Research support services
INTERNAL CONTROL SYSTEMS AND FRAUD DETECTION IN COMMERCIAL BANKS IN UGANDA. A CASE BSTUDY OF STANBIC BANK, KAMPALA
CHAPTER ONE
1.0 Introduction
This chapter covers the background of the study, purpose of the study, research questions, and scope of the study, significance of the study and definition of terms.
1.1 Back Ground of the study
Globalization and the advancement in technology has become the hallmark for businesses today and the banking sector is no exception. Banks have been expanding their operations and activities beyond the domestic borders as a result of globalization and improved technology. The expansion of business, globalization and the advanced technology also exposes business to increased risk, fraud, altercations and other irregularities. This has made internal controls an imperative system to maintain by every business and for that matter the banking sector. Globalization of businesses, technological advancements, increasing risk of business failures, the fraud and altercations that emerged in the financial sector in Africa call for the proper maintenance of an effective internal control systems.
The United States of America and elsewhere in Europe have encouraged nations and corporate organizations to place more emphasis on their internal control systems and internal auditing functions and risk management (Mercer University, 2010: Online). The credit crunch that has hit the world’s most developed economies recently is a clear indication of the failure of the system to hold in check some of the excesses in our haste to satisfy our profit making agenda and to outdo one another in competition. These financial crises which affected the mainly the developed countries results are being felt by the developing countries of which Ghana is no exception.
An organization’s internal control system is comprised of the control environment, risk assessment, control procedures, monitoring, and information & communication system. It includes all the policies and procedures adopted by the directors and management of an entity to assist in achieving their objectives, ensuring, as far as practicable, the orderly and efficient conduct of their business, including adherence to internal policies, the safeguarding of assets, the prevention and detection of fraud and error, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information.
The control environment is an organization’s overall attitude toward controls. It is the tone at the top. Risk assessment is the process of identifying the risks faced by an organization. Once these risks have been identified then specific control procedures can be designed and implemented to address them. Monitoring is important to ensure that controls are functioning as designed. And Management uses an organization’s information and communication system to maintain the system of internal controls.
Internal control systems can be described as the whole system of control, financial and otherwise established by management in order to carry on the business of the enterprises in an orderly and efficient manner. It involves the control environment and control procedure, all the policy and procedure adopted by the directors and management of an entity to assist in achieving their objectives, including adherence to internal policies, the safe-guarding of assets, the prevention and detection of fraud and error as well as the completeness and accuracy of records, with the timely preparation of reliable financial information (Benjamin, 2001).
It is necessary that every bank must have an internal audit department to ensure that accounting systems provide an efficient means of recording and reporting financial transactions, providing management information and protecting the company’s asset from fraud and misappropriation (Achibong, 1993). One of the most effective systems for detecting fraud is internal control, which is a system by definition, operating in the same environment as the fraud itself and serving as an effective, formidable adversary to the fraud scheme and that the definition of internal control, described as a process, framework, or function, do not touch upon systematic concepts (Mcshane, 2007).The most widely used definition is that of the Committee of Sponsoring Organizations of the Treadway Commission (COSO,ICIF, 1994): a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations, reliability of financial reporting, compliance with applicable laws and regulations. (COSO, ICIF, 1994).
Fraud, on the other hand, can be defined as an act of deliberate deception with the aim of securing a personal benefit by taking advantages of other. Also, it could simply be put as the misappropriation, theft or embezzlement of corporate assets in a particular economic environment in the simplest thinking” it is also known as “stealing by tricks” (Achibong, 1993). It is the trusted and valued employee who generally commits business fraud. When frauds are discovered, there is often shock and disbelief that they could have committed such an act. The perpetrator of business fraud could be “the person next door.” This person is likely to be a married male with a family, religious affiliation, and above average education (Russell and Norvig, 2003).
In most cases, offenders do not view stealing from companies as harmful; they may think that the crime was victimless; and they do not view their theft as being devastating or costly to the business. Many frauds occur because the opportunity exists and the perpetrator does not believe he/she will be caught. In many cases the offender has “little or no criminal self-concept and offenders view violations as part of their work” Further; they usually minimize their crime since it results in minor losses for a large volume of clients; no one client is usually targeted for the crime.
It has been an ongoing issue for thousands of years and continues to be a problem today. There are several definitions for fraud as a legal (or criminal) concept. According to the Encyclopedia Britannica, (2009), it is “the deliberate misrepresentation of fact for the purpose of depriving someone of a valuable possession. Although fraud is sometimes a crime in itself, more often it is an element of crimes such as obtaining money by false pretense or by impersonation” To understand the components of fraud, a systematic approach is in order. As a system, fraud involves victims and perpetrators, and as a structure, it involves a fraud scheme. It can be evaluated as an open system, and the challenge is to evaluate the weaknesses of this system in order to impact it (detect, prevent, or deter).
It can be seen as the intention, deception, misrepresentation, omission or concealment of the truth for the purpose of obtaining unlawfully the assets of the bank, which is the major reason for setting up on internal control system, has become a great pain in the neck of many Ugandan bank managers. It has also become an unfortunate staple in Uganda’s international reputation. It is really eating deep into the Ugandan banking system and that any bank with a weak internal control system is dangerously exposed to bank fraud (Adeduro, 1998).
The management of an organization has a duty to institute a system of internal control that will be appropriate to the enterprise. This will assist in preventing, or at least, substantially reducing the incidence, not only of mistakes, but also of irregularities and intentional errors, including fraud.
A system of effective controls is a critical component of a bank management and a foundation for safe and sound operation of banking organization. A system of strong internal controls can help to ensure that the goals and objectives of a banking organization will be met, that the bank will achieve long-term profitability targets, and maintain reliable financial and managerial reporting. Such a system can also help to ensure that the bank will comply with laws and regulations as well as policies, plans, internal rules and procedures, and decrease the risk of unexpected losses or damage to the bank’s reputation (Hamid, 2004).
Many internal control failures that resulted in significant losses for banks could have been substantially lessened or even avoided if the board and senior management of organizations had established strong control culture. Adamu (2004) contends that good internal control is necessary in ensuring the healthy survival and growth of any organization especially financial institution. Internal control is being put in place to achieve accountability, prudence and completeness.
More frauds were also experienced during Tamangalo land issue, mismanagement of national social security fund and during CHOGM in 2007 in Uganda. According to the Public Accounts Committee (PAC) report on the Commonwealth Heads of Government Meeting (CHOGM 2007) Kampala, the committee estimated that CHOGM expenditure almost doubled from the authorized and appropriate budget of two hundred seventy billions shillings (270,000,000,000/=) to over five hundred billions (500,000,000,000/=). According to PAC report (2010), some roads which were designed by the consultants were never worked on yet the designers had already been paid. This led to loss of fund which was used on consultancy. The expense therefore is nugatory.
