Post on 27-Jan-2023
THE EFFECT OF INTERNAL CONTROL ON ORGANIZATIONAL PERFORMANCE
(A CASE STUDY OF ECOBANK NIGERIA PLC)
BY
AMOO TEMITOPE GRACE
ACT/2009/0036
ADEYIGA ADEBAYO
ECN/2009/0005
BEING A RESEARCH PROJECT CARRIED OUT AND SUBMITTED TO
THE DEPARTMENT OF ACCOUNTING,
FACULTY OF MANAGEMENT SCIENCES
OSUN STATE UNIVERSITY, OSOGBO
NIGERIA
IN PARTIAL FULFILLMENT OF THE REQUIREMENT FOR THE AWARD OFBACHELOR OF SCIENCES (B.Sc) DEGREE IN ACCOUNTING
1
JULY 2013
CERTIFICATION
It is certified that this research project, written by Amoo
Temitope Grace with matriculation number ACT/2009/0036 was
supervised by me and submitted to the Department of Accounting,
Faculty of management sciences. Osun State University Osogbo,
Okuku Campus.
Mr J.O Oyewole Date
Project supervisor
2
PROF. Temi Ologunorisa Date
Head of Department
DEDICATION
This research work is specially dedicated to Almighty God in
Heaven, the one who loves me dearly, unconditionally and
eternally, the source and the strength with which I have been
able to pull through the challenges that came with this work, for
his protection and guidance over my life right from the inception
and towards successful completion of this academic programme.
Also, to my beloved parents; Mr and Mrs AMOO for their supports
both financially and morally to accomplish the great task of
passing through this practical project. My prayer to you is that
you will eat the fruits of your labor in Jesus name (Amen).
3
ACKNOWLEDGEMENT
Nothing can man receive except it is given from above. I thank
God for sparing my life till today and being my help in the times
of need, and for giving me the strength and courage to complete
this programme. May his holy name be praised.
I also thank God for his faithfulness and love towards me,
for his mercy endures forever. Through him I went, I saw and I
conquered.
4
My heartfelt gratitude goes to my supervisor Mr J.O Oyewole for
his support during the course of this project work may the
Almighty God bless him in Jesus name (Amen).I cannot thank you
enough for the personal advice that you gave me concerning my
career. May the Lord Almighty grant you all your heart desires in
Jesus name (Amen).
My profound gratitude also goes to my parents; Mr & Mrs Amoo for
their financial and moral support towards my education and
achievement. They have been there for me. May you live long and
enjoy the fruit of their labor in Jesus name (Amen).
I want to say a big thank you to my Head of Department Prof.
Temi Ologunorisa who gave all the necessary advice, co-operation,
assistance and correction through this research work, I will
forever be grateful. Special thanks to all the lecturers within
the department such as Mr Lere Adebayo, Mr Feyi Oluwaremi, Mr
Lanre Fatoki, Mr Adedire Odelabu, Mr Babatunde lawal, Mr Sunday
Sasona and Mr Gbadebo.
My profound gratitude goes to my siblings, Amoo Juwon, Tobi,
Adura, Gbenga, Esther, Abayomi, Segun for their support and
prayer towards the completion of this research work. May the Lord
Almighty bless them all.
I cannot but appreciate my special boy friend Adebayo Yinka
Adeyiga for his love, support and encouragement towards the
completion of this project. May the Almighty God greatly reward
him.
5
I am grateful to the management of Ecobank for their great
assistance and cooperation in making this research work possible
and also I wish to acknowledge the various authors whose
literature I have used.
Finally, my appreciation goes to all my colleagues and
friends, Folarin Olamide, Ajayi Damilola, Olugbose Arinola,
Bisola Oyelade, Adegbenle Abisola, Ajiboye Abiola, Yemi Coker,
Olayide, Majekiodunmi Olabode, Sanni, to mention but a few. I
cannot forget you all, I love you all, I am so grateful.
6
TABLE OF CONTENT
Pages
Title Page i
Certification ii
Dedication iii
Acknowledgement iv
Abstract xi
CHAPTER ONE 1-10
INTRODUCTION 1
1.0 Background to the study 1
7
1.0.1 Historical Background 4
1.1 Statement of the problem 5
1.2 Research questions 6
1.3 Objective of the study 6
1.4 Hypothesis of the study 7
1.5 Significance of the study 7
1.6 Scope of the study 8
1.7 Limitations of the study 8
1.8 Organization of the study 9
1.9 Operational definition of terms 10
CHAPTER TWO 11-49
8
Literature Review 11
2.0 Introduction 11
2.1 Theoretical framework 11
2.1.2 Theoretical concept 13
2.2 Empirical Review 18
2.3 The Concept of Internal Control 19
2.3.1The Objectives and roles of internal control framework 22
2.3.2 The major elements of an internal control process 23
2.3.3 Evaluation of internal control systems by supervisory authorities 35
2.4 Roles and responsibilities of external auditors 38
2.5 The concept of fraud 39
2.5.1 Classification of fraud 40
2.5.2 Type of bank’s common fraudulent practices 41
9
2.5.3 Causes of bank frauds 42
2.5.4 Factors influencing the existence of fraud in banks 42
2.5.5 Internal control and fraud prevention 43
CHAPTER THREE 50-57
3.0 Introduction 50
3.1 Research Design 50
3.2 Population of study 51
3.3 Sample and sampling techniques 51
3.4 Sources of data collection 51
3.5 Research instrument 52
3.5.1 Procedure for administration of research instrument 52
3.5.2 Validity of the instrument 53
3.5.3 Reliability of the instrument 53
10
3.6 Method of data analysis 54
3.7 Limitation of methodology 55
3.8 Model specification 55
CHAPTER FOUR 58-80
4.1 Introduction 58
4.2 Data Analysis, presentation and interpretation 58
4.3 Test of Hypotheses and discussion 74
4.4 Test of Hypotheses and discussion 75
CHAPTER FIVE 81-86
5.1 Introduction 81
5.2 Summary of major findings 81
5.3 Conclusion 82
5.4 Recommendations 83
11
5.5 Areas for further research 86
Bibliography
Appendix I
Appendix II
LIST OF TABLES
4.1.1Introducton
4.2.1 Respondents analysis by age
4.2.2 Respondents analysis by sex
4.2.3 Respondents analysis by marital status
4.2.4 Respondents analysis by education
4.2.5 Respondents analysis by length of service
4.2.6 Respondents analysis by position held
4.2.7 There are adequate assets listing done by the management
4.2.8 Positions in place ensure assets additions, disposal, replacement and transfers for proper accountability
12
4.2.9 Capital assets purchased are approved by appropriate level of management
4.2.10 Assets numbering is done to show location and protection of the assets
4.2.11 There is free access to cheque books and organization assets
4.2.12 A person responsible from inventory management is different from the book-keeper.
4.2.13 Stock taken is done following the procedures and in the presence of the internal auditor.
4.2.14 The petty cashier is different from the main cashier.
4.2.15 There are adequate policies to ensure effective collectionand follow up of due accounts.
4.2.16 Cost of production as been reducing dramatically for the past two years
4.2.17 The Company is now in a better position to serve clients more effectively and efficiently.
4.2.18 Effectiveness is measured through quality service and product.
4.2.19 The Company is able to build customers satisfaction through quality product and services.
4.2.20 Performance of the company result from asset financing, employee skils and processes involved in production.
4.2.21 There is evaluation and discussion of organization performance periodically by management.
4.2.22 Stock out increases the cost of production.
13
4.3.1 Weaknesses in internal control system in Nigeria banks do not lead to fraud.
4.3.2 Analysis showing the weaknesses in the internal control system and fraud.
4.4.1 There is no significant relationship between internal control system and organizational performance.
4.4.2 Analysis showing the internal control system and organizational performance
14
ABSTRACT
This project work takes a look at the effect of internal control
on organizational performance using a case study of Ecobank
Nigeria Plc. The main purpose of this study is to examine the
effect of internal control on organizational performance i.e how
as internal control aid organizational performance in Ecobank
Nigeria Plc.
The research design used during the course of this study was the
descriptive survey research design in which a population of 50
staff of Ecobank Nigeria Plc was look into. The researcher made
use of stratified sampling technique and the research instrument
used during the course of this research was questionnaire.
Statistical package for social sciences (SPSS) was being employed
to analyze data in form of frequency tables in knowing the effect
of internal control on organizational performance.
Findings reveals that the calculated t-statistics for the
parameter estimates was (t = 3.653), P < 0.01 which is greater
than tabulated t statistics (1.9960) at 0.01 level of
significance. Therefore, the Null hypothesis is rejected and
Alternative hypothesis is accepted, that is there is significant
relationship between internal control system and organizational
performance of Ecobank Nigeria Plc.
15
Furthermore findings also reveals that the calculated t-
statistics for the parameter estimates was (t = 0.439), P < 0.01
is less than tabulated t statistics (1.9960) at 0.01 level of
significance. Therefore, the Null hypothesis is accepted and
Alternative hypothesis is rejected, that is, Weakness in the
internal control system in Ecobank Nigerian Plc does not lead to
frauds.
Based on the findings of the study, it is recommended that the
management of Ecobank Nigeria Plc should design more effective
internal control systems by ensuring that adequate asset listings
is done by management, capital assets purchased are approved by
appropriate level of management and asset numbering is done to
show location and protection of the assets. Also Management
should encourage staff to participate in decision making.
Employees feel encouraged and motivated in accomplishing the
goals of the company in which they have taken part in
formulating.
CHAPTER ONE
INTRODUCTION
1.0 BACKGROUND TO THE STUDY
Banking institutions occupy a central position in the nations’
financial system and are essential agents in the development
process of the economy. By intermediating between the surplus and
16
deficit spending units, banks increase the quantum of National
savings and investments and hence national output. By granting
credits, banks create money thus influencing the level of money
supply which is an essential item in the growth of national
income as it determines the level of economic activities in the
country.
Banks are central to the payments system by facilitating economic
transactions between various national and international economic
units and by so doing encourage and promote trade, commerce and
industry.
For banks to be able to function effectively and contribute
meaningfully to the development of a country, the industry must
be stable, safe and sound. And for these conditions to be
obtained there must be a sound accounting system, which is
occasioned by an internal control system.
In view of the economic growth in companies’ size and
complexities, proper management of modern business undertakings
are not possible unless they have an effective system of internal
control.
A system of effective internal controls is a critical component
of bank management and a foundation for the safe and sound
operation of banking organizations. A system of strong internal
controls can help to ensure that the goals and objectives of a
banking organization will be met, that the bank will achieve
long-term profitability targets and maintain reliable financial
17
and managerial reporting. Such a system can also help to ensure
that the bank will comply with laws and regulations as well as
policies, plans, internal rules and procedures, and decrease the
risk of unexpected losses or damage to the Bank’s reputation.
Internal control, the strength of every organization, has become
of paramount importance today in Nigerian banks. The reason being
that the control systems in any organization is a pillar for an
efficient accounting system.
The need for the internal control systems in organizations,
especially banks, cannot be undermined, due to the fact that the
banking sector, which has a crucial role to play in the economic
development of a nation, is now being characterized by macro
economic instability, slow growth in real economic activities,
corruption and the risk of fraud.
Fraud, which is the major reason for setting up an internal
control system, has become a great pain in the neck of many
Nigerian bank managers. It has also become an unfortunate staple
in Nigeria’s international reputation. Fraud is really eating
deep into the Nigerian banking system and that any bank with a
weak internal control system, is dangerously exposed to bank
fraud.
The CBN reported that cases of attempted fraud and forgery in
banks, as at half-year 2007 have surpassed what was recorded for
the whole year 2006. The CBN half-year report for 2007, revealed
a total of 741 cases of attempted fraud and forgery, involving
18
5.4 billion, $35,406.1, 150 Euros were reported as at June, 2007.
In 2006, 1,193 cases were reported involving 4.6 billion, $1.8
million and 14,389.7 pound sterling. The CBN also reported that
the backward development was attributable to weaknesses in the
internal control systems of the banks. This has clearly painted
the picture of how fraud has penetrated in the financial strength
of Nigerian Banks.
In a nut-shell, the damage which this menace, called fraud has
done to the banks is innumerable and needs urgent attention.
Therefore, the attempt to put an end to this economic
degradation, gave rise to the topic of this research study the
effect of internal control on organizational performance in the
banking sector with Eco bank Nigeria PLC as a case study.
However, this study is aimed at verifying the conception that an
effective and efficient internal control system is the best
control measure for preventing and detecting fraud, especially in
the banking sector.
Internal control is the methods employed to help to ensure the
achievement of an objective. Internal controls are policies,
procedures, practices and organizational structures implemented
to provide reasonable assurance that an organization’s business
objectives will be achieved and undesired risk events will be
prevented or detected and corrected, based on either compliance
or management initiated concerns (Awe, 2005). The Institute of
Chartered Accountants of England and Wales (ICAEW), defined
19
internal control as the whole system of controls, financial or
otherwise, established by management in order to carry on the
business of an enterprise in an orderly and efficient manner, to
ensure adherence to management policies, safeguard the assets and
secure as far as possible, the completeness and accuracy of the
records. They are tools used by management everyday for the
smooth running of their organization or businesses. Internal
controls also refer to the measures instituted by an organization
so as to ensure attainment of the entity’s objectives, goals and
missions. They are a set of policies and procedures adopted by an
entity in ensuring that an organization’s transactions are
processed in the appropriate manner to avoid waste, theft and
misuse of organization resources. Internal Controls are processes
designed and effected by those charged with governance,
management, and other personnel to provide reasonable assurance
about the achievement of an entity’s objectives with regard to
reliability of the financial reporting, effectiveness and
efficiency of operations and compliance with applicable laws and
regulations (Mwindi, 2008). Enforcement of internal controls
should be designed to promote operational efficiency and
effectiveness, provide reliable financial information, safeguard
assets and records, encourage adherence to prescribed policies,
and comply with regulatory agencies. A sound internal control
will ensure that transactions are: valid, properly authorized,
recorded, properly valued, properly classified, reconciled to
20
subsidiary records and not carried through by a single employee
(i.e. ensure separation of duties) ( Adeyemo Kingsley A,2012).
Organizations establish systems of internal control to help them
achieve performance and organizational goals, prevent loss of
resources, enable production of reliable reports and ensure
compliance with laws and regulations. In the words of ETUK IFIOK
CHARLES (1999) et al “Internal Control is the whole system of
controls, financial and otherwise, established by the management
in order to carry on the business of the enterprise in an orderly
and efficient manner, ensure adherence to management policies,
safeguard the assets and secure as far possible the completeness
and accuracy of the records”. All managers in an organizational
department operate according to stated plans, objectives and the
methods they use. The policies, procedures, organizational design
and physical barriers constitute the internal controls structure
of an institution. Managers should realize that a strong internal
control structure is fundamental to the success of an
organization in term of its purpose, operations and resources.
Responsibility for providing an adequate and effective internal
control structure rests with an organization’s management.
Control is important because it single-handedly links with the
effectiveness of other managerial functions such as planning.
When it comes to planning, it determines whether activities are
on going toward the achievement of goals and accomplishment of
objectives. Control mechanisms keep the plans running smoothly
21
and up to date. Control is also important in employee empowerment
wherein performance of the employees could be properly managed.
Performance is controlled in terms of appraisal, lessening
haphazard decisions on allocation of positions/job titles.
Nonetheless, control mechanisms are also important in keeping a
balance within the workplace especially since controlling means
to minimize unethical decisions of the employees and the
organization as a whole.
The questions are: what can be said to be the cause or causes of
the increasing rate of fraud in banks? What is the impact of
internal control in the prevention and detection of fraud in
banks, what is the impact of internal control on the
organizational performance of the Eco bank Nigeria plc?
1.0.1 HISTORICAL BACKGROUND OF ECO BANK NIGERIA PLC
Eco bank Nigeria is a member of Eco bank, the leading independent
pan-African bank, with headquarters in Lome and East Africa. Eco
bank, which was established in 1985, has grown to network of over
1000 branches, employing over 10,000 people, with offices in 32
countries.
The bank began operation in 1986, it operates as a universal
bank, providing wholesale, retail, corporate, investment and
transaction banking services to its customers in the Nigeria
market. The bank divides its operations into three major
divisions; retail banking, wholesale banking and treasury and
financial institution.
22
The bank also offers capital market and investment banking
services. During the fourth quarter of 2011, Eco bank Nigeria
acquires 100% of the shareholding in oceanic bank, creating the
expanded Eco bank plc. At December 2011, the expanded Eco bank
Nigeria controlled total assets value at approximately US$8.1
billion (NGN 1.3trillion) making it one of the five largest bank
in Nigeria. At that time the bank had 610 free-standing branches
making it the second largest bank in the country by branch
network. Internal control has been a way of evaluating the
performance of the management in Eco bank Nigeria plc.
1.1 STATEMENT OF THE PROBLEM
The series of business failures and corporate scandals have been
identified by KPMG to be as a result of weak internal control
system. The failure of Enron in 2001 caused a precipitous decline
in investor confidence in the capital markets. The federal
government through the regulatory authorities has responded to
this, by passing guidelines using SAS2 under information which is
to be disclosed in financial statements. The guidelines codified
the responsibilities of corporate executives, corporate
directors, lawyers, accountants and created a board oversight
regime for auditors of public companies. In seeking to enhance
accountability and restore investor’s confidence, the guidelines
emphasizes the critical role of internal control over financial
reporting. This gave rise to the need for corporate governance
especially in public institutions.
23
International Auditing Guidelines (IAG) deals with the auditor’s
responsibility for detection of material misstatement resulting
from error when carrying out an audit of financial statements.
The guidelines in conjunction with the related SEC rules and
auditing standard No 2, established by the public company
Accounting Oversight Board (PCAOB), requires management of a
public accounting and the company’s independent auditor to issue
two new reports at the end of every fiscal year. These reports
must be included in the company’s annual report filed with the
Securities and Exchange Commission (SEC). In the past, a
company’s internal controls were considered in the context of
planning the audit, but were not required to be reported publicly
except in response to the SEC’s form requirements when related to
a change in auditor. The new audit and reporting requirements
have drastically changed the situation and have brought the
concept of internal control over financial reporting to the
forefront for audit committees, management, auditors, and users
of financial statements. The new requirements also highlight the
concept of a material weakness in internal control over financial
reporting, and mandate that both management and the independent
auditor must publicly report any material weakness in internal
controls over financial reporting that exists as a result of
physical year, at the end of assessment dates. Under both PCAOB
auditing standard NO 2 and the SEC rules implementing the
guidelines, the existence of a single material weakness requires
24
management and the independent auditors to conclude that internal
control over financial reporting is not effective.
Against this background this study investigated the purpose of
ascertaining the effect of internal control system on
organizational performance.
