CHAPTER ONE 1.0 INTRODUCTION 1.1 Background of the study We are in an era of considerable demands on public finances at all levels worldwide. As never before, public authorities are required to ensure that common resources are used in the most effective and efficient manner and that, essentials are targeted in the usage of resources, organizational planning and management (E.U Commission 2012). Besides, the growth in size and complexity of many companies in recent years, coupled with today’s numerous risk situations and public expectation of healthy risk assessment and evaluation have led to a corresponding increase in the need to establish effective internal control procedures. Additionally, new legal directives assert themselves in the domain of corporate governance of companies to control management decisions, define the role of independent committees, improve principles of corporate governance and set up and control internal control systems that are really effective in order to limit failures (Woolf, 1990). 1
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
CHAPTER ONE
1.0 INTRODUCTION
1.1 Background of the study
We are in an era of considerable demands on public finances at
all levels worldwide. As never before, public authorities are
required to ensure that common resources are used in the most
effective and efficient manner and that, essentials are targeted
in the usage of resources, organizational planning and management
(E.U Commission 2012).
Besides, the growth in size and complexity of many companies in
recent years, coupled with today’s numerous risk situations and
public expectation of healthy risk assessment and evaluation
have led to a corresponding increase in the need to establish
effective internal control procedures. Additionally, new legal
directives assert themselves in the domain of corporate
governance of companies to control management decisions, define
the role of independent committees, improve principles of
corporate governance and set up and control internal control
systems that are really effective in order to limit failures
(Woolf, 1990).
1
The myriads of needs of the citizenry have led to the undertaking
and funding of several projects and programmes by government
through the Ministries, Departments, Agencies and Metropolitan
and district assemblies. This has led to much expenditures being
incurred in the Public Sector which warrants the need to ensure
economy, efficiency, effective and judicious use of public funds.
Treadway Commission (1994) defined internal control as a process,
effected by an entity’s board of directors, management and other
personnel, designed to provide reasonable assurance regarding the
achievement of objectives in effectiveness and efficiency of
operations, reliability of financial reporting and compliance
with applicable laws and regulations. The International
Organisation of Supreme Audit Institutions (2004) on the other
hand defined internal controls as an integral process that is
affected by an entity’s management and personnel and is designed
to address risks and to provide reasonable assurance that in
pursuit of the entity’s mission, the following general objectives
are being achieved: (1) executing orderly, ethical, economical,
efficient and effective operations; (2) fulfilling accountability
2
obligations; (3) complying with applicable laws and regulations;
and (4) safeguarding resources against loss, misuse and damage.
Effective Internal controls are series of actions that permeate
an entity’s activities. These actions are pervasive, and inherent
in the way management runs the business of an entity. It can
directly affect an entity’s ability to reach its goals and also
supports businesses’ quality initiatives. (Sarens De Visscher and
Van Gils, 2010)
1.2 Statement of the problem
In an era in which management and control of public finances
attracts national and international attention and scrutiny, it is
imperative that adequate and effective internal control and audit
systems are designed in such a way that they could contribute to
good governance and transparency (European commission PIC 2012).
Lots of funds from Donors and Government of Ghana (GOG) sources
as well as those generated internally by public institutions are
expended yearly by Public Institutions to finance Government
activities and projects. To ensure accountability, economy,
effectiveness, efficiency and also to evaluate organizational and
3
managerial performance, managers of state institutions account
for their stewardships to the citizens of Ghana, through Members
of Parliament who represent the citizenry through the Public
Accounts Committee (PAC) of parliament (The 1992 constitution of
Ghana).
Startling revelations of misapplication and misappropriation from
the sittings of the PAC of Parliament on the Auditor-General’s
report on Public Accounts are clear indication of existence of
weaknesses in controls and monitoring. The absence of, or weak
internal controls had been recognized as the primary cause of
various incidence of fraudulent entity financial reporting
(Treadway Commission Report 1987).
In order to address these weaknesses and ensure judicious and
economic use of funds for the intended purposes, it is imperative
that we examine and discuss whether existing internal controls
systems in the public sector are effective and are contributing
to good governance and transparency. It is in this light that
this study is being undertaken using Ashanti Regional Health
Directorate (ARHD) as a case study.
