Research proposal sample

CHAPTER TWO

LITERATURE REVIEW

2.1 Introduction

This chapter presents an overview of the existing literature based on other writers’ opinions, findings, and viewpoints on the effects of internal control systems on the performance of financial institutions, this will be in line with study objectives which include; to establish existing internal control systems applicable to financial institutions, to examine the relationship between internal controls and financial performance of financial institutions and to establish other factors affecting financial performance.

2.2 Existing internal control systems applicable to financial institutions

Control Environment; The control environment means the overall attitude awareness and actions, of directors and management regarding the internal control system and its importance in the entity. The environment has an effect on the effectiveness of specific control procedures, a strong control environment for example, one with tight budgetary control and an effective internal and function. However, a strong environment does not, by itself, ensure the effectiveness of the internal control system (International Standard of Auditing ISA (400).

Beneish et al (2014), define the control environment as the tone of an organization and the way it operates. He further says that it concerns the establishment of an atmosphere in which people can conduct their activities and carry out their control responsibilities effectively. Likewise, COSO (2004) looks at the ethical environment of an organization to encompass aspects of upper management’s tone in achieving organizational objectives, their value judgments and management styles. The control environment represents the control atmosphere for the entity and is the foundation for the other components (Nicolaisen, 2004).

Liquidity control; It measures the ability of an organization to cover their short-term obligation. Hilt, et al (2010) mention current ratio as a standard measure of liquidity in organization. Baysinger, (2010) also emphasized the importance of current ration as a measure of an organization’s liquidity. Liquidity ratios are the ration’s that measure the ability of company to meet its short-term debt obligations. These ratios measure the ability of company to pay off its short- term liabilities when the fall due. The liquidity ratios are a result of dividing cash and other liquid assets by the short-term borrowings and current liabilities. They show the number of times the short-term debt obligations are covered by the cash and liquid assets. A company must possess the ability to release cash from cash cycle to meet its financial obligations when the creditors seek payment. In other words, a company should possess the ability to translate its short term its short-term assets into cash. The liquidity ratios attempt to measure this ability of a company.

According to Bank of Tanzania (2010), liquidity position of the banking sector considered satisfactory. The ratio of liquidity asset to demand liabilities and gross loan to total deposit (lending ratio) were 45.23% and 58.93% respectively compared to 2014. The deposit as the major source of the sector’s funding accounted for 81.77% of total funding (Annual report 2010) Likewise, the loan component in the loan- to deposit ratio would also benefit from a more differentiated analysis. The maturity structure of the loan and the degree of standardization of the loan agreements will have an important influence on the liquidity of the loan portfolio.

Accountability; According to Hayes, et al, (2011), Managers need regular financial reports so as to make informed decision. Reporting (particularly, financial reports) is one way through which managers make accountability for the resource entrusted to them. As the primary users of financial reports, members of the public may be less financially sophisticated than users of other types of financial reports. They likely have less access to intermediaries, such as investment analysts, who can interpret the financial reports for them. Therefore, financial reports must place great emphasis on the understandability of the information reported in them. The financial reports cannot exclude complex transactions nor simplify complex transactions such that their substance is misleading but the emphasis on understandability would need to be considered in determining the reporting of items in financial reports.

Reporting; Whittington and Pany (2010), emphasize on internal controls in addressing the achievement of objectives in the areas of financial reporting, operations and compliance with laws, and regulations. They further note that “Internal control also includes the program for preparing, verifying and distributing to the various levels of management those current reports and analysis that enable the executive to maintain control over the variety of activities and functions that are performed in a large organization”. The mention internal control devices to include use of budgetary techniques, production standards.

Risk Assessment; This is the identification and analysis of relevant risks to the achievement of objectives, forming a basis for how the risks should be managed. According to Lannoye (2010), this component of internal control highlights the importance of management carefully identifying and evaluating factors that can preclude it from achieving its mission. Risk assessment is the identification and analysis of the relevant risks to achievement of the objective, forming a basis for determining how the risks should be managed. Because economic, industry, regulatory and operating conditions will continue to change, mechanisms are needed to identify and deal with the special risks associated with change.

