Audrey S Ndlovu L01515328HAssessing the effectiveness of internal control systems in Bulawayo city councilObjectives i. To establish the risks that are found at Bulawayo city councilii. To ascertain the improvements made on the internal controls of Bulawayo City Council since 2014iii. To assess the effectiveness of internal controls in Bulawayo City CouncilLiterature review Theoretical Literature review The agency theory explains the existence of mechanism in resolving problems that exist in principal-agent relationships. Internal controls are predominantly operational tools institutions make use of in addressing the principal-agency problem (Jensen and Payne, 2003).
The tools and organs used in addressing agency issues include audit committees, external auditing, financial reporting, and budgeting. But studies have shown that agency costs can be reduced by effective internal controls (see; Abdel-khalik 1993; Barefield et al. 1993).Agency theory suggests that the firm can be viewed as a nexus of contracts between resource holders. An agency relationship arises whenever one or more individuals, called principals, hire one or more other individuals, called agents, to perform some service and then delegate decision making authority to the agents (Shankman, 1999).
The primary agency relationships in business are those between stockholders and managers and secondly between debt holders and stockholders. These relationships are not necessarily harmonious. Indeed, agency theory is concerned with the so called agency conflicts, or conflicts of interests between agents and principals. This has implications for, among other things, corporate governance and business ethics (Shankman, 1999).The relationship between internal controls and financial performance has been extensively discussed in the literature. Notable theories regarding this relationship are the agency theory and the contingency theory. The agency theory explains the existence of mechanism in resolving problems that exist in principal-agent relationships. This theory contends that internal audit helps in maintaining cost-efficient contract between owners and management just like other intervention mechanisms such as financial reporting and external auditing. As suggested by Adams (1994), the agency theory provides richer and more meaningful research in the area of internal audit. The responsibility for ensuring that internal control is established in the organization lies within management. The internal audit is supposed to be the custodian of internal control by providing assurance to the management that the organization has put in place adequate and effective internal control system, and must not hesitate to draw management’s attention to lapses observed in the control. A good and viable internal control system increases operational efficiency, thereby making it more difficult for the preparation of fraud (Mayo, 1993).Internal control is a management tool used to provide reasonable assurance that the organization’s objectives are being achieved. The responsibility for the adequacy and effectiveness of internal controls rests with management to ensure that there are adequate and effective internal controls in the organizations they manage. Accounting officers and/ or management are expected to establish and maintain a control environment as the foundation for all other components of internal control. They must ensure that proper internal controls are introduced, reviewed, and updated to keep them effective (Joel, 2013)Contingency theory focuses on the behavioral aspect of an organization in explaining how contingent factors such as culture, technology, and external environment have an influence in organizations designing and functioning. It is assumed by the contingency theory that no single type of organization’s structure is equally applicable to all organizations. Rather, the effectiveness of an organization depends heavily on the type of technology, the size of the organization, environmental volatility, the features of the organization’s structure and the system of information that it is using. The contingency theory in effect explains the relationship that exists in the effectiveness of internal control structure given varying contexts as well as organizational performance such as reliability. Simply put, the type and usage of control systems is contingent upon the context of the organizational setting in which these controls work (Fisher, 1998). Internal control variables including control environment, risk assessment, control activities, information and communication and monitoring have remained operational tools through which organizations achieve varying organizational goals predominantly income generations and or survival (COSO2013). Cohen et al. (2000) emphasized on the relevance of control environment following findings from a survey which suggests that management’s leadership and commitment towards integrity and ethical behaviour and their implications on employees behavior remains the most important element for effective control. In situations where the tone set by management is weak, fraudulent financial reporting tends to be frequent since the control environment begins with directors and management who implement organizational policies, behaviors and effective governance (Rittenberg et al. 2005)Empirical literature reviewDefinition of Internal controls COSO, 2013 defined internal controls as process affected by entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance.Turnbull Report from 1999 was created by London’s stock exchange. It was later revised and updated by Turnbull Review Group established by Financial Reporting Council (FRC). They defined internal control as an internal control system that encompasses the policies, processes, tasks, behaviors and