 CaptionGap Analysis
Aspect Ideal Actual Gap
Accountability Report (LPJ) ≤ 30 days > 60 days High
Monitoring Real-time Reactive Significant
SOP Compliance 100% 70–75% Moderate–High
Risk Level Low High Substantial

Main Findings

a. The primary risk lies not in the advance payment amount, but in LPJ delays

The analysis indicates that the volume of advance funds managed (approximately IDR 14–21 billion per year) is not the main source of risk. The more dominant risk arises from the timeliness of accountability report (LPJ) submission. This is evident from the consistent delays, ranging between 23%–32% of total transactions each year. Within the COSO ERM (2017) framework, this condition suggests that the risk is more of a process risk rather than a financial magnitude risk. In other words, the core weakness does not lie in the size of the funds managed, but in the effectiveness of the accountability cycle and internal controls after fund disbursement.

b. The year 2023 represents a risk hotspot (32%)

In 2023, LPJ delays reached the highest level at 32%, which methodologically qualifies as a risk hotspot since it exceeds the average for the study period (26.75%). From the perspective of ISO 31000 (2018), this reflects a concentration of risk (risk clustering) during a specific period. Such a condition may indicate changes in activity intensity, administrative workload, or temporary weaknesses in the internal control system during that year. Consequently, 2023 becomes a critical point requiring special attention in risk mitigation strategies, as it has the potential to trigger LPJ backlogs in subsequent periods.

c. The efast system is strong in approval but weak in monitoring

The evaluation of internal controls shows that the efast system has functioned effectively at the approval and authorization stage, meaning that the control activities at the front end have been well digitalized. However, the main weakness lies in the posttransaction monitoring stage, particularly in tracking the completion status of accountability reports (LPJ) in real time. This is evident from the consistently high number of outstanding LPJs across all periods of analysis. Within the COSO Internal Control (2013) framework, this condition reflects an imbalance between preventive controls (approval), which are already strong, and detective controls (monitoring), which remain weak. As a result, delays are not detected early and tend to recur.

d. Significant gap exists between SOPs and operational implementation

Gap analysis reveals a considerable discrepancy between SOP requirements and actual practices in the field. Normatively, SOPs stipulate that LPJs must be completed within 30 days, yet empirical data show delays exceeding 60 days in most cases. This indicates a substantial compliance gap, namely a misalignment between formal rules and operational execution. From Biazzo’s (2009) perspective, this condition illustrates a disjunction between process design and process execution, which may stem from weak enforcement, insufficient monitoring, or low administrative discipline within work units.

4. Conclusion and Recommendations

a. Conclusion

Based on advance payment transaction data from Universitas Kristen Indonesia for the period 2022–2025, with a sample of 100 transactions, it was found that delays in accountability reports (LPJ) exceeding 60 days remained consistently high, ranging between 23%–32% annually. The average delay was calculated using the formula:

Likelihood =(28+32+23+24) / 4=26.75 %

This value indicates that more than one out of four transactions experienced LPJ delays. Within the ISO 31000:2018 framework, this condition is categorized as a recurring risk, as it appears repeatedly each year rather than being incidental. The risk impact is classified as high (score = 4) because it affects financial reporting, audit findings, potential fraud, and organizational cash flow. With a likelihood score of 3 and an impact score of 4, the calculation yields:

Risk Score =3×4=12

Thus, LPJ delays fall into the High Risk category. The sample distribution shows that 2023 was a risk hotspot, with the highest delay rate at 32%. The COSO ERM evaluation confirms that the main weakness lies in monitoring activities and postcontrol mechanisms. Gap analysis further highlights discrepancies between ideal and actual conditions, particularly in LPJ timeliness (ideal ≤30 days, actual >60 days), SOP compliance (only 70–75%), and overall risk levels that remain high.

5. Risk Management Strategy

The risk management strategy is developed using the ISO 31000 and COSO ERM approaches, divided into three main categories: preventive, detective, and corrective.

a. Preventive Strategies

  • Digitalize the monitoring system for advance payments and LPJs in real time to enhance visibility and control.

  • Conduct regular SOP socialization to strengthen compliance and raise risk awareness.

  • Implement automated reminders for LPJ deadlines as an early warning mechanism.

  • Enforce noncash transactions via bank transfers to ensure transparency and reduce fraud risk.