1.2 RESEARCH QUESTIONS
This study seeks to tackle among others questions such as:
1) What is the relationship between internal control and
organizational performance?
2) What are the implication, consequence and benefit of internal
control on organizational performance?
3) What are those challenges which a weak internal control can pose
on organizational performance?
4) What are those things that must be done and put in shape by the
company to ensure an effective internal control system?
5) What are the limitations of internal control?
6) What are the various component of internal control?
1.3 OBJECTIVE OF THE STUDY
The main objective of this research study is to examine the
effect of internal control system on organizational performance
in the Nigerian banking industry using Eco Bank of Nigeria PLC as
a case study. Apart from the main objective, the research also
sets out to achieve some specific objectives which are;
1) To examine the various component of internal control system.
25
2) To determine the effects of internal control on the
organizational performance of the financial institution.
3) To know the effect of the internal control in monitoring
compliance.
4) To critically examine how effective the internal control has been
used to reduce the level of risks.
5) To ascertain how useful is internal control to organizational
performance.
6) To recommend ways by which internal control can be used
effectively so as to achieve the organizational goal.
1.4 HYPOTHESIS OF THE STUDY
The following research hypotheses were generated for the study:
HO: Weakness in the internal control system in Nigerian banks
does not lead to frauds.
H1: Weakness in internal control system in Nigerian banks leads
to frauds.
HO: There is no significant relationship between internal control
system and organizational performance.
H1: There is significant relationship between internal control
system and organizational performance.26
1.5 SIGNIFICANCE OF THE STUDY
This study shall be of great benefits to the management of the
organization in order to deal extensively with effect of internal
control on organizational performance and this will eventually
lead to high productivity in the organization and also prevent
risks within the organization. This study will help organization
to have better understanding on how to install a good internal
control system for the effective running of their organization.
To managers of organizations and individuals, this study would
assist them in the area of identifying the effect of internal
control on organizational performance and its consequences. As
for managers in all organization within the country the result of
this research will help them to reduce the level of risk and
fraud within their organization so as to increase the confident
level of their shareholders. Managers ensure that as goods and
services are produced, machines or other equipment are properly
used so any malfunctions can be avoided. Improper usage of
company assets can create downtime if goods have to be re-
produced because of product defects.
Moreover, the study will be more relevant to management and
social science students because they will be exposed to the
effect of internal control on organizational performance and not
only that it would also serve as an eye opener to the fact that
as managers, there are lots of issue relating to internal control
27
within the organization which if left unattended to will
jeopardized organizational goal of the company.
The study will also attempt to contribute to the available
literature or researches that will serve as a guide for
organizational staff in order to prevent fraud and risks within
the organization.
Policy makers would also benefit from this study in formulating
policies relating to the effect of internal control on
organizational performance.
The study of the effect of internal control on organizational
performance is another area of study that is wide for researchers
to tap into. So, this study would benefit researchers in looking
beyond the scope of the present study and impacting to the
knowledge already acquired.
The effect of internal control on organizational performance will
also help practitioners such as Auditor, tax practitioners, etc
in increasing their credibility.
1.6 SCOPE OF THE STUDY
This research by the grace of God is expected to go in-depth.
Meanwhile the scope of the study is to determine the effect of
internal control on organizational performance (Using a case
study of Eco Bank), The research focuses on Eco bank Nigeria plc.
This research work will cover the period between 2000 - 2012. The
entire organization’s staff of this bank will be concern in this
28
research, as their view will be collected through detailed
questionnaire.
As Eco Bank Plc are located virtually throughout the geographical
area in Nigeria, this research work cover two major part of
geographical location in Nigeria southern part Osun State
(Osogbo) and West Central part Kwara State (Offa).
Lastly, the research laid emphasis on banking sector as one of
the main determinant of economic growth and development in the
country.
1.7 LIMITATIONS OF THE STUDY
In the course of this study, the researcher would encounter a
lot of hindrances among these, the most salient one include
finance which the researcher is faced with. Insufficient funds
required for expenses like transportation, acquisition of
research instruments, sourcing for both primary and secondary
data etc. Also information on the secondary source of data
available to the researcher was either outdated or incomplete and
the one available on the internet requires some form of
subscription before access is allowed.
Time also posed a constraint on this research work such as time
to study and time to attend lecture etc.
29
Attitude of respondent is also another limiting factor to this
research work. Most respondent are often reluctant to part with
information even after being assured confidentiality they still
prefer to be secretive.
Despite the limitations of this study I still hope to do better
work on this field.
1.8 ORGANIZATION OF THE STUDY
This research work is divided into five chapters.
Chapter one contains introduction to the research work which
summarizes background to the study as well as the main feature of
the effect of internal control on the organizational performance
of the Eco bank plc. In this chapter, statement of the problem,
objective of the study, significance of the study, research
hypothesis, research questions, scope of the study, limitation of
the study, and organization of the study are discussed
extensively.
Chapter two of this research work is known as the review of
related literature otherwise known as the literature review and
the theoretical frame work, which reviews previous research work
in the field of study and analysis of various principles relating
to the research topic.
Chapter three is concerned with the research methodology. This
discusses research design, the population size to be studied,
sample size determination, sampling techniques applied , method
30
of data analysis and interpretation, the statistical tools used
in the analyzing the formulated hypothesis .
Chapter four of this research work is the data presentation,
analysis and interpretation.
Chapter five summarizes the whole research project stating the
findings useful conclusion and the recommendation and this
constitute the concluding part of the research work.
1.9 OPERATIONAL DEFINITION OF TERMS
Internal Controls: The Institute of Chartered Accountants of
England and Wales (ICAEW), defined internal control as the whole
system of controls, financial or otherwise, established by
management in order to carry on the business of an enterprise in
an orderly and efficient manner, ensure adherence to management
policies, safeguard the assets and secure as far as possible, the
completeness and accuracy of the records.
Internal Audit: It is an independent appraisal activity
established within an organization as a service to it. It is a
control which functions by examining and evaluating the adequacy
and effectiveness of other controls; a management tool which
analyses the effectiveness of all parts of an entity’s operations
and management.’ (CIMA’s Management Accounting Official
Terminology)
31
Monitoring: According to CIMA, it is a process that assesses the
quality of the system’s performance over time.
According to Sunny, New Palta and Root. It can be defined as the
final internal control standards, which assess the quality of
performance.
Control Environment: According to the first internal control
standard, it relates to the departments that set a positive and
supportive attitude towards internal control and conscientious
management.
Reasonable Assurance Concept: It refers to the fact that internal
controls even when they are appropriately designed and operating
effectively cannot provide absolute assurance of achieving
control objectives.
CHAPTER TWO
LITERATURE REVIEW
2.0 INTRODUCTION
32
Fundamental to the success of any organization is the achievement
of its objectives. The objectives could be profit maximization,
shareholders’ wealth maximization, cost minimization, and
customer’s satisfaction (to mention but a few).
However, the achievement of organizational objectives is one
thing; the process of achieving such objectives is another. This
is more so in that the achievement of stated goals and objectives
rest mainly on having an effective internal control system that
ensures the organizational performance is according to plan.
Incidentally, corporate planning and control are independent
management functions especially in ascertaining performance and
assessing the future direction of an organization. In addition,
corporate planning and control are important in determining the
performance of any organization. Planning is concerned primarily
with the setting of goals and control is a mechanism that ensures
that an organization achieves its predetermined corporate goals
and objectives. It is important to note that no manager can
successfully accomplish his/her task unless he/ she performs
necessary functions. It is nevertheless true that control is
peculiarly dependent upon a well organized system.
2.1 Theoretical framework of the term “Internal Control” and
“Internal Control System”
In the modern business world, the term “ Internal Control “ is
being used to refer to two basic concepts; the internal control
system and the internal control itself.
33
Internal Control System
The internal control system refers to an organized
amalgamation of functions and procedures, within a complete
system of controls established by the management and whose
purpose is the successful function of the business (Cheung,
1997). The internal control system encompasses all the methods
and procedures followed by the management in order to ensure, to
a great extent, as much successful cooperation as possible with
the director of the company, the insurance of the capital, the
prevention and the detection of fraud, as well as the early
preparation of all the useful financial information ( Meigs,
1984; Papadatou, 2005 ). According to Cook and Wincle (1976), the
internal control system resembles the human nervous system which
is spread throughout the business carrying out orders and
reactions to and from the management. It is directly linked to
the organizational structure and the general rules of the
business ( Cai, 1997 ).
Internal Control
The term was adopted by the Anglo- Saxons ( “ Internal
Auditing “ ) and it refers to the unit of internal control which
aims at the evaluation of the sufficient functioning of the
internal control system, that is the secondary functions
( Controls ) and suggests that there is room for improvements in
cases where weaknesses are being discovered ( Financial Postman
Magazine, 2004 ). What is indicative of the importance of
internal control is the sum of the definitions that have been
34
given for this term. According to the AICPA (American institute
of certified public accountants), (1963) a system of internal
control extends beyond those matters which relate directly to the
functions of accounting and the financial statements. In
addition, based on the ASOBAC (Committee on Basic Auditing
Concepts, 1973), internal control is a systematic procedure which
will lead to evaluate the degree of correlation between those
established criteria and the real results of the business.
Internal control, as defined by the APC (Auditing Practices
Committee, 1980), is an independent examination and certification
from an inspector appointed by the business to control the
finances according to the legal framework established each time.
Furthermore, according to Miller and Bailley (1989), internal
control is a systematic review and a subjective investigation of
one element and encompasses the verification of the specific
information as these are determined from the general practice.
The internal control helps the company to achieve its goals using
a systematic approach of assessing the effectiveness of handling
dangers (IIA, 1999). Internal control, as defined by the Hellenic
Institute of Internal Auditors (H.I.I.A., 2004) is an
independent, objective, adequately designed and organized
procedure, which through the technical and the scientific
approaches; assess how adequately the system of internal control
functions. From the above definitions, it is clear that the
internal control is not just a one-sided tool for controlling the
order and rightness of certain situations, but it is a method of
35
detecting the value added up to a company, achieving the index of
effectiveness and profitability of the company (Nagy and Cenker ,
2002) (Godwin, 2004). Besides, the purpose of this control that
is internal control is to detect the problem of risk and fraud
within the organization to be reformed in the future and anyone
that ought to exist (Mcnamee and Mcnamee, 1995). The deviation
between the already achieved and the programmed situation can
also become possible through controlling the parameter of correct
handling of danger situations.
Bounton and Kellerwalter (1996) claimed that the objective
purpose of internal control is, on the one hand, the allowance of
specific and high level of services offered towards the
management, and on the other hand, the allowance of assistance
towards the members of the organization for the most effective
practicing of their duties. The internal control systems are
being implemented in businesses as tools that add up value to the
company. In this way, we can achieve a systematic approach
towards the most effective operation of the organization, as a
unity (Schleifer and Greenwalt, 1996). Finally, as mentioned by
the COSO report (Committee of Sponsoring Organizations of the
Treadway Commission, 1992), internal control is defined as a
procedure which offers fundamental security to the business
concerning the credibility of financial affairs. The report
defines internal control and describes a framework for internal
control, but the difference of this report is that it also
36
provides criteria for the management to utilize so as to evaluate
controls. (Aldridge and Colbert, 1994).
2.1.2 Theoretical Concept of Fraud as Related to Internal Control
Fraud is an intentional strategy to achieve a personal or
organizational goal or human needs by deceit. A layman definition
of fraud includes dishonesty in the form of an intentional
deception or a willful misrepresentation of a material fact,
lying, the willful telling of an untruth, and cheating, the
gaining of an unfair or unjust advantage over another. Fraud
involves coercing people to act against their own best interest.
In order to explain why fraud is conceived in the society, the
following theories have been advanced by scholars.
1. Sociological theory of Crime/Fraud:
2. Culture Transmission Theory.
3. Psychological/physiological theory of crime:
4. The Fraud Triangle.
5. Fraud Deterrence Cycle.
Sociological theory of crime/fraud: According to this theory,
Fraud is a crime and it is important to remember that the concept
of what constitutes a crime is constantly being adapted to meet
the particular needs of any society. That most people are capable
of committing a crime in sudden anger, drunkenness or as a result
of stress and there may be little that we can do to prevent these
37
isolated acts by individuals. O’ Donnell, (1974) stated that we
may be able to reduce the amount of crimes by removing the
factors which predispose these individuals or groups towards
criminal acts and motivation. He thus suggests that there are
predisposing factors of crimes and there are the precipitating
factors which trigger off tendencies for frauds and criminal
motives in groups or individuals concerned. The theory states
that crime and criminal motives are a part of a ‘normal’ social
order in that it can be an expression of the same motivations
that give rise to accepted behavior. Oluwadare,(1993) stated that
the embezzler, the fraudster and the law abiding storekeeper are
concerned with making money. One makes money into his private
pocket (egoism) and the other making the money for the
organization (altruism). Durkheim, one of the founders of
sociology argued that crime is an integral part of all healthy
societies.
Psychological/Physiological theory: Oluwadare, (1993) posited
that there are explanations by some scholars that crime is a
personal rather than a social problem. That this approach varies
from those who believe that some people are innately wicked to
those who hold the view that there is a genetic cause for
criminality connected with the endocrine glands. Lombrose, (1876)
believed that criminality is inborn because after he examined the
skull of a notorious bandit and found characteristics which he
believed to be result of a “throw back” to an earlier
evolutionary type. He concluded that there was a criminal type
38
which resulted in “insensitivity to pain, extremely acute sight,
love of orgies, irresistible caring for evil for its own sake
etc” Rosenthal (1972) in his support for this theory suggested a
possible link with crime while quoting studies of twins made in
three continents over a period of forty years in which he claimed
identical twins shared crime traits at a rate more than double of
that of non identical twins. Culture transmission theory: This
theory views crime as the end product of a process of social
living. Tarde (1886) suggested that criminal behavior or criminal
motives is learned in the family and the community in areas where
this behavior is the ‘norm’ (i.e. a standard behavior shared by a
group and accepted within it).
The fraud triangle: The fraud triangle theory propounded by
Donald Cressey states that every fraud has three things in
common: (1) Pressure sometimes referred to as motivation and
usually an “un-shareable need”; (2) Rationalization of personal
ethics; and (3) Knowledge and opportunity to commit the crime.
Singleton et al in their work on the fraud triangle theory stated
that pressure or incentive or motivation refers to something that
has happened in the fraudster’s personal life that creates a
stressful need for funds and thus motivates him to steal. This
motivation may be some financial strain but it could be the
symptoms of other types of pressures. According to Kenyon and
Tilton (2006), Management or other employees may find themselves
offered incentives or placed under pressure to commit fraud. They
cited as an example that when remuneration or advancement is
39
significantly affected by individual, divisional or company
performance, individuals may have an incentive to manipulate
results or to put pressure on others to do so. Similarly,
pressure may come from the unrealistic expectations from
investors, banks or other sources of finance. They therefore
stated that incentives or pressures may take a variety of forms
within an organization. These include; bonuses or incentive pay
representing a large portion of an employee or group’s
compensation, triggers built into debt covenants tied to share
price targets and levels, significant stock option awards
throughout the organization but particularly to top management,
and aggressive earnings-per-share and revenue targets set by top
management and communicated to analysts, investment bankers, and
other market participants, with resultant pressure from these
groups. Rationalization and attitude according to Kenyon and
Tilton, (2006) in their write up on Potential Red Flags and Fraud
Detection Techniques stated that some individuals are more prone
than others to commit fraud. That the propensity to commit fraud
depends on people ethical values as well as on their personal
circumstances. The authors asserted that ethical behavior is
motivated both by a person’s character and by external factors.
External factors which include job insecurity such as during a
downsizing or redundancy or a work environment that inspires
resentment such as being passed over for promotion. Likewise,
external environment includes the tone at the top i.e. the
attitude of management toward fraud risk and management’s
40
response to actual instances of fraud. They posited that when
fraud has occurred in the past and management has not responded
appropriately, others may conclude that the issue is not taken
seriously and they can get away with it. Where instances exist
that create opportunities for management or other staff to commit
fraud, according to Kenyon and Tilton, (2006), those who might
not otherwise be inclined to behave dishonestly may be tempted to
do so. They therefore stated that absence or ineffective
controls, lack of supervision or inadequate segregation of duties
may provide such opportunities. Tommie W Singleton et al stated
that the ‘Report to the Nation (RTTN) (2004) research carried out
by Association of Certified Fraud Examiners showed that most
employees and managers who commit fraud tend to have a long
tenure with a company. A simple explanation deduced by the
scholars is that employees and managers who have been around for
years know quite well where the weaknesses are in the internal
controls and have gained sufficient knowledge of how to commit
the crime successfully.
The Fraud Deterrence Cycle: The Fraud Deterrence Cycle is an
interactive process which include establishment of corporate
governance, implementation of transaction-level control
processes often referred to as the system of internal accounting
controls, retrospective examination of governance and control
processes through audit examinations and investigation and
remediation of suspected or alleged problems. Fraud may be
categorized into Corporate, management Fraud and fraud as a tort.
41
Corporate fraud on the other hand is any fraud perpetrated by,
for or against a business corporation Singleton, Bologna,
Lindquist (2006). Management Fraud is the intentional
misrepresentation of corporate or unit performance levels
perpetrated by employees serving in management roles who seek to
benefit from such frauds in terms of promotions, bonuses or other
economic incentives and status symbols. Colbert, and Meany,
reiterated that an essential component of any entity’s internal
control system including fraud prevention and detection is the
‘tone at the top’. The actions and attitudes of management and
the board of directors set the tone at the top. Their views
towards controls and enforcement of established policies and
procedures permeate the organization and are an important factor
in the success of fraud related policies. In recent years, there
has been great concern on the management of banks’ assets and
liabilities because of large scale financial distress Adam,
(2009). The banking sector has been singled out for the special
protection because of the vital role banks play in an economy.
Bank supervision entails not only the enforcement of rules and
regulations, but also judgments concerning the soundness of bank
assets, its capital adequacy and management Volcker, (1992). In
Nigeria, the rising cases of bank distress have also become a
major source of concern for policy makers. McNamara, C (2009)
stated that performance management is a relatively new concept to
the field of management. That performance management reminds us
that being busy is not the same as producing results. It reminds
42
us that training, strong commitment and lots of hard works alone
are not results. That the major contribution of performance
management is its focus on achieving results -- useful products
and services for customers inside and outside the organization.
Despite the recent attention to achieving maximum performance,
McNamara (2009) stated that there is no standard interpretation
of what that means or what it takes to get it. However having
stated what people are suggesting that it takes for organizations
to achieve maximum performance he stated that, we should be aware
of the various views and be able to choose our own. Recent report
from the Nigerian Deposit Insurance Corporation (NDIC) stated
that Nigerian banks recorded 2007 cases of fraud involving over
=N=53 billion naira in 2008 compared to 1,533 cases involving
=N=10 billion in 2007. The report stated that =N=17.5 billion was
lost to fraud in 2008 as against =N=2.9 billion in 2007.
