ARTICLEINTERNALCONTROL
ARTICLEINTERNALCONTROL
Lecturer,
Department of Management,
Keywords
Internal Control, Fraud, Prevention, Bank
1
In July last year, the Criminal Investigations which is situated between the Appolo Theater, near
Department (CID) of the Ghana Police Service Kwame Nkrumah circle and the Nima Police Station
cautioned businessmen in the country about a new on the Ring Road Central, it simply refunded the
trend of crime, the Internet payment fraud. money to him, after it had finished with its own
It noted that fraudsters hack into the e-mails of internal investigations (Daily Express, 2014). A major
business people who transfer various amounts of challenge for many Ghanaian banks is to strike a
money through the banks to their counterparts outside balance between risk management and growth.
Ghana, especially China, Hong Kong, Malaysia and Because banking is such a high-risk industry, banks
other European countries for business. must be sure that they have systems in place to
According to the CID, perpetrators of the crime mitigate risks while still offering quality services.
initially hack into the e-mails of business people, and Ghana lacks the types of structured systems that make
illegally monitor communication on supplies, it possible for banks to track borrowers’ identification
shipments and payments. Ultimately, the fraudsters and credit history and this makes it difficult to verify
then divert payments into their own accounts. the legitimacy of transactions, minimise fraud, and
From January to June last year, three Ghanaian track down customers that have defaulted on payments
business people fell victim to the activities of the (CommerceGhana.com, 2012). However, in Ghana,
fraudsters and variously lost £10,000, US$75,000 and the audit function in the banking sub-sector has not
GH¢400,000. been fully taped. This could be seen in the numerous
All these monies were transferred from banks in cases of errors, intent to defraud and other fraudulent
Ghana supposedly to banks in the aforementioned acts that exist in the banking industry. According to
countries, but they ended up in the accounts of the the Institute of Chartered Accountants (ICA) Ghana
fraudsters. (2005), Ghana has sufficient institutional frameworks
for the prevention of and control of fraud and
1.1 Problem Statement corruption. According to them, if the law like
Fraud cases are not unfamiliar to the banking industry the Procurement Act, Financial Administration Act
in Ghana. It could be recalled that the Economic and and the Internal Audit Agency Act are made to work
Organised Crimes Office (EOCO) recently froze the effectively, fraud and corruption in the country would
accounts of some personnel of one of the biggest be reduced (Daily Dispatch, 2005).
commercial banks after it was detected that huge sums It is therefore, no wonder that the distress in the banki
of money have reportedly been siphoned from the ng sector in the nineties reflected lack of
vaults of the bank and deposited into private accounts effective control mechanism in the banking industry.
with the connivance of the bank’s management (Daily The experience of failed banks in Ghana and other
th
Express, 2014). On January 29 2014 Daily Express nations have called for strengthening of the control
reported that some multinational commercial banks system in the Ghanaian banks. This study therefore
operating in Ghana are refusing to report financial seeks to answer the question: Has the implementation
fraud cases that have occurred in their banks to the of internal controls helped to prevent fraud at Access
Criminal Investigation Department (CID) of the Bank in Ghana?
Ghana Police Service for fear of bad publicity. In one
instance, a victim of the fraud (name withheld) 1.2 Objectives of the Study
revealed to the Daily Express that late last year, some The main objective of the study is to identify the effect
fraudsters managed to withdraw thousands of Ghana of internal controls on fraud prevention at Access
Cedis from his account via an Automated Teller Bank in Ghana. To be able to achieve the main
Machine (ATM). He said upon prompting the bank objective, the following were the specific objectives:
3
i. To find out whether the implementation of internal either compliance or management initiated concerns
control system able to detect and prevent fraud. (Awe, 2005).
ii. To identify whether an effective supervision and
implementation of internal control system capable of
Millechamp (2000) also defined internal control
revealing fraudster’s mode of operations.
system of an independent appraisal function within an
iii. To identify whether Management ensure that all
organization for the review of system of control and
necessary measures needed to prevent and detect fraud
the quantity of performance as a service in the
are provided.
organization. Also following the need to restore public
The responsibility of Management in every financial institutions, Sarbanes Oxley emphasizes the
institution is to put measures in place that will ensure importance of effective internal control, and thus,
effective internal control systems. If proper policies internal control was defined in the Sarbanes - Oxley
and procedures are not in place, a bank may not act of 2002 as the procedures and processes used by a
be able to prevent or minimise the occurrence of fraud. company to safeguard the assets, process information
Hence, effective internal control system needs to be in accurately and ensure compliance with laws and
place. This chapter therefore reviews literature related regulation. Sarbanes Oxley requires companies to
to the topic. maintain strong and effective internal control over the
recording of transactions and the preparing of
2.2 Definition of internal controls financial statement. Such controls are important
The institute of chartered accountants of England and because it deter fraud and prevent misleading financial
4
security controls; while internal audit departments policies and procedures which are laid down by
emphasized more of the behavioural and management are efficient. Hence, it reduces the cost of
organizational security controls. Finally, the study operation without reducing effectiveness.
