Internal Control in an Organization as a Watchdog for Fraudulent Practices

ABSTRACT

This study looks at Internal control in an organization as a watchdog for fraudulent practices. Internal control being an integral part of corporate governance has seen a lot of reform due to the corporate scandals and financial crisis in the economic environment causing regulator to focus on increased disclosure requirements especially in the areas of corporate governance. Internal control disclosure requirement   ranged from the requirement of the foreign Corrupt practice Act (FCPA) of 1977 to Sarbanes Oxley’s Act of 2002 which required the assessment of internal control structure and the Turnbull report of 1999 which also  required an organization wide risk management approach to internal control. Nigeria has continued to experience high level of financial   loss due to fraudulent practices. Unfortunately, there are no empirical studies on the effectiveness of internal control with reference to SOX   requirement and the prescriptions of Turnbull report in Nigeria. The  broad objective of  the study is to examine the effectiveness of the internal control system in an organization as a watchdog over fraudulent practices. Specifically, the study examined the internal control variables which include internal audit, audit committee,  ethical  tone  and  risk  assessment  to  see  if  there  is  a  positive  and  significant relationship between their effectiveness and fraud prevention and also to examine if there is a relationship between  sources of fraud detection  and strength of  internal control processes. The study adopted the analytical survey method to gather information on the variables; internal audit, audit committee, ethical tone and risk assessment. The population of the study comprised of senior  management and staff of internal control department of the firms listed on the Nigeria stock exchange that are been audited by the bid four audit firms. Using  the judgmental sampling technique  we  chose 2 senior  management  and 4 staff of internal  control department of the firms quoted on the Nigeria stock exchange  that are being audited by the big four audit firms (KPMG, PWHC, AWD, E&Y). Data were collected by means of questionnaire with response options graduated into five likert scale designed to capture information on the extent of compliance on the internal control guidelines. Data were also extracted from the records of the Economic and Financial Crimes Commission (EFCC) of firms where fraud had occurred. The logistic regression analysis was adopted to test four hypotheses while the Pearson’s chi square was used to test the fifth hypothesis. The result showed that positive and significant relationship existed between effective internal audits, effective audit committee, ethical tone at the top and risk assessment in Nigerian quoted  firms. The result also showed that the strength of internal control process is positively and significantly related to the sources of fraud detection in an organization. The study provides an insight into internal control practices in Nigerian firms. The organizations have not imbibed the prescriptions of the recent corporate governance practices as prescribed by Sarbanes Oxleys Act (Sox) of 2002 and the Turnbull report of 1999.  The study therefore recommends   that due    to the effect of non compliance to these recommendations there should be sanctions put in place to ensure compliance, investigative function established to investigate and recover assets, ensure a more vibrant audit committee and the audit committee should  adopt  the  prescription  of  the  American  Institution  of  Certified  Public  Accountant (AICPA) to address the risk of management override of internal control. The study has provided opportunity for future research into internal control practices of firms not listed on the Nigeria stock exchange and those not audited by the big four audit firms.

1.1 Background to the study

CHAPTER ONE

INTRODUCTION

In the aftermath of corporate scandals and the global financial crisis corporate governance has received significant attention from regulators and public. Regulatory response have focused on increasing  disclosure requirement  relating to  corporate  governance  and  thus has,  in turn, driven   increased awareness   and demand for internal   assurance on corporate   governance process which internal  control is a part of. According  to some  recent studies by (Gramling, Schneider & Church, 2004, Carcello, Hermanson & Raghunandan, 2005, Sarens, 2006, Cohen, Krishmoorthy & Wright, 2010) there have been significant changes in   the role of internal control as a result   of recent regulatory   reforms   in the   USA, the UK and Australia. For instance, the Sarbanes Oxley Act  in the USA in 2002 (Sarbanes and Oxley 2002) this act required the  implementation of many  new roles  and  procedure. One    element    of    SOX, concentrated  in section 302  and 404  relates  to the  internal  control over  financial  reporting. (Weili, 2004) Essentially, SOX requires top management to establish, maintain  and regularly evaluate the effectiveness of internal control over financial reporting.

Prior to the Sarbanes Oxley act, the Foreign Corrupt  Practices Act of 1977 (FCPA) was the only statutory regulation  to address internal  control, while  the only required  public  disclosure of significant internal control deficiencies was in the form  8 – K  when disclosing a change  in auditor  (SEC1988; Geiger 2003 Krishnan 2005), with  the exception  of the Federal Deposit Insurance Corporation Improvement Act (FDICA) which required  banks operation in the U.S to file  an annual  report  with  regulators  in which  management  attest to  the effectiveness of their  control  and  independent  public  accountants  must  attest to and  separately  report on management  assertions.