During the past two decades 1990-1999 and 2000-2009, Uganda commercial banking industry underwent significant restructuring. In the early 1990s, Uganda embarked on banking sector reforms, focusing on improving bank performance, through liberalization and strengthening prudential regulations, (Bategeka and Okumu, 2010). The reforms restructured the banking industry in regard to advances in computer technology, that led to electronic and internet based banking. Consequently, there are changes in internal bank operations; relationships with customers and inter-bank interactions. These improvements caused repercussions on the costs and revenue of commercial banks and ultimately performance differences between domestic and foreign commercial banks. The consequence, among others, included the closure of several commercial banks in Uganda . The results of banking sector reforms suggest mixed outcomes. Whereas there was impressive improvement for banking system as a whole, the performance of foreign commercial banks remained quite steady and even improved while domestic commercial banks suffered massive decline in their profitability and accumulated more non-performing loans (Mpuga, 2002). The decline became a source of anxiety as domestic commercial banks are performing relatively poorly compared to foreign commercial banks
The cost of fraud to a business is difficult to estimate because not all fraud and abuse is discovered, not all uncovered fraud is reported, and civil or criminal action is not always pursued. Therefore, the main thrust of this study is to internal control systems and fraud detection in commercial Banks in Uganda with specific references to Stanbic bank Kampala Uganda.
1.2 THE PROBLEM STATEMENT
There is a declining trend of average profits for domestic commercial banks, while their foreign liabilities are increasing, compared to foreign commercial banks, (Bank of Uganda,
2011). However, over the period 2000-2011, the average interest expenses to equity for domestic commercial bank was 0.145.during the period 2000-2011, operating expenses to total assets for domestic commercial banks is 0.114 compared to 0.068 for foreign commercial banks. In the same period 2000 to 2011, The Net Interest Margin to total assets is 0.1131 for domestic commercial banks, while foreign commercial banks had
0.0487. The average Return on Equity (ROE) indicates that domestic commercial banks had 24.7% compared to 28.5% for foreign commercial banks. This suggests that, foreign commercial banks perform better than domestic commercial banks in Uganda. By the end of 2011, domestic commercial banks had only 17.5% of the market share which is extremely low, when compared to 82.5% for foreign commercial banks.
According to Bank of Uganda there is a significant increase in Bank fraud as indicated in the following periodic performance report that shows that in 2008 there was a reduction in fraud by 30% then the years that followed 2009, 2010 and 2011 there was an increase in fraud by 60% these results indicated that the internal control systems in place were inadequate to control fraud which is due to poor fraud detection in commercial banks in Uganda.
Consequently, the relatively poor detection of commercial banks in Uganda needed to be investigated; this study therefore intends to investigate into Internal control systems and fraud detection in commercial banks with specific reference to stanbic bank Kampala Uganda.
1.3 Purpose of the study
The purpose of study is to examine internal control systems and fraud detection in commercial banks systems in Uganda.
1.4 Objectives of the study
- To investigate the extent to which control environment affects fraud detection at stanbic bank.
- To examine the influence of risk assessment on fraud detection in stanbic bank
- To investigate the contributions of internal control of fraud detection at stanbic bank
1.5 Research Questions
- To what extent does control environment affects fraud detection at Stanbic bank.
- What is the influence of risk assessment on fraud detection in Stanbic bank
- What are the contributions of internal control of fraud detection at Stanbic bank
1.6 SCOPE OF THE STUDY
1.6.1Content Scope
Study will carry out research related to internal control systems and fraud detection in commercial banks.
1.6.2 Time Scope
The time scope for the study is 2000-2014; a period during which the commercial banking sector in Uganda underwent significant restructuring, including; implementation of Electronic clearing system (ECS), full compliance with the statutory minimum capital requirement of shillings 4.0 billion in 2002 and thereafter to 25 billion, through the current financial Institution Instrument N0.43. In addition, the main aim of choosing this particular period was to utilize the most recent financial data available from commercial banks in Uganda.
1.6.3 Geographical scope
The study will be carried out at stanbic bank located
1.7 SIGNIFICANCE OF THE RESEARCH
This research work will provide a basis or a conceptual framework and standard against which companies could assess their internal control system and judge their effectiveness. In other words, the study is to provide common language, understanding and a practical way for companies to assess and improve their internal control systems.
To the researcher studying on the same subject, it will provide way of delving into what this research could not cover considering its limitations. The results of this study will help the financial institutions to sit up in following the control measures in their day to day management of their credit portfolio.
Though this research is to partially fulfill an academic requirement for the award of a masters degree, it is expected that recommendations will be provided to complement the policies by the regulatory bodies and the efforts of the banking institutions in addressing problems of default and the unnecessary legal tussles that characterizes repayments of bank facilities.
1.8 DEFINITION OF KEY TERMS
Bank: A bank is a company incorporated by the corporate Affairs Commission and licensed by the central bank of Uganda to carry on the business of collecting and repaying deposits into various types of accounts and the granting of money loans and overdrafts to its customers.
Internal Control System: Internal control is defined as a process, affected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations, reliability of financial reporting, and compliance with laws and regulations.
System: A system is an assembly of components connected in an organized way. The components are affected by being in the system and the behavior of the system is changed if they leave it. This organized assembly does something and has been identified as of particular interest.
Fraud:
According to Norman Katz (1996), fraud is a purposeful deception, misrepresentation, or concealment of facts intended to cause injury or loss to another party, typically for the sake of one own direct or indirect gain.
The Association of Certified Examiners of Fraud in the USA, define fraud as the “use of one’s occupation for personal enrichment through deliberate misuse or misapplication of the employing organizations’ resources or assets.”
The Collins English dictionary (1999) defines fraud as “a criminal offence in which a person acts in a deceitful way”.
1.9 LIMITATIONS OF THE STUDY
The persons selected as key informants such as the staff and management of banks are usually very busy, hence it may not be easy to collect data from them.
In most cases banks prefer remaining discrete and privy to information especially to matters that may appear negative for fear of scaring or creating a bad image that may discourage public from doing business with them.
Financial constraints in meeting the cost of the research process in view of inflation may be a hindrance to the study. This may involve transport costs, stationary costs and other expenses.
1.10 THEORETICAL FRAME WORK
The agency Theory
The theory addresses safeguards in place to protect interests of a share holder ACCA (2003).This is key in highlighting important aspects underlying the evolution of internal controls towards fraud detection. In this theory the relationship occurs where one party referred to as the principal employs another party referred to as the agent to perform tasks. Such relevance becomes key on how internal control systems as a principal, impacts on fraud detection as an outcome in the banking industry. This theory is very relevant in banks because it highlights crucial areas like vigilance in internal bank control, by drawing emphasis on right applicability of systems and procedures for attainment of organization goals.
