ABSTRACT
This study looks at Internal control in an organization as a watchdog for fraudulent practices. Internal control being an integral part of corporate governance has seen a lot of reform due to the corporate scandals and financial crisis in the economic environment causing regulator to focus on increased disclosure requirements especially in the areas of corporate governance. Internal control disclosure requirement ranged from the requirement of the foreign Corrupt practice Act (FCPA) of 1977 to Sarbanes Oxley’s Act of 2002 which required the assessment of internal control structure and the Turnbull report of 1999 which also required an organization wide risk management approach to internal control. Nigeria has continued to experience high level of financial loss due to fraudulent practices. Unfortunately, there are no empirical studies on the effectiveness of internal control with reference to SOX requirement and the prescriptions of Turnbull report in Nigeria. The broad objective of the study is to examine the effectiveness of the internal control system in an organization as a watchdog over fraudulent practices. Specifically, the study examined the internal control variables which include internal audit, audit committee, ethical tone and risk assessment to see if there is a positive and significant relationship between their effectiveness and fraud prevention and also to examine if there is a relationship between sources of fraud detection and strength of internal control processes. The study adopted the analytical survey method to gather information on the variables; internal audit, audit committee, ethical tone and risk assessment. The population of the study comprised of senior management and staff of internal control department of the firms listed on the Nigeria stock exchange that are been audited by the bid four audit firms. Using the judgmental sampling technique we chose 2 senior management and 4 staff of internal control department of the firms quoted on the Nigeria stock exchange that are being audited by the big four audit firms (KPMG, PWHC, AWD, E&Y). Data were collected by means of questionnaire with response options graduated into five likert scale designed to capture information on the extent of compliance on the internal control guidelines. Data were also extracted from the records of the Economic and Financial Crimes Commission (EFCC) of firms where fraud had occurred. The logistic regression analysis was adopted to test four hypotheses while the Pearson’s chi square was used to test the fifth hypothesis. The result showed that positive and significant relationship existed between effective internal audits, effective audit committee, ethical tone at the top and risk assessment in Nigerian quoted firms. The result also showed that the strength of internal control process is positively and significantly related to the sources of fraud detection in an organization. The study provides an insight into internal control practices in Nigerian firms. The organizations have not imbibed the prescriptions of the recent corporate governance practices as prescribed by Sarbanes Oxleys Act (Sox) of 2002 and the Turnbull report of 1999. The study therefore recommends that due to the effect of non compliance to these recommendations there should be sanctions put in place to ensure compliance, investigative function established to investigate and recover assets, ensure a more vibrant audit committee and the audit committee should adopt the prescription of the American Institution of Certified Public Accountant (AICPA) to address the risk of management override of internal control. The study has provided opportunity for future research into internal control practices of firms not listed on the Nigeria stock exchange and those not audited by the big four audit firms.
1.1 Background to the study
CHAPTER ONE
INTRODUCTION
In the aftermath of corporate scandals and the global financial crisis corporate governance has received significant attention from regulators and public. Regulatory response have focused on increasing disclosure requirement relating to corporate governance and thus has, in turn, driven increased awareness and demand for internal assurance on corporate governance process which internal control is a part of. According to some recent studies by (Gramling, Schneider & Church, 2004, Carcello, Hermanson & Raghunandan, 2005, Sarens, 2006, Cohen, Krishmoorthy & Wright, 2010) there have been significant changes in the role of internal control as a result of recent regulatory reforms in the USA, the UK and Australia. For instance, the Sarbanes Oxley Act in the USA in 2002 (Sarbanes and Oxley 2002) this act required the implementation of many new roles and procedure. One element of SOX, concentrated in section 302 and 404 relates to the internal control over financial reporting. (Weili, 2004) Essentially, SOX requires top management to establish, maintain and regularly evaluate the effectiveness of internal control over financial reporting.
Prior to the Sarbanes Oxley act, the Foreign Corrupt Practices Act of 1977 (FCPA) was the only statutory regulation to address internal control, while the only required public disclosure of significant internal control deficiencies was in the form 8 – K when disclosing a change in auditor (SEC1988; Geiger 2003 Krishnan 2005), with the exception of the Federal Deposit Insurance Corporation Improvement Act (FDICA) which required banks operation in the U.S to file an annual report with regulators in which management attest to the effectiveness of their control and independent public accountants must attest to and separately report on management assertions.