4
1.3 Objectives of the study
The general objective of this study is to ascertain the adequacy
and effectiveness of internal control systems in the Public
Sector taking the Ashanti Regional Health Directorate as a case
study. The specific objectives for the study are as follows:
1. To identify the types of internal controls in operations at
Ashanti Regional Health Directorate;
2. To examine the effectiveness of the internal controls at the
Regional Health Directorate
3. To examine the challenges in the internal control systems at
Ashanti Regional Health Directorate (ARHD).
1.4 Research Questions
In order to attain the above objectives drawn from the problem
statement, the research seeks to address the following main
questions:
5
1. What are the types of internal control in operations currently at
ARHD?
2. How effective are these types of internal controls in operations in
addressing Risk the organization is exposed to?
3. What are the challenges associated with the internal controls
at the ARHD?
1.5 Significance of the study
Although this study is limited to Ashanti Regional Health
Directorate, it is hoped that the study will be of immense
benefit to many similar public organizations. In addition, the
study will enable management to understand and appreciate the
need to put the necessary structures in place to ensure adequate
and effective internal controls.
Further, the study will contribute to the understanding of the
relationship existing among Internal control theoretical frame
work, adequate and effective working internal controls on the
ground and Management’s role and how the components of an
internal control systems can be integrated to ensure value for
money in the public sector. Finally, the research will add more
6
knowledge to the existing literature on the topic and serve as a
source of reference to researchers on the topic.
1.6 Brief Methodology
In this section, an over view of the research methodology is
presented. The study employed observations, interviews and
questionnaires as research tools for data collection. The
methodological framework for this study is based on
triangulation; thus both qualitative and quantitative analysis.
The population of this study comprises managerial positions and
lower staff ranks at Ashanti Regional Health Directorate. The
research on its outlook reflects the entire public sector in
Ghana but the survey will be limited to Ashanti Regional Health
Directorate.
Primary data will be collected in order to solicit responses
directly from the field. The data collected, will constitute the
basic information from which discussions and conclusions will be
drawn for decision making.
Data is hereafter entered into Statistical Package for Social
Sciences (SPSS) and a code book generated to help in the data
7
entry. Plausible checks are conducted and inconsistent data are
cleared as appropriate. Descriptive statistical tools such as
tables, frequencies, percentages are used. Linked questions are
matched out through crosstabs to see if they are internally
consistent and statistical test are also conducted. A linear
regression model is developed to establish the link between
effective internal control and effective use of public resources.
1.7 Scope of the Study
This study will cover and explore the adequacy and effectiveness
of internal control system at Ashanti Regional Health
Directorate. Critical look would be given to Managerial behaviour
towards effective integration of components of internal controls
to ensure adequate and effective internal control system to
address inherent risks both operational and financial within the
organizational risk appetite. However, all those issues which
are reasonably incidental to or consequential upon the attainment
of this objective shall be dealt with and discussed.
1.8 Limitation of the Study
8
The study is carried out in the Ashanti Regional Health
Directorate. The target institutions shall be Ashanti Regional
Health Directorate. Secondary data will be obtained from these
places for further studies and analysis.
In an environment such as ours where information is unduly
restricted and at times unavailable due to poor storage and
record keeping, the ability of the researcher under this
circumstance would be greatly limited since analysis can be made
into the extent of information derived.
This limitation is compounded by the time limit within which to
cover this important aspect of the accounting discipline.
However, the above mentioned limitations would not affect the
quality of information that would be gathered to any marked
degree.
1.9 Organization of the Study
To enhance the orderly and systematic presentation of the ideas,
this research is grouped into five chapters. Chapter one will be
the introduction which explains the background, statement of the
problem, objectives of the study, research questions,
9
justification of the study, scope and limitations of the study.
Chapter two deals with the literature review where theoretical or
conceptual framework and empirical basis of the study is looked
at and it was devoted to a detailed literature review on the
subject area.
Chapter three outlines the methodology which describes the
procedures that will be adopted in conducting the research.