  • Standardize accountability document checklists so that each LPJ submission is complete and valid.

b. Detective Strategies

  • Periodic monitoring of advance payment positions and LPJ status.

  • Development of a financial risk dashboard to visualize highrisk areas.

  • Riskbased internal audits to ensure examinations focus on vulnerable areas.

  • Aging analysis of advance payments to detect transactions that exceed the normal time limit.

  • Early warning system to identify potential delays before they cause serious impact.

c. Corrective Strategies

  • Automatic escalation to top management for LPJs that exceed the deadline.

  • Training on LPJ preparation for work units to improve administrative competence.

  • Regular reconciliation between budget and realization to detect discrepancies at an early stage.

  • Enforcement of administrative sanctions for repeated violations.

  • Standardization of LPJ formats to make verification and auditing more efficient.

c. Risk Response (ISO 31000)

  • LPJ Delays (High Risk) → Mitigation through system digitalization, automated reminders, and strengthened monitoring.

  • Nontransfer Payments (Very High Risk) → Avoidance by requiring all transactions to be conducted via bank transfer.

  • Incomplete Documentation (High Risk) → Mitigation through standardized checklists and layered verification.

  • Absence of Procurement Documents (High Risk) → Compliance enforcement through strict SOP implementation and administrative sanctions.

  • Unclear Transaction Evidence (Medium Risk) → Administrative improvement through standardized formats and digital archiving.

6. Main Conclusion

This study confirms that delays in accountability reports (LPJ) represent a recurring risk with a high risk score of 12, requiring mitigation strategies centered on system digitalization, automated reminders, and strengthened SOP compliance. The primary weakness lies in monitoring activities and postcontrol mechanisms, making improvements to internal control systems a strategic priority for enhancing accountability and the effectiveness of advance payment management.

7. Recommendations

a. Recommendations for the University

Develop an integrated, risk based financial information system that provides comprehensive visibility over advance payment positions, LPJ status, and potential delays in real time. The system should function not only as a transaction recording tool but also as a risk control mechanism capable of issuing early warnings for potential delays and irregularities.

Strengthen the implementation of COSO within the Enterprise Risk Management framework, particularly in monitoring and control activities, to ensure that every advance payment process is both compliant and effective in reducing operational and compliance risks. Establish timeliness of LPJ completion as a mandatory Key Performance Indicator (KPI). This KPI should be incorporated into unit performance evaluations, ensuring that compliance with LPJ deadlines directly impacts organizational performance assessments. Revise SOPs for advance payment management by reinforcing risk control aspects, including stricter LPJ deadlines, sanctions for repeated delays, aging mechanisms to monitor transaction maturity, and classification of transactions eligible for advance payments. Enhance human resource capacity in digital financial management, focusing on system utilization, SOP comprehension, and risk awareness, to ensure that digital transformation is effective and not merely procedural.

b. Recommendations for Work Units

Improve discipline in submitting LPJs on time in accordance with SOP requirements, as delays have proven to be the primary source of risk in advance payment management. Ensure that all accountability documents are complete, valid, and verifiable before submission to avoid file returns or delays caused by administrative deficiencies. Avoid non transfer transactions and ensure that all payments have a clear audit trail to strengthen financial transparency and accountability.

Enhance coordination with the finance department, particularly in clarifying procedures, verifying documents, and resolving administrative issues to improve the effectiveness of advance payment management.

c. Recommendations for the Finance Department

Conduct active, system based real time monitoring of all advance payment transactions and LPJ status to detect potential delays early before they escalate into major risks. Develop a financial risk dashboard to provide clear visualization of risk positions, including LPJ delays, outstanding advances, and unit compliance status. Implement automated reminders for LPJ deadlines to notify units before and after due dates, thereby improving compliance with submission timelines. Strengthen document verification prior to approval using multi layer verification to ensure that all documents meet administrative and accounting standards.Prepare periodic risk reports based on ISO 31000 standards to support decision making through systematic and measurable risk analysis.

d. Recommendations for Future Research

Future studies should develop a technology based risk dashboard capable of integrating transaction data, risk monitoring, and predictive analytics automatically. Integrating budget efficiency analysis with financial performance evaluation is necessary to provide a more comprehensive picture of fund utilization effectiveness in higher education institutions. Future research may employ advanced analytical methods such as Structural Equation Modeling (SEM) or data analytics to gain deeper insights into variable relationships in financial management.