The FCPA provided the first statutory regulation of internal controls of Securities and Exchange Commission (SEC) registrants requiring that registrants maintain cost effective system of internal accounting control over transaction and assets (Weili, 2004). In the late 1977 when the FCPA was passed, much of the business community had unexpected and unpleasant surprises.
Although many of the registrants did not participate in foreign trade, the FCPA applied to all companies filling with SEC regardless of their foreign trade practices. According to Mautz (1980), the FCPA reaches every company that files with the SEC, everyone, whether in foreign trade or not. So a lot of companies that were totally domestic, that were not engaged in doing anything that they think of as corrupt, found themselves with new responsibilities under this act.
In the 1980s the existence of fraud and unexpected business failures led to the questioning of the adequacy of the financial reporting systems and especially the internal control of public companies. The ambiguity of the term “cost effective” in the FCPA weakened the rule considerably (Kinney 1990), This problem prompted the creation of the trade way commission and its call for additional internal control standards and guidance (Kinney, 1990). Specifically, the commission recommended that all public companies should be required to include a report on internal control, written by management, in their annual report.
This recommendation is finally being realized under SOX section 404. The Sarbanes-Oxley act does not substantially alter requirements for maintaining internal control over those expressed in the FCPA. Instead, sox mandates new disclosure about the assessment of internal control (Weili, 2004).
Another of such guidance is the Turnbull report from the Turnbull committee which was established in other to consider whether the early guidance of the combined code required revision. When the combined code was issued, no formal guidance was available in relation to the wider aspect of internal control (KPMG 1999). The Turnbull guidance on corporate governance was issued by the institute of chartered accountants of England and Wales (ICAEW) and required listed companies to develop an organization wide risk management approach to internal control as an integral part of corporate governance policies and systems. It aims to provide guidance to assist directors and managers of companies in implementing principle D2 of the combined code on corporate governance (KPMG 1999).
The guidance uses internal control system to protect shareholders interest. But while the report focuses on a risk based approach to internal control system, the real thrust is about embedding risk management within corporate governance process (Weili, 2004). The guidance clarifies and prescribes the respective roles of the boards, its committees, and management in implementing risk management through internal control policies and system. It crystallizes the boardroom responsibilities for risk management, risk control and system effectiveness reporting as outlined in the stock exchange listing rules. Turnbull embodies the principles that boards and managers are directly accountable to shareholders for the effective management and control of their corporate risk exposures.
The control of corporate exposures to risk in various areas is a well established practice. Risk assessment of outcome variability under alternative investment strategies is a long standing feature of investment appraisal. Similarly, the duty of care placed on organizations and individuals in the health and safety areas has forced systematic review of potential workplace hazards and the precise definition of responsibilities. In recent years, cost and time overruns in project management have forced the development of techniques for the systematic management of project risk. All these are not new, but the Turnbull requirement for an all inclusive approach that integrates these separate areas, under a corporate risk management policy into core corporate governance process is a regulatory innovation (KPMG 1999). In the past the practice has often lacked the application of organization wide risk management policies that is a top down approach which begins at the board level and integrates all level and areas of risk management throughout the organization. The Turnbull guidance provide a timely opportunity to redress the balance and create competitive advantage.
Therefore, the expectations of the Turnbull committee are explicit and clear it required that a listed company should have a system of internal control in which the monitoring of risk and control is embedded into its fabrics.
Subsequently in Nigeria having realized the need to align with international best practices which every country is embracing, the Securities and Exchange Commission (SEC) in collaboration with Corporate Affairs Commission (CAC) inaugurated a seventeen members committee on June 2000 in Nigeria which was headed by Peterside Etudo. This committee was mandated to identify weaknesses in the current corporate governance as part of internal control practices in Nigeria and fashion out necessary changes that will improve corporate governance as part of I.C practices in Nigeria.
The committee’s final report which centered on code of best practices on corporate government in Nigeria was approved by the boards of the Securities and Exchange Commission (SEC). The code of best practice (2003) identifies three key players in the implementation process and prescribed the functions and responsibilities of each of them. The principal actors are the board of director, shareholder and audit committee. Details of their makeup, function and responsibilities are contained in appendix (1). It is however, up to the company at the cutting edge of compliance to disclose meaningful information that assists in understanding their risk management process and system of internal control.
1.2 Statement of Research Problem
According to a study by the Economic and Financial Crimes Commission (EFCC) and the National Bureau of Statistics(NBS), crime and corruption represents a major concern for business executives in Nigeria. According to this study more than 75% of business obstacles were as a result of crime and corruption. At the international level, the Enron Corporation was criticized for failure in its internal control.