Chapter four presents results of the data gathered about the
subject matter. It comprises the organization, description,
analysis and interpretation of the results obtained, and Chapter
five summarizes the findings of study; and presents the
recommendations and conclusion with suggestions for further
study.
CHAPTER TWO
LITERATURE REVIEW
10
2.0 Introduction
This chapter provides the theoretical and conceptual framework of
the study upon which a firm understanding of effective internal
controls system is established and how the common elements of
internal controls are employed at the Regional Health Directorate
and similar public sector organizations to ensure efficiency and
effectiveness of operations. Relevant literature on internal
controls, common components of internal controls, risk
managements and objective of systems of internal controls are
reviewed.
The corporate objective and environment in which firms operate in
this contemporary business world are continuously changing.
Consequently, the risks that firms are encountering are
constantly evolving too. In order to ensure faster adaptation to
these changes, an effective internal control must necessarily be
reactive to changes. Successful risk management and internal
control therefore depends on regular appraisal of the nature and
extent of risk. (KPMG, 1999).
11
2.1 Internal Control System
Drawing from Statements of Standard Auditing Practices No. 6 (SAP
6) Gupta (2001) defines
Internal control as “the plan of organization and all the methods
and procedures adopted by the management of an entity to assist
in achieving management objectives of ensuring as far as
practicable, the orderly and efficient conduct of its business,
including adherence to management policies, the safeguarding of
assets, prevention and detection of fraud and error, the accuracy
and completeness of accounting records and the timely preparation
of reliable financial information”.
Control is made up of those elements of an organization that in
sum assist people to achieve the objectives of the organization.
Controls are said to be effective as far as they provide
reasonable assurance that the business objectives of the company
would be reliably achieved (KPMG, 1999).
2.1.1 Internal Controls Systems
An internal control system is made up of the policies, processes,
behaviors, tasks and/or activities of a company that collectively
12
help its effective and efficient function by enabling it to react
correctly to material business, operational, financial,
compliance and other risks to achieving the company’s objectives.
It involves the safeguarding of assets from unauthorized usage or
from loss and fraud, and making sure that liabilities are
recognized and managed. In addition it helps in ensuring the
quality of internal and external reporting. (ACCA- Audit and
Assurance Services)
2.1.2 COSO control Framework
The Committee of Sponsoring Organization of the Treadway
Commission (COSO) created the 1992 COSO-control framework with
the aim of providing broadly accepted criteria for establishing,
monitoring, evaluating and reporting on internal control (COSO,
1992). It defines internal control as:”a process, effected by an
entity’s board of directors, management and other personnel,
designed to provide reasonable assurance regarding the
achievement of objectives in the following categories: l)
Effectiveness and efficiency of operations, 2) Reliability of
financial reporting and 3) Compliance with applicable laws and
13
regulations. The COSO definition is seen as the most widely
accepted in practice. This assertion can be seen almost in all
similar conceptual definitions by other relevant groups around
the world (Kinney 2000).
2.1.3 CoCo definition of Internal Control
The Canadian Guidance on Control Board (CoCo) explains internal
control as “all the resources, processes, culture, structure, and
tasks that, taken together, support people in achieving those
objectives”. From a broader perspective, the CoCo definition
overtly mentions internal elements such as “internal reporting”,
“information within the organization”, and “internal policies” as
part of internal control. Whilst definition by The Institute of
Chartered Accountants in England and Wales (ICAEW) lay emphasizes
on the significance of responding to risk by stating that
internal control deals with “behaviors” (Pfister, 2009).
2.1.4 The European Federation of Accountants (FEE)
The European Federation of Accountants (FEE) on the other hand
looks at internal control in relation to governance and sees
14
internal control as going “beyond procedures” to includes
“elements such as corporate culture, systems, structure, policies
and tasks” Notwithstanding these differences in emphasis all the
concepts support that of COSO ( Pfister 2009).
In addition, recognition for the need to update the 1992
guidelines for Internal Control Standards for the Public Sector,
the 17th INCOSAI (Seoul, 2001) accepted that the COSO integrated
framework for internal control should be relied upon. Though the
guidelines also addresses ethical values and provide more
information on the general principles of control activities
related to information processing.