COSO (2011), emphasizes the importance of objective setting in the entity and relates it to risk assessment as a precondition. However, it should be emphasized that the company internal control framework should be established in order to have reasonable assurance to achieve established objective, risk identification and analysis are the critical components. In evaluating the effectiveness of internal control activities, it is essential to assess them against entity’s objectives and related risks.

Risk assessment is a systematic process for integrating professional judgment about probable adverse conditions and events, and assessing the likelihood of possible losses (financial and non-financial) resulting from their occurrence. The second internal control standard addresses risk assessment. Internal control should provide for an assessment of the risks the agency faces from both internal and external sources. Once risks have been identified, they should be analyzed for their possible effect. Management then has to formulate an approach for risk management and decide upon the internal control activities required to mitigate those risks and achieve the internal control objectives of efficient and effective operations, reliable financial reporting, and compliance with laws and regulations (CIPFA 2010).

Once risks have been identified, they should be analyzed for their possible effect. Management then has to formulate an approach for risk management and decide upon the internal control activities required to mitigate those risks and achieve the internal control objectives of efficient and effective operations, reliable financial reporting, and compliance with laws and regulations (CIPFA, 2010)

 Risk assessment Financial reporting and performance objective A precondition to risk assessment is the establishment of the objective for reliable financial reporting and performance Identification and analysis of financial reporting risk the company identifies and analyses risk to the achievement of financial reporting objectives as a basis for determining how the risk should be management. Assessment of fraud risk the potential for material misstatement due to fraud is explicitly. Considered in assessing risks to the achievement of financial reporting objectives Source: (COSO 2011)

Risk Identification; Management should perform a comprehensive analysis of identifiable risk, including all risks associated with departments and branches-wise and activity level objective (derived from the organization’s mission). The activities analyzed should include those that support both financial and non-financial objectives. Management must consider the significant interactions with external organizations as well as those internal to their organization at both the department-wise and activity levels. Several means of risk identification can be used, including; management planning conferences, strategic planning, periodic reviews of factors effecting department’s activities, changing needs or expectations of agency officials or the public and natural catastrophes. (Lannoye, 2010)

Risk Analysis; After identifying department-wise and activity level risk, management should perform a risk analysis. The methodology may vary since risks are difficult to quantify; however, the process generally includes the following; estimating risk significance, assessing likelihood/frequency of occurrence, and considering how to manage risk. Risk with little significance and low probability of occurrence may require special attention. After assessing the significance and likelihood of risk, management must determine how to control it. Approaches may differ among entity, but they must be designed to maintain risk within levels deemed appropriate by management, considering the concepts of reasonable assurance and cost-benefit. Once implemented, the approach should be continually monitored for effectiveness. (Lannoye, 2010)

Managing Risk; When change occurs in an organization it often affects the control activities that were designed to prevent or reduce risk. In order to properly manage risk, management should monitor any change to ensure that each risk continues to be managed as change occurs. Management should inform employees responsible for managing the organization’s most critical risks about any proposed changes that may affect their ability to manage those risks. Managers should continually monitor the factors that can affect the risks they have already identified as well as other factor that could create new risks. (Walker, 2010).

2.3 Relationships between internal controls and financial performance of financial institutions

Prevents Fraud, one benefit of internal controls is a reduction in fraud opportunities. A simple example of an internal control aimed at reducing fraud is requiring employees to submit receipts in order to receive expense reimbursements. Wainaina (2011), examined the internal control function. He established that, other than the prevention and detection of fraud, internal controls should reflect the strength of the overall accounting environment in an organization as well as the accuracy of its financial and operational records. Fraud is the crime of gaining money or financial benefits by a trick or by lying, oxford dictionary (1999). Fraud is a purposeful deception, misrepresentation, or concealment of facts intended to cause injury or loss to another party, typically for the sake of one own direct or indirect gain.  Norman Katz (1996).