The FCPA provided the first statutory regulation of internal controls of Securities and Exchange Commission  (SEC)  registrants  requiring  that  registrants  maintain  cost  effective  system  of internal accounting control over transaction and assets (Weili, 2004). In the late 1977 when the FCPA was passed, much of the business community had unexpected and unpleasant surprises.

Although many of the registrants did not  participate in foreign trade, the FCPA applied  to all companies filling with SEC   regardless of their   foreign trade practices. According to Mautz (1980), the FCPA reaches every company that  files with the SEC, everyone, whether  in foreign trade or not. So  a lot of  companies that were totally domestic, that were not engaged in  doing anything that they think of as corrupt, found themselves with new responsibilities under this act.

In the 1980s the existence of  fraud  and unexpected  business  failures led to the questioning  of the adequacy of the financial reporting systems and  especially the internal  control  of  public companies. The ambiguity   of the   term   “cost   effective” in the FCPA   weakened the rule considerably  (Kinney  1990),    This    problem    prompted the  creation    of  the    trade  way commission and its call for additional internal control standards and guidance (Kinney, 1990). Specifically, the commission recommended that all public companies   should be   required to include a report on internal control,  written by management, in their  annual report.

This recommendation is finally being realized under SOX section 404. The Sarbanes-Oxley act does not substantially alter requirements for maintaining internal control over those expressed in the FCPA. Instead, sox   mandates new disclosure   about the assessment of internal control (Weili, 2004).

Another  of such  guidance is the Turnbull report   from  the   Turnbull committee which was established  in  other to  consider whether  the  early guidance of the  combined  code  required revision. When  the combined code  was issued, no  formal guidance  was available  in  relation to the wider aspect of internal control (KPMG 1999). The Turnbull guidance on corporate governance was issued by the institute of chartered accountants of England and  Wales (ICAEW) and required listed companies to develop an organization wide risk   management approach to internal control as an integral part of corporate governance policies and systems. It aims to provide guidance to assist directors and managers of companies in implementing principle D2 of the combined code on corporate governance (KPMG 1999).

The guidance uses internal control system to protect shareholders interest. But while  the report focuses on a risk  based approach   to  internal   control   system,   the real thrust    is about embedding   risk    management   within   corporate governance process (Weili,  2004).   The guidance clarifies and   prescribes   the   respective   roles of the boards,   its committees,   and management  in  implementing  risk management  through internal  control policies and system. It crystallizes the   boardroom  responsibilities for risk   management, risk control  and system effectiveness  reporting  as outlined in  the stock exchange  listing  rules. Turnbull embodies the principles that boards and managers are directly accountable to shareholders for the effective management and control of their corporate risk exposures.

The control of corporate exposures to risk in various areas is a well established practice. Risk assessment of outcome variability under alternative investment strategies is a long standing feature of investment appraisal. Similarly, the duty of care placed on organizations and individuals in the health and safety areas has forced systematic review of potential workplace hazards and the precise definition of responsibilities. In recent years, cost and time overruns in project management have forced the development of techniques for the systematic management of project risk. All these are not new, but the Turnbull requirement for an all inclusive  approach that   integrates these separate areas, under a   corporate risk   management   policy into core corporate governance process is a regulatory innovation (KPMG 1999). In the  past the practice has often lacked  the application of organization  wide risk management  policies that  is  a top down approach  which   begins at   the board level and   integrates  all level and areas of risk management throughout the organization. The Turnbull guidance provide a timely opportunity to redress the balance and create competitive advantage.

Therefore, the expectations of the Turnbull committee are explicit and clear  it required that a listed company  should have a system of internal control in which  the monitoring of risk  and control is embedded into  its fabrics.

Subsequently in Nigeria   having realized the need to   align with international   best practices which   every country is embracing, the Securities and Exchange Commission   (SEC) in collaboration with Corporate Affairs Commission (CAC) inaugurated a seventeen members committee on June 2000 in Nigeria which was headed  by Peterside Etudo. This committee was mandated to identify weaknesses in the current corporate governance as part of internal control practices in Nigeria and fashion out necessary changes that will improve corporate governance as part of I.C practices in Nigeria.

The committee’s final report which centered on code of best practices on corporate government in Nigeria was approved by the boards of the Securities and Exchange Commission (SEC). The code of best practice (2003) identifies three key players in the implementation process and prescribed the functions and responsibilities of each of them.  The principal actors are the board of director, shareholder and audit committee. Details of their makeup, function and responsibilities are contained in appendix (1).    It is  however, up  to the company at the cutting edge of  compliance to  disclose  meaningful  information  that assists  in understanding their risk  management  process and system of internal control.