Further studies should analyze the impact of digitalization on the effectiveness of internal controls, particularly in the context of technology driven financial system transformation in universities.

E. Closing

Advance payment management is a critical aspect of university financial governance that demands accountability, transparency, and strict compliance with SOPs. The findings reveal that although improvements have been made in certain operational areas, LPJ delays remain categorized as High Risk, indicating that internal control systems are not yet fully effective, especially in monitoring and compliance. By applying ISO 31000 and COSO ERM approaches, reinforced with financial system digitalization, advance payment management at Universitas Kristen Indonesia is expected to become more effective, transparent, and capable of significantly reducing risk levels in the future.

References

  1. Abdullah Alzeban, & Gwilliam, M. (2014). Factors affecting the internal audit effectiveness: A survey of the Saudi public sector. Journal of International Accounting, Auditing and Taxation, 23(2), 74–86. Google Scholar ↗
  2. Arens, A. A., Elder, R. J., & Beasley, M. S. (2017). Auditing and assurance services: An integrated approach (16th ed.). Pearson. Google Scholar ↗
  3. Arens, A. A., Elder, R. J., & Beasley, M. S. (2020). Auditing and assurance services: An integrated approach (17th ed.). Pearson. Google Scholar ↗
  4. Aren, S., & Aydemir, S. D. (2015). The moderation of financial literacy on the relationship between individual factors and risky investment intention. Procedia Economics and Finance, 24, 17–25. Google Scholar ↗
  5. Association of Certified Fraud Examiners. (2024). Occupational fraud 2024: A report to the nations. ACFE. Google Scholar ↗
  6. Azhar, R., & Putri, D. A. (2025). The effect of risk management implementation on financial transparency in public sector organizations. International Journal of Public Sector Management, 38(2), 145–160. Google Scholar ↗
  7. Beasley, M. S., Branson, B. C., & Hancock, B. V. (2015). Developing key risk indicators to strengthen enterprise risk management. Committee of Sponsoring Organizations of the Treadway Commission (COSO). Google Scholar ↗
  8. Beasley, M. S., Clune, R., & Hermanson, D. R. (2005). Enterprise risk management: An empirical analysis of factors associated with the extent of implementation. Journal of Accounting and Public Policy, 24(6), 521–531. Google Scholar ↗
  9. Bhimani, A. (2020). Digital data and management accounting: Why we need to rethink research methods. Journal of Management Control, 31(1–2), 9–23. Google Scholar ↗
  10. Biazzo, S. (2009). Flexibility, structuration, and simultaneity in process change: A qualitative study. International Journal of Operations & Production Management, 29(1), 36–58. Google Scholar ↗
  11. Bowen, G. A. (2009). Document analysis as a qualitative research method. Qualitative Research Journal, 9(2), 27–40. Google Scholar ↗
  12. Brustbauer, J. (2016). Enterprise risk management in SMEs: Towards a structural model. Journal of Cleaner Production, 137, 1291–1305. Google Scholar ↗
  13. Carter, N., Bryant-Lukosius, D., DiCenso, A., Blythe, J., & Neville, A. J. (2014). The use of triangulation in qualitative research. Oncology Nursing Forum, 41(5), 545–547. Google Scholar ↗
  14. Cochran, W. G. (1977). Sampling techniques (3rd ed.). Wiley. Google Scholar ↗
  15. Committee of Sponsoring Organizations of the Treadway Commission. (2013). Internal control—Integrated framework. COSO. Google Scholar ↗
  16. Committee of Sponsoring Organizations of the Treadway Commission. (2017). Enterprise risk management—Integrating with strategy and performance. COSO. Google Scholar ↗
  17. Creswell, J. W., & Creswell, J. D. (2018). Research design: Qualitative, quantitative, and mixed methods approaches (5th ed.). Sage Publications. Google Scholar ↗
  18. Duijm, N. J. (2015). Recommendations on the use and design of risk matrices. Safety Science, 76, 21–31. Google Scholar ↗