Operational risk management which is a major aspect of internal control has lately become a high profile issue in financial services/ industry. According to Nigeria Deposit Insurance Commission (NDIC) report for 2006, a total of one thousand one hundred and ninety three cases of fraud and forgeries were reported in the industry with a total value of N4.83 billion naira, out of this figure, N2.77 billion or fifty seven percent was expected to be lost. According to Ebong, E. the erstwhile group managing director of Union Bank Plc, he stressed that the Nigeria Deposit Insurance Commission (NDIC) report was corroborated by a more recent study by the Financial Institution Training Centre (FITC) covering October– December 2008 which showed that during the quarter, a total of four hundred and eighty cases of fraud and forgeries were reported, representing an increase of 19.7% over the four hundred and one cases reported during the preceding quarter, which in terms of value, the total amount of money involved in the reported cases during the period rose significantly to 3.4 billion naira from 1.57 billion naira in the preceding quarter. This represents an increase of 116.56%. About 40 percent of companies that have experienced fraud suffer signicant losses in terms of their reputation and in damaged business relation and decreased staff motivation.(Rezaee,Olibe & Minmier, 2008).
However business failure is not the sole province of the financial industry. Fraud has become increasingly complicated (Law,2011) and any organization harbours the potential to fail. The potential for catastrophic failure is heightened because in all type of organization management ignores major business hazards. Such hazards might relate to financial markets, credit or liquidity problems. They might also be as a result of strategic miscalculations or contractual difficulties, but the root of considerable weight of risk is people and the processes they operate.
Poor internal control among other causes has been identified to be a common cause of failures in the recently failed organization in the world. For instance, in USA, Enron, World com, Tyco, Xerox, Walmart stores inc, and Cadbury Schweppes confectionary of India and the Parmalat accounts in Italy etc (ICAN,2010). In Nigeria, former Oceanic bank, former Intercontinental bank and Bank PHB e.t.c. all had inefficient internal control systems. Companies that have experienced fraud suffer significant losses in terms of their reputation, business relations or even litigation and bankruptcy (Rezaee et al, 2008). Arens, Elder & Beasly (2006), indicated that half of the companies where fraudulent activity was identified filed for bankruptcy or changed form of ownership following the fraud period.
If corporation in Nigeria continue to face difficulties as a result of fraud perpetrated in the organization, the attendant consequence include lack of economic growth. For any economy to experience sustainable growth, it requires continuous investment from within and outside the economy. But when there is fear of failure, possibly due to weak or non existence of key variables of effective internal control, investments will dwindle and the economy will be stagnated and for a developing economy like Nigeria, this is catastrophic.
1.3 Objectives of the study
The broad objective of this study is to examine the effectiveness internal control system in an organization as a watchdog over fraudulent practices. To achieve this broad objective the study strives to:
1 ascertain the effectiveness of the internal audit function in deterring fraud in Nigerian quoted companies.
2 examine the impact of an effective audit committee as part of internal control in fraud prevention.
3 ascertain the effect of an ethical tone at the top management level in the fight against fraud.
4 investigate the impact of risk assessment as part of internal control process in corporate governance in the prevention of fraud.
5 ascertain if the sources of fraud detection differ between organizations which have strong internal control and those that are not.
1.4 Research Questions
This study will make use of the following questions to elicit information on internal control practices in our organizations.
1. To what extent does an effective internal audit function prevent the occurrence of fraud in the Nigerian quoted companies?
2. What is the impact of an effective audit committee as part of internal control in the prevention of fraud?
3. To what extent does an ethical tone at the top management level lend support to the prevention of fraud in the organization?
4. What is the effect of risk assessment as part of internal control in corporate governance in combating fraud in the organization?
5. To what extent does the source of fraud detection differ between organization which have strong internal control and those that are not?
1.6 Research Hypotheses
To achieve the above objectives and also provide answers to the research questions the following hypotheses were investigated.
1. An effective internal audit function is not significantly and positively related to fraud deterrence in Nigerian quoted companies.
2. An effective audit committee as part of Internal control in corporate governance is not significantly and positively related to fraud prevention.
3. An ethical tone at the top management level is not significantly and positively related to fraud prevention in Nigerian quoted companies.
4. Risk assessment as part of Internal control process in corporate governance is not significantly and positively related to fraud prevention.
5. The sources of fraud detection is not significantly different between organizations which have strong internal control and those that do not have.