provides valuable empirical results regarding
inadequacies of implemented CAIS security controls, 2.5 Purpose of Internal Control
and introduced some suggestions to strengthen and According to Hevesi (2005), while the overall purpose
improve the security controls in the EBS. of internal control is to help an organization achieve
its mission, internal control also helps an organization
For this reason, Palfi and Muresan (2009) examined to:
the importance of a well-organised system of internal i. promote orderly, economical, efficient and effective
control in regard with the bank sector. The sample was operations, and produce quality products and services
based on 25 credit institutions of Romania. The consistent with the organization' mission.
analysis of the survey answers reveals that the ii. safeguard resources against loss due to waste,
continuous collaboration, based on periodical abuse, mismanagement, errors and fraud.
meetings, between all structures of bank, characterizes iii. promote adherence to laws, regulations, contracts
an effective internal audit department. and management directives.
iv. develop and maintain reliable financial and
Internal control will ensure that errors and
management data, and accurately present that data in
irregularities are avoided or made apparent. Internal
timely reports.
control as a system comprise of the control
environment and procedures .It includes all the 2.6 Types of Internal Control Systems
policies and procedures adopted by the directors and Lousteau (2006) of the State University of New York
management of an entity to assist in achieving their and DiNapoli (2005) have agreed that the types of
objectives of ensuring as far as practicable the orderly internal controls includes directive controls,
and efficient conduct of its business so as to safeguard preventive controls, compensating controls, detective
assets, to prevent and detect fraud and error to ensure controls, and corrective actions. These types of
accuracy and completeness of accounting records and internal controls are explained below.
the timely preparation of reliable financial information
(SAS 300.1). The company code 1963, Act 197 2.6.1 Preventive Controls
section 123 states that “management will need to Adeniji (2004) is of the view that preventive controls
establish an effective accounting system comprising a are measures put in place by management to deter and
number of controls”. In an attempt to do this there prevent noncompliance with directives, policies and
must be a well-defined organisational structure procedures. These preventive controls are intended to
showing how responsibility and authority are prevent risk of error, frauds and irregularities from
delegated clearly defined communication channels or occurring in transactions and prevention of loss. These
lines of reporting(i.e. upward , downward and preventive controls are in the form of segregation of
horizontal lines of reporting) for attainment of duties, proper authorization and approval,
corporate objectives. These controls are such that establishment of organizational chart to allocate jobs
different people are assigned to do different task. No to responsible officers, adequate documentation,
one person should fully record and process physical control over assets and constant training of
transactions from commencement to the end. staff.
This means that a company can only achieve its
corporate mission through the establishment of
internal control system which makes sure that those
5
2.6.2 Detective Controls 2.7 Definition of fraud
These are controls which are aimed at detecting and Fraud, according to Adeniji (2004:354) and ICAN
uncovering problems such as fraud, irregularities and (2006:206), is an intentional act by one or more
errors after they have been committed. Although, individuals among management, employees or third
detection is necessary prevention is more desirable. parties, which results in a misrepresentation of
These controls are in the form of post-audits, financial statements. Fraud can also be seen as the
exception reports and validation. They provide intentional misrepresentation, concealment, or
evidence that a loss has occurred but do not prevent a omission of the truth for the purpose of
loss from occurring. Examples of detective controls deception/manipulation to the financial detriment of
are reviews, analyses, variance analyses, an individual or an organization which also includes
reconciliation, physical inventories and audits. embezzlement, theft or any attempt to steal or
However, detective controls play critical role in unlawfully obtain, misuse or harm the asset of the
providing evidence that the preventive controls are organization, (Adeduro, 1998 and, Bostley and Drover
functioning and preventing losses (Adeniji, 2004). 1972). Fraud has increased considerably over the
recent years and professionals believe this trend is
2.6.3 Corrective Controls likely to continue.
Adeniji (2004) states that the corrective controls are
put in place to address anything which is foreign and Archibong (1992) describes Fraud as a predetermined
every problem that has occurred in the system. and well planned tricky process
Examples of corrective control are system re-design, or device usually undertaken by a person or group
follow-ups, post audits and application of punishments of persons, with the sole aim of checking another
by management for wrong doing. person or organization, to gain ill-gotten advantages,