(Wikipedia in the free encyclopedia states how Bank fraud is a billion dollar a year industry in North America that affects every financial institution and you, because the fraud costs are passed on to the consumer as they are in every other industry.
Under the federal law, bank fraud in the United States is defined, and made illegal, primarily by the Bank fraud statute in Title 18 of the United States code. The statute was passed following the supreme court’s decision in a case between Williams vs United states,(1982),and this was later bolstered by the Financial institutions Reform, Recovery and Enforcement Act of 1989 (FIRREA).China has executed bankers for fraudulent activity, some recent cases (Sept 2004)which ended in capital punishment include, Wang Liming, former accounting officer, China Construction Bank, Henan, with others stole 20 million Yuan ($ 2.4 million in U.S Currency) Other countries have passed similar or harsher legislations in order to preserve and maintain good performance in banks and other financial institutions because public was beginning to become skeptical with them. (Bankers Online (www.bankersonline.com)
1.11 CONCEPTUAL FRAME WORK
Independent Variable Dependent Variable
Intervening Variable
Developed by the researcher 2015
CHAPTER TWO
LITERATURE REVIEW
2.1 Introduction
This chapter discusses the review of the available related literature written by other authors in relation to internal control systems and fraud detection in commercial banks in Uganda.
2.2 THE CONCEPT OF INTERNAL CONTROL
A system of internal control consists of policies and procedures designed to provide management with reasonable assurance that the company would achieve its goals and objectives. These policies and procedures are often called controls, and collectively they comprise the entity’s internal control. The operational standard practices committee of the UK defined internal control as the whole system of controls, financial and otherwise, established by the management in order to carry on the business of the enterprise in an orderly and efficient manner, ensure adherence to management policies, safeguard the assets and secure as far as possible the
completeness and accuracy of the records (IAG6). Dandago (2003) observes that the Internal Auditing Guidelines’ (IAG6) definition can be summarized briefly as the entire control measures which the management puts in place to make sure that all aspects of the organization: finance, assets, records, etc. are effectively monitored and managed for the achievement of organizational objectives. He went further to say that these controls are set up to ensure that the possibility of fraud or error and all kinds of material defects and irregularities are prevented or substantially reduced. Hence, the overview of internal control centers around the various procedures to be followed in order to make an organization effective and put it on course for the achievement of its immediate and remote objectives.
Similarly, Woolf (1985) observes that the striking thing about the definition is it’s all- embracing nature and it is clear that internal control is concerned with the control operative in every area of corporate activity, as well as with the way in which individual controls inter-relate. Extending the comment further, one can posit that internal control in organization should comprise of all types of control measures i.e. both financial and non-financial, record and non-record related, which must be working harmoniously to ensure the attainment of organizational objectives and the safeguarding of resources.
Agbelusi (1986) defines internal control as a plan of organization with methods and measures adopted within a business to: safeguard the assets of the organization; check the accuracy and reliability of the accounting data; encourage employees to adhere to procedures set up by employers. Awoyemi (1989) defines internal control as the plan of an organization procedure and equipment used in a business to protect its assets from improper use and to promote efficiency in operations. He outlined some strategies, which are involved in the internal control system of an organization. They include: Segregation of duties; authorization; personnel; organization/management; arithmetical and accounting; and supervision. Oshisami (1992) observes that internal control involves the whole system of controls, financial and otherwise, established by the management to assist it in carrying out its functions in an orderly manner, safeguard its assets, secure as far as possible the accuracy and reliability of its records, promote operational efficiency and encourage adherence to policies.
The Coso Report (1992) defines internal control as a process effected by the entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations; reliability of financial reporting; and compliance with applicable laws and regulations.
From the diversity of these definitions, the term internal control refers to any combination of measures, policies and procedures that the management of an organization adopts in order to ensure that the assets of such organization are duly protected and that all operations are carried out in the most efficient manner. These measures are adopted to enhance the realization of organizational objectives.
2.2.2 The Internal Control Environment
Internal control covers all methods, procedures and arrangements adopted within an organization to ensure as far as possible the safeguarding of assets, the completeness, accuracy and reliability of accounting records and the promotion of operational efficiency and adherence to management policies. Management should introduce appropriate controls to prevents, or at least substantially reduce the incidence, not only of mistakes but also of irregularities and intentional errors, including frauds.
Helmkamp et al (1985) observe that there are two types of internal control measures that are used by a business: administrative controls and accounting controls. Administrative controls are used to maintain an efficient operation and ensure adherence to prescribed company policies. Accounting controls on the other hand, are the methods used to protect assets and ensure that accounting information is reliable. They include procedures used to authorize various business transactions to separate record keeping duties from the custody of a firm’s assets. Ouch (1989) is of the view that controls are basically two, behavioral controls and output controls, thus controls relates to ability to measure results. Hence accounting controls means perfect knowledge of the transformation process with high propensity to measure outputs. Dandago (2003) contends that the following are the types of control that are to be put in place in any organization (public or private):
(i) Organizational Control
Every organization should have an organization chart, which should adequately define and allocate responsibilities; each function specified by the chart must be under a specific person who is to be seen as the responsible officer. When authorities are delegated, responsibilities must be clearly specified.
Millichamp (2000) describes control environment to mean the overall attitude, awareness and actions of directors and management regarding internal controls and their importance in the entity. The control environment encompasses the management style, and corporate culture and values shared by all employees. Aren et al (1999) explain that because economic, industry, regulatory, and operating conditions constantly change, management is challenged with developing mechanisms to identify and deal with risks associated with change bearing in mind that internal control under ones set of conditions will not necessarily be effective under another.
Sabari (2003) contends that control activities (also called control procedures) are those policies and procedures in addition to the control environment and the information system that management establishes to provide reasonable assurance that their objectives are achieved. They include in particular procedures designed to prevent or detect and correct errors. John et al (1987) opine that control activities are generally established
over: authorization and execution of transactions; segregation of duties; the design and use of documents and records; access to assets and records; and, independent checks on performance.
Sabari (2003) found that to operate effectively and efficiently, an entity needs to identify, capture, and communicate both external and internal information in a form and time frame that enables people to discharge their assigned responsibilities. Information and Communication has to do with identifying, assembling, classifying, analyzing, recording, and reporting the entity’s transactions and maintaining accountability for related assets. Arens et al (1999) observe that for accounting system to be effective, it should: Include methods and records that will identify all valid transactions; record transactions in the proper accounting period; and, describe transactions on a timely basis and in sufficient detail to permit proper classification, to measure the transaction properly, and present summarized transactions and related disclosures accurately in the financial statements.