1.2 Statement of Research Problem

According to a study by the Economic and Financial Crimes Commission (EFCC) and the National  Bureau  of  Statistics(NBS),  crime  and  corruption  represents  a  major  concern  for business executives in Nigeria. According to this study more than 75% of business obstacles were as a result of crime and corruption. At the international level, the Enron Corporation was criticized for failure in its internal control.

Operational risk management which is a major aspect of internal control has lately become a high profile  issue  in  financial  services/  industry.  According    to  Nigeria Deposit  Insurance Commission (NDIC) report for  2006, a  total  of one  thousand  one hundred  and  ninety  three cases of  fraud and forgeries were  reported in the  industry  with a total value  of N4.83 billion naira, out of this figure, N2.77 billion or   fifty   seven percent was   expected   to be   lost. According   to   Ebong, E.   the erstwhile group managing   director of Union   Bank Plc, he stressed that the Nigeria Deposit Insurance Commission (NDIC) report was  corroborated by a more recent   study by the   Financial   Institution Training   Centre (FITC) covering October– December 2008 which  showed  that during  the quarter, a total  of four  hundred  and eighty cases of fraud and  forgeries  were  reported, representing  an increase of  19.7% over the four hundred and  one cases reported during the preceding quarter, which  in terms of value, the total amount  of money involved  in the reported  cases during  the period  rose significantly  to 3.4 billion naira from 1.57 billion naira in the preceding quarter. This represents an increase of 116.56%. About 40 percent of companies that have experienced fraud suffer signicant losses in terms of their reputation and in damaged business relation and decreased staff motivation.(Rezaee,Olibe & Minmier, 2008).

However business failure is not the sole province of the financial industry. Fraud has become increasingly complicated (Law,2011) and any organization harbours the potential to fail. The potential for catastrophic failure is heightened because in all type of organization management ignores major  business  hazards.   Such hazards  might  relate to  financial  markets, credit  or liquidity problems. They might also be as a result of strategic miscalculations or contractual difficulties, but the root of considerable weight of risk is people and the processes they operate.

Poor internal control among other causes has been identified to be a common cause of failures in the recently failed organization in the world. For instance, in USA, Enron, World com, Tyco, Xerox, Walmart stores inc, and Cadbury Schweppes confectionary of India and the Parmalat accounts in Italy etc (ICAN,2010). In Nigeria, former Oceanic bank, former Intercontinental bank and Bank PHB e.t.c. all had inefficient internal control systems. Companies that have experienced fraud suffer significant losses in terms of their reputation, business relations or even litigation and bankruptcy (Rezaee et al, 2008). Arens, Elder & Beasly (2006), indicated that half of the companies where fraudulent activity was identified filed for bankruptcy or changed form of ownership following the fraud period.

If corporation in Nigeria continue to face difficulties as a result of fraud perpetrated in the organization, the attendant consequence include lack of economic growth. For any economy to experience sustainable growth, it requires continuous investment from within and outside the economy. But when there is fear of failure, possibly due to weak or non existence of key variables  of  effective  internal  control,  investments will  dwindle  and  the  economy will  be stagnated and for a developing economy like Nigeria, this is catastrophic.

1.3 Objectives of the study

The broad objective of this study is to examine the effectiveness internal control system in an organization as a watchdog over fraudulent practices. To achieve this broad objective the study strives to:

1           ascertain the effectiveness of the internal audit function in deterring fraud in  Nigerian quoted companies.

2          examine the impact of an effective audit committee as part of internal control in fraud prevention.

3         ascertain the effect  of an ethical tone  at  the top management  level  in the fight against fraud.

4          investigate the impact of risk assessment as part of internal control process in corporate governance in the prevention of fraud.

5          ascertain if the sources of fraud detection differ between organizations which have strong internal control and those that are not.

1.4      Research Questions

This study will make use of the following questions to elicit information on internal control practices in our organizations.

1.  To what extent does an effective internal audit function prevent the occurrence of fraud in the Nigerian quoted companies?

2.  What  is  the  impact  of an  effective  audit  committee  as  part  of  internal  control in  the prevention of fraud?

3.  To  what  extent  does an  ethical tone  at  the  top  management  level  lend  support to  the prevention of fraud in the organization?

4.  What is the effect of risk assessment as part of internal control in corporate governance in combating fraud in the organization?

5.    To what extent does the source of fraud detection differ between organization which have strong internal control and those that are not?

1.6      Research Hypotheses

To achieve the above objectives and also provide answers to the research questions the following hypotheses were investigated.

1.         An effective internal audit function is not significantly and positively related to fraud deterrence in Nigerian quoted companies.

2.         An effective audit committee as part of Internal control in corporate governance is not significantly and positively related to fraud prevention.