be it monetary or otherwise, which would not have
2.6.4 Directive Controls accrued in the absence of such deceitful procedure.
Adeniji (2004) referred to directive Controls as the From the above, the term fraud may be said to be as an
policies and procedures put in place by top intentional misrepresentation of financial information
management to promote compliance with by one or more individuals among management,
independence rules. The policies and procedures from employees or third parties. Fraud may involve
management that are important must pervade the according to Archibong (1992);
organization and must be clear and consistent in order (a) Manipulation, falsification or alternation
to ensure compliance. of documents and records
(b) Recording transaction without substances
(c) Misappropriate of assets or theft
2.6.5 Compensating Controls (d) Intentional misapplication of accounting policies
Compensating controls are put in place for lack of (e) Suppressing of transactions or omitting such
controls elsewhere in the system. For example, firms transaction from records
with an electronic database could maintain a hard copy (f) Wilful misrepresentation of transactions of the
of the client list in the office library. Such a list would entity’s state of affairs
compensate for downtime in electronic systems and (g) Involves taking a property unlawfully from its
difficulties in locating client names in an electronic owner, without his/her knowledge, permission or
system. consent, or to misstate a situation knowingly or by
negligence.
6
2.7.1 Causes of Fraud in banks xi) Banking Experience of staff: frauds in banks occur
Adeduro (1992) said with higher rate of recurrence among staff with little
that causes of fraud are through lapses or inadequacies experience and knowledge in financial praxis. The
, which manifest in various ways. Lacks of adequate more experience and knowledgeable a staff is, the less
supervision, which fraudulent minded operator in the probability that frauds would pass such staff
system sees as an opportunity and utilize undetected unless with active support of that staff.
it. Development of new technologies has facilitated th xii) Inadequate Infrastructure: Poor communication
e tempo fraudulent activities (more pronounced in systems and power failure, result to a buildup of
computer and information technology). unbalanced postings, overcrowded office space etc,
Human avarice, the insatiable appetite to a mass these encourage the committal of fraud in banks.
wealth and the social economic condition of the xiii) Inadequate training and re-training;
activities (Adeduro, 1992). xv) Genetic traits: These are trans-generational (or
inherited) attribute possessed by an individual that
propels him to engage in frauds. For instance, a
Ojo (2008:92) also stated that the causes of fraud and kleptomaniac who pathologically steals for the fun of
forgeries in banking transactions can be classified it would naturally not do well as professional banker
under two generic factors namely: the institutional or (Ojo, 2008).
endogenous factor and the environmental or
exogenous (social) factors. 2.7.1.2 The Environmental or Social Factors
7
3.1 The population availability of resources and the ability of the sample
Twumasi (2002) mentioned that in considering a to capture all sources of disparity within the
sampling design, the research scientist first and population. Therefore, a sample size of 35 was
foremost determines the population universe. The considered.
researcher must be able to define the parameters of the
population of the study. Sekeran (2000) also 3.3 Data collection method
considered population to be any group of people, Data collection is crucial to all research. Through this
events or things that are of interest to the researchers process, researchers accumulate empirical material on
and that the study intend to investigate. The target which to base their research (Ibert, Philippe, Carole
population of this study comprises of all the managers and Jean-Marc, 2001, p. 172). This study considered
at Access Bank Ghana Limited. two main types of data collection. These are primary
data and secondary data. The information contained in
3.2 Sample Design the data will determine whether it is a primary data or
Twumasi (2002) mentions that the first step in the secondary data. A Primary source of data can be
selection of a sample is to consider the sampling gotten from various means. A primary source includes
design. This denotes all the stages and the processes why the study is been undertaken, its participants or
involved in reaching the respondents. The study subjects, materials or apparatus, procedure, results and
employed descriptive design for both quantitative and references (Bordens & Abbot, 2011). Primary data in
qualitative techniques to obtain information from this study is the questionnaires that will be obtained
respondents. Malhotra ( 2010) explains qualitative from the respondents after they have been answered.
research as a type of scientific research mainly for The questionnaires drafted represented the primary
exploratory purposes that seeks to understand a given source of data for this study. A questionnaire was
research problem or topic from the standpoint of the administered to each respondent identified. Each
population it involves. Therefore, the type of respondent was required to answer a set of structured
sampling used in this study is non-probability questions. However, in view of the time constraints, a
sampling based on purposive sampling. Purposive questionnaire was considered more appropriate. The
sampling is confined to specific types of people who questionnaire was administered personally. A
can make available the desired information, for personally administered questionnaire provides the
instance staff from audit and accounts unit of Access researcher with an opportunity for follow up and it
Bank (Sekaran, 2003). establishes contact with the respondent. The study
used closed-ended or structured questions. A
3.2.1 Sample size structured or closed response questionnaire specifies
A sample is a subset of the population in question and alternatives for the respondents. Such responses are
consists of a selection of members from the particular categorised as dichotomous, multiple-choice, checklist
population Sekaran (2000). According to Mugenda and ranking (Cooper & Schindler 2003:373).