Jones (2008) compared internal control, accountability and corporate governance in medieval and modern Britain. He used a modern referential framework (control 28 environment, risk assessment, information and communication, monitoring and control activities) as a lens to investigate medieval internal controls used in the twelfth century royal exchequer and other medieval institutions. He demonstrated that most of the internal controls found today were present in medieval England. Stewardship and personal accountability were found to be the core elements of medieval internal control.

Balancing risks and rewards is essential if an organization is to maintain adequate liquidity, According to Wee Goh (2009) Banks and other lending institutions must constantly balance risks and rewards. Too high a price on loan products, you lose the customer, too low, you starve the profit margin or take a loss, too much capital on reserve, you miss investment revenue too little, and you risk regulatory noncompliance and financial instability. When every department, line of business and region measures and reports risks differently with desperate risk management systems, it can be difficult to accurately gauge overall risk exposure and strike the right balance.

Analyzing the credit risk of clients before advancing cash to them, financial ratios cannot be analyzed in isolation because there are no reliable standards to determine what their values should be. The client’s ratios must be compared with those of peer firms in the industry. However, cross sectional analysis cannot be adequately performed unless the banks have sufficient data regarding the ratios of peer firms, which operate in the same industry. Though other countries like Malta there is a lack of statistical data and doubtlessly this makes it very difficult to build a database, which would help the lending officers to interpret the ratios is still imperative for financial institution analyze the credit of their clients in order to avoid being insolvent (Ewa & Udoayang, 2012).

Proper management of credit by banks, Kakucha (2009) argue that, there is a need to establish strict internal guidelines, which ensures that loans are based on sound credit analysis if the banks are to realize significant profitability. However, they did not specify the mechanisms that can be employed. In their analysis is of loans lending, they further argue that banks should not be allowed to engage in activities which regulators cannot be certain that they can monitor otherwise, it leads to losses to the bank. This is significant in that it reduces on unnecessary banks’ bad debts.

Amudo and Inanga (2009) also carried out a study in Uganda to evaluate the internal control systems that the regional member countries of the African Development Bank Group institute for the management of the Public-Sector Projects that the Bank finances. There are 14 projects of the bank’s public-sector portfolio in Uganda. The 27-data received and analyzed is for eleven projects. Three projects were omitted because they were not fully operational to install effective internal control systems. The study identified the following six essential components of an effective internal control system: control environment, risk assessment, control activities, information and communications, monitoring and information technology. The outcome of the evaluation process was that some control components of effective internal control systems were lacking in those projects. These rendered the control structures ineffective.

Assessing clients before giving them loans, according to Alec and Annan (2004) Using SAS loan assessment based models as an analysis tool, managers are able to identify changes quickly within a portfolio and through the automated process, modify the assessment strategy for certain products in a matter of hours. In the event of customers failing to uphold their commitment, loan assessment information with in models developed is then analyzed and evaluated by the decision maker to manage customers consistently and appropriately. Some of these models include:

Employing experienced staff in an organization with professional training in finance, when an organization has highly qualified and experienced staff who can provide adequate knowledge to organization cash management becomes easy and organizational liquidity is maintained so that organization is able to competitive in the global market. (Erridge, 2003).

Error Prevention; Some internal controls are intended to spot potential errors before they happen. For example, you might have two people review each payroll before cutting and distributing checks. Each person will independently total employee hours, calculate their earned pay and check the deductions. The two will then compare their numbers against each other’s. A production facility might do a limited test-run on an order, checking the quality of items that come off the line before it runs the complete order. A restaurant might have an opening and closing checklist of tasks employees must perform each shift to ensure health requirements are met and adequate food inventory levels are maintained (Kantarelis, 2007).