According to Ricchiute (2002), the auditor’s objective in considering an entity’s accounting system is to obtain an understanding of: major classes of transactions; how transactions are initiated; the records, documents, and accounts used in the processing and reporting transactions; the processing of transactions; and, financial reporting procedures. Monitoring activities deal with on going or periodic assessment of the quality of internal control performance by management to determine that controls are operating as intended and that they are modified as appropriate for change in conditions.Information for assessment and modification comes from a variety of sources, including, studies of existing internal controls, internal audit reports, reports by regulators such as regulatory agencies, complaints from customers etc.
Millichamp (2000) argues that the controls must not operate in isolation but in absolute harmony if the overall corporate objective is to be achieved. By way of examples the same author provided a good number of internal control measures in various areas of business operation.
The control environment reflects the board of directors’ and management’s commitment to internal control. It provides discipline and structure to the control system. Elements of the control environment include the organization structure of the institution, management’s philosophy and operating style, the integrity, ethics, and competence of personnel, the external influences that effect the organization’s operations and risk management practices, the attention and direction provided by the board of directors and its committees and the effectiveness of human resources policies and procedures. (Administrator of National Banks, Comptroller’s Hand Book 2001), Hevesi (2005) however considers the Control environment to be the attitude toward internal control and control consciousness established and maintained by the management and employees of an organization. It is a product of management’s governance that is its philosophy, Style and supportive attitude, as well as the competence, ethical values, integrity and morale of the people of the organization. The control environment encompasses the attitudes and actions regarding control.
This environment sets the organizational tone, influences control consciousness, and provides and foundation for an effective system of internal control. The control environment also provides the discipline and structure for achieving the primary objectives of internal control. (Lannoye 1999). Flowing from the above the board of directors should show concern for integrity and ethical values. There must be a code of conduct and/or ethics policy and this must be adequately communicated to all levels of organization. Also there must be a structure appropriate, which is not dominated by one or a few individuals and an effective oversight by the board of directors or audit committee. Management also needs to put a mechanism in place to regularly educate and communicate to management and employee the importance on internal controls, and to raise their level of understanding of controls.
2.2.3 INTERNAL CONTROL AND THE ROLE OF AUDITORS
Although external auditors are not, by definition, part of a banking organization and therefore, are not part of its internal control system, they have an important impact on the quality of internal controls through their audit activities, including discussions with management and recommendations for improvement to internal controls. The external auditors provide important feedback on the effectiveness of the internal control system. While the primary purpose of the external audit function is to give an opinion on, or to certify, the annual accounts of a bank, the external auditor must choose whether to rely on the effectiveness of the bank’s internal control system. For this reason, the external auditors have to conduct an evaluation of the internal control system in order to assess the extent to which they can rely on the system in determining the nature, timing and scope of their own audit procedures (Dandago: 1999). Basle Committee as reported by Aina (2001) explained that the exact role of external auditors and the processes they use vary from country to country. Professional auditing standards in many countries require that audits be planned and performed to obtain reasonable assurance that financial statements are free of material misstatement. Auditors also examine, on a test basis, underlying transactions and records supporting financial statement balances and disclosures. An auditor assesses the accounting principles used and significant estimates made by management and evaluate the overall financial statement presentation. In some countries, external auditors are required by the supervisory authorities to provide a specific assessment of the scope, adequacy and effectiveness of a bank’s internal control system, including the internal audit system (Aina: 2001, Collins: 2000 and Dimistris: 2002).
One consistency among countries, however, is the expectation that external auditors will gain an understanding of a bank’s internal control process. The extent of attention given to the internal control system varies by auditor and by bank; however, it is generally expected that the auditor would identify significant weaknesses that exist at a bank and report material weaknesses to management orally or in confidential management letters and, in many countries, to the supervisory authority. Furthermore, external auditors may be subject to special supervisory requirements that specify the way that they evaluate and report on internal controls.
The internal Auditor on the other hand also plays an important role in the internal control system. He objectively examines, evaluates and reports on the adequacy of internal control as a contribution to the proper, economic, efficient and effective use of resources. Tijjani (2003) observes that the objective of internal auditing is to assist members of the organization in the effective discharge of their responsibilities. In its standards for professional practice on internal auditing, the Institute of Internal Auditors (1991) define the scope of internal auditing as the examination and evaluation of the adequacy and effectiveness of the organization’s system of internal control and the quality of performance in carrying out assigned responsibilities. Thus, internal audit is concerned with an evaluation of both internal controls as well as the quality of actual performance.
Sabari (2003) contends that many organizations have internal auditors who are responsible for a continuous review and analysis of the internal control system. Both administrative controls and accounting controls are studied by the internal auditors to identify weaknesses in internal control that can improve over time. Thus, internal auditors are not simply one of the organization’s controls – they are a control over all other controls. For this reason, while internal auditors can recommend control, they should not design and implement the controls. Rather, to maximize their objectivity, internal auditors should serve the organization as independent appraisers of existing controls as emphasize by the standards for professional practice of internal Auditing (2001).
The major roles of internal auditor generally fall into the following specific control activities (Sabari: 2003): adequate separation of duties; proper authorization of transactions and activities; adequate documentations and records; physical control over assets and records; and, independent checks on performance.
2.3 Influence on risk assessment on fraud detection
Risk Assessment
This is the identification and analysis of relevant risks to the achievement of objectives, forming a basis for how the risks should be managed. According to Lannoye (1999) this component of internal control highlights the importance of management carefully identifying and evaluating factors that can preclude it from achieving its mission. Risk assessment is a systematic process for integrating professional judgment about probable adverse conditions and events, and assessing the likelihood of possible losses (financial and non-financial) resulting from their occurrence. The second internal control standard addresses risk assessment. A precondition to risk assessment is the establishment of clear, consistent agency goals and objectives have been set, the agency needs to identify the risks that could impede the
efficient and effective achievement of those objectives at the entity level and the activity level. Internal control should provide for an assessment of the risks the agency faces from both internal and external sources. Once risks have been identified, they should be analyzed for their possible effect. Management then has to formulate an approach for risk management and decide upon the internal control activities required to mitigate those risks and achieve the internal control objectives of efficient and effective operations, reliable financial reporting, and compliance with laws and regulations.