43
2.2 EMPIRICAL REVIEW
The Nigerian banking industry which is regulated by the Central
Bank of Nigeria is made up of; deposit money banks referred to as
commercial banks, development finance institutions and other
financial institutions which include; micro-finance banks,
finance companies, bureau de changes, discount houses and primary
mortgage institutions. The development in Nigeria banking sector
dated back to 1892 when the first commercial bank (The African
Banking Corporation) was established in Lagos. According to
Adekanye (1986) “the bank experienced some difficulties which led
to the establishment of British Bank of West Africa”.
According to Jigyasu Prani (2006) no banking legislation existed
until 1952, at which point Nigeria had three foreign banks (the
Bank of British West Africa, Barclays Bank, and the British and
French Bank) and two indigenous banks (the National Bank of
Nigeria and the African Continental Bank) with a collective total
of forty branches. The 1952 ordinance set standards, required
44
reserve funds, established bank examinations, and provided for
assistance to indigenous banks. Yet for decades after 1952, the
growth of demand deposits was slowed by the Nigerian propensity
to prefer cash and to distrust cheques for debt settlements.
British colonial officials established the West African Currency
Board in 1952 to help finance the export trade of foreign firms
in West African and to issue a West African currency convertible
to British pounds sterling, but colonial policies barred local
investment of reserves, discouraged deposit expansion, precluded
discretion for monetary management, and did nothing to train
Africans in developing indigenous financial institutions. In 1952
several Nigerian members of the Federal House of Assembly called
for the establishment of a central bank to facilitate economic
development. Although, the motion was defeated, the colonial
administration appointed Bank of England officials to study the
issue. He advised against a central bank questioning such a
bank’s effectiveness in an undeveloped capital market. In 1957,
the colonial office sponsored another study that resulted in the
establishment of a Nigerian central bank and the introduction of
a Nigerian currency. The Nigerian pound on a par with the pound
sterling until the British currency’s devaluation in 1967, was
converted in 1973 to decimal currency, the naira (=N=),
equivalent to two old Nigerian pounds. The smallest unit of the
new currency was the kobo, 100 of which equaled 1 naira. The
naira, which exchanged for US$1.52 in January 1973 and again in
march 1982 (or #0.67 = US$1), despite the floating exchange rate,
45
depreciated relative to the United State dollar in the 1980s. The
average exchange rate in 1990 was #8.004 =US$1. Depreciation
accelerated after the creation of a second-tier foreign exchange
market under World Bank structural adjustment in September 1986.
The Central Bank of Nigeria, which was statutorily independent of
the federal government until 1968, began operations on July 1,
1959. Following a decade of struggle over the relationship
between the government and the Central Bank, a 1968 military
decree granted authority over banking and monetary policy to the
Federal Executive Council. The role of the Central Bank, similar
to that of central banks in North America and Western Europe, was
to establish the Nigerian currency, control and regulate the
banking system, serve as banker to other banks in Nigeria, and
carry out the government’s economic policy in the monetary field.
This policy included control of bank credit growth, credit
distribution by sector, cash reserve requirements for commercial
banks, discount rates-interest rates the Central Bank charged
commercial and merchant banks-and the ratio of banks’ long-term
assets to deposits. Changes in Central Bank restrictions on
credit and monetary expansion affected total demand and income.
2.3 THE CONCEPT OF INTERNAL CONTROL
The structure of modern banking system and the high expectation
from the investors and the society at large has called for a more
tightened internal control system. Internal control has been
variously defined.
46
According to Princeton (2008) internal control is a process
effected by an organization’s structure, work and authority
flows, people and management information system, designed to help
the organization accomplish specific goals or objectives. From
the definition, the objective of any internal control should be
directed towards the attainment of the organizational objectives.
In the words of Okozie (1999)” internal control is the whole
system of controls, financial and otherwise, established by the
management in other to carry on the business of the enterprise in
an orderly and efficient manner, ensure adherence to management
policies, safeguard the assets and secure as far as possible the
completeness and accuracy of the records”. A sound internal
control system should provide the platform for recording and
processing transactions in such a way that it forms adequate
basis for the preparation of the financial statement. An
efficient internal control system involves a clear definition and
segregation of duties for various employees or groups within a
company. The intent of separating the duties is to protect
against fraud, waste, abuse and mismanagement of resources.
Effective internal control helps to assure the accuracy of
reports to management and the various supervising bodies (in the
case of banks).
According to Asuquo (2005) “Internal control is made up of
internal checks, internal audit, accounting controls and other
forms of control such as budgetary and physical control”. Okozie
47
(1999) posited that “the primary responsibility for the
maintenance of the effective internal control rest with the
management of any enterprise”. Management responsibilities are
normally discharged by:
Installation of an effective accounting system;
Ensuring that employees understand relevant codes of
conduct.
Monitoring relevant legal requirements and ensuring that
operating procedures and conditions meet these requirements.
The establishment of an independent Internal audit function.
The appointment of an audit committee where appropriate.
According to Van Creveld (2005), internal control has further
been defined as a process effected by an organization’s
structure, work and authority flows, people and management
information systems, designed to help the organization accomplish
specific goals and objectives. It is a means by which the
organization’s resources are directed, monitored and measured, it
plays an important role in preventing and detecting fraud and
protecting the organization’s resources both physical machinery
and property and intangible (e.g. reputation, intellectual
property such as trademarks and patents). At the organizational
level, internal control objectives relate to reliability of
financial reporting, timely feedback on the achievement of
operational or strategic goals and compliance with laws and
regulations. At the specific transaction level, internal control
refers to the action taking to achieve a specific objectives e.g.
48
how to ensure the organization’s payment to third parties are for
valid services rendered. A system of effective internal control
is a critical component of bank management and a foundation for
the safe and sound operation of banking organizations. A system
of strong internal control can help to ensure that the goals and
objectives of a banking organization will be met, that the bank
will achieve long term profitability targets and maintain
reliable financial and managerial reporting. Such a system can
also help to ensure that the bank will comply with laws and
regulations as well as policies, plans, internal rules,
procedures, and decrease the risks of unexpected losses or damage
to the bank’s reputation.
Internal control are policies, procedures, practices and
organizational structures implemented to provide reasonable
assurance that an organization’s business objectives will be
achieved and undesired risk events will be prevented or detected
and corrected, based on either compliance or management
initiated concerns (Awe,2005).
The institute of Chartered Accountants of England and
Wales (ICAEW), defines internal control as the whole system of
controls, financial or otherwise, established by management in
order to carry on the business of an enterprise in an orderly and
efficient manner, ensure adherence to management policies,
safeguard the assets and secure as far as possible, the
completeness and accuracy of the records. Mayo and BPP (1988)
defined it as a measure taken by an organization for the purpose
49
of protecting its resources against wastes, fraud, inefficiency;
ensuring accuracy and reliability in accounting and operating
data; securing compliance with organization policies and
evaluating the level of performance in all the divisions of the
organizations. From these definitions, it can be deduced that
internal control comprises the plan of an organization and all of
the coordinate methods and measures adopted within it, to
safeguard its assets, check the accuracy and reliability of its
accounting data, promote operational efficiency and encourage
adherence to prescribed managerial policies. Internal control
objectives are channeled towards ensuring adherence to managerial
policies and achieving organizational goals in general.
ICAN (2006a, b) categorized controls into three major
classifications:
Preventive controls: These are controls that predict
potential problems before they occur and make
adjustments. They also prevent an error, omission or
malicious act from occurring. Examples of preventive
controls includes: using well-designed documents to
prevent errors. Establishing suitable procedures for
authorization of transactions. Employing only qualified
personnel. E.g segregates duties.
Detective controls: These controls are designed to
detect and report the occurrence of an omission, an error or a
malicious act. Examples of detective controls include: duplicate
checking of calculations, Periodic performance reporting with
50
variance error message over tape labels and Hash totals counter
cheques post-due account reports.
Corrective controls: These controls help to minimize
the impact of a threat, identify the cause of a problem, correct
errors arising from the problem. They also correct problems
discovered by detective controls and modify the processing
system(s) to minimize future occurrence of the problem. Examples
of corrective controls are: contingency planning back up
procedures rerun procedures.
2.3.1 The Objectives and Roles of Internal Control Framework
Internal control is a process effected by the board of
directors, senior management and all levels of personnel. It is
not solely a procedure or policy that is performed at a certain
point in time, but rather it is continually operating at all
levels within the bank. The board of directors and senior
management are responsible for establishing the appropriate
culture to facilitate an effective internal control process and
for monitoring its effectiveness on an ongoing basis; however,
each individual within an organization must participate in the
process. The main objectives of the internal control process can
be categorized as follows:
1. Efficiency and effectiveness of activities (performance
objectives);
2. Reliability, completeness and timeliness of financial and
management information (information objectives); and
51
3. Compliance with applicable laws and regulations (compliance
objectives).
Performance objectives for internal controls pertain
to the effectiveness and efficiency of the bank in using its
assets and other resources and protecting the bank from loss.
The internal control process seeks to ensure that personnel
throughout the organization are working to achieve its goals
with efficiency and integrity, without unintended or excessive
cost or placing other interests (such as an employee’s, vendor’s
or customer’s interest) before those of the bank.
Information objectives address the preparation of
timely, reliable, relevant reports needed for decision-making
within the banking organization. They also address the need for
reliable annual accounts, other financial statements and other
financial –related disclosures and reports to shareholders,
supervisors, and other external parties. The information received
by management, the board of directors, shareholders and
supervisors should be of sufficient quality and integrity that
recipients can rely on the information in making decisions. The
term reliable, as it relates to financial statements, refers to
the preparation of statements that are presented fairly and based
on comprehensive and well-defined accounting principles and
rules.
Compliance objectives ensure that all banking business
complies with applicable laws and regulations, supervisory
requirements, and the organization’s policies and procedures.
52
This objective must be met in order to protect the bank’s
franchise and reputation.
2.3.2 The Major Elements of an Internal Control Process
The internal control process, which historically has
been a mechanism for reducing instances of fraud,
misappropriation and errors, has become more extensive,
addressing all the various risks faced by banking organizations.
It is now recognized that a sound internal control process is
critical to a bank’s ability to meet its established goals, and
to maintain its financial viability.
Internal control consists of five interrelated
elements: and these elements are explained with it and of
suitable principle to be followed by concern people in an
organization.
1. Management oversight and the control culture;
2. Risk recognition and assessment;
3. Control activities and segregation of duties;
4. Information and communication; and
5. Monitoring activities and correcting deficiencies.
The problems observed in recent large losses at banks can be
aligned and with these five elements. The effective
functioning of these elements is essential to achieving a bank’s
performance, information, and compliance objectives.
A. Management oversight and the Control Culture
1. Board of directors
53
Principle 1: The board of directors should have responsibility
for approving and periodically reviewing the overall business
strategies and significant policies of the bank; understanding
major risks run by the bank, setting acceptable levels for these
risks and ensuring that senior management takes the steps
necessary to identify, measure, monitor and control these
risks; approving the organizational structure and ensuring that
senior management is monitoring the effectiveness of the
internal control system. The board of directors is ultimately
responsible for ensuring that an adequate and effective system
of internal control is established and maintained.
The board of directors provides governance,
guidance and oversight to senior management. It is
responsible for approving and reviewing the overall business
strategies and significant policies of the organization as well
as the organizational structure. The board of directors has the
ultimate responsibility for ensuring that an adequate and
effective system of internal control is established and
maintained. Board members should be objectives, capable, and
inquisitive, with a knowledge or expertise of the activities of
and risks run by the bank. In those countries where it is an
option, the board should consist of some members who are
independent from the daily management of the bank. A strong,
active board, particularly when coupled with effective upward
communication channels and capable financial, legal and internal
audit functions, provides an important mechanism to ensure the
54
correction of problems that may diminish the effectiveness of
the internal control system.
One option used by banks in many countries is the
establishment of an independent audit committee to assist the
board in carrying out its responsibilities. The establishment of
an audit committee allows for detailed examination of
information and reports without the need to take up the time of
all directors. The audit committee is typically responsible for
overseeing the financial reporting process and the internal
control system. As part of this responsibility, the audit
committee typically oversees the activities of, and serves as a
direct contact for, the bank’s internal audit department and
engages and serves as the primary contact for the external
auditors. In those countries where it is an option, the
committee should be composed mainly or entirely of outside
directors (i.e., members of the board that are not employed by
the bank or any of its affiliates) who have knowledge of
financial reporting and internal controls. It should be noted
that in no case should the creation of an audit committee amount
to a transfer of duties away from the full board, which alone is
legally empowered to take decisions.
2. Senior management
Principle 2: Senior management should have responsibility for
implementing strategies and policies approved by the board:
developing processes that identify, measure, monitor and control
55
risks incurred by the bank: maintaining an organizational
structure that clearly assigns responsibility, authority and
reporting relationships; ensuring that delegated
responsibilities are effectively carried out; setting
appropriate internal control policies; and monitoring the
adequacy and effectiveness of the internal control system.
Senior management is responsible for carrying out
the directives of the board of directors, including the
implementation of strategies and policies and the establishment
of an effective system of internal control. Members of senior
management typically delegate responsibility for establishing
more specific internal control policies and procedures to those
responsible for a particular business unit. Delegation is an
essential part of management; however, it is important for
senior management to oversee the managers to whom they have
delegated these responsibilities to ensure that they develop and
enforce appropriate policies and procedures.
Compliance with an established internal control
system is heavily dependent on a well documented and
communicated organizational structure that clearly shows lines
of reporting responsibility and authority and provides for
effective communication throughout the organization. The
allocation of duties and responsibilities should ensure that
there are no gaps in reporting lines and that an effective level
56
of management control is extended to all levels of the bank and
its various activities.
3. Control culture
Principle 3: The board of directors and senior management are
responsible for promoting high ethical and integrity standards,
and for establishing a culture within the organization that
emphasizes and demonstrates to all levels of personnel the
importance of internal controls. All personnel banking
organization need to understand their role in the internal
controls process and be fully engaged in the process.
An essential element of an effective system of
internal control is a strong control culture. It is the
responsibility of the board of directors and senior management
to emphasize the importance of internal control through their
actions and words this includes the ethical values that
management displays in their business dealings, both inside and
outside the organization. The words, attitudes and actions of
the board of directors and senior management affect the
integrity, ethics and other aspects of the bank’s control
culture.
In varying degrees, internal control is the
responsibility of everyone in a bank. Almost all employees
produce information used in the internal control system or take
other action needed to effect control. An essential element of a
strong internal control system is the recognition by all
57
employees of the need to carry out their responsibilities
effectively and to communicate to the appropriate level of
management any problems in operations, instances of non-
compliance with the code of conduct, or other policy violations
or illegal actions that are noticed. This can best be achieved
when operational procedures are contained in clearly written
documentation that is made available to all relevant personnel.
It is essential that all personnel within the bank understand
the importance of internal control and are actively engaged in
the process.
In reinforcing ethical values, banking organizations
should avoid policies and practices that may inadvertently
provide temptations for inappropriate activities. Examples of
such policies and practices include undue emphasis on
performance targets or other operational results, particularly
short-term ones that ignore longer-term risks; compensation
schemes that overly depend on short performance; ineffective
segregation of duties or other controls that could allow the
misuse of resources or concealment of poor performance; and
insignificant or overly onerous penalties for improper
behaviours.
While having a strong internal control culture does
not guarantee that an organization will reach its goals, the
lack of such a culture provides greater opportunities for errors
to go undetected or for improprieties to occur.
58
B. Risk Recognition and Assessment
Principle 4: An effective internal control system requires that
the material risks that could adversely affect the achievement
of the bank’s goals are being recognized and continually
assessed. This assessment should cover all risks facing the bank
and the consolidated banking organization (that is, credit risk,
country and transfer risk, market risk, interest rate risk,
liquidity risk, operational risk, legal risk, and reputational
risk). Internal controls may need to be revised to appropriately
address any new or previously uncontrolled risks.
Banks are in the business of risk-taking. Consequently it is
imperative that, as part of an internal control system these
risks are being recognized and continually assessed. From an
internal control perspective, a risk assessment should identify
and evaluate the internal and external factors that could
adversely affect the achievement of the banking organization’s
performance, information and compliance objectives. This process
should cover all risks faced by the bank and operate at all
levels within the bank. It differs from the risk management
process which typically focuses more on the review of business
strategies developed to maximize the risk/reward trade-off
within the different areas of the bank. Effective risk
assessment identifies and considers internal factors (such as
the complexity of the organization’s structure, the nature of
the bank’s activities, the quality of the personnel,
organizational changes and employee turnover) as well as
59
external factors (such as fluctuating economic conditions,
changes in the industry and technological advances) that could
adversely affect the achievement of the bank’s goals. This risk
assessment should be conducted at the level of individual
businesses and across the wide spectrum of activities and
subsidiaries of the consolidated banking organization. This can
be accomplished through various methods. Effective risk
assessment addresses both measurable and non-measurable aspects
of risks and weighs costs of controls against the benefits they
provide. The risk assessment process also includes evaluating
the risks to determine which are controllable by the bank and
which are not. For those risks that are controllable, the bank
must assess whether to accept those risks or the extent to which
it wishes to mitigate the risks through control procedures. For
those risks that cannot be controlled, the bank must decide
whether to accept these risks or to withdraw from or reduce the
level of business activity concerned. In order for risk
assessment, and therefore the system of internal control, to
remain effective, senior management needs continually to
evaluate the risks affecting the achievement of its goals and
react to changing circumstances and conditions. Internal
controls may need to be revised to appropriately address any new
or previously uncontrolled risks. For example, as financial
innovation occurs, a bank needs to evaluate new financial
instruments and market transactions and consider the risks
associated with these activities. Often these risks can be best
60
understood when considering how various scenarios (economic and
otherwise) affect the cash flows and earnings of financial
instruments and transactions. Thoughtful consideration of the
full range of possible problems, from customer misunderstanding
to operational failure, will point to important control
considerations.
C. Control Activities and Segregation of Duties
Principle 5: Control activities should be an integral part of
the daily activities of a bank. An effective internal control
system requires that an appropriate control structure is set up,
with control activities defined at every business level. These
should include: top level reviews; appropriate activity controls
for different departments or divisions; physical controls;
checking for compliance with exposure limits and follow-up on
non- compliance; a system of approvals and authorizations; and,
a system of verification on reconciliation. Control activities
are designed and implemented to address the risks that the bank
identified through the risk assessment process described above.