Error Spotting; Internal controls enables an organization to detect errors early and address them before they get out of hand. In some instances, a recheck of numbers, such as monthly bank reconciliation, will help organization employees’ spot errors that occurred once. In other situations, such as reviewing new contracts after 30 days, organizations find ongoing problems (Barra, 2010).

Reduced Lawsuits and Insurance Claims; Having a company policies and procedures manual that lays out staff behavior restrictions can help an organization reduce risks and insurance claims. Working with an employment expert, you create policies that address state and federal workplace rules and regulations, such as those covering harassment and overtime. Having controls that address workplace safety can help reduce accidents, lowering your insurance premiums and reducing workers’ compensation claims and negligence lawsuits (Olumbe, 2012), he further asserts that in a study to establish the relationship between internal controls and corporate governance in commercial banks in Kenya. The researcher conducted a survey of all the 45 commercial banks in Kenya. It was concluded that most of the banks had incorporated the various parameters which are used for gauging internal controls and corporate governance.

2.4 Other factors affecting financial performance

Judgment The effectiveness of controls will be limited by decisions made with human judgment under pressures to conduct business based on the information at hand. According to Lannoye (1999) Effective internal control may be limited by the realities of human judgment. Decisions are often made within a limited time frame, without the benefit of complete information, and under time pressures of conducting agency business. These judgment decisions may affect achievement of objectives, with or without good internal control. Internal control may become ineffective if management fails to minimize the occurrence of errors, for example misunderstanding instructions, carelessness, distraction, fatigue, or mistakes (Lannoye, 1999)

Breakdowns Even well designed internal controls can break down. Employees sometimes misunderstand instructions or simply make mistakes. Errors may also result from new technology and the complexity of computerized information systems.

Management Override High level personnel may be able to override prescribed policies and procedures for personal gain or advantage. This should not be confused with management intervention, which represents management actions to depart from prescribed policies and procedures for legitimate purposes. According to Lannoye (1999), management may override or disregard prescribed policies, procedures, and controls for improper purposes. Override practices include misrepresentations to state officials, staff from the central control agencies, auditors or others. Management override must not be confused with management intervention (i.e. the departure from prescribed policies and procedures for legitimate purposes). Intervention may be required in order to process non-standard transactions that otherwise would be handled inappropriately by the internal control system. A provision for intervention is needed in all internal control systems since no system anticipates every condition (Mercer University, 2015).

Collusion Control systems can be circumvented by employee collusion. Individuals acting collectively can alter financial data or other management information in a manner that cannot be identified by control systems. The effectiveness of segregation of duties lies in individuals ‘performing only their assigned tasks or in the performance of one person being checked by another. There is always a risk that collusion between individuals will destroy the effectiveness of segregation of duties. For example, an individual receiving cash receipts from customers can collude with the one who records these receipts in the customers’ records in order to steal cash from the entity (Williams 2009).

COSO Control Framework According to Putra (2015), in 1985 the American National Commission of Fraudulent Financial Reporting, known as the Treadway Commission, was created through the joint sponsorship of including American Accounting Association, and Institute of Management Accountants (America). Based on its recommendations a task force under the auspices of the Committee of Sponsoring Organizations (COSO) conducted a review of internal control literature. The eventual outcome was the document Internal Control—Integrated Framework. COSO emphasized the responsibility of management for internal control (Putra, 2015).

The COSO defines internal control as having five (5) components. These are control environment, risk assessment, 15 information and communication, control activities, and monitoring. COSO (1994) explained the components as follows: a. Control Environment. The control environment sets the tone of an association, impacting the control awareness of its people. It is the establishment for every single other part of internal control, giving discipline and structure. Control environment variables incorporate the integrity moral qualities and skill of the entities ‘people; administration’s rationality and working style; the way administration allocates power and obligation, and composes and builds up its kin; and the consideration and bearing gave by the top managerial staff. Risk Assessment. Each element confronts a mixed bag of risks from outer and interior sources that must be surveyed.