Risk Identification
Management should perform a comprehensive analysis of identifiable risk, including all risks associated with department-wide and activity level objective (derived from the organization’s mission). The activities analyzed should include those that support both financial and non- financial objectives. Management must consider the significant interactions with external organizations as well as those internal to their organization at both the department-wide and activity levels. Several means of risk identification can be used, including; management planning conferences, strategic planning, periodic reviews of factors effecting department’s activities, changing needs or expectations of agency officials or the public and natural catastrophes. (Lannoye, 1999)
Risk Analysis
After identifying department-wide and activity level risk, management should perform a risk analysis. The methodology may vary since risks are difficult to quantify; however, the process generally includes the following:
- Estimating risk significance
- assessing likelihood/frequency of occurrence
- Considering how to manage risk
Risk with little significance and low probability of occurrence may require special attention. After assessing the significance and likelihood of risk, management must determine how to control it. Approaches may differ among agencies, but they must be designed to maintain risk within levels deemed appropriate by management, considering the concepts of reasonable assurance and cost-benefit. Once implemented, the approach should be continually monitored for effectiveness. (Lannoye, 1996)
Managing Risk during Change
When change occurs in an organization it often affects the control activities that were designed to prevent or reduce risk. In order to properly manage risk, management should monitor any change to ensure that each risk continues to be managed as change occurs. Management should inform employees responsible for managing the organization’s most critical risks about any proposed changes that may affect their ability to manage those risks. Managers should continually monitor the factors that can affect the risks they have already identified as well as other factor that could create new risks. (Walker 1999).
2.4 Contributions of internal control on fraud detection
Detection of frauds in Banks
From the above effects, it can be clearly seen that fraud is really a destructive force on a mission to spoil the name of financial institutions, render so many employers of labour jobless, close down banks and erase the confidence of the people in the country’s banks. This should not be permitted hence efficient internal control systems must be fully affected.
According to Ola (2001) the primary responsibility for the prevention and detection of errors and irregularities rests with management. This responsibility arises out of a contractual duty of care by directors and managers and also because directors and other managers act in a stewardship capacity with regard to the property entrusted to them by the shareholders or other owners.
Izedonmi (2000) also said that the responsibility for the prevention or detection of fraud and errors, within an enterprise, rest with the management. This responsibility is discharged by management, through the establishment of an adequate system of internal controls, including internal check and internal Audit. It is therefore, pronounced that the management of any banking organization is totally responsible for the prevention and detection of fraud, majorly by the establishment of an adequate, efficient and effective internal control system.
In view of the gravity of fraud in banks, the management of various banks have employed different measures, such as establishment of internal control unit, fraud alerts, security measures etc. Yet fraud has continued in an upward trend, and this has called the effectiveness of these measures into question (Okubena, 1998). Though details may differ from one bank to another, it all depends on size, location and general environment nationally and internationally. Nwankwo (1991) was of the opinion that general procedures for the control should normally involve identification and detection, then lastly management.
Fraud Identification
Every bank is to be aware of and identify the types of frauds prevalent in the society, including the international society, the causes and modalities of the frauds and the potentials and prospects of some of them occurring in the bank. This will be a function of volume, types and concentration of the banks operations and the management control systems.
There are the internal and external management controls. Internal management controls are carried out on the inside of the company while external controls are carried out on the outside. Internal management control is classified into two major groups: Internal Checks and Internal Audit. Internal checks are the operational controls, which are built into the banking system to simplify the processing of entries in order to secure prompt services, to help in minimizing clerical errors and to act as insurance against collusion.
Internal Audit on the other hand involves the review of operations and records undertaken within a business by specifically assigned staff, which is usually the Internal Auditor. There are people called external auditors too who examine the books of the bank to determine its truth and fairness. This kind of audit is mostly statutory in nature, which is called for by the law (Onkagba
2001).
Fraud Prevention and Detection
The process of identification of frauds will enable the bank to access its susceptibility and identify which types it has to address particularly. Having done so, the next stage would be to evolve measures to prevent the occurrence of such frauds. The existing control systems can be classified into two, those aimed at prevention and those aimed at detection. Ekechi (2000) stated that measures aimed at fraud prevention include dual control, operational manual, graduated limits of authority, lending units, reporting systems, close circuit television, establishment of inspectorate units, referencing on presentation of document of value, segregation of duties, verification of signatures, controls of dormant accounts, detection of passport sized photos, close watch on the lifestyle of staff and coding/decoding and testing of telex messages.
Measures aimed at fraud detection include checking of cashiers, call-over, reconciliation and balancing of accounts at branches, interbank at head office levels, periodical submission of statement of accounts, stock taking of security items and cash in the vaults and inspection by bank inspectors (Ojeigbede,2000).
The CBN as the supervisor and regulator of the banking systems is interested in ensuring that banks put in place comprehensive and effective internal control systems to minimize the incidence of frauds and whenever they occur to ensure that they are detected. From the point of view of supervisors, a good internal control system must have the following attributes: dual control, segregation and rotation of duties, an effective and independent inspection functions, clearly defined levels of authority and responsibility, existence of an efficient Audit Committee and adequate fidelity insurance cover.
It is also the responsibility of the supervisor to determine banks’ compliance with rules and regulations through exhaustive review of their internal audit reports. They ensure that appropriate steps are taken by the board and management of banks to address issues raised in the audit reports. It is also their duty to ensure that fraudulent bank directors and staff are sanctioned with such report being duly circulated among banks and also that banks take advantage of Risk Management System (credit bureau) to monitor fraudulent customers and accomplices (CBN,
2000).
The supervisors are also to cooperate with the external auditors of banks to ensure that the internal audit program me of banks is comprehensive, adequate and effectively executed. The supervisors should also conduct an in-depth investigation into activities of a bank when put on enquiry.
In order to enhance the ability of supervisors to carry out their responsibility effectively, they must be adequately trained and equipped with modern tools for supervision.
Fraud detection
In devising the general preventive measures, the bank should appreciate the main feature of fraud, one of which is that fraud is rapidly increasing and it is a highly profitable industry. According to Ekeiqwe (2000), computer technology facilitates and accentuates the growth. Other features are that frauds involve misappropriation of assets and manipulation or distortion of data and most frauds result from basic failure and inadequacies of internal controls. This was rightly confirmed in a report by the NDIC
1999 annual reports and statement of accounts, where it said that most frauds are committed by insider usually in collusion with outside third parties, and mostly are discovered by accident or tip offs rather than internal and external auditors.
It was suggested by Nwankwo (2000) that on the discussion of the anatomy of frauds, management should evolve positive attitudes towards safeguarding the banks assets and ensuring that staff does not exploit the weakness in internal control. He further said that the policies should stress the cardinal principles of separation of duties to ensure that one person does not originate and complete an assignment or entry. The policy should also emphasize dual control of sensitive areas such as strong rooms and locks to security documents and account, the need for daily balancing of account and the various precautions which include necessary references for opening of accounts.