1.6 Scope of the study
This study is on the role of internal control in an organization as a watch dog for fraudulent practices. It tries to determine the effect of compliance to the internal control principles. It also looks at the strength of internal control, the quality of audit committee effectiveness, ethical tone at the top and risk assessment as part of internal control process in corporate governance and how all these variables work towards mitigating fraud in an organization.
The study includes all the quoted companies on the Nigeria Stock Exchange that are being audited by the “Big four” auditing firms numbering 81 as at 2010/11 (App 111), ignoring whether they are first tier or second tier securities market operators or whether they are in the regulated sector. The study will also cover the period 2003-2012.
1.7 Significance of Study
In the recent past much attention has been given to the requirement for adequate internal control in organizations. Publicly quoted companies are required to review these controls both by management and auditors.
Nigeria being a country which aligns with best international practices presents a good case study for exploring how a firm which adheres to internal control principles and procedure; and to international internal control guidelines will reduce to an acceptable level its exposure to fraud and risk. A robust system of internal control is imperative for all organizations whether they are publicly traded, privately owned, not for pofit or in the government sector.
There is lack of empirical research on internal control significance in Nigeria, this research, will therefore prove beneficial and lend more support to the various international guidelines on internal control.
Adherence to these guidelines will not be mere protocol but processes which are capable of benefiting the organizations which practice it to the letter. Specifically the study is expected to be significant to:
Management:
They will be more fully aware of the importance of adherence to internal control principles and procedures. This will to a great extent reduce their exposure to risk because when there is risk assessment, risk can then be planned for in other to control it. Risk planning can be in the form of risk avoidance, risk transfere, risk insurance, hedging and risk assumption or retention (Oye, 2006).
Board of Director:
The board will be more aware of their oversight responsibility.
Auditors:
The auditors will be more aware of the existence of fraud in our organization even though they may issue unqualified audit report.
1.10 Limitation of the study
One of the limitations inherent in the use of qualitative approach to collection of data is that the findings are limited in terms of their generalisabilty. The data collected represent the internal control practices of the organization listed on the stock exchange and are being audited by the big four audit firms. The internal control practices of the firms not audited by the four audit firm are not represented and those not listed on the stock exchange are equally not represented. Another limitation to this study is the uncooperative attitude of the respondents. They usually require a little pressure before accepting our questionnaire. Locating some of the organizations also posed some challenges because some of the organizations were remotely located.
1.11 Definition of Terms
1. Internal control. Internal control is a system, plan of action and philosophy built into the operating activity of the business to help ensure the actual events and activities that occur comply with owner / managers expectations, intent and goals in accomplishing this task internal control must meet the following:
Physical assets and information are properly accounted for and safeguarded against waste, fraud and irregularities.
Ensure resulting financial and operating data is useful, complete, competent, accurate reliable and timely.
Ensure efficient operations.
Periodic evaluation and appraisal of employees and management performance.
To ensure maximum productivity and coordination of business resources with established goals.
Compliance with federal state and local laws and ordinances.
2. Risk management Involves the identification of risk and the evaluation of its potential impact on the organization and the institution and of measures either to eliminate the risk entirely or to reduce its impact.
3. Audit committee This is an elected committee of a maximum of six members constituting of equal no of directors and representative of the shareholders. They have the responsibilities of examining the accounts of a company and then make a report thereon to the members at the general meeting. Their duties also include review of audit scope, planning of audit requirement, and audit review and making recommendation on remuneration of auditors.
4. Corporate governance This is the system by which companies are directed and managed in the best interest of the owners and investor. It refers to the role of the board of directors, executives and non executives, shareholders right and to other actions taken by shareholders to influence corporate decisions.
5 Form 8-K As defined by SEC is a document that companies make use of to announce major events that shareholders should know about. Such as: Bankruptcy, departure of a key executive such as CEO, notice of delisting, change in accountant, announcement of a new deal.
6 The Big four audit firms These are the four main audit firms in Nigeria that audit the major business organizations. They include Akintola William Deloitte (AWD),Price Water House Corpers (PWHC), KPMG, and Ernst and Young (E&Y)
This material content is developed to serve as a GUIDE for students to conduct academic research
Internal Control in an Organization as a Watchdog for Fraudulent Practices>
A1Project Hub Support Team Are Always (24/7) Online To Help You With Your Project
Chat Us on WhatsApp » 09063590000
DO YOU NEED CLARIFICATION? CALL OUR HELP DESK:
09063590000 (Country Code: +234)
YOU CAN REACH OUR SUPPORT TEAM VIA MAIL: [email protected]
09063590000 (Country Code: +234)