Control activities involve two steps:
(1) the establishment of control policies and procedures; and
(2) Verification that the control policies and procedures are
being complied with. Control activities involve all levels of
personnel in the bank, including senior management as well as
front line personnel. Examples of control activities include:
Top level reviews – Boards of directors and senior management
often request presentations and performance reports that enable
61
them to review the bank’s progress toward its goals. For
example, senior management may review reports showing actual
financial results to date versus budget. Questions that senior
management generates as a result of this review and ensuring
responses of lower levels of management represent a control
activity which may detect problems such as control weaknesses,
errors in financial reporting or fraudulent activities.
Activity controls – Department or division level management
receives and reviews standard performance and exception reports
on a daily, weekly or monthly basis. Functional reviews occur
more frequently than top-level reviews and usually are more
detailed. For instance, a manager of commercial lending may
review weekly reports on delinquencies, payment received, and
interest income earned on the portfolio, while the senior credit
officer may review similar reports on a monthly basis and in a
more summarized form that includes all lending areas. As with
the top-level review, the questions that are generated as a
result of reviewing the reports and the responses to those
questions represent the control activity.
Physical controls – physical controls generally focus on
restricting access to tangible assets, including cash and
securities. Control activities include physical limitations,
dual custody, and periodic inventories.
Compliance with exposure limits – The establishment of prudent
limits on risk exposures is an important aspect of risk
management. For example, compliance with limits for borrowers
62
and other counterparties reduces the bank’s concentration of
credit risk and helps to diversify its risk profile.
Consequently, an important aspect of internal controls is a
process for reviewing compliance with such limits and follow-up
on instances of non- compliance.
Approvals and authorizations – Requiring approval and
authorization for transactions over certain limits ensure that
an appropriate level of management is aware of the transaction
or situation, and help to establish accountability.
Verification and reconciliations – Verifications of transaction
details and activities and the output of risk management models
used by the bank are important control activities. Periodic
reconciliations, such as those comparing cash flows to account
records and statements, may identify activities and records that
need correction. Consequently, the results of those
verifications should be reported to the appropriate levels of
management whenever problems or potential problems are detected.
Control activities are most effective when
they are viewed by management and all other personnel as an
integral part of, rather than an addition to, the daily
activities of the bank. When controls are viewed as an addition
to the day-to-day activities, they are often seen as less
important and may not be performed in situations where
individuals feel pressured to complete activities in a limited
amount of time. In addition, controls that are an integral part
of the daily activities enable quick responses to changing
63
conditions and avoid unnecessary costs. As part of fostering the
appropriate control culture within the bank, senior management
should ensure that adequate control activities are an integral
part of the daily functions of all relevant personnel. It is not
sufficient for senior management to simply establish appropriate
policies and procedures for the various activities and divisions
of the bank. They must regularly ensure that all areas of the
bank are in compliance with such policies and procedures and
also determine that existing policies and procedures remain
adequate. This is usually a major role of the internal audit
function.
Principle 6: An effective internal control system requires that
there is appropriate segregation of duties and those personnel
are not assigned conflicting responsibilities. Areas of
potential conflicts of interest should be identified, minimized,
and subject to careful independent monitoring. In reviewing
major banking losses caused by poor internal controls,
supervisors typically find that one of the major causes of such
losses is the lack of adequate segregation of duties. Assigning
conflicting duties to one individual (for example,
responsibility for both the front and back offices of a trading
function) gives the person access to assets of value and the
ability to manipulate financial data for personal gain or to
conceal losses. Consequently, certain duties within a bank
should be split, to the extent possible, among various
individuals in order to reduce the risk of manipulation of
64
financial data or misappropriation of assets. Segregation of
duties is not limited to situations involving simultaneous front
and back office control by one individual. It can also result in
serious problems when there are not appropriate controls in
other instances where an individual has responsibility for:
Approval of the disbursement of funds and the actual disbursement
;
Customer and proprietary account ;
Transaction in both the “banking” and “trading” books;
Informally providing information to customers about their
positions while marketing to the same customers;
Assessing the accuracy of loan documentation and monitoring the
borrower after loan origination ; and ,
Any other areas where significant conflicts of interest emerge
and are not mitigated by other factors.
Areas of potential conflict should be identified, minimized, and
subject to careful monitoring by an independent third party.
There should be a periodic review of responsibilities and
functions of key individuals to ensure that they are not in a
position to conceal inappropriate actions.
D. Information and communication.
Principle 7: An effective internal control system requires that
there are adequate and comprehensive internal financial,
operational and compliance data, as well as external market
information about event and conditions that are relevant to
decision making. Information should be reliable, timely,
65
accessable, and provided in a consistent format. Adequate
information and effective communication are essential to the
proper functioning of a system of internal control. From the
bank perspective, in order for information to be useful, it must
be relevant, reliable, timely, and provided in a consisted
format. Information includes internal financial, operational,
and compliance data, as well as external market information
about events and conditions that are relevant to decision
making. Internal information is part of a record-keeping process
that should include established procedures for record retention.
Principle 8: An effective internal control system requires that
there are reliable information systems in place that cover all
significant activities of the bank. These systems, including
those that hold and use data in an electronic form must be
secured, monitored independently and supported by adequate
contingency arrangements.
A critical component of a bank’s activities is the establishment
and maintenance of management information systems that covers
the full range of its activities. This information is usually
provided through both electronic and non electronic means. Banks
must be particularly aware of the organizational and internal
control requirements related to processing information in an
electronic form and the necessity to have and adequate audit
trail. Management decision-making could be adversely affected by
unreliable or misleading information provided by the systems
66
that are poorly designed and controlled. Electronic information
systems and the use of information technology have risk that
must be effectively controlled by banks in order to avoid
disruptions to business and potential losses. Since transaction
process and business applications have expanded beyond the use
of mainframe computer environment s to distributed systems for
mission-critical business function, the magnitude of risks also
as expanded. Control over information system and technology
should include both general and application controls. General
controls are controls over computer systems (for example,
mainframe, client/server, and end-user work stations) ensuring
their continued, proper operation. General controls include in-
house back-up and recovery procedures, software development and
acquisition policies, maintenance (change control) procedures
and physical/logical access security controls. Application
controls are computerized steps within software applications and
other manual procedures that control the process of transactions
and business activities. Application control include, for
example, edit checks and specific logical access controls unique
to business system. Without adequate control over information
system and technology including system that are under
development, bank could experience loss of data and programs due
to inadequate physical and electronic security arrangement ,
equipment or system failure and inadequate in-house back-up and
recovery procedure . In addition to the risk and control above,
inherent risk exists that are associated with the loss or
67
extended disruption of services caused by factors beyond the
bank’s control. In extreme cases, since the delivery of
corporate and customer’s services represent key transaction,
strategic and reputational issues, such problems could cause
serious difficulties for banks and even jeopardize the ability
to conduct key business activities. The potential, requires the
bank to establish business resumption and contingency plans
using an alternate off-site facility, including the recovery of
critical system supported by an external service provided. The
potential for loss or extended disruption of critical business
operation require an institution-wide effort on contingency
planning involving business management, and not focus on
centralized computer operations. Business resumption plans must
be periodically tested to ensure the plan’s functionality in the
event of an unexpected disaster.
Principle 9: An effective internal control system requires
effective channels of communication to ensure that all staff
fully understand and adhere to policies and procedure affecting
their duties and responsibility and that other relevant
information is reaching the appropriate personnel.
Without effective communication, information is useless. Senior
management of bank leads and establishes effective paths of
communication in order to ensure that the necessary information
is reaching the appropriate people. This information relates
both to the operational policies and procedures of the bank as
68
well as information regarding the actual operational performance
of the organization. The organizational structure of the bank
should facilitate an adequate flow of information upward,
downward and across the organization. Structures that facilitate
the flow ensure that information flows upward so that the board
of directors and senior management are aware of the business
risks and operating performance of the bank. Information flowing
down through an organization ensures that the bank objective,
strategies and expectation as well as its established policies
and procedures are communicated to lower level management and
operations personnel. This communication is essential to achieve
a unified effort by all bank employees to meet the bank’s
objectives.
Finally, communication across the organization is necessary to
ensure that information that one division or department knows
can be shared with other affected divisions or departments.
E. Monitoring activities and correcting deficiencies
Principle 10: the overall effectiveness of the bank’s internal
control should be monitored on an ongoing basis. Monitoring of
key risks should be part of the daily activities of the bank as
well as periodic evaluations by the business lines and the
internal audit.
Since banking is a dynamic, rapidly evolving industry, banks
must continually monitor and evaluate their internal control
systems in the light of changing internal and external
69
conditions, and must enhance this systems as necessary to
maintain their effectiveness.
In complex, multinational organization, senior management must
ensure that the monitoring function is properly defined and
structured within the organization. Monitoring the effectiveness
of internal control can be done by personnel from several
different areas, including the business function itself,
financial control and internal audit for that reason it is
important that senior management makes clear which personnel are
responsible for which monitoring function. Monitoring should be
part of daily activities of the banks but also include separate
periodic evaluations of the overall internal control process.
The frequency of monitoring different activities of a bank
should be determined by considering the risks involved and the
frequency and nature of changes occurring in the operating
environment. Ongoing monitoring activities can offer the
advantage of quickly detecting and correcting deficiency in the
system of internal control. Such monitoring is most effective
when the system of internal control is integrated into the
operating environment and produces regular report for review.
Examples of ongoing monitoring include the review and approval
of journal entries and management review and approval exception
reports. In contrary, separate evaluation typically detect
problems only after the fact; however, separate evaluations
allow an organization to take a fresh, comprehensive look at the
effectiveness of internal control system and specifically at the
70
effectiveness of the monitoring activities. These evaluations
can be done by personnel on several different area including the
business function itself, financial control and internal audit.
Separate evaluation of internal control system often takes the
form of self assessments when persons responsible for a
particular function determine the effectiveness of controls for
their activities. The documentation and the result of the
evaluation are then reviewed by senior management. All levels
review should be adequately documented and reported on a timely
basis to the appropriate level of management.
Principle 11: There should be an effective and comprehensive
internal audit of the internal control system carried out by
operationally independent, appropriately trained and competent
staff. The internal audit function, as part of the monitoring of
the system of internal controls, should report directly to the
board of directors or its audit committee, and to senior
management.
The internal audit function is an important part of the ongoing
monitoring of the system of internal controls because it
provides an independent assessment of the adequacy of, and
compliance with, the established policies and procedures. It is
critical that the internal audit function is independent from
the day-to-day functioning of the bank and that it has access to
all activities conducted by the banking organization, including
at its branches and subsidiaries. By reporting directly to the
board of directors or its audit committee, and senior
71
management, the internal auditors provide unbiased information
about line activities. Due to the important nature of this
function, internal audit must be staffed with competent, well-
trained individuals who have a clear understanding of their role
and responsibilities. The frequency and extent of internal audit
review and testing of internal controls within a bank should be
consistent with the nature, complexity, and risk of the
organization’s activities. It is important that the internal
audit function reports directly to the highest levels of the
banking organization, typically the board of directors or its
committee, and to senior management. This allows for the proper
functioning of corporate governance by giving the board
information that is not biased in any way by the levels of
management that the reports cover. The board should also
reinforce the independence of the internal auditors by having
such matters as their compensation or budgeted resources
determined by the board or the highest levels of management
rather than by the managers who are affected by the work of the
internal auditors.
Principle 12: Internal control deficiencies, whether identified
by business line, internal audit, or other control personnel,
should be reported in a timely manner to the appropriate
management level and addressed promptly. Material internal
control deficiencies should be reported to senior management and
the board of directors.
72
Internal control deficiencies, or ineffectively
controlled risks, should be reported to the appropriate
person(s) as soon as they are identified, with serious matters
reported to senior management and the board of directors. Once
reported, it is important that management corrects the
deficiencies on a timely basis. The internal auditors should
conduct follow-up reviews or other appropriate forms of
monitoring, and immediately inform senior management or the
board of any uncorrected deficiencies. In order to ensure that
all deficiencies are addressed in timely manner, senior
management should be responsible for establishing a system to
track internal control weakness and actions taken to rectify
them. The board of directors and senior management should
periodically receive reports summarizing all issues that have
been identified. Issues that appear to be immaterial when
individual control processes are looked at in isolation, may
well point to trends that could, when linked, become a
significant control deficiency if not addressed in a timely
manner.
2.3.3 Evaluation of Internal Control Systems by Supervisory
Authorities
Principle 13: Supervisors should require that all banks,
regardless of size, have an effective system of internal
controls that is consistent with the nature, complexity, and
73
risk inherent in their on-and off-balance sheet activities and
that responds to changes in the bank’s environment and
conditions. In those instances where supervisors determine that
a bank’s internal control system is not adequate or effective
for that bank’s specific risk profile (for example, does not
cover all of the principles contained in this document), they
should take appropriate action, Although the board of directors
and senior management bear the ultimate responsibility for an
effective system of internal controls, supervisors should assess
the internal control system in place at individual banks as part
of their ongoing supervisory activities. The supervisors should
also determine whether individual bank management gives prompt
attention to any problems that are detected through the internal
control process. Supervisors should require the bank that they
supervise to have strong control culture and should take a risk-
focused approach in their supervisory activities. This includes
a review of the adequacy of internal controls. It is important
that supervisors not only assess the effectiveness of the
overall system of internal controls, but also evaluate the
controls over high-risk areas (e.g., areas with characteristics
such as unusual profitability, rapid growth, new business
activity, or geographic remoteness from the head office). In
those instances, where supervisors determine that a bank’s
internal control system is not adequate or effective for that
bank specific risk profile, they should take appropriate action.
This would involve communicating their concerns to senior
74
management and monitoring what actions the bank takes to improve
its internal control system. Supervisors, in evaluating the
internal control systems of banks, may choose to direct special
attention to activities or situations that historically have
been associated with internal control breakdowns leading to
substantial losses. Certain changes in a bank’s environment
should be the subject of special consideration to see whether
accompanying revisions are needed in internal control system.
Those changes include: (1) a changed operating environment; (2)
new personnel; (3) new or revamped information systems; (4)
areas/activities experiencing rapid growth; (5) new technology;
(6) new lines, products, activities (particularly complex ones);
(7) corporate restructuring mergers and acquisitions; and (8)
expansion or acquisition of foreign operations (including the
impact of changes in the related economic and regulatory
environments). To evaluate the quality of internal controls,
supervisors can take a number of approaches. Supervisors can
evaluate the work of the internal audit department of the bank
through review of its working papers, including the methodology
used to identify measure, monitor and control risk. If satisfied
with the quality of the internal audit department’s work,
supervisors can use the reports of internal auditors as a
primary mechanism for identifying control problems in the bank,
or for identifying areas of potential risk that the auditors
have not recently reviewed. Some supervisors may use a self-
assessment process, in which management reviews the internal
75
control of a business-by-business basis and certifies to the
supervisor that its controls are adequate for its business.
Other supervisors may require periodic external audits of key
areas, where the supervisor defines the scope. And finally,
supervisors may combine one or more of the above techniques with
their own on-site reviews or examination of internal controls.
Supervisors in many countries conduct on-site examination and
review of internal control is an integral part of such
examinations. An on-site review could include both a review of
the business process and reasonable level of transaction testing
in order to obtain an independent verification of the bank’s own
internal control processes. An appropriate level of transaction
testing should be performed to verify:
The adequacy of, and adherence to, internal
policies, procedures and limits;
The accuracy and completeness of management
reports and financial records; and
The reliability (i.e., whether it functions as
management intends) of specific controls
identified as key to the internal control
element being assessed.
In order to evaluate the effectiveness of the five internal
control elements of a banking organization (or a unit/activity
thereof) supervisors should:
Identify the internal control objectives that are
relevant to the organization, unit or activity
76
under review (e,g., lending, investing,
accounting);
Evaluate the effectiveness of the internal control
elements, not just by reviewing policies and
procedures, but also by reviewing documentation,
discussing operations with various levels of bank
personnel, observing the operating environment,
and testing transactions;
Share supervisory concerns about internal controls
and recommendations for their improvement with the
board of directors and management on a timely
basis, and;
Determine that, where deficiencies are noted,
corrective action is taken in a timely manner.
Banking supervisory authorities that have the legal basis or
other arrangements to direct the scope of and make use of the
work of internal auditors often or always do so in lieu of on-
site examinations. In those instances, the external auditors
should be performing the review of the business process and the
transaction testing described above under specific engagement
arrangements. In turn, the supervisors should assess the quality
of the auditors’ work. In all instances, bank supervisors should
take note of the internal auditors’ observations and
recommendations regarding the effectiveness of internal controls
and determine that bank management and board of directors have
satisfactorily addressed the concerns and recommendations
77
expressed by the external auditor, the level and nature of
effectiveness of a bank’s internal controls. Supervisors should
also encourage bank external auditors to plan and conduct their
audits in ways that appropriately consider the possibility of
material misstatement of bank’s financial statements due to
fraud. Any fraud found by external auditors, regardless of
materiality, must be communicated to the appropriate level of
management. Fraud involving senior management and fraud that is
material to the entity should be reported by external auditors to
the board of directors and/or the audit committee. External
auditors may be expected to disclose fraud to certain supervisory
authorities or others outside the bank in certain circumstances
(subject to national requirements). In reviewing the adequacy of
the internal control process at individual banking organizations,
home country supervisors should also determine that the process
is effective across business lines, subsidiaries and national
boundaries. It is important that supervisors evaluate the
internal control process not only at the level of individual
businesses or legal entities, but also across the wide spectrum
of activities and subsidiaries within the consolidated banking
organization. For this reason, supervisors should encourage
banking groups to use common auditors and common accounting dates
throughout the group, to the extent possible.
2.4 Roles and Responsibilities of External Auditors
Although external auditors are not, by definition, part of a
banking organization and therefore, are not part of its internal
78
control system, they have an important impact on the quality of
internal controls through their audit activities, including
discussions with management and recommendations for improvement
to internal controls. The external auditors provide important
feedback on the effectiveness of the internal control system.
While the primary purpose of the external audit function is to
give an opinion on the annual accounts of a bank, the external
auditor must choose whether to rely on the effectiveness of the
bank’s internal control system. For this reason, the external
auditors have to obtain an understanding of the internal control
system in order to assess the extent to which they can rely on
the system in determining the nature, timing and scope of their
own audit procedures. The exact role of external auditors and the
processes they use vary from country to country. Professional
auditing standards in many countries require that audits be
planned and performed to obtain reasonable assurance that
financial statements are free of material misstatement. Auditors
also examine, on a test basis, underlying transactions and
records supporting financial statement balances and disclosures.
An auditor assesses the accounting principles and policies used
and significant estimates made by management and evaluates the
overall financial statement presentation. In some countries,
external auditors are required by the supervisory authorities to
provide a specific assessment of the scope, adequacy and
effectiveness of a bank’s internal control system, including the
internal audit system. One consistency among countries, however,
79
is the expectation that external auditors will gain an
understanding of a bank’s internal control process to the extent
that it relate to accuracy of the bank’s financial statements.