Ekechi (2000) was of the opinion that, in order to attain the objective of fraud management, there is need for full compliance with established policies, rules and procedures. Also employees
should be made aware of the risks of attempting to defraud the bank and the action expected if caught.
Finally the policy should incorporate and emphasize investigation and possible prosecution of suspected frauds.
In controlling fraud in the banks, the boards of directors play a major role because the leadership responsibilities must be clearly spelt out and formally explained to them. This responsibility should include the directing of the overall policy and management of the bank, fiduciary duty to act honestly and with utmost good faith, and exercise of skill and care in discharging the statutory obligations of the bank. In particular, the board has the collective responsibility of the members to ensure that suitable security systems exist, there are adequate accounting records and internal control measures and there are adequate precautions to prevent falsification of accounting records and facilitate the discovery of any falsification (Asukwo, 1991& Oyeyiola,
1996).
The CBN (Central Bank of Nigeria) plays its own role in helping banks manage fraud through its monetary policy and guidelines. CBN demands that banks should make provisions for loss through frauds from its gross profit. This policy was enacted to safeguard the depositor’s money since it is obvious that depositor’s money will be lost when there is an incidence of fraud (CBN,
2000).
According to the Monetary Policy Circular No. 36 of 2002/2003, CBN requires banks to make a provision of 10% on amounts involved in fraud cases up to 6 months old of which police investigation are still on. A minimum of 50% provision should be made on outstanding fraud
cases of 6 to 12 months old with slim chances of full recoveries. Finally, a full provision (100%) should be accorded to outstanding fraud cases of over 12 months with protracted litigations that is, cases that are pending in court.
Managing risk, in particular fraud related risk is a top priority for bankers across the African continent. Many of the developing nations in Africa are still largely cash-based and this presents a number of infrastructural difficulties which are hampering the implementation of effective risk management and fraud prevention programmes. As the continent’s leader in terms of banking services and related regulations, South Africa is leading the charge to combat fraud in all forms. The South African Code of Banking Practice, Clause 2.9: The Fundamental Principles of our Relationship states, “We, the members of the Banking Council undertake to:…provide reliable banking and payment systems services and take reasonable care to make these services safe and secure…”
Consumer Education/ training
Oyelola (2002) contends that it is acknowledged world-wide that consistent customer education is critical to the prevention of fraud, particularly with regards to the safeguarding of customer’s personal information, from PINs to statements, ID books and rates accounts, which are all used in KYC verification processes.
In the period 2009 – 2010 account takeover fraud (fraudulent application fraud) dropped by 71% from R0.8m to R0.2m. This was as a result of the industry consistently improving their internal systems to ensure early detection and continuously educating their customers and making them aware of the importance of protecting their personal information Updates are sent out via security alerts on their websites, newsletters and regular updates through the media.
Online Banking Fraud
Steps have also been taken to increase online banking security. South African banks are making free anti-virus software with regular updates available to their customers for both online and mobile banking. They have implemented two-phase logon systems in place and encourage virtual keypad PIN inputs. One-time random verification passwords are used for most transactions. Sms internet banking alerts keep customers updated on online activity. Multiple firewalls are in place to ensure only clients with valid access credentials can access the service which uses 128-bit encryption. Accounts are suspended after 3-password failure attempts (Oyelola, 2002). Clients are then required to go into the branch to reset their pin and password. e-Statements are also encrypted and require passwords to access the information.
Card Not Present Fraud
Banks are increasingly introducing new internal fraud prevention technological initiatives like transaction monitoring systems, client account activity notification systems and authorization parameters and thresholds. Customers are also encouraged to make use of reputable online merchants who participate in the 3-D Secure environment.
Lost, stolen and counterfeit Card Fraud
A major contributor to credit card fraud loss in South Africa is counterfeit card fraud (cloning). The major banks have implemented the more secure EMV Chip and PIN cards in an effort to
combat this type of fraud. The EMV chip and PIN cards have resulted in a decrease of 60% of lost and stolen card fraud, which still cost the industry R37.2m over the 2009-2010 period.
The prevalence of card skimming incidents in South Africa is still problematic. While counterfeit card fraud has decreased by 32% over the past year to R141.4m, it still contributes 57% of the total banking industry’s financial losses.
In 2009, 206 hand-hand skimming devices were recovered by law enforcement agencies working in conjunction with investigators in the banking industry. In 2010, the figure was lower at 151.
There has been an increase in ATM mounted skimming devices. In 2010, 29 devices were recovered – three times more than those recovered in 2009. For instance, not long ago some Americans were caught at Stanbic Bank, Kibuye ATM trying to steal money, and win possession of various ATM cards. (Daily Monitor News Paper, August, 2012).
Not Received Issued Card (NRI) Fraud
The banks have taken a number of steps in an effort to curb crime resulting from not received issued cards, including using bank couriers to deliver cards (FNB) while others now insist that customers go into the bank to receive the cards. This has resulted in a drop of 75% for NRI fraud across the industry.
Information Sharing and training
The South African banking industry formalized the sharing of industry risk information which resulted in the birth of the South African Banking Risk Information Centre (SABRIC), a section
21 company. SABRIC’s aim is to detect, prevent and reduce organized crime in the banking
industry through effective public-private partnerships. Key stakeholders include the SAPS, NPA, DHA, SARS, SAPIA, CGCSA, VISA, MasterCard and Amex. SABRIC’s clients are South African banks and major Cash in Transit (CiT) companies.
The industry has also established a dedicated card fraud workgroup which is responsible for industry threat assessment and analysis, developing of card fraud prevention measures, sharing of information and assisting the SAPF with operations as well as detection, retrieval and imaging of skimming devices and training of identified merchants.
The SAPF (HAWKS) Commercial Crime Project Team has also assisted in making huge inroads in addressing card related crimes within Gauteng.
The industry has also partnered with the Department of Justice to assist with training of prosecutors on a national level. Through this initiative the industry provides card fraud expertise necessary for the prosecution and adjudication of card fraud cases by prosecutors and magistrates.
Fraud Detection Systems
There have been a number of enhanced fraud detection systems introduced in South Africa in the past year.
In January, Visa Inc launched Visa Advanced Authorization and Visa Risk Manager, combined solutions for comprehensive fraud prevention, enabling all card issuing financial institutions to better identify and stop fraud at the check-out before it occurs.
According to their press release, Visa Advanced Authorization analyses and scores every Visa transaction for its fraud potential based on a global view of fraud across the entire Visa network. Visa Risk Manager creates custom strategies to decline or respond to suspicious transactions in real-time. Together, the solutions provide issuers with insight, control and responsiveness to dynamically address fraud.