  19. Dumas, M., La Rosa, M., Mendling, J., & Reijers, H. A. (2018). Fundamentals of business process management (2nd ed.). Springer. Google Scholar ↗
  20. Elahi, E. (2013). Risk management: The next source of competitive advantage. Technological Forecasting and Social Change, 80(3), 542–548. Google Scholar ↗
  21. Fraser, J., & Simkins, B. (2016). Enterprise risk management: Today’s leading research and best practices for tomorrow’s executives. Wiley. Google Scholar ↗
  22. Hall, J. A. (2016). Accounting information systems (9th ed.). Cengage Learning. Google Scholar ↗
  23. Hillson, D., & Murray-Webster, R. (2017). Understanding and managing risk attitude (2nd ed.). Routledge. Google Scholar ↗
  24. Hopkin, P. (2018). Fundamentals of risk management: Understanding, evaluating and implementing effective risk management (5th ed.). Kogan Page. Google Scholar ↗
  25. Hubbard, D. W. (2020). The failure of risk management: Why it’s broken and how to fix it (2nd ed.). Wiley. Google Scholar ↗
  26. International Auditing and Assurance Standards Board. (2018). ISA 530: Audit sampling. IFAC. Google Scholar ↗
  27. International Organization for Standardization. (2018). ISO 31000:2018 risk management—Guidelines. ISO. Google Scholar ↗
  28. Janvrin, D. J., Bierstaker, J. L., & Lowe, D. J. (2012). An examination of audit information technology use and perceived importance. Accounting Horizons, 26(1), 1–21. Google Scholar ↗
  29. Kaplan, R. S., & Mikes, A. (2012). Managing risks: A new framework. Harvard Business Review, 90(6), 48–60. Google Scholar ↗
  30. Kieso, D. E., Weygandt, J. J., & Warfield, T. D. (2018). Intermediate accounting (16th ed.). Wiley. Google Scholar ↗
  31. Mardiasmo. (2018). Akuntansi sektor publik. Andi Publisher. Google Scholar ↗
  32. Marrita, F. (2024). Internal control effectiveness and financial accountability in higher education institutions. International Journal of Educational Management, 38(1), 88–102. Google Scholar ↗
  33. Moeller, R. R. (2013). Executive’s guide to COSO internal controls: Understanding and implementing the new framework. Wiley. Google Scholar ↗
  34. Othman, R., Aris, N. A., & Arif, S. M. M. (2019). Internal control practices and financial accountability in higher education institutions. International Journal of Financial Research, 10(5), 145–154. Google Scholar ↗
  35. Paape, L., & Speklé, R. F. (2012). The adoption and design of enterprise risk management practices: An empirical study. European Accounting Review, 21(3), 533–564. Google Scholar ↗
  36. Patton, M. Q. (1999). Enhancing the quality and credibility of qualitative analysis. Health Services Research, 34(5 Pt 2), 1189–1208. Google Scholar ↗
  37. Romney, M. B., & Steinbart, P. J. (2018). Accounting information systems (14th ed.). Pearson. Google Scholar ↗
  38. Saunders, M., Lewis, P., & Thornhill, A. (2019). Research methods for business students (8th ed.). Pearson. Google Scholar ↗
  39. Sawyer, L. B., Dittenhofer, M. A., & Scheiner, J. H. (2003). Sawyer’s internal auditing (5th ed.). Institute of Internal Auditors. Google Scholar ↗
  40. Soemarso, S. R. (2014). Akuntansi suatu pengantar (5th ed.). Salemba Empat. Google Scholar ↗
  41. Spira, L. F., & Page, M. (2003). Risk management: The reinvention of internal control and the changing role of internal audit. Accounting, Auditing & Accountability Journal, 16(4), 640–661. Google Scholar ↗
  42. World Bank. (2014). World development report 2014: Risk and opportunity—Managing risk for development. World Bank Publications. Google Scholar ↗
  43. Yin, R. K. (2018). Case study research and applications: Design and methods (6th ed.). Sage Publications. Google Scholar ↗
Author details
Elsa Indriyani S
Universitas Kristen Indonesia/Department of Management
✉ Corresponding Author
👤 View Profile →🔗 Is this you? Claim this publication
Bramantyo Djohan
Department of Management, Univesitas Kristen Indonesia
👤 View Profile →🔗 Is this you? Claim this publication
Denny Tewu
Department of Management, Univesitas Kristen Indonesia
👤 View Profile →🔗 Is this you? Claim this publication