3.        An ethical tone at the top management level is not significantly and  positively related to fraud prevention in Nigerian quoted companies.

4.        Risk  assessment  as  part  of Internal control process  in  corporate  governance  is  not significantly and  positively related to fraud prevention.

5.         The sources of fraud detection is not significantly different between organizations which have strong internal control and those that do not have.

1.6 Scope of the study

This study is on the role of internal control in an organization as a watch dog for fraudulent practices.  It tries to determine the effect of compliance to the internal control principles. It also looks at the strength of internal control, the quality of audit committee effectiveness, ethical tone at the top and risk  assessment as part of internal control  process in corporate governance and how all these variables work towards mitigating fraud in an organization.

The study includes all the quoted companies on the Nigeria Stock Exchange that are being audited by the   “Big   four” auditing   firms numbering 81 as at 2010/11 (App 111),  ignoring whether they are first tier or  second tier securities  market  operators or  whether  they are in the regulated sector. The study will also cover the period 2003-2012.

1.7 Significance of Study

In the recent past much attention has been given to the requirement for adequate internal control in organizations.   Publicly quoted companies are required to review these controls both by management and auditors.

Nigeria being a country which aligns with best international practices presents a good case study for exploring how a firm which adheres to internal control principles and procedure; and to international internal control guidelines will reduce to an acceptable level its exposure to fraud and risk. A robust system of internal control is imperative for all organizations whether they are publicly traded, privately owned, not for pofit or in the government sector.

There is lack of empirical research on internal control significance in Nigeria, this research, will therefore prove beneficial and lend more support to the various international guidelines on internal control.

Adherence to these guidelines will not be mere protocol but processes which are capable of benefiting the organizations which practice it to the letter. Specifically the study is expected to be significant to:

Management:

They will be more fully aware of the importance of adherence to internal control principles and procedures. This  will to a great extent  reduce  their  exposure  to risk  because  when  there is risk  assessment,  risk  can  then  be planned for in  other to control  it. Risk planning can be in the  form of risk  avoidance, risk  transfere, risk  insurance, hedging and  risk  assumption or retention (Oye, 2006).

Board of Director:

The board will be  more aware of their oversight responsibility.

Auditors:

The auditors will be more aware of the existence of fraud in our organization even though they may issue unqualified audit report.

1.10    Limitation of the  study

One of the limitations inherent in the use of qualitative approach to collection of data is that the findings are limited in terms of their generalisabilty. The data collected represent the internal control practices of the organization listed on the stock exchange and are being audited by the big four audit firms.  The internal control practices of the firms not audited by the four audit firm are not represented and those not listed on the stock exchange are  equally not represented. Another limitation to this study is the uncooperative attitude of the respondents. They usually require a little pressure before accepting our questionnaire. Locating some of the organizations also posed some challenges because some of the organizations were remotely located.

1.11    Definition of Terms

1.          Internal control. Internal control is a system, plan   of action   and   philosophy  built into the operating activity of the business to help  ensure the actual events and  activities that occur comply with owner / managers expectations, intent   and   goals   in accomplishing   this task internal control must  meet  the following:

             Physical assets  and  information are  properly accounted for  and  safeguarded against waste, fraud and irregularities.

             Ensure resulting financial and operating data is useful, complete, competent, accurate reliable and timely.

          Ensure efficient operations.

          Periodic evaluation and appraisal of employees and management performance.

             To ensure maximum productivity and coordination of business resources with established goals.

          Compliance with federal state and local laws and ordinances.

2.        Risk management Involves the identification of risk and the evaluation of its    potential impact on the organization and the institution and of measures either to eliminate the risk entirely or to reduce its impact.

3.       Audit committee This is an elected committee of a maximum of six members constituting of equal no of directors and representative of the shareholders. They have the responsibilities of examining the accounts of a company and then make a report thereon to the members at the general meeting. Their duties also include review of audit scope, planning of audit requirement, and audit review and making recommendation on remuneration of auditors.

4.       Corporate governance This is the system by which companies are directed and managed in the best interest of the owners and investor. It refers to the role of the board of directors, executives and non executives, shareholders right and to other actions taken by shareholders to influence corporate decisions.

5          Form 8-K As defined by SEC is a document that companies make use of to announce major events that shareholders should know about. Such as: Bankruptcy, departure of a key executive such as CEO, notice of delisting, change in accountant, announcement of a new deal.

6     The Big four audit firms These are the four main audit firms in Nigeria that audit the major business   organizations. They include Akintola William Deloitte (AWD),Price Water House Corpers (PWHC), KPMG, and Ernst and Young (E&Y)

₦8,000.00 – DOWNLOAD FULL PROJECT DOWNLOAD FULL PROJECT Added to cart

---

---

---

---

Related Project Topics :