2.1.5 Functions of internal control Systems
According to Flick (2010), internal control system ensures correct
functioning of organizational processes, reliability of financial
information and compliance with relevant regulation. Through
internal controls organizations check fraud and abuse. Generally,
internal controls are used to describe the manner in which
management assures that financial and other objectives of an
Organization are met.
15
2.1.5.1 The INTOSAI framework
The need to emphasis the importance of safeguarding resources in
the public sector needs to be stressed. The resources in the
public sector are mainly made up of public funds and how these
funds are utilized in the interest of the public calls for
special attention (INTOSAI, 2004).
In the public sector the budgetary accounting are mainly on cash
basis and it does not provide enough assurance in respect
acquisition, use and disposition of resources. Consequently,
records on assets are not up to date and therefore susceptible to
misuse. For these reason, safeguarding resources is an important
internal control. The focus and/or objectives of public entities
determine their characteristics; therefore the internal controls
of differing entities should be understood in this context (EIU
Compendium 2012).
The definition that is more relevant to the study is that of
INTOSAI (2004). Internal control is defined as an integral
process that is effected by an entity’s management and personnel
and is designed to address risks and to provide reasonable
16
assurance that in pursuit of the entity’s mission, the following
general objectives are being achieved: (1) executing orderly,
ethical, economical, efficient and effective operations, (2)
fulfilling accountability obligations;
(3) Complying with applicable laws and regulations, and (4)
Safeguarding resources against loss, misuse and damage. From the
perspective of the INTOSAI definition, internal controls are
embedded in the operations of an entity. It is built into the
infrastructure of an entity and form part of its culture.
Control is affected by individuals working across the company,
including the Board of directors, management and personnel. Those
responsible, as individuals or teams, for achieving objectives
are also responsible for the effectiveness of controls that
supports the achievement of set objectives (Pfaff and Ruud 2007).
2.2 Role of Board of Directors in Internal Control
The Board of Directors and/or the governing council of an entity
are responsible for internal controls. As the organ responsible
for internal controls, the Board should formulate and implement
suitable policies on internal controls and ensure that
17
appropriate processes are working effectively to monitor the
risks to which the company is exposed (Verschoor, 1999).
In addition, the board should ensure that the system of internal
controls is effective in mitigating risks within the entity’s
risk appetite. It is therefore necessary that the appropriate
tone is set at the top most level and the seriousness attached to
control responsibilities must be effectively communicated. The
task of establishing and operating and monitoring the internal
control systems will however be delegated to management (KPMG,
1999).
2.3 Categories of internal control
Internal controls related with the management of large firms have
been categorized into two major types (1) strategic controls and
(2) financial controls. Strategic controls involve evaluation of
business-level managers' actions and performance by using
criteria that are strategically relevant in the long term (Hitt
et al, 1996).
The operation and monitoring of the strategic system of internal
control should be undertaken by individuals who collectively
18
possess the necessary skills, technical knowledge, objectivity,
and understanding of the entity and the industries and markets in
which it operates. It also requires a rich information exchange
between corporate and Divisional managers (Hoskisson et al.,
1994).
2.4 Elements of internal control
According to Hayes et al., (2005) the common elements of internal
controls are: (1) Control environment, (2) the entity’s risk
assessment process, (3) the information and communication
systems, (4) control activities and (5) the monitoring of
controls.
2.4.1 Control environment
The control environment is the basic element in an organization
that influences the control awareness of its people. As the basic
element, the control environment is the fundamental component
upon which all other components of internal control system are
built by providing discipline and structure (Whittington and
Pany, 2001).
19
The control environment comprises of factors such as integrity,
ethical values and competence of the entity’s people;
organizational philosophy and operating style; the manner in
which authority and responsibility are assigned by management,
how its people are organized and developed; and the attention and
direction provided by the Board of directors (KPMG, 2009).
2.4.2 The entity’s risk assessment process
This involves identification and evaluation of risks and control
objectives. All entities encounter all sorts of risk from both
their external and internal environment that needs to be properly
assessed. Established objectives that must