(2008:186), the sample size must be determined by the Qualitative and quantitative analysis were undertaken
from the data by using tables and charts. Statistical Package for Social Sciences (SPSS) was used for data analysis.
8
Table 1: Does the implementation of internal control system able to detect and prevent fraud?
Regarding the implementation of strong internal control system to detect and prevent fraudulent act and practice in the
bank, majority of the respondents (77.1%) revealed that internal control system is able to detect and prevent fraudulent
act and practice in the banks. 22.9% disagreeing that the implementation of strong internal system is unable to detect
and prevent fraudulent act and practice in the banks.
Table 2: Does an effective supervision and implementation of internal control system capable of revealing
fraudster’s mode of operations?
Regarding en effective supervision and implementation of internal control system capable of revealing fraudster’s
mode operations in the bank, majority of the respondents (91.4%) revealed that there is an effective supervision and
implementation of internal control system capable of revealing fraudster’s mode of operations in the bank. 8.6%
disagreeing that there is not an effective supervision and implementation of strong control system in the banks.
Table 3: Management ensure that all necessary measures needed to prevent fraud are provided
9
strongly agree 6 17.1 17.1 100.0
From the findings in the table above which indicates if management ensure that all necessary measures needed to
prevent fraud are provided or not. 28.6% of the respondents were agreed, 17.1% strongly agreed, 22.9% disagreed and
20% also undecided, and finally 11.4% strongly disagreed. From these information given, it can be concluded that
majority of the respondents agreed that management ensure that all necessary measures needed to prevent and detect
fraud are provided.
10
Cooper, D. R. and Schindler, P. S. 2010. Business The Institute of Internal Auditors (IIA). 2006.
Research Methods. 11th Edition. New York: McGraw International standards for the professional practice of
Hill internal auditing. Available at http//www.the
Daily Express. 2014. Banks in Ghana are covering up ia.org(accessed on 19th July 2015).
Fraud, Available from: Twumasi, P.A. 2002. Social Research In Rural
http://www.spyghana.com/banks-ghana-covering- Communities: Ghana Universities Press
fraud Institute of Chartered Accountants Nigeria (ICAN)
Dandago, K.I. 2002. Auditing in Nigeria. A (2006). Financial Reporting and Audit Practice.
Comprehensive Test, (2nd Ed), Kano: Lagos, VI Publishing Ltd
Adamu Joji Publishers. Saunders, M., Lewis P., &Thornhill, A. (2009).
DiNapoli T. P. (1999). Standards of Internal control Research Methods for Business Students (5thedition).
in New York State Government New Jersey: Prentice Hall.
www.d/NewYorkStateComptroller.htm. Author Profile
Hevesi, D. 2005. A better way to evaluate it controls. Joseph Kwasi Agyemang has HND,
BBA, Dip (Ed), Mcom, MFM,
Journal of Accountancy vol. 6 No 3pp32 – 36
MBA, PGD, CFE, ACFAcct, Mphil
Idowu A. 2009. An Assessment of Fraud and its and PhD (candidate).He has over 13
Management in Nigeria Commercial Banks: European years teaching experience at both
secondary and tertiary levels. He has
Journal of Social Sciences, 10(4) pp 628-640
authored five books in Management and Accounting
Ibert, J., Philippe, B., Carole, D. and Jean-Marc, X. disciplines. His key strengths in teaching include
2001. Data collection and managing the data source. Financial Accounting, Management Accounting, Cost
London: SAGE Publications. Accounting, Auditing, Taxation, Forensic Accounting
and Financial Management. His research interests fall
Majumdar, P. K. 2005. Research methods in social broadly within the fields of Forensic Accounting and
science. New Delhi: Viva Books Private Limited. International Financial Reporting Standards (IFRS).
Malhotra, N. K. 2010. Marketing Research, an He is currently a lecturer in Management and head of
Management Department at Sikkim Manipal
Applied Orientation, 6th ed. Upper Saddle River, New
University, Kumasi Campus.
Jersey: Pearsons Education
Millichamp, A. H. 2002. Auditing (8th ed.). New
York, London: Educational Low price
Sponsored Text, 349-357.
Ogbunka, N.M., 2002. Risk and internal control.
Management in Financial Institutions,
pp: 187-188
Ojo, J. A. (2008). Effect of bank frauds on banking
operations in Nigeria. International
Journal of Investment and Finance 1(1), p 103.
Palfi, C. and Muresan, M. 2009. Survey on
weaknesses of banks internal control
systems, Journal of International Finance and
Economics, Vol. 9, No. 1, pp. 106-116.
Sekaran, U. 2003. Research Methods for Business- A
Skill Building Approach, John Wiley & Sons, Inc,
United States of America
11