other aspects of a company that when taken together facilitate its effective and efficient operation by enabling it to respond appropriately to significant business, operational, financial, compliance and other risks to achieving the company’s objectives. This includes the safeguarding of assets from inappropriate use of from loss and fraud, and ensuring that liabilities are identified and managed. It also helps ensure the quality of internal and external reporting. This requires the maintenance of proper records and processes that generate a flow of timely, relevant and reliable information within and outside the organization. Lastly it helps ensure compliance with applicable laws and regulations, and also with internal policies with respect to the conduct of business. (Chambers and Rand, 2010). McGraw (2008) defined internal control as a process designed to provide reasonable assurance that the organization produces reliable financial reports, complies with applicable laws and regulations, and conducts operations in an effective manner.In 2008, Hightower defined internal controls as program of activities established to catch and monitor a potential exposure that could result in a significant error, omission, misstatement, or a fraud.Risks in local authoritiesAccording to Redja (2008), there is no single definition of risk however it has traditionally been viewed as a condition or uncertainty leading to loss, misfortune or an adverse deviation from a desired outcome that is expected or hoped for (Redja, 2008). According to Nexis (2012) risk is inherent in the operating environment within any entity functions, since the outcome of events cannot always be predicted with accuracy, and a certain degree of uncertainty in the environment with regards to the future in respect of economy, markets, products and consumer trends is inevitable. Furthermore, entities are exposed to risks arising from unexpected events such as fraud, errors, natural disasters and accidents. A good set of internal control procedures is vital to avoid compliance risks. Compliance risks involve the organisation breaking local or federal laws or policies for example when they are issuing tenders, procurement procedures, and obtaining quotations from suppliers. Compliance risks can cause misleading information within the organisation’s financial statements, and problems between the organisation and the Internal Revenue Service. To avoid this high risk, an organisation need to take preventative measures. Avoid compliance issues by having knowledgeable, honest employees, and keeping up with all laws and regulations. Fraud is a common risk in an internal control system. Preventing fraud involves developing a good system that separates each employee’s duties. Employees who accept payments should be separated from employees making deposits and also an employee who inputs checking transactions should not also reconcile the checking accounts. Also according to the city of Tampa a system of appropriate documentation is vital to avoid fraud, all transactions should be traceable to their origination point. Fraud risk can also be detected through unusual occurrences.Employees who appear to live beyond their means is often a symptom of fraud, as are missing or altered documents. Transactions that can’t be traced are also a symptom that could be fraud-related. Previous studies (Ziegenfuss 2001) have documented that fraud is a concern in state and local governments, and that management and control systems were not well equipped to deal with it. However, a KPMG survey found that lax controls were the most significant reason for fraud in government (Wade, 2007).A lack of employee monitoring is a risk often associated with internal controls. Even with an effective internal control system, risks can occur if employees aren’t periodically monitored. Regular reviews and evaluations should be part of an internal control system. This includes spot-checking transactions to determine if they comply with regulations and company policies. Managers must also keep a close eye on financial reporting, always looking for discrepancies or irregular activity. Managers can also perform surprise cash and asset counts, holding employees responsible for any discrepancies.Effectiveness of internal controls in local authorities Effectiveness was proposed by Etzioni, et al, (1985);Mardiasmo (2002) that define effectiveness as the level of success of the organization in an effort to achieve the objectives and goals. Effectiveness focuses on outcomes (results), programs, or activities that are considered effective if the resulting output can meet the desired objectives. Based on the effectiveness of some sense it can be concluded that the effectiveness of an organization is successful in achieving the desired objectives or outcomes with a comparison between the output, Devas (1989);(Mahmudi, 2005).Effective internal control system refers to the effective control measures established by an organization with the aim of safeguarding their assets, ensure the reliability of records both financial and non-financial as well as compliance with relevant policies and procedure that will ensure the achievement of organizational objective. The quality of an organization’s internal control system has significant impact on the accuracy of management guidance, likewise organisation’s that disclose ineffective internal controls system have larger tendency of experiencing management errors in their operation than those organisations that report effective internal controls system (Feng, Li & McVay, 2009). Therefore, it is the responsibility of management of an organization to ensure that effective internal control system is put in place that will ensure the achievement of organizational established objectives. This is because