Mike Smith, Head of Risk for Visa International said, “In less than two seconds, Visa Advanced Authorization can analyze a transaction and provide the card-issuing financial institution a risk score with unprecedented accuracy. In turn, Visa Risk Manager allows issuers to streamline decision-making, so they can turn insight into action. This remarkable speed and clarity can allow issuers to prevent fraud from occurring in the first place, rather than just reacting to fraud after it occurs.”
In April, SAS receive patent approval for “Computer-Implemented Predictive Model Generation Systems and Methods” related to technology at the heart of SAS Fraud Management, an integral component of the SAS Enterprise Financial Crimes Framework for Banking.
According to their press release, SAS Fraud Management (SASFM) employs SONNA modeling capability to build its unique hybrid approach to consortium and custom models. SASFM offers significant improvement in fraud detection performance compared to the performance of regular, non-linear modeling techniques like neural networks.
A “score-on-demand” process helps card issuers obtain updated scores based upon the passage of time. The SAS solution provides the creation of risk-based reason factor groups, giving an
organization’s fraud operations and analytics groups more insight and context to the risks and reasons behind the model score – optimizing responses and automating actions to a high-scoring transaction.
Absa Bank adopted the Fico Falcon Fraud Manager 6 to control fraud in its debit and credit card portfolios in real time. The system will allow the bank to stop the highest risk transactions if needed, without slowing down transaction speeds for legitimate transactions.
“Our objective is to provide unsurpassed fraud protection to our banking customers,” said Paul Mathias, head of Fraud Risk Management, Absa Group. “We chose this system because it gave us the real-time detection we need and it enables us to manage fraud for all customers’ cards from a single platform. As we grow, the system’s multi-tenant capability means we can easily add new regions. In addition, its component-based design fits with our IT architecture. This is simply the best system for a growing bank facing today’s fraud threats.”
Banks policies
All commercial banks and deposit taking institutions are bound by certain systems and regulations for adherence in order to strengthen their internal controls for positive preventive vigilance measures. Such measures are standard and ought to be followed because any disregard of the same creates a problem in detection of an intended anomaly. Rules must be followed, and short cuts should be avoided. Prawitt (2008) argues that segregation of duties reduces the likelihood of errors and irregularities. Staff ought to be vigilant and should always be equipped with latest information regarding to fraud and how it can be avoided.
Barlington (1997) on policy and analysis states that, as a bank’s policy, banking begins from customer identification to establish a valid business relationship and this is the most important norm of know your customer concept (KYC).This concept is very important because once followed, one is able to prevent frauds, identify money laundering and suspicious activities. Banker’s responsibility does not end with the opening of accounts. It also involves monitoring of transactions in the initial few months of its opening, and also ensuring full satisfaction about credentials of the customer with no scope of any suspicions.
Collins (1987), however argues that to instill the know your customer (KYC)culture, there is need to work beyond introduction of existing account holders and this for instance involves knowing customers identity which includes information about ones name, permanent address, date of birth, occupation, photograph, passport, identity card, driver license, voters role card, and all these should have satisfactory evidence.
These could be confirmed through independent verification of present address by sending say a letter of thanks for establishing an account relationship with the bank. The bank can also ask one to obtain recent (preferably not more than 3 months old) utility bills, bank statement or any other detail they may require. Identification of corporate clients can also be obtained by looking at details like certificate of incorporation and business registration, memorandum and articles of association, board resolution, search of file at registrar of companies, satisfactory identity of principal shareholders a suggestion that is equally backed by Barlington (1997). Similarly, satisfactory credentials to other types of customers like clubs, societies, charities, unincorporated
businesses should be sought. Banks should also up date and complete the records of existing customers by applying appropriate KYC rules.
Williams, B. (2006) corroborates that another bank policy that banks ought to practice as a key control measure on fraud and other related bank vices is a policy about Knowing Your Employee (KYE). Employees are responsible for maintaining satisfactory performance and correcting their performance deficiencies using whatever resources are available to them. It follows that employees must be responsible for recognizing personal problems that interfere with job performance and then doing something about it. Background checks on employees need to be institutionalized and conducted on a regular basis. Employers should put in place mechanisms to monitor the lifestyle and wealth accumulation of their employees. Banks should have policies, procedures, job descriptions, internal controls and approval levels of authority, compliance with personnel laws and regulations, code of conduct/ethics, accountability, dual control and other deterrents.
Another policy through which banks can prevent and control fraud is vigilance in observing and monitoring suspicious transactions. Suspicion is not specifically defined anywhere, but in banking parlance any entry through a bank account that is out of ordinary course of business is considered suspicious for that customer (Robinson, 2001).Bankers should be vigilant to such transactions and require to report them to the regulatory authority through identified compliance officer of the bank commonly known as Money laundering Reporting Officer (MLRO).
He further suggests that customers should not be warned about the information on suspicious transactions relating to them which are being reported to MLRO. Such accounts are always
characterized by the following, reluctance to provide normal information for opening an account, substantial increase in turnover showing no normal business related activities, keeping a number of accounts which appears inconsistent with business, matching of payments with credits by cash on the same or previous day, large cash withdrawals from dormant or inoperative account or from an account which has just received exceptionally large credit from abroad, transfer of cash deposits to destination not normally associated with customer, frequent requests for drafts, money transfers(MTS),in cash, customers who deposit counterfeit notes or forged instruments, multiple accounts under the same name, these and other more are expected to be always monitored and the banker should ensure that customers don’t notice that their activities are being closely watched.
Banks should create awareness and vigilance, because bank employees are the real force to prevent fraud, enforcement of any law, regulation, and business ethics, should be followed by them. They are therefore required to create awareness in laws and employees especially those handling transactions which may involve bank fraud (Prawitt, 2008).
Hesley (2000) draws a significant suggestion on how training has been found to be an important technique to improve employees skills, thus emphasis be given on job role oriented trainings relating to general background of bank fraud, reporting of suspicious transactions, customer identification, record keeping and internal control. Bank management requires to draw a training plan ensuring at least one training to everyone during a year for effective knowledge management and keeping the staff skills continuously upgraded.
Record keeping is another important policy banks should draw emphasis on as a control and preventive measure towards fraud. Banks are under obligation to maintain a proper system of record keeping and to retain records for a set period of time prescribed by the bank as well as the relevant laws enacted in the country. Effective record keeping of customer identification is helpful to detect and prevent fraud through its banking channel. Bankers are required not to adopt short cuts but must follow internal control policies in full (Molyneux, 1994).