The extent of attention given to the internal control system
varies by auditor and by bank; however, it is generally expected
that material weakness identified by the auditors would be
reported to management in confidential management letters and, in
many countries, to the supervisory authority. Furthermore, in
many countries external auditors may be subject to special
supervisory requirements that specify the way that they evaluate
and report on internal controls.
2.5 The concept of fraud:
What is fraud? Fraud has widely been defined in literature by
scholars and experts. Hornby (1998) defined fraud as an action or
an instance of checking somebody in order to make money or obtain
goods illegally. The same dictionary defines the perpetrators of
frauds as fraudsters. According to the ICAN study pack (2006a, b)
fraud consists of both the use of deception to obtain an unjust
or illegal financial advantage and intentional
misrepresentations, affecting the financial statements by the one
or more individuals among management, employees, or third
80
parties. Archibong (1992) describes fraud as a predetermined and
well planned tricky process or device usually undertaken by a
person or group of persons, with the sole aim of cheating another
person or organization, to gain ill-gotten advantages, be it
monetary or otherwise, which would not have accrued in the
absence of such deceitful procedure.
From the above, the term fraud may be said to be as an
intentional misrepresentation of financial information by one or
more individuals among management, employees or third parties.
Fraud may involve:
Falsification or alteration of accounting records or other
documents
Misappropriation of assets or theft
Suppression or omission of the effect of transaction from
records or documents
Recording of transactions without substances
Intentional misapplication of accounting policies
Willful misrepresentation of transactions of the entity’s
state of affairs.
From whichever perspective, fraud is looked at, it is
simply a deceitful and dishonest act, which involves taking
a property unlawfully from its owner, without his/her
knowledge, permission or consent, or to misstate a
situation knowingly or by negligence. This issue of fraud
is a conventional phenomenon in the national life. In the
81
government and private sectors, it is the order of the day.
In the banks, fraud is on the increase. Companies are
falling every day, through the activities of fraudsters.
2.5.1 Classification of fraud:
Within the scope of this study, attempts shall be made to
critically examine the two broad schemes of frauds. Fraud is
classified into two and are:
Management fraud
Employee fraud
According to Fakunle (2006), management fraud often involves
the manipulation of the records and the account, typically by the
enterprise’s senior officers with a view to benefiting in some
indirect way. An example is, obtaining finance under false
pretences, or concealing a material, worsening off the company’s
true position, i.e., window dressing.
Robertson (1996) defines management fraud as a
deliberate fraud, committed by management that injures investors
and creditors, through materially misleading financial
statements. Management fraud is sometimes called fraudulent
financial reporting. Management fraud is usually perpetrated by
the management staff of an organization, which includes
directors, general managers, managing directors etc. the class of
82
victims of management frauds is investors and creditors and the
instrument of preparation is financial statement. The essence of
management fraud most times is to attract more shareholders to
come and invest in the organization. It is also perpetrated, so
that organization will be in better position of obtaining loans
from the banks, because, a good statement will show a healthy
look, hence it will be a good collateral security.
Employee fraud: Also known as non-management fraud: These are
frauds that are perpetrated by the employees of an organization.
Robertson (1996) defines it as the use of fraudulent means to
take money or other property from an employer. It usually
involves falsification of some kind, like false documents, lying,
exceeding authority, or violating an employer’s policies,
embezzlement of company’s funds, usually in form of cash or other
assets. It consists of three phases, which are:
The fraudulent act
The conversion of the money or property to the fraudsters
use
The cover up
The employee frauds are more likely to be encountered where
internal controls are weak: other types of employees frauds
according to Awe (2005) are as follows:
Fictitious payment of suppliers:
Alteration of invoices
Double payment of invoices
83
Suppression of credit notes received
Missing returned cheques (so that it appears that
bills are paid)
Wages fraud (payroll fraud)
Misappropriated cash from credit sales
Payment for hours not worked for
It is important to note that all these
forms of employee fraud are perpetrated, so that the perpetrators
will have an undue benefit from all the irregularities made, as
embedded in the definition of fraud.
2.5.2 Type of bank’s common fraudulent practices:
Ovuakporia (1994) gave account of thirty-three types of bank
frauds in the banking sector. These include theft, embezzlement,
defalcations, forgeries, substitution, suppression, payment
against unclear effects, unauthorized lending, lending to ‘ghost’
borrowers, kite flying and cross firing, unofficial borrowing,
foreign exchange malpractice, impersonation, over-involving,
manipulation of vouchers, fictitious accounts, over and under
valuation of properties, false declaration of cash shortages,
falsification of status reports, duplication of cheque books,
mail transfer, interception of clearing cheques, computer frauds,
fake payments, teeming and lading, robbery and others.
The above numerous types of fraudulent practices in banks, serve
as threats to the success of many banks. If adequate preventive
and detective measures are not put into action, it could lead to
84
the complete failure of financial institutions especially banks
in Nigeria.
2.5.3 Causes of bank frauds:
There are many identified causes of fraud in banks. They vary
from institutional to economical, social, psychological, legal
and even infrastructural causes. The immediate causative agents
of frauds in general as provided by Ogbunka (2002) are as
follows:
Availability of opportunities to perpetrate frauds and
forgeries
Human greed, avarice, instability
Misapplied intelligence-say for adventure
Job insecurity
Social misconceptions that banks’ money is nobody’s money/
property and therefore can be defrauded
Weak internal control system of the bank
Of a truth, there are many causes of bank frauds, but, weak
internal control system stands as the major cause of frauds
in banks. It is therefore, expedient that adequate,
efficient and effective internal control system be
85
installed in every bank in order to reduce this disaster
called fraud.
2.5.4 Factors influencing the existence of fraud in banks:
Despite the numerous causes of bank frauds there exist some
other factors that influences the risk of fraud within the
bank and accordingly steps ought to be taken to minimize
them. According to Izedonmi (2000), these factors include:
Where authority is concentrated in a few hands within
the bank
Where, management continually fails to implement
internal control recommendations, made by an external
auditor
Where, there is a high rate of turnover in key
accounting functions
Where the accounting system is inadequate and the
books of account cannot be reconciled with the
financial statements
Where transactions occurring during the year are
reversed after the year end
Where fees paid to legal advisers appear to be out of
proportion with the actual service rendered
Where there are material transactions during and
around the year end date
Where the bank is experiencing slovenly problems.
86
Where it is difficult to obtain explanations from
management and staff of the banks during the audit.
Where documentation supporting transactions are
generally non-existent
2.5.5 Internal Control and Fraud Prevention
What could have been done to avoid fraud and embezzlement?
There are several procedures that could have aided banking
industry in the prevention or early detection of this loss.
1. Review of a sample of all new loans issued
Missing documentation is one of the most important symptoms of
fraud.
A supervisor may
regularly review a
sample of all new
loans issued and
determine that
required
documentation is
present, and if not,
confirm missing
information with
third parties.
Make sure loan
documentation is
complete: guarantee
87
titles, insurance,
or income
verification.
Make sure to follow
up on the exceptions
noted. Be aware of
counterfeit
collateral.
Fictitious loans
could be made in the
name of people taken
from the phone book
or in the name of
former borrowers.
2. Visit to the clients The most effective
way to mitigate the risk associated with frauds is for the
organization to conduct client visits to some of its
clients.
A supervisor may
visit a sample
clients of all new
loans issued (for
example, one client
out of every 10 new
loans) to verify
88
the authenticity of
the loans.
This way Ecobank
can also identify
fraudulent
practices by loan
officers or non
adherence to new
policies before
they are replicated
on a wide scale.
That In general,
Ecobank must audit
a larger number of
loans but a smaller
percentage of the
overall portfolio
than a traditional
financial
institution would.
To adequately
assess risk, the
key is for Ecobank
to audit a large
enough samples of
loans to get a good
89
overall picture of
the true quality of
the loan portfolio.
Ecobank should
generally employ a
combination of two
types of sampling:
random and
selective sampling.
Random sampling is
a process by which
the auditor selects
clients in a
haphazard manner,
with no attempt to
influence the list
of clients to
audit. Selective
sampling is a
process by which
the auditors
attempt to create a
list of clients to
visit bases on
predetermined
90
criteria (higher
risk clients).
For some branch of
Ecobank that use
group lending
methodologies, a
supervisor may
attend a group
meeting. The
supervisor may
verify that a group
only issue loans to
group members,
check the group’s
records to ensure
proper calculations
and accurate
reporting.
3. Segregation of duties The
segregation of duties is the design in the job
functions to properly segregate tasks so that the
same person does NOT record, approve and do the job
Combination of
duties may allow a
manager or
91
supervisor to
approve the loans,
set them up on the
system , issue the
checks, and then
cash them through a
teller drawer
No one should have
full control of the
loan process from
beginning to end
Make sure that
managers and
supervisors don’t
know the tellers’
passwords and make
sure the tellers
change their
password regularly.
Make sure returned
monthly account
statements are
carefully monitored/
People on vacation
or on material leave
should not be
92
allowed to keep
their office keys.
These people can
visit the branch
after working hours
to process loan
advances to make
payments under other
employees’ teller
codes.
4. Supervisory
Committee/internal audit
Department In smaller
Ecobank branch the supervisory committee often
oversees the internal controls, while in the larger
Ecobank, the controls are often monitored by the
internal audit
department.
5. Record keeping Inaccurate or
incomplete records are often used to hide fraud.
To keep the loans
current, the
employee may make
the monthly
93
payments in a
variety of ways. In
some cases, he/she
would take an
advance from loan
and use it to make
payments on several
other loans via
journal-voucher
transfers. At other
times, he/she would
take a loan advance
in cash and make
cash payments on
the loans coming
due. He/she can
also purchase bank
money orders with
stolen funds and
mail payments to
different branch
offices of the
Ecobank to ensure
that other
employees processed
94
transactions on the
accounts
Process of
reconciling the
accounts is
important. May hide
problems.
6. Bank reconciliation
Bank accounts should be reconciled and checked
weekly by a supervisor.
7. Audit trails
Make sure to maintain adequate audit trails. Audit
trails enable the tracing of any giving item
through the Ecobank books.
Software should
also have
thorough audit
trail built in.
the application
should log and
report the user
name and event,
date/time of all
entries and
95
deletion of
transactions and
also for
creating,
editing, and
deleting clients,
loans, and
schedules of
installments, and
loan product
definitions.
8. Auditing Audits
(required at least annually) and verifications
(required at least two Years) must be performed in
a timely manner, under controlled conditions, And
independent of Ecobank management and staff.
Although fraud
may be uncovered,
the annual audit
and regulatory
examination are
not intended to
detect fraud.
An example of
infraction to
reviewing the
96
loans is when the
auditors select
their sample from
the new-loan
listings and fax
the list to each
branch manager
before coming to
the branch to
review loan
files. This
seemingly minor
infraction may
provide the
embezzler with
notice of when
his/her ample
time to create
loan files-
complete with
altered
documentation
from legitimate
loan files.
The auditor
should pull all
97
loans files
him/herself. The
auditor should
keep in mind that
any person he/she
is asking to
assist could be a
thief. The
auditor should
verify every
explanation that
an employee
offers. In some
cases, the
auditor should
contact the loan
recipient.
CHAPTER THREE
RESEARCH METHODOLOGY
98
3.0 INTRODUCTION
Research is the process of arriving at a dependable solution to
problems through planned and systematic collection, analyzing and
interpretation of data (Osuala, 1993).
Green and Full (1975) defines research methodology as the
specification of procedures for collecting and analyzing the data
necessary to solve the problem at hand such that the differences
between the cost of obtaining various levels of accuracy and the
expected value of the information associated with each level of
accuracy is optimized.
Thus, in this chapter the method and techniques of data
collection and analysis for this study are discussed in details,
research design, population of study, sample and sampling
technique, sources of data collection, research instrument,
validity of the instrument, reliability of the instrument,
procedure for administration of research instrument, as well as
the limitation of the research methodology. This will be
important in order to assess the effect of internal control on
organizational performance.
3.1 RESEARCH DESIGN
The research design adopted in this research work is the
descriptive survey research design which involves the usage of
self designed questionnaire in the collection of data. Under the
99
survey research design, primary data of this study will be
collected from Eco Bank Plc in order to determine the effect of
internal control on organizational performance. The design was
chosen because it enables the researcher to collect data without
manipulation of any variables of interest in the study. The
design also provides opportunity for equal chance of
participation in the study for respondents.
3.2 POPULATION OF STUDY
The population of study is the census of all items or a subject
that possess the characteristics or that have the knowledge of
the phenomenon that is being studied (Asiaka, 1991). It also
means the aggregate people from which the sample is to be drawn.
Population is sometimes referred to as the universe. The
population of this research study will be the entire staff of Eco
Bank Plc.
3.3 SAMPLE AND SAMPLING TECHNIQUES
The researcher made use of stratified sampling technique because
all the members have the same probability of occurrence. The
researcher narrowed down the samples to the organization’s staff
in order to get the effect of internal control on organizational
performance on the entire organization’s staff.
100
As a result of complexity in the size and the possible high cost
of using aggregate information of the entire population a sample
being a representative of the total population becomes necessary.
A convenient sample of 50 employees of Ecobank Plc has been
chosen therefore random sampling technique have been adopted to
select the employees because it is a good representation of the
study population from which it is drawn.
3.4 SOURCES OF DATA COLLECTION
Basically, the source of data collection used in this study is
primary and secondary. The primary source involves the use of
questionnaire. The secondary source is by means of research into
journals, published work in the library as well as newspaper
articles.
The researcher adopted questionnaire in collecting relevant
information for the study. The questions asked in the
questionnaire were accompanied by multiple choice answers from
which the respondents were asked to pick one.
The main reason for using this method of collecting data is to
enable the researcher believe that this method will provide the
necessary information as well as the ease with which the method
will facilitate data collection. This will ensure balance and
comprehensive information reliable enough for conclusion to be
drawn.
3.5 RESEARCH INSTRUMENT
101
Questionnaires will be used as the basis of research instrument
in this work. The nature of the questionnaire was close ended
where options were given to respondents to choose from. The
questionnaire was divided into two parts. It’s also going to be
free from bias so as to get the required information needed to
proceed with the analyzing of the data.
The questionnaire designed for the respondents in the selected
organization that is Eco Bank PLC consisted of two sections A and
B. Section A focus on demographic information which embraces the
name of organization, age, marital status, working experience,
educational qualification e.t.c. While Section B focused on theother variables to be tested framed out of research questions
properly.
With regard to the scoring of responses, a five point numerically
scaled Likert-type questionnaire was constructed for the purpose
of this study. The first section (section A) of the questionnaire
needs no scoring since the information required is bio-data of
the respondents. The questions asked in the second section,
(section B) of the questionnaire were accompanied by multiple
choice answers ranged from 1-5 point scale in the following
pattern: Strongly Agree-1; Agree-2, Undecided-3, Disagree-4,
Strongly Disagree-5, from which the respondents were asked to
pick one.
3.5.1 PROCEDURE FOR ADMINISTRATION OF RESEARCH INSTRUMENT
102
The set of questionnaires were personally administered by the
researcher. The respondents were asked not to indicate their
names on the questionnaires so as to make the responses
anonymous. The researcher interpreted all aspects of the
questionnaire to the respondents. The respondents were assured of
confidentiality of information to be supplied.
The questionnaires will be sent to 50 employees of Ecobank Plc.
Few personal interview will also be conducted to reach a wider
conclusion of the research instrument used in this research work.
3.5.2 VALIDITY OF THE INSTRUMENT
Nworgu (1991) contended that after the items in a
questionnaire have been written, it is mandatory to subject the
questionnaire to validation process.
He maintained that in this way the items can be reviewed in
terms of their clarity, the appropriateness of the language and
expressions, the suitability of each item with references to the
research question. It is expected to answer the adequacy of the
quantity of items in the questionnaire.
In respect of this he says; after the items have been
written, the next crucial step is to subject the questionnaire to
103
a validation process. This is an extremely important exercise
that cannot be skipped in the development of an instrument.
The questionnaires were being validated by the investigator’s
project supervisor and some of his colleagues. Each of them was
given a copy of questionnaire for critical review and were
finally ratified and approved by the investigator’s project
supervisor.
Although, the responses of the respondents may be bias, the
questionnaire would still be able to capture the needed
information based on the respondents’ opinion. To allow for the
elements of bias that may be contained in the responses, 1% level
of significance would be allowed in the data testing. This will
take care of error, bias etc. that may be in the data collected.
3.5.3 RELIABILITY OF THE INSTRUMENT
Reliability is referred to as the degree to which the instrument
consistently measures what it intends to measure (Ojo, 2003). His
responds to this research study indicated that the questionnaire
was well structured to achieve the purpose of the research
thereby meeting the test of reliability. The reliability of the
research instrument would be tested through test-re-test
reliability. In this method the same measuring instruments is
used to take separate measurement on the same research population
or sample at different times. The higher the correlation between
the two measurements, the higher the reliability of the measuring
instruments.
104
3.6 METHOD OF DATA ANALYSIS
The data analysis method will deal with how the necessary data
collected, through primary source will be properly processed and
presented for meaningful analysis. The method that will be
adopted to analyze data collected will be less of manual and more
of computer aided method. The computer aided package known as
statistical package for social sciences (SPSS) will be employed
to analyze data in the form of frequency tables in knowing the
effect of internal control on organizational performance.
For the purpose of this study, the following analytical technique
will be used.
1. Mean: The arithmetic mean of a sort of observations is the
sum of all observations. It is denoted by x.
The formula is Ʃfx.
2. Simple percentages: Simple percentage will be used to
analyze the personal profile of respondent in Section A of
the questionnaire.
3. Standard deviation: It can be defined as the root of the
mean of square of deviations from the common mean of a set
of values. It is also the square root of the variance. It is
represented by:
105
or
4. Chi-Square: this statistical test is used to determine
whether there is any significant difference between the
observed and expected theoretical frequency obtained from a
distribution. It is also used to test the dependence of two
attributes such as marketing strategy and organizational
performance.
It is represented by:
OR
Where O= observed frequency
106
Χ2=∑ (o−e)2
e1 Χ2=∑ (obs−exp)2
exp
E= expected frequency
I = the number of items where 1= 1,2,3,
…n
The hypothesis will be tested using the chi-square (X2)
3.7 LIMITATION OF METHODOLOGY
The study would be carried out with the intention of assessing
the effect of internal control on organizational performance.
This does not imply that the methodology is not with its
constraints. A major constraint arises due to the heavy
dependence place on the questionnaire as well as the inherent
limitations of the statistical techniques used.