establishment and supervision of effective internal control systems are the responsibility of management, not auditors (Changchit et al, 2001).As an organization the following components that is the control environment, control activities, information and communication, risk assessment and monitoring are taken into account as they determine how effective the internal control system will be. The control environment sets the tone of an organization influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values and competence of the entity’s people; management’s philosophy and operating style; the way management assigns authority and responsibility, and organizes and develops its people; and the attention and direction provided by the management.It has influence over organization goals achievement (Aldridge & Colbert, 1994). However, it is the foundation for the other components of internal control and providing structure (Sudsomboon & Ussahawanitchakit, 2009). Control environment assist toward reducing the level fraudulent activities within organizational operation also the quality of an entity’s internal controls system depend on the function and quality of their control environment (Amudo & Inanga, 2009). Therefore, providing a proper control environment for a local government is very essential to the effectiveness of their operation.Control activities are the policies and procedures that help ensure management directives are carried out. (Aikins, 2011; Rezaee, Elam & Sharbatoghlie, 2001) They help ensure that necessary actions are taken to address risks to the achievement of the entity’s objectives. Control activities occur throughout the organization, at all levels and in all functions. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets and segregation of duties. Proper documentation of policies and procedural guidelines in these aspects help to determine not only how the control activities are to be executed but also provide adequate information for auditors examination of the overall adequacy of control design over financial management practices (Aikins, 2011). These control activities ensure that all necessary actions should be taken with the aim to address risks so that organizational objectives are achieves.Risk assessment is the identification and analysis of relevant risks associated with the achievement of the management objectives (Theofanis, et al 2011), similary (Sudsomboon & Ussahawanitchakit, 2009) view risk assessment as the process of identifying and analyzing management relevant risks to the preparation of financial statements that would be presented fairly in conformity with general accepted accounting principle. In this situation, management must determine the level of risk carefully to be accepted, and should try to maintain such risk within determined levels. Therefore, local governments are required to frequently assess the level of risk their experiencing in order to take necessary actions or to put necessary controls in place.Information and communication refers to the process of identifying, capturing, and communicating of relevant information in an appropriate manner and within timeframe in order to accomplish the financial reporting objectives (Aldridre & Colbert, 1994). However, effective communications should occur in a wider sense with information within the various sections of the organization (Theofanis et al, 2011). Most of the recent literature on internal control system frameworks gave concerns on information and communication as one of the internal control system components, because of their importance in influencing the working relationship within the organization at all levels (Amudo & Inanga, 2009). Hence, such information must be communicated throughout the entire organization in order to permit personnel to carry out their responsibilities with regard to objective achievement.Internal control systems need to be monitored a process that assesses the quality of the system’s performance over time. This is accomplished through ongoing monitoring activities, separate evaluations or a combination of the two. Ongoing monitoring occurs in the course of operations. It includes regular management and supervisory activities, and other actions personnel take in performing their duties. Monitoring is usually accepted that internal control systems need to be adequate monitored in order to assess the quality and the effectiveness of the system’s performance over time. Monitoring provides assurance that the findings of audits and other reviews are promptly determined (Theofanis et al, 2011), also monitoring of operations ensures effective functioning of internal controls system (Amudo & Inanga, 2009). Hence, monitoring determines whether or not policies and procedures designed and implemented by management are being carried out effectively by employees.ReferencesJensen, K. L. (2003). A basic study of agency cost source and municipal use of internal versus external control. Accounting and Business Research, vol. 35 no. 1, pp. 53-67.Adams, M. B. (1994). “Agency Theory and the Internal Audit”. Managerial Auditing Journal, Vol. 9 No. 8, pp. 8-12.Ziegenfuss, D. 2001. The role of control environment in reducing local government fraud, Journal of Public Budgeting, Accounting & Financial Management, Vol. 13, No. 3Wade, B. 2007. Executives say poor controls contribute most to fraud, KPMG survey finds. PR Newswire, December 12, 1-2.McGraw, R. (2008). Financial Accounting, 5th Edition, Arcata Graphics/ KingsportUnited States of America.Chambers, A. and Rand, G. (2010). Operational Auditing Handbook: Auditing Business and IT Processes, 2nd Edit. 2nd ed. John Wiley & Sons, p.129.Hightower, Rose. Internal Controls Policies and Procedures, edited by Rose Hightower. [ebook] John Wiley & Sons, Incorporated, 2008, pp.7, 27