Bank of Uganda policies
The central bank strictly regulates, supervises, and disciplines financial institutions in order to maintain their safety and soundness. This is because the financial system supports the economy since it is the vehicle through which savings are mobilized and then channeled to investment however, this intermediation role can only be successful if the general public has trust in financial institutions thus need for policies that can curtail fraud in order to A Journal from Bank of Baroda on preventive vigilance (Dangaich, 2001).
Kimlan (2009) asserts that Bank of Uganda through its financial system in the economy has instituted a national payment system. The system supports all settlements for goods and services, and other payments to cover numerous transactions taking place between parties. It also facilitates international trade by enabling payments to be effected across nations. Some of the common used instruments include cheques. There has however been an introduction of other instruments to effect payment including the use of debit and credit cards, electronic fund transfer (EFT) and Read time gross settlement (RTGS) among others, and all these are meant to limit direct players from involvement at the same time enable Bank of Uganda, to monitor and
supervise transactions taking place in banks in order to minimize and control fraud. (Journal on
Rules and procedure of electronic banking.
According to Kalema & Mukuru, (2006), in its resolve to maintain a safe and sound financial sector, Bank of Uganda has strengthened the regulatory framework and strengthened the supervision of financial institutions. New laws have been enacted to strengthen the legal frame work. The Micro finance Deposit-taking institutions ACT 2003(MDI), the financial institutions ACT 2004(FIA) and the foreign exchange ACT 2004(FEA) have all been enacted to ensure that financial institutions are managed within an appropriate and up to date legal environment. The MDI regulates Micro finance institutions which take deposits from the public and the implementation of the law is expected to increase outreach of financial services especially in the rural areas.
The FIA reflects the best practices, standards, and principles in supervision of financial institutions. This addresses among others aspects of licensing, corporate governance and prompt corrective actions against problems in licensed institutions. Kalema (2006) also highlights how FEA consolidates the law relating to foreign exchange in Uganda, and the making of international payments in the transfer of foreign exchange. Foreign exchange bureau are licensed under this act. The enactment of this law curtails the misuse of Uganda’s financial system in money laundering activities, thus protecting the financial sector against the effect of fraud on their performance.
Musoke, (2005) affirms that Bank of Uganda regularly meets with the Uganda Bankers
Association to discuss the frauds and forgeries taking place in the financial sector. An economic
intelligence unit (EIU) has been established in Bank of Uganda to handle the problems of fraud and forgeries taking place in financial institutions.
CHAPTER THREE
METHODOLOGY
3.0 Introduction
This section presents the research methods that will be used to carry out the study. It covers the research design, Area of study, target population, sample design, sample size, research instrument, measurement of variables, Data Collection Procedure, data analysis and anticipated problems of the study
3.1 Research Design
A case study design shall be adopted for this research. They provide an in depth study of a particular situation. The study also shall use qualitative and quantitative methodologies for data analysis. Quantitative and qualitative methodologies shall be used in examining the internal control systems and fraud detection in commercial banks in Uganda. A case study of Stanbic bank Kampala. Quantitative research consists of those studies in which the data concerned can be analysed in terms of numbers while qualitative describes events, persons and so forth scientifically without the use of numerical data. Quantitative research is based more directly on its original plans and its results are more readily analysed and interpreted. Qualitative research is more open and responsive to its subject. (Christina Hughes, 2006)
3.2 Area of the Study
The study shall be carried out at Stanbic bank Kampala Uganda, located at plot
3.3 Target population
Sekaran (2003) defines a population as the entire group of people, events or things that a researcher wishes to investigate. The entity comprises of
3.4 Sample Size, Techniques and Selection
Mugenda and Mugenda (2003), argue that it is impossible to study the whole targeted population and therefore the researcher shall take a sample of the population. A sample is a subset of the population that comprises members selected from the population. Using Krejcie and Morgan’s (1970) table for sample size determination approach, a sample size of 148 employees will be selected from the total population of 239 employees.
Table 1: Population, Sample size and Sampling technique
3.5 Research Instrument
Questionnaires shall be used to obtain the necessary primary data to answer the research questions and achieving the research objectives. The questionnaire shall be designed in a manner that motivates respondents with simple structured questions with the option of providing any addition information to the structured questionnaire as an option to obtain relevant data from them. Secondary data shall be obtained through reading and reviewing existing records of related Internal control systems and fraud detection in commercial banks in Uganda. Validity and reliability tests shall be carried out to ensure accuracy and usability of the instrument.
3.6 Measurement of Variables
A five point Likert ordinal scales ranging from; strongly agree which shall be assigned 5, strongly Agree, 4 agree, Not Sure assigned 3, Disagree allocated 2 and strongly disagree allotted 1 to obtain responses on the variables. The Likert ordinal scale has been used by numerous scholars who have conducted similar studies such as Bowling, (1997).
The structured questions will be measured using the following variables;
- i) Internal control;
- ii) Systems;
iii) Fraud Detection;
3.7 Validity and Reliability
The data a collection tools shall be pre-tested on a smaller number of respondents from each category of the population to ensure that the questions are accurate clear and in line with each objective of the study.
It is the degree to which results obtained from the analysis of the data actually represents the phenomenon understudy, (Mugenda&Mugenda, 2003). To ensure validity of instrument close guidance of the supervisor will be adopted. This will help to identify ambiguous questions in the interval and be able to re-align them to the objectives.
3.7.2 Reliability
Reliability tests and analysis shall be carried out.
3.8 Data Collection Procedure
The researcher shall obtain an introductory letter from Kyambogo University to enable easy access to information by the researcher from stanbic bank. The procedure of data collection shall be based on the research objectives and questions. A review of related literature shall also be done. A questionnaire shall be pre-tested and review of the questions may be done if necessary to ensure reliability and suitability.
3.9 Data Sources
Source of data will be from both primary and secondary sources.
3.9.1 Primary Data
Primary data shall be obtained from well-designed questionnaires structured to obtain relevant data and to gain opinions and practices on internal control systems and fraud detection in commercial banks in Uganda, at Stanbic Kampala.
3.9.2 Secondary Data
Secondary data is data which has been collected by individuals or agencies for purposes other than those of a particular research study. It is data developed for some purpose other than for helping to solve the research problem at hand (Bell, 1997). Secondary data shall be obtained from text books, internet and bank publications about internal control and fraud detection in commercial banks in Uganda.
3.10 Data Process and Analysis
Data analysis shall involve the use of both quantitative and qualitative techniques.
Data processing shall be done by entering the data into a statistics package for social sciences (SPSS) in line with the research questions. Data analysis shall be done by also using this statistics package for social sciences (SPSS) to formulate frequency tables where the mean, variance and standard deviation will be obtained.
The researcher anticipates lack of adequate resources for some of the research activities. In addition, the information required in the study is likely to be hard to be extracted from the respondents as it may be viewed as confidential.