3.8 MODEL SPECIFICATION
A representation of a system that allows for investigation of the
properties of the system and, in some cases, prediction of future
outcomes. Models are often used in quantitative analysis and
technical analysis, and sometimes also used in fundamental
analysis.
The components of internal control are:
Control environment
Risk assessment process
Control activities
107
Information and communication
Monitoring
All these are proxy for internal control while the component for
organization performance are :
Employee productivities
Level of sales
Customer satisfaction
Model specification
OGPM =INTC …………………………………3.1
OGPM =organization performance
INTC =internal control
OGPM = f(INTC) ………………………………..3.2
INTC =f(INFT,RMG,FCG,CSD) ………………..3.3
INTC =f(β0INFT, β1 RMG, β2 FCG, β3 CSD) ………………..3.4
ALL are proxy for internal control.
INFT = internal control technology department (i.e IT deparment)
RMG =risk management group
FCG =finanacial control group
CSD =customer services department
108
Β1, β2, β3 = paramenter
β0 = intercept
therefore the model are as follow
OGPM= β0 + β1 INFT + β2 RMG + β3 FCG + β4 CSD +U…………………………3.5
U = STOCHASTIC TERM/ ERROR TERM
109
CHAPTER FOUR
DATA PRESENTATION AND ANALYSIS
4.1 INTRODUCTION
This chapter is about the analysis and presentation ofdata collected from the field through questionnaire. Theanalysis of the data with particular question immediatelyfollowed by the presentation of findings.
As mentioned in chapter three, 50 questionnaires wereadministered and 50 were retrieved and necessary analysiswas carried out on them and presented as follows:
Table 4.1.1
QuestionnaireNumber
Percentageserved (%)
Questionnaire retrieved
Percentageretrieved(%)
50 100 50 100
4.2 DATA ANALYSIS , PRESENTATION AND INTERPRETATIONThis is the presentation of the quantitative data
collected from the respondents through the questionnairedrawn-tabulation and percent (%) age will be used to analyzethe data accordingly as follows:
Part A: Classification According To Bio-Data
4.2.1: “Respondents analysis by Age”
110
Age Frequency Percent(%)
Validpercent(%)
Cumulativepercent(%)
21 -30 27 54.0 54.0 54.031 – 40 11 22.0 22.0 76.041 – 50 8 16.0 16.0 92.0ABOVE 50 4 8.0 8.0 100.0Total 50 100.0 100.0Source: Field survey (2013)
The table above shows that 27 (54.0%) of the entire respondents are between the age 21-30 years, 11 (22.0%) fall between the age 31-40 years, 8 (16.0%) also fall between the age of 41-50 and 4 (8.0%) also fall between the age of above 50.
4.2.2: Respondents Analysis by Sex.
Gender Frequency
Percent(%)
Validpercent(%)
Cumulativepercent(%)
MALE 24 48.0 49.0 49.0FEMALE 25 50.0 51.0 100.0Total 49 98.0 100.0Source: Field survey (2013)
111
The table above denotes that 24 representing (49%) ofthe total respondents are male while 25 representing (51%)are female. This has shown that more female responded to thequestionnaire than male. It implies that female has moreinformation about Ecobank than male.
4.2.3: “Respondents analysis by Marital Status”
Status Frequency Percent(%)
Validpercent(%)
Cumulative percent(%)
SINGLE 23 46.0 46.0 46.0MARRIED 22 44.0 44.0 90.0DIVORCED/SEPARATED 5 10.0 10.0 100.0Total 50 100.0 100.0Source: Field survey (2013)
The above table indicates that 23 (46%) representssingle, 22 (44%) represents married and 5 (10%) representsdivorce/ separated. Youth has more responses to thequestionnaire than the married and others.
112
4.2.4 “Respondents analysis by Education”Qualification Frequen
cyPercent(%)
Validpercent (%)
Cumulativepercent(%)
PROFESSIONAL QUALIFICATION (ICAN / CIBN / ANAN)
12 24.0 24.0 24.0
POST GRADUATE (MBA/ MSC/ PHD) 23 46.0 46.0 70.0TERTIARY EDUCATION (FIRST DEGREE/ HND)
14 28.0 28.0 98.0
POST SECONDARY EDUCATION (NATIONAL DIPLOMA/ NCE)
1 2.0 2.0 100.0
Total 50 100.0 100.0Source: Field survey (2013)
The above table indicates that 12 (24%) representsprofessional qualification, 23 (46%) represents postgraduate qualification, 14 (28%) represents tertiaryeducation while 1(2%) represents post-secondaryeducation.post graduate has more access to the informationrequired in the questionnaire than others.
113
4.2.5 “Respondents analysis by Length of Service at EcobankNigeria Plc”Years Frequency Percent
(%)Validpercent(%)
Cumulativepercent(%)
LESS THAN ONE YEAR 11 22.0 22.0 22.01-3 YEARS 20 40.0 40.0 62.03-6 YEARS 12 24.0 24.0 86.0ABOVE 6 YEARS 7 14.0 14.0 100.0Total 50 100.0 100.0Source: Field survey (2013)
The above table indicate that 11 (22%) representsrespondents with less than one year length of service, 20(40%) represents respondents with 1-3 years length ofservice, 12 (24%) respondents with 3-6 years length ofservice, while 7 (14%) represents respondents with above 6years length of service. The majority of the respondents are
114
within 1-3years length of service at Ecobank Nigeria plc hasmore access to the questionnaire than the others.
4.2.6 “Respondents analysis by Position Held”Position Frequency Percent
(%)Validpercent(%)
Cumulativepercent(%)
TOP MANAGEMENT LEVEL 8 16.0 16.3 16.3MIDDLE MANAGEMENT LEVEL
21 42.0 42.9 59.2
SUPERVISORY LEVEL 14 28.0 28.6 87.8TACTICAL LEVEL 6 12.0 12.2 100.0Total 49 98.0 100.0Source: Field survey (2013)
The above table indicates that 8 (16.3%) represents TopLevel, 21 (42.9%) represents Middle level, 14 (28%)represents Supervisory level while 6 (12.2%) representsTactical level. Middle level staff has more access to thequestionnaire than the others.
115
4.2.7 THERE ARE ADEQUATE ASSETS LISTING DONE BY MANAGEMENT
Frequency PercentValid
PercentCumulativePercent
Valid DISAGREE 1 2.0 2.0 2.0
UNDECIDED 3 6.0 6.0 8.0
AGREE 35 70.0 70.0 78.0
STRONGLY AGREE 11 22.0 22.0 100.0
Total 50 100.0 100.0
Source: Field survey (2013)
The above table indicates that 1 (2%) representsrespondents who disagreed that there are adequate assetslisting done by management, 3 (6%) represents respondentsthat can’t decide whether or not there are adequate assetslisting done by management, 35 (70%) represents respondentsthat agreed that there are adequate assets listing done bymanagement and 11 (22%) represents respondents that stronglyagreed that there are adequate assets listing done bymanagement.
116
4.2.8 POSITIONS IN PLACE ENSURE ASSETS ADDITIONS, DISPOSAL, REPLACEMENT ANDTRANSFERS FOR PROPER ACCOUNTABILITY
Frequency PercentValid
PercentCumulativePercent
Valid STRONGLY DISAGREE 1 2.0 2.0 2.0
DISAGREE 1 2.0 2.0 4.1
UNDECIDED 6 12.0 12.2 16.3
AGREE 34 68.0 69.4 85.7
STRONGLY AGREE 7 14.0 14.3 100.0
Total 49 98.0 100.0
Missing System 1 2.0
Total 50 100.0
Source: Field survey (2013)
The above table indicates that 1 (2%) representsrespondent that strongly disagreed that position in placeensure assets addition, 1 (2%) represents respondent thatdisagreed that position in place ensure assets addition, 6(12.2%) represents respondents that can’t decide whether ornot position in place ensures assets addition, 34 (69.4%)represents respondents that agreed that position in placeensures assets addition and 7 (14.3%) represents respondentsthat strongly agreed that position in place ensures assetsaddition.
117
4.2.9 CAPITAL ASSETS PURCHASED ARE APPROVED BY APPROPRIATE LEVEL OFMANAGEMENT
Frequency PercentValid
PercentCumulativePercent
Valid DISAGREE 2 4.0 4.0 4.0
UNDECIDED 5 10.0 10.0 14.0
AGREE 25 50.0 50.0 64.0
STRONGLY AGREE 18 36.0 36.0 100.0
Total 50 100.0 100.0
Source: Field survey (2013)
The above table indicate that 2 (4.0%) representsrespondents that disagreed that capital assets purchased areapproved by appropriate level of management, 5 (10.0%)represents respondents that can’t decide whether or not thatcapital assets purchased are approved by appropriate levelof management, 25 (50%) represents respondents that agreedthat capital assets purchased are approved by appropriatelevel of management and 18 (36%) represents respondents thatstrongly agreed that capital assets purchased are approvedby appropriate level of management.
4.2.10 ASSETS NUMBERING IS DONE TO SHOW LOCATION AND PROTECTION OF THEASSETS
Frequency PercentValidPercent
CumulativePercent
Valid STRONGLY DISAGREE 2 4.0 4.0 4.0
UNDECIDED 7 14.0 14.0 18.0
AGREE 33 66.0 66.0 84.0
STRONGLY AGREE 8 16.0 16.0 100.0
Total 50 100.0 100.0
Source: Field survey (2013)
118
The above table indicate that 2 (4.0%) representsrespondents that strongly disagreed that assets numbering isdone to show location and protection of the assets, 7(14.0%) represents respondents that can’t decide whether ornot assets numbering is done to show location and protectionof the assets, 33 (66.0%) represents respondents that agreedthat assets numbering is done to show location andprotection of the assets and 8 (16.0%) representsrespondents that strongly agreed that assets numbering isdone to show location and protection of the assets.
4.2.11 THERE IS FREE ACCESS TO CHEQUE BOOKS AND ORGANIZATION ASSETS
Frequency PercentValid
PercentCumulativePercent
Valid STRONGLY DISAGREE 4 8.0 8.2 8.2
DISAGREE 23 46.0 46.9 55.1
UNDECIDED 7 14.0 14.3 69.4
AGREE 7 14.0 14.3 83.7
STRONGLY AGREE 8 16.0 16.3 100.0
Total 49 98.0 100.0
Missing System 1 2.0
Total 50 100.0
Source: Field survey (2013)
The above table indicates that 4 (8.2%) representsrespondents that strongly disagreed that there is freeaccess to cheque books and organization assets, 23 (46.9%)represents respondents that disagreed that there is freeaccess to cheque books and organization assets, 7 (14.3%)represents respondents that can’t decide whether or notthere is free access to cheque books and organizationassets, 7 (14.3%) represents respondents that agreed thatthere is free access to cheque books and organization assetsand 8 (16.0%) represents respondents that strongly agreed
119
there is free access to cheque books and organizationassets.
Source: Field survey (2013)
The above table indicates that 6 (4.0%) representsrespondent that strongly disagreed that a person responsiblefor inventory management is different from the bookkeeper, 3(6.0%) represents respondents that disagreed that a personresponsible for inventory management is different from thebookkeeper, 4 (8.0%) represents respondents that can’tdecide whether or not that a person responsible forinventory management is different from the bookkeeper, 18(36.0%) represents respondents that agreed that a personresponsible for inventory management is different from thebookkeeper and 23 (46.0%) represents respondents thatstrongly agreed that a person responsible for inventorymanagement is different from the bookkeeper.
120
4.2.12 A PERSON RESPONSIBLE FOR INVENTORY MANAGEMENT IS DIFFERENT FROMTHE BOOKKEEPER
Frequency PercentValidPercent
CumulativePercent
Valid STRONGLY DISAGREE 2 4.0 4.0 4.0
DISAGREE 3 6.0 6.0 10.0
UNDECIDED 4 8.0 8.0 18.0
AGREE 18 36.0 36.0 54.0
STRONGLY AGREE 23 46.0 46.0 100.0
Total 50 100.0 100.0
Source: Field survey (2013)
The above table indicates that 1 (2%) representsrespondent that strongly disagreed that stock taking is donefollowing the procedures, 9 (18%) represents respondentsthat can’t decide whether or not stock taking is donefollowing the procedures, 29 (58%) represents respondentsthat agreed that stock taking is done following theprocedures and 11 (22%) represents respondents that stronglyagreed that stock taking is done following the procedures.
4.2.14 THE PETTY CASHIER IS DIFFERENT FROM THE MAIN CASHIER
Frequency PercentValidPercent
CumulativePercent
Valid DISAGREE 7 14.0 14.0 14.0
UNDECIDED 4 8.0 8.0 22.0
AGREE 19 38.0 38.0 60.0
STRONGLY AGREE 20 40.0 40.0 100.0
Total 50 100.0 100.0
Source: Field survey (2013)
The above table indicates that, 7 (14%) representsrespondents that disagreed that the petty cashier is
121
4.2.13 STOCK TAKING IS DONE FOLLOWING THE PROCEDURES AND IN THE PRESENCEOF THE INTERNAL AUDITOR
Frequency PercentValidPercent
CumulativePercent
Valid STRONGLY DISAGREE 1 2.0 2.0 2.0
UNDECIDED 9 18.0 18.0 20.0
AGREE 29 58.0 58.0 78.0
STRONGLY AGREE 11 22.0 22.0 100.0
Total 50 100.0 100.0
different from the main cashier, 4 (8%) representsrespondents that can’t decide that the petty cashier isdifferent from the main cashier or not, 19 (38%) representsrespondents that agreed that the petty cashier is differentfrom the main cashier, and 20 (40%) represents respondentsthat strongly agreed that the petty cashier is differentfrom the main cashier.
4.2.15 THERE ARE ADEQUATE POLICIES TO ENSURE EFFECTIVE COLLECTION AND FOLLOW-UPS OF DUE ACCOUNTS
Frequency PercentValidPercent
CumulativePercent
Valid STRONGLY DISAGREE 1 2.0 2.0 2.0
DISAGREE 1 2.0 2.0 4.0
UNDECIDED 4 8.0 8.0 12.0
AGREE 22 44.0 44.0 56.0
STRONGLY AGREE 22 44.0 44.0 100.0
Total 50 100.0 100.0
Source: Field survey (2013)
The above table indicate that 1 (2 %) represents respondent thatstrongly disagreed that there are adequate policies, 1 (2%)represents respondent that disagreed that there are adequatepolicies, 4 (8%) represents respondents that can’t decide thatthere are adequate policies or not, 22 (44%) representsrespondents that agreed that there are adequate policies and 22(44%) represents respondents that strongly agreed that there areadequate policies.
122
4.2.16 COST OF PRODUCTION HAS BEEN REDUCING DRAMATICALLY FOR THE PAST TWO YEARS
Frequency Percent Valid PercentCumulativePercent
Valid STRONGLY DISAGREE 3 6.0 6.1 6.1DISAGREE 21 42.0 42.9 49.0UNDECIDED 13 26.0 26.5 75.5AGREE 6 12.0 12.2 87.8STRONGLY AGREE 6 12.0 12.2 100.0Total 49 98.0 100.0
Missing System 1 2.0Total 50 100.0
Source: Field survey (2013)
The above table indicates that 3 (6.1 %) represents respondents thatstrongly disagreed that cost of production has been reducingdramatically for the past two years, 21 (42.9%) representsrespondents that disagreed that cost of production has been reducingdramatically for the past two years, 13 (26.5%) representsrespondents that can’t decide that cost of production has beenreducing dramatically for the past two years or not, 6 (12.2%)represents respondents that agreed that cost of production has beenreducing dramatically for the past two years and 6 (12.2%) representsrespondents that strongly agreed cost of production has been reducingdramatically for the past two years.
4.2.17 THE COMPANY IS NOW IN A BETTER POSITION TO SERVE CLIENTS MORE EFFICIENTLY AND EFFECTIVELY
Frequency Percent Valid PercentCumulativePercent
Valid STRONGLY DISAGREE 2 4.0 4.1 4.1
UNDECIDED 2 4.0 4.1 8.2
AGREE 31 62.0 63.3 71.4
STRONGLY AGREE 14 28.0 28.6 100.0
Total 49 98.0 100.0
123
4.2.16 COST OF PRODUCTION HAS BEEN REDUCING DRAMATICALLY FOR THE PAST TWO YEARS
Frequency Percent Valid PercentCumulativePercent
Valid STRONGLY DISAGREE 3 6.0 6.1 6.1DISAGREE 21 42.0 42.9 49.0UNDECIDED 13 26.0 26.5 75.5AGREE 6 12.0 12.2 87.8STRONGLY AGREE 6 12.0 12.2 100.0Total 49 98.0 100.0
Missing System 1 2.0Missing System 1 2.0
Total 50 100.0
Source: Field survey (2013)
The above table indicates that 2 (4.1 %) representsrespondents that strongly disagreed that the company is nowin a better position to serve clients, 2 (4.1%) representsrespondents that can’t decide that the company is now in abetter position to serve clients or not, 31 (63.3%)represents respondents that agreed that the company is nowin a better position to serve clients and 14 (28.6%)represents respondents that strongly agreed that thecompany is now in a better position to serve clients.
124
4.2.18 EFFECTIVENESS IS MEASURED THROUGH QUALITY SERVICES AND PRODUCTS
Frequency Percent Valid PercentCumulativePercent
Valid STRONGLY DISAGREE 2 4.0 4.1 4.1
DISAGREE 1 2.0 2.0 6.1
UNDECIDED 2 4.0 4.1 10.2
AGREE 8 16.0 16.3 26.5
STRONGLY AGREE 36 72.0 73.5 100.0
Total 49 98.0 100.0
Source: Field survey (2013)
The above table indicates that 2 (4.1 %) representsrespondents that strongly disagreed that effectiveness ismeasured through quality service and products, 1 (2.0%)represents respondent that disagreed that effectiveness ismeasured through quality service and products, 2 (4.1%)represents respondents that can’t decide that effectivenessis measured through quality service and products or not, 8(16.3%) represents respondents that agreed thateffectiveness is measured through quality service andproducts and 36 (72.5%) represents respondents that stronglyagreed that effectiveness is measured through qualityservice and products.
125
4.2.19 THE COMPANY IS ABLE TO BUILD CUSTOMER SATISFACTION THROUGHQUALITY PRODUCTS AND SERVICES
Frequency PercentValidPercent
CumulativePercent
Valid DISAGREE 1 2.0 2.1 2.1
UNDECIDED 2 4.0 4.2 6.3
AGREE 30 60.0 62.5 68.8
STRONGLY AGREE 15 30.0 31.3 100.0
Total 48 96.0 100.0
Missing System 2 4.0
Total 50 100.0
Source: Field survey (2013)
The above table indicates that 1 (2.1%) representsrespondent that disagreed that the company is able to buildcustomer satisfaction, 2 (4.2%) represents respondents thatcan’t decide that the company is able to build customersatisfaction or not, 30 (62.5%) represents respondents thatagreed that the company is able to build customersatisfaction and 15 (31.3%) represents respondents thatstrongly agreed that the company is able to build customersatisfaction.
126
4.2.20 PERFORMANCE OF THE COMPANY RESULTS FROM ASSETS FINANCING, EMPLOYEESKILLS AND PROCESSES INVOLVED IN PRODUCTION
Frequency PercentValid
PercentCumulativePercent
Valid STRONGLY DISAGREE 2 4.0 4.1 4.1
DISAGREE 2 4.0 4.1 8.2
UNDECIDED 7 14.0 14.3 22.4
AGREE 30 60.0 61.2 83.7
STRONGLY AGREE 8 16.0 16.3 100.0
Total 49 98.0 100.0
Missing System 1 2.0
Total 50 100.0
Source: Field survey (2013)
The above table indicates that 2 (4.1 %) representsrespondent that strongly disagreed that performance of thecompany results from assets financing,2 (4.1%) representsrespondent that disagreed that performance of the companyresults from assets financing, 7 (14.3%) representsrespondents that can’t decide that performance of thecompany results from assets financing or not, 30 (61.2%)represents respondents that agreed that performance of thecompany results from assets financing and 8 (16.3%)represents respondents that strongly agreed that performanceof the company results from assets financing.
127
4.2.21 THERE IS EVALUATION AND DISCUSSION OF THE ORGANIZATIONAL PERFORMANCE PERIODICALLY BY MANAGEMENT
Frequency PercentValidPercent
CumulativePercent
Valid DISAGREE 2 4.0 4.1 4.1
UNDECIDED 4 8.0 8.2 12.2
AGREE 29 58.0 59.2 71.4
STRONGLY AGREE 14 28.0 28.6 100.0
Total 49 98.0 100.0
Missing System 1 2.0
Total 50 100.0
Source: Field survey (2013)
The above table indicates that 2 (4.1%) representsrespondents that disagreed that there is evaluation anddiscussion of organizational performance periodically, 4(8.2%) represents respondents that can’t decide that thereis evaluation and discussion of organizational performanceperiodically or not, 29 (59.2%) represents respondents thatagreed that there is evaluation and discussion oforganizational performance periodically and 14 (28.6%)represents respondents that strongly agreed that there isevaluation and discussion of organizational performanceperiodically.
128
4.2.22 STOCK OUT INCREASES THE COST OF PRODUCTION
Frequency PercentValid
PercentCumulativePercent
Valid STRONGLY DISAGREE 4 8.0 8.3 8.3
DISAGREE 1 2.0 2.1 10.4
UNDECIDED 5 10.0 10.4 20.8
AGREE 27 54.0 56.3 77.1
STRONGLY AGREE 11 22.0 22.9 100.0
Total 48 96.0 100.0
Missing System 2 4.0
Total 50 100.0
Source: Field survey (2013)
The above table indicates that 4 (8.3 %) representsrespondents that strongly disagreed that stock out increasesthe cost of production, 1 (2.1%) represents respondent thatdisagreed that stock out increases the cost of production, 5(10.4%) represents respondents that can’t decide whether ornot stock out increases the cost of production, 27 (56.3%)represents respondents that agreed that stock out increasesthe cost of production and 11 (22.9%) represents respondentsthat strongly agreed that stock out increases the cost ofproduction.
4.3 Test of Hypotheses and Discussion.
4.3.1 Hypothesis 1
TABLE 4.3.1 Weakness in the internal control system in Nigeria
banks does not lead to fraud.
129
Model Summaryb
Model R
RSquare
AdjustedR Square
Std.Error of
theEstimate
Change Statistics
Durbin-Watson
R SquareChange
FChange df1 df2
Sig. FChange
1 .063a .004 -.017 1.078 .004 .193 1 48 .662 2.055
a. Predictors: (Constant), WEAKNESS IN INTERNAL CONTROL SYSTEM
b. Dependent Variable: FRAUD
TABLE 4.3.2 Analysis showing the Weakness in the internal control system and fraud
Coefficientsa
Model
UnstandardizedCoefficients
Standardized
Coefficients
T Sig.
99.0% ConfidenceInterval for B
BStd.Error Beta
LowerBound
UpperBound
1 (Constant) 3.816 .753 5.067 .000 1.796 5.836
WEAKNESS IN INTERNAL CONTROL SYSTEM
.083 .189 .063 .439 .662 -.424 .590
a. Dependent Variable: FRAUD
The result revealed that the calculated t-statistics for theparameter estimates is (t = 0.439), P < 0.01 is less thantabulated t statistics (1.9960) at 0.01 level of significance.Therefore, the Null hypothesis is accepted and Alternativehypothesis is rejected, that is Weakness in the internal controlsystem in Nigerian banks does not lead to frauds.
The coefficient of determination ( R2 ) is 0.004, it
implies that weakness in the internal control system explains 4 %
130
of the variation in fraud. The remaining 96% unexplained
variation is largely due to the other variables outside the
regression model which are otherwise included in the stochastic
error term. Also with the value of R in the model it shows that
there is no significant relationship between the dependent
variable and independent variable at 0.01 level of significant (r
= .063,P < 0.01).
The coefficient of weakness in internal control system in
the estimated regression line shows .063 which implies that 6% of
the fraud under the study was accounted for by Weakness in
internal control system. The overall regression model is
statistically insignificant in term of its goodness of fit (F
= 0.193, P < 0.01).
4.4 Test of Hypotheses and Discussion.
4.4.1 Hypothesis 2
TABLE 4.4.1 there is no significant relationship between internal
control system and organizational performance.
Model Summaryb
Model R
RSquare
AdjustedR Square
Std.Error of
theEstimate
Change Statistics
Durbin-Watson
R SquareChange
FChange df1 df2
Sig. FChange
1 .470a .221 .205 .647 .221 13.346 1 47 .001 1.369
a. Predictors: (Constant), INTERNAL CONTROL SYSTEM
b. Dependent Variable: ORGANIZATIONAL PERFORMANCE
131
TABLE 4.4.2 Analysis showing the relationship between internalcontrol system and organizational performance
Coefficientsa
Model
UnstandardizedCoefficients
Standardized
Coefficients
T Sig.
99.0% ConfidenceInterval for B
BStd.Error Beta
LowerBound
UpperBound
1 (Constant) 2.791 .376 7.426 .000 1.782 3.801
INTERNAL CONTROL SYSTEM
.331 .091 .470 3.653 .001 .088 .574
a. Dependent Variable: ORGANIZATIONAL PERFORMANCE
The result revealed that the calculated t-statistics for the
parameter estimates is ( t = 3.653), P < 0.01 is greater than
tabulated t statistics ( 1.9960) at 0.01 level of significance.
Therefore, the Null hypothesis is rejected and Alternative
hypothesis is accepted, that is there is significant relationship
between internal control system and organizational performance of
Eco bank Nigeria.
The coefficient of determination ( R2 ) is .221, it
implies that the internal control system explain 22% of the
132
variation in the organizational performance. The remaining 78%
unexplained variation is largely due to the other variables
outside the regression model which are otherwise included in the
Stochastic error term. Also with the value of R in the model it
shows that there is significant relationship between the
dependent variable and independent variable at 0.01 level of
significant (r = .470,P < 0.01).
The coefficient of the management in the estimated
regression line shows .470 which implies that 47% of
organizational performance under the study was accounted for by
the internal control system. The overall regression model is
statistically significant in term of its goodness of fit (F =
13.346, P < 0.01).
Regression
[DataSet1] D:\ADE TOPE ANALYSIS.sav
Descriptive Statistics
Mean Std. Deviation N
FRAUD 4.14 1.069 50
WEAKNESS IN INTERNAL CONTROL SYSTEM
3.90 .814 50
133
Correlations
FRAUD
WEAKNESS ININTERNAL
CONTROL SYSTEM
Pearson Correlation FRAUD 1.000 .063
WEAKNESS IN INTERNAL CONTROL SYSTEM
.063 1.000
Sig. (1-tailed) FRAUD . .331
WEAKNESS IN INTERNAL CONTROL SYSTEM
.331 .
N FRAUD 50 50
WEAKNESS IN INTERNAL CONTROL SYSTEM
50 50
Variables Entered/Removedb
ModelVariablesEntered
VariablesRemoved Method
1 WEAKNESS IN INTERNAL CONTROL SYSTEMa
. Enter
a. All requested variables entered.
b. Dependent Variable: FRAUD
Model Summaryb
Model R
RSquare
AdjustedR Square
Std.Error of
theEstimate
Change Statistics
Durbin-Watson
R SquareChange
FChange df1 df2
Sig. FChange
1 .063a .004 -.017 1.078 .004 .193 1 48 .662 2.055
a. Predictors: (Constant), WEAKNESS IN INTERNAL CONTROL SYSTEM
b. Dependent Variable: FRAUD
134
Model Summaryb
Model R
RSquare
AdjustedR Square
Std.Error of
theEstimate
Change Statistics
Durbin-Watson
R SquareChange
FChange df1 df2
Sig. FChange
1 .063a .004 -.017 1.078 .004 .193 1 48 .662 2.055
a. Predictors: (Constant), WEAKNESS IN INTERNAL CONTROL SYSTEM
ANOVAb
ModelSum ofSquares Df
MeanSquare F Sig.
1 Regression
.224 1 .224 .193 .662a
Residual 55.796 48 1.162
Total 56.020 49
a. Predictors: (Constant), WEAKNESS IN INTERNAL CONTROL SYSTEM
b. Dependent Variable: FRAUD
Coefficientsa
Model
UnstandardizedCoefficients
Standardized
Coefficients
T Sig.
99.0% ConfidenceInterval for B
BStd.Error Beta
LowerBound
UpperBound
1 (Constant) 3.816 .753 5.067 .000 1.796 5.836
WEAKNESS IN INTERNAL CONTROL SYSTEM
.083 .189 .063 .439 .662 -.424 .590
a. Dependent Variable: FRAUD
135
Model Summaryb
Model R
RSquare
AdjustedR Square
Std.Error of
theEstimate
Change Statistics
Durbin-Watson
R SquareChange
FChange df1 df2
Sig. FChange
1 .063a .004 -.017 1.078 .004 .193 1 48 .662 2.055
a. Predictors: (Constant), WEAKNESS IN INTERNAL CONTROL SYSTEM
Residuals Statisticsa
Minimum Maximum Mean Std. Deviation N
Predicted Value 3.90 4.23 4.14 .068 50
Residual -3.231 1.101 .000 1.067 50
Std. Predicted Value
-3.561 1.351 .000 1.000 50
Std. Residual -2.997 1.021 .000 .990 50
a. Dependent Variable: FRAUD
Regression
[DataSet1] D:\ADE TOPE ANALYSIS.sav
Descriptive Statistics
Mean Std. Deviation N
ORGANIZATIONAL PERFORMANCE
4.12 .726 49
INTERNAL CONTROL SYSTEM 4.02 1.031 49
136
Correlations
ORGANIZATIONALPERFORMANCE
INTERNALCONTROL SYSTEM
Pearson Correlation ORGANIZATIONAL PERFORMANCE
1.000 .470
INTERNAL CONTROL SYSTEM .470 1.000
Sig. (1-tailed) ORGANIZATIONAL PERFORMANCE
. .000
INTERNAL CONTROL SYSTEM .000 .
N ORGANIZATIONAL PERFORMANCE
49 49
INTERNAL CONTROL SYSTEM 49 49
Variables Entered/Removedb
ModelVariablesEntered
VariablesRemoved Method
1 INTERNAL CONTROL SYSTEMa
. Enter
a. All requested variables entered.
b. Dependent Variable: ORGANIZATIONAL PERFORMANCE
Model Summaryb
Model R
RSquare
AdjustedR Square
Std.Error of
theEstimate
Change Statistics
Durbin-Watson
R SquareChange
FChange df1 df2
Sig. FChange
1 .470a .221 .205 .647 .221 13.346 1 47 .001 1.369
a. Predictors: (Constant), INTERNAL CONTROL SYSTEM
b. Dependent Variable: ORGANIZATIONAL PERFORMANCE
137
Model Summaryb
Model R
RSquare
AdjustedR Square
Std.Error of
theEstimate
Change Statistics
Durbin-Watson
R SquareChange
FChange df1 df2
Sig. FChange
1 .470a .221 .205 .647 .221 13.346 1 47 .001 1.369
a. Predictors: (Constant), INTERNAL CONTROL SYSTEM
ANOVAb
Model Sum of Squares df Mean Square F Sig.
1 Regression 5.588 1 5.588 13.346 .001a
Residual 19.678 47 .419
Total 25.265 48
a. Predictors: (Constant), INTERNAL CONTROL SYSTEM
b. Dependent Variable: ORGANIZATIONAL PERFORMANCE
Coefficientsa
Model
UnstandardizedCoefficients
Standardized
Coefficients
T Sig.
99.0% ConfidenceInterval for B
BStd.Error Beta
LowerBound
UpperBound
1 (Constant) 2.791 .376 7.426 .000 1.782 3.801
INTERNAL CONTROL SYSTEM
.331 .091 .470 3.653 .001 .088 .574
a. Dependent Variable: ORGANIZATIONAL PERFORMANCE
Residuals Statisticsa
Minimum Maximum Mean Std. Deviation N
138
Coefficientsa
Model
UnstandardizedCoefficients
Standardized
Coefficients
T Sig.
99.0% ConfidenceInterval for B
BStd.Error Beta
LowerBound
UpperBound
1 (Constant) 2.791 .376 7.426 .000 1.782 3.801
INTERNAL CONTROL SYSTEM
.331 .091 .470 3.653 .001 .088 .574
Predicted Value 3.45 4.45 4.12 .341 49
Residual -1.454 .884 .000 .640 49
Std. Predicted Value
-1.960 .951 .000 1.000 49
Std. Residual -2.246 1.367 .000 .990 49
a. Dependent Variable: ORGANIZATIONAL PERFORMANCE
CHAPTER FIVE
SUMMARY OF FINDINGS, CONCLUSION AND RECOMMENDATIONS
5.1 Introduction
This chapter presents a summary, conclusion and recommendations
of the findings and end with areas of further research.
5.2 summary of major findings
The study investigates the effect of internal control on
organizational performance. The hypotheses indicate that there is
significant relationship between internal control and
organizational performance. The findings result shows that
internal control contribute to organizational performance; the139
result revealed that the calculated t-statistics for the
parameter estimates is (t = 3.653), P < 0.01 which is greater
than tabulated t statistics (1.9960) at 0.01 level of
significance. Therefore, the Null hypothesis is rejected and
Alternative hypothesis is accepted, that is there is significant
relationship between internal control system and organizational
performance of Ecobank Nigeria Plc.
Also in analyzing the weakness in the internal control
system and fraud in ECOBANK PLC Findings indicated that the
internal controls used in ECOBANK plc were ineffective and
unsatisfactory; The result revealed that the calculated t-
statistics for the parameter estimates is ( t = 0.439), P < 0.01
is less than tabulated t statistics ( 1.9960) at 0.01 level of
significance. Therefore, the Null hypothesis is accepted and
Alternative hypothesis is rejected, that is Weakness in the
internal control system in Ecobank Nigerian Plc does not lead to
frauds.
This studies received support by Coopers and Lybrand (1993) who
argued that there was need to consider whether the following
control objectives are met; management conveys the message that
integrity and ethical cannot be compromised, the organization
structure provides a moral framework for planning, directing, and
controlling operations, management ensures that appropriate
responsibility and delegation of authority is assigned to deal
with goals and objectives and the Board of Directors and audit
140
committee are sufficiently independent from management to
construct a challenge to management decision and take an active
role in ensuring that an appropriate “tone at the top exists”.
The findings revealed a low level of organizational performance
in ECOBANK Plc. Findings are in agreement with studies by Brown
(1996) who argues that performance measures in organizations must
focus attention on what makes, identifies and communicates the
drivers of success, support organizations learning and provide a
basis for assessment and reward. Furthermore, Dixion (1990) adds
that appropriate performance measures are those which enable
organizations to direct their actions towards achieving their
strategic objectives. This is because according to him a firm’s
performance is central to the future well being and prosperity of
any enterprise.
The results in the table above indicate a significant positive
relationship between internal controls and organizational
performance of ECOBANK PLC Also with the value of R in the model
it shows that there is significant relationship between the
dependent variable and independent variable at 0.01 level of
significant (r = .063,P < 0.01). The overall regression model is
statistically significant in term of its goodness of fit (F =
13.346, P < 0.01). These findings, relate well with previous
studies by Coso (1992) who provided a criteria against which
effectiveness of internal controls can be assessed. He contends
that internal control can be judged effective if the entity’s
operations objectives are being achieved; published financial
141
statements are being prepared, reliable and applicable laws and
regulations are being complied with. While internal control is a
process, its effectiveness is a state or condition of the process
at a point in time. Accordingly, the effective functioning of
components of internal control provides a reasonable assurance
regarding achievement of one or more of the stated categories of
objectives to ensure high levels of organizational performance.
5.3 Conclusion
From the findings, it is concluded that; the findings shows the
overall regression model which is statistically significant in
term of its goodness of fit that is there is a significant
relationship between internal control system and organizational
performance of Ecobank Plc.
The following conclusions were made from the investigation
carried out to evaluate the effect of internal control on
organizational performance in Ecobank Nigerian Plc:
There are internal control departments in all banks in Nigeria,
but In Ecobank Nigeria Plc the department is headed by very
senior officers not below the rank of Assistant General Manager.
The responsibility of Internal Control is strictly that of the
management and the internal control officer reports to the
highest level of management. The presence of Internal Control
system in the banks has provided reasonable assurance regarding
the effectiveness and efficiency of operations of banks in
Nigeria, the reliability of financial and management reporting
142
and guarantees compliance with applicable laws and regulations.
The banks rely heavily on the internal control system on the
implementation of policies and procedures. The study revealed
that reliance can be placed on the internal control system of
banks in Nigeria.
We can conclude further from the study that there exists a high
positive correlation between internal controls an organizational
performance. Though controls were observed to be generally
effective, there were some lapses noted in the area of asset
numbering.
On the issue of segregation of duties, the research shows that
the duties of all staff are dully segregated so that no one staff
carries one transaction from the commencement to conclusion.
Practice of good corporate governance by this bank is not yet at
its best, they can still do better.
5.4 Recommendations
A system of effective controls is a critical component of bank
management and a foundation for the safe and sound operation of
banking organizations. A system of strong internal controls can
help to ensure that the goals and objectives of a banking
organization are met, that the bank will achieve long-term
Profitability targets, and maintain reliable financial and
managerial reporting. Such a system can also help to ensure that
the bank will comply with laws and regulations as well as
policies, plans, internal rules and procedures, and decrease the
143
risk of unexpected losses or damage to the bank’s reputation.