According to Amudo and Inanga (2009), the COSO framework may be relevant to larger organizations, but inappropriate for small ones’ due to expenses and operational complexity. Administration of small organizations may not require formal internal controls for the reliability of the records and other information, because of their personal involvement in the operations of the organization. This raises a question whether the controls of small companies should be as complex as those of large companies for them to be effective they asserted that, the COSO framework did not perceive and capture the delicate balance between formal and informal controls in smaller organizations. Moreover, in what capacity can small companies ‘internal controls be compelling when just a few of the components recommended by COSO are available and yet the controls could still be effective? COSO did not address this question (Amudo and Inanga, 2009).

Standardized accounting process, including faster tracking of errors, improved quality control, efficiency in record keeping, greater efficiency through the use of information and communication components like internets, satellites among others that enables tracking and tracing of the goods in transit, during shipment as well as giving up to date information to the accountants about the quantity of goods in storage so that the accountants are able to reconcile the books of accounts with the physical stock in the store, (Kotler 2010).

Process Automation. With the use of technologically components such as Bar coding, Satellite, internets and Image processing among others in the process of managing accounting efficiency, there has been reduction on paper work thereby leading to a substantial reduction of errors, as well as increased capability to obtaining and exchanging real time information. This is possible through the use of information technology systems such as Bar code and scanners which represents a series of alphanumerical characters, bar code readers to interpret bar code symbology, and bar code printers to reliably and accurately print bar codes on labels, cartons, and/or picking /shipping documents Aberdeen group 2015)..

Compensation is one of the primary reasons for employees to seek employment. They are rewarded for their services and efforts that they exert for their organizations. They can be compensated in many ways for example salaries, holidays, bonuses etc. There are two basic compensation models; performance based pay and components based pay. In the former paradigm, employee’s compensation is either tied to the way he performs; if he performs better he would be rewarded accordingly (performance based pay) and on the other hand, nonperformance based pay; where, employee’s performance is not tied to getting rewards, rather the employee is paid or rewarded even if its performance is not up to the mark for example fixed pay and salaries (Taylor, 2005).

The relative importance of various factors used to measure the performance of employees should be related to how well each measure informs the principal about the employee`s actual performance (Lambert and Larcker, 1987; Banker and Datar, 2013). For decade`s employees measure has been used as primary indicators of managerial performance with prior research documenting a significant relation between employees based performance and financial compensation (Antic and Smith, 1986, Ittner, et at., 2013). Moreover, both the annual cash bonus and the sum of the cash bonus plus stock based compensation have been linked to employees based performance as well as numerous other attributes of the firm’s governance structure (Core, et al, 2011).

Improved distribution process. According to Dobler and Burt (2011) With improved tracking and tracing as a result of using internet, satellites among others, the company that is to say the distributing company is assured of efficiency and effectiveness in the distribution process as their trucks are properly tracked and traced so that in case the deliveries are made to a different location, the mistake can easily be rectified. This has therefore, improved Logistics efficiency in organizations and this has all been because of the introduction of information and communication technology. Other benefits include; delivering on time, reduced delivery enquiring time and improved distribution management.

Proper monitoring. The introduction of information and communication technology in logistics management has brought about efficient and effective monitoring of the materials during transit to their various destinations. This is done through use of technologies that allows communication across a very wide geographical area. Satellite communication provides a fast and high-volume channel for information movements. Satellite technology facilitates real time interaction which provides up to date information about location and delivery information about the products in transit. The satellite devices can also be used in tracking and tracing the materials in transit. Tracking is specifically achieved through the use of internet and others, this therefore enables both the delivering organization or the supplier and the buyer to know where specifically the goods in transit is and also in case of any problem encountered say by the truck being used for the transportation purposes, it can easily be recognized by the parties concerned (Kenneth Lysons 2013).