The following recommendations are proffered for tackling the
deficiencies noted in the findings from the study. These are
aimed at improving the internal control system of banks in
Nigeria.
To examine the effectiveness of internal controls used in
ECOBANK Plc, the management of ECOBANK Plc should design more
effective internal control systems by ensuring that adequate
asset listings is done by management, capital assets purchased
are approved by appropriate level of management and asset
numbering is done to show location and protection of the assets.
To establish the level of performance in ECOBANK Plc, the
management of ECOBANK Plc should ensure that it strengthens
strategies aimed at improving organizational performance in all
categories of staff and this should continuously be used to
ensure that performance levels are satisfactory.
To establish a relationship between internal control and
performance in ECOBANK Plc, the management of ECOBANK Plc should
appreciate these findings on the relationship between internal
controls and organizational performance to ensure its continued
production in a competitive industry in Nigeria banking industry.
Application of latest Audit software’s that will be able to
break all transactions. Without mincing words, the banking
144
industry in Nigeria is technologically driven and the
technology is changing at a very fast rate. While the banks
are upgrading their operational systems technologically,
they should also upgrade the technological aspect of the
Internal Control. This will help to fight all forms of
electronic frauds including hacking, skimmers, Phishing,
Trojan horse.
As the system is being improved the staff should also be
trained to cope with the latest technologies and the
challenges of the job. Both in-house and external training
should be arranged for the staff of the department.
Staff of the Internal Control department should be
adequately remunerated. They bear high level of risk. Most
people look at them as the police of the organization and
therefore they are always at threat. It is unfortunate that
most banks pay greater attention to marketing at the
detriment of Internal Control consequently marketing
officers are most rewarded. And Internal Control staffs are
often regarded as non-contributive staff. This notion is
wrong because a single fraud that goes undetected can write-
off the fortune of the bank. Therefore Internal Control
staff should be duly motivated to put in their best. In view
of the undeniable importance of internal control system in
an establishment such as bank, the management should not
allow itself to be mis-directed by the criticisms that are
leveled against the internal control system, for instance,
145
control not being cost effective among others. They should
note that there is a great need for the presence of an
effective internal control system in the banks. According to
J. Santocki, poor internal control system or total absence
of it, will lead to a chaotic situation in the company and
this will lead to errors and fraud, unreliable and
inaccurate record keeping and an eventual liquidation of the
company.
The board of directors should have responsibility for
approving and periodically reviewing the overall business
strategies and significant policies of the bank;
understanding the major risks run by the bank, setting
acceptable levels for these risks and ensuring that senior
management takes the steps necessary to identify, measure,
monitor and control these risks; approving the
organizational structure; and ensuring that senior
management is monitoring the effectiveness of the internal
control system.
Lastly, Practice of Corporate governance. The collapsed of most
banks in Nigeria and the World over is traceable to poor
corporate governance. It also account for the high volume of bad
and doubtful debt in our banks. In 2006, the Central Bank of
Nigeria issued the code of Corporate Governance for Banks in
Nigeria post consolidation. This is being operated alongside the
code of Best practices for public companies in Nigeria issued by
Securities and Exchange Commission in 1999. If these codes are
146
duly complied with the Internal Controller will have fewer
problems. We therefore recommend that these codes should be
strictly complied with.
The bank should not make any member of staff indispensable;
hence there should be deputation of responsibilities so that the
absence of a staff will have no effect on the operation of the
bank. Management should encourage staff to participate in
decision making. Employees feel encouraged and motivated in
accomplishing the goals of the company in which they have taken
part in formulating.
There should be discipline on the part of the management not to
override the controls, noting that poor management often results
in excessive risk taking through high operating expenses,
inadequate administration of loan portfolio, an overly aggressive
growth policy to attract deposits, interest rates speculations
coupled with other instances of poor judgment may result in
stress for the Bank.
5.5 Areas for further research
The study did not exhaust all the dependent variables that
influence organizational performance thus the need for other
researchers to conduct an exhaustive study on variables under
listed.
Corporate governance and organizational performance147
Employee incentive and organizational performance
Motivation, training, morale and organizational performance
Employee motivation and organizational performance
Organizational learning and organizational performance
Consumer behavior and organizational performance
148
BIBLIOGRAPHY
Adekanye F. The Elements of Banking in Nigeria.(F&A Publishers
Limited, Lagos Nigeria 3rdEd.1986)
Adeyemo Kingsley.A.”Frauds In Nigerian Banks: Nature, Deep-Seated
Causes, Aftermaths And Probable Remedies”
APB (1995a), Accounting and Internal Control Systems SAS 300,
Auditing Practices Board Statements of Auditing Standards,
London.
Asika N.(1991). Research Methodology in the Behaviourial
sciences, Ikeja Longman Nigeria plc.
Beneish, M., Billings, M. and Hodder, L. (2008), “Internal
control weaknesses and information uncertainty”, The
Accounting Review, Vol. 83 No. 3, pp. 665-703.
Boniface Nworgu G. (1991).Modern Textbook On Research
Methodology.
Brown, T. J. (1996). Performance: Strategic Manager, Chicago:
St. Louis Press.
149
Buckhoff, T.A. (2002), “Preventing employee fraud by minimizing
opportunity”, The CPA Journal, Vol. 72 No. 5, pp. 64-6.
Butici S. (1994). Integrated performance measurement systems,
International Journal of operations and production
management Vol.17.
COSO (2004), “Enterprise risk management – integrated framework”,
Committee of Sponsoring Organizations, available at:
Summary.pdf (accessed 18 January 2007).
Crawford, W., Klamm, B.K. and Watson, MW. (2007), “Surviving
three SOX opinions”,
Strategic Finance, May, pp. 47-52.
Dixion, J. R. (1990). The New Performance Challenge. Harvard
Business Review 69 – 78.
Doyle, J., Ge, W. and McVay, S. (2007b), “Determinants of
weaknesses in internal control over financial reporting”,
Journal of Accounting and Economics, Vol. 44 Nos 1/2, pp.
193-223.
150
Drucker, P. E. (1990). The Emerging Theories of Performance,
Harvard Business Review, June p. 94 – 102.
Etuk ifiok Charles 2011. “ Evaluation of internal control system
of banks in Nigeria”
Farrugia, S. (2002), “A dangerous occupation? Violence in public
libraries”, New Library World, Vol. 103 No. 9, pp. 309-
20.
Gaskill, M. (2000), Crime and Mentalities in Early Modern
England, Cambridge University Press, Cambridge.
Green and full (1975). Mothen research in Behaviourial sciences
LondonmacDonald &Evans.
Henle, C.A. (2005), “Predicting workplace deviance from the
interaction between organizational justice and
personality”, Journal of Managerial Issues, Vol. 17 No.
2, pp. 247-63.
IFAC (2002), International Standard on Auditing 400: Risk
Assessments and Internal Control, IFAC, New York, NY.
151
James Abiola,2012. Corporate Governance in Nigeria Banking Sector
and Relevance of Internal Auditors.
James Lloyd Bierstaker, 2003. Managerial auditing journal MCB UP
ltd DOI 10.110802 686900310455704
Jones, M.J. (2008), “Dialogus de Scaccario (c.1179): the first
Western book on accounting?”
Kaplan, R.S. (1992). Measures that Drive performance, Harvard
Business Review, 71 – 79.
Kenyon, W and Tilton, P.D (2006) Potential red flags and fraud
detection techniques, A Guide to Forensic Accounting
Investigation, (First Edition), John Wiley & Sons, Inc,
New Jersey.
Knechel, R., Naiker, V. and Pacheco, G. (2007), “Does industry
specialization matter? Evidence
from market reaction to auditor switches”,
Auditing: A Journal of Practice & Theory, Vol. 26 No.
1, pp. 19-45.
152
KPMG Forensic (2004), Fraud Survey 2004, KPMG International,
Amsterdam.
Nicolaisen, D.T. (2004), “Remarks before the 2004”, AICPA
National Conference on Current SEC and PCAOB Developments, US
Securities and Exchange Commission, Washington, DC
Ogbechi B. (2002). Research methods and Elementary Statistics in
practices.
Ojo Olu (2003). ‘ Fundamentals of Research Methods’ First
Published April, 2003, Reprinted October,2005.
Okozie, B.N (1999) Auditing and Investigation. Owerri: Bon
Publication
Olaoye clement Olatunji . “ Impact of internal control system in
banking sector in Nigeria”
Oluwadare, D.A (1993), Precipitating factors in fraud and
criminal motivation, A paper presented at the Effective
Bank Inspection Course organized by the Financial
Institutions Training Centre, Yaba, Lagos.
153
O’mara, C. (1995). Performance measurement and strategic change.
Strategic Management Journal. 8, 178 – 182.
Osuala, E.C (1993). Introduction to research methodology bennin-
city Thrpju press limited.
Posthuma, R.A. (2003), “Procedural due process and procedural
justice in the workplace: a comparison and analysis”,
Public Personnel Management, Vol. 32 No. 2, pp. 181-95.
Princeton, A (2008) www. wordnet.princeton.edu/perl/webwn
Robins S.P (1998) Essentials of organization Behaviour. New
Jersey: Prentice Hall Inc. Page 351
Shelton, S.W. and Whittington, O.R. (2008), “The influence of the
auditor’s report on investors’
Singleton T W, Bologna, G.J and Lindquist, R.J and Singleton A
J(2006), Fraud auditing and
forensic accounting(Third Edition), John Wiley &
Sons, Inc, New Jersey.
154
Tarde, G. (1886)La Criminalite’ Comparee, Translated by J. R.
Baker, Paris.
Uket E. and Joseph O. (2012), the impact of internal control
design on banks’ ability to investigate staff fraud and
life style and detection in Nigeria, international
journal of research in economics and social sciences.
APPENDIX I
Regression
[DataSet1] D:\ADE TOPE ANALYSIS.sav
Descriptive Statistics
Mean Std. Deviation N
FRAUD 4.14 1.069 50
WEAKNESS IN INTERNAL CONTROL SYSTEM
3.90 .814 50
155
Correlations
FRAUD
WEAKNESS ININTERNAL
CONTROL SYSTEM
Pearson Correlation FRAUD 1.000 .063
WEAKNESS IN INTERNAL CONTROL SYSTEM
.063 1.000
Sig. (1-tailed) FRAUD . .331
WEAKNESS IN INTERNAL CONTROL SYSTEM
.331 .
N FRAUD 50 50
WEAKNESS IN INTERNAL CONTROL SYSTEM
50 50
Variables Entered/Removedb
ModelVariablesEntered
VariablesRemoved Method
1 WEAKNESS IN INTERNAL CONTROL SYSTEMa
. Enter
a. All requested variables entered.
b. Dependent Variable: FRAUD
156
Model Summaryb
Model R
RSquare
AdjustedR Square
Std.Error of
theEstimate
Change Statistics
Durbin-Watson
R SquareChange
FChange df1 df2
Sig. FChange
1 .063a .004 -.017 1.078 .004 .193 1 48 .662 2.055
a. Predictors: (Constant), WEAKNESS IN INTERNAL CONTROL SYSTEM
b. Dependent Variable: FRAUD
ANOVAb
ModelSum ofSquares Df
MeanSquare F Sig.
1 Regression
.224 1 .224 .193 .662a
Residual 55.796 48 1.162
Total 56.020 49
a. Predictors: (Constant), WEAKNESS IN INTERNAL CONTROL SYSTEM
b. Dependent Variable: FRAUD
Coefficientsa
Model
UnstandardizedCoefficients
Standardized
Coefficients
T Sig.
99.0% ConfidenceInterval for B
BStd.Error Beta
LowerBound
UpperBound
1 (Constant) 3.816 .753 5.067 .000 1.796 5.836
WEAKNESS IN INTERNAL CONTROL SYSTEM
.083 .189 .063 .439 .662 -.424 .590
157
Model Summaryb
Model R
RSquare
AdjustedR Square
Std.Error of
theEstimate
Change Statistics
Durbin-Watson
R SquareChange
FChange df1 df2
Sig. FChange
1 .063a .004 -.017 1.078 .004 .193 1 48 .662 2.055
a. Predictors: (Constant), WEAKNESS IN INTERNAL CONTROL SYSTEM
a. Dependent Variable: FRAUD
Residuals Statisticsa
Minimum Maximum Mean Std. Deviation N
Predicted Value 3.90 4.23 4.14 .068 50
Residual -3.231 1.101 .000 1.067 50
Std. Predicted Value
-3.561 1.351 .000 1.000 50
Std. Residual -2.997 1.021 .000 .990 50
a. Dependent Variable: FRAUD
Regression
[DataSet1] D:\ADE TOPE ANALYSIS.sav
Descriptive Statistics
Mean Std. Deviation N
ORGANIZATIONAL PERFORMANCE
4.12 .726 49
INTERNAL CONTROL SYSTEM 4.02 1.031 49
158
Correlations
ORGANIZATIONALPERFORMANCE
INTERNALCONTROL SYSTEM
Pearson Correlation ORGANIZATIONAL PERFORMANCE
1.000 .470
INTERNAL CONTROL SYSTEM .470 1.000
Sig. (1-tailed) ORGANIZATIONAL PERFORMANCE
. .000
INTERNAL CONTROL SYSTEM .000 .
N ORGANIZATIONAL PERFORMANCE
49 49
INTERNAL CONTROL SYSTEM 49 49
Variables Entered/Removedb
ModelVariablesEntered
VariablesRemoved Method
1 INTERNAL CONTROL SYSTEMa
. Enter
a. All requested variables entered.
b. Dependent Variable: ORGANIZATIONAL PERFORMANCE
159
Model Summaryb
Model R
RSquare
AdjustedR Square
Std.Error of
theEstimate
Change Statistics
Durbin-Watson
R SquareChange
FChange df1 df2
Sig. FChange
1 .470a .221 .205 .647 .221 13.346 1 47 .001 1.369
a. Predictors: (Constant), INTERNAL CONTROL SYSTEM
b. Dependent Variable: ORGANIZATIONAL PERFORMANCE
ANOVAb
Model Sum of Squares Df Mean Square F Sig.
1 Regression 5.588 1 5.588 13.346 .001a
Residual 19.678 47 .419
Total 25.265 48
a. Predictors: (Constant), INTERNAL CONTROL SYSTEM
b. Dependent Variable: ORGANIZATIONAL PERFORMANCE
160
Coefficientsa
Model
UnstandardizedCoefficients
Standardized
Coefficients
T Sig.
99.0% ConfidenceInterval for B
BStd.Error Beta
LowerBound
UpperBound
1 (Constant) 2.791 .376 7.426 .000 1.782 3.801
INTERNAL CONTROL SYSTEM
.331 .091 .470 3.653 .001 .088 .574
a. Dependent Variable: ORGANIZATIONAL PERFORMANCE
Residuals Statisticsa
Minimum Maximum Mean Std. Deviation N
Predicted Value 3.45 4.45 4.12 .341 49
Residual -1.454 .884 .000 .640 49
Std. Predicted Value
-1.960 .951 .000 1.000 49
Std. Residual -2.246 1.367 .000 .990 49
a. Dependent Variable: ORGANIZATIONAL PERFORMANCE
161
APPENDIX II
RESEARCH QUESTIONNAIRE FOR ACADEMIC STUDY
Department of Accounting,
Faculty of Management Sciences,
Osun State University,
Okuku Campus.
Dear Respondent,
I am a final year student of department of accounting,
faculty of management sciences Osun State University Okuku
campus. I am carrying out a research on the subject “ the effect of
internal control on organizational performance. (A case study of Ecobank Nigeria
162
plc)” in partial fulfillment of the requirement for the award of
B.Sc. Degree in Accounting. Your branches at Oshogbo Osun State
and Offa Kwara State have been chosen as one of the branches to
use.
Attached to this Letter is a questionnaire aimed at
gathering some vital information to assist me complete the
research work. Kindly respond to the statements/questions as
freely as possible in the space provided. All information given
will be treated with utmost confidentiality and will be used
solely for the purpose of the research.
Thanks in anticipation of your co-operation
Yours Faithfully,
……………………..
AMOO TEMITOPE .G
QUESTIONNAIRE ON “THE EFFECT OF INTERNAL CONTROL ON
ORGANIZATIONAL PERFORMANCE” ( A CASE STUDY OF ECOBANK NIGERIA
PLC).
163
SECTION “A”: SOCIO – DEMOGRAPHIC INFORMATION
Please Tick your appropriate Choice like this (√)
1. Age (Years): 21-30 31 – 40 41 – 50 Above
50
2. Gender: Male Female
3. Marital Status
Single Married Divorced/Separated
4. Level of Education
Professional Qualification Post Graduate
( ICAN/CIBN /ANAN) (MBA/MSC/Ph.D)
Tertiary Education Post Secondary Education
(First Degree/HND) (National Diploma/NCE)
Others ( Please Specify ……………………………………………
5. Length of service at Ecobank Nigeria
Less than one year 1 – 3 years 3 – 6
years Above 6 years
6. Position Held:
164
SECTION “B1”: EFFECTIVENESS OF INTERNAL CONTROLS
Instruction: please tick (√) as appropriate.
In this section, the researcher seeks to establish the effectiveness
of internal control on the organizational performance in Ecobank
Nigeria plc. Please tick(√) the appropriate alternative
Key; Where SA-strongly agree, A- agree, UD- undecided, SD-strongly
disagree D-disagree
S/
N
STATEMENT SA A UD SD D
7 There are adequate assets
listing done by management
8 Procedures in place ensure
asset additions, disposal,
replacement and transfers for
proper accountability
9 Capital assets purchased are
approved by appropriate level
of management
10 Assets numbering is done to
show location and protection
of the assets.
11 There is free access to
cheque books and organization
166
assets
12 A person responsible for
inventory management is
different from the bookkeeper
13 Stock taking is done
following the procedures and
in the presence of the
internal auditor
14 The petty cashier is
different from the main
cashier
15 There are adequate policies
to ensure effective
collection and follow- ups of
due accounts
SECTION “B2”: ORGANIZATION PERFORMANCE
Instruction: please tick (√) as appropriate.
In this section the researcher seeks to establish the level of
organizational performance in Ecobank Nigeria plc. Please Tick the
appropriate alternative
Key: Where, SA=strongly agree, A= Agree, UD- undecided, D=Disagree,
SD=strongly disagree
167
S/
N
STATEMENT SA A UD SD D
16 Cost of production has been reducing
dramatically for the past two years
17 The company is now in a better
position to serve clients more
efficiently and effectively
18 Effectiveness is measured through
quality services and products
19 The company is able to build customer
satisfaction through quality products
and services
20 Performance of the company results
from assets financing, employee
skills and processes involved in
production
21 There is evaluation and discussion of
the organizational performance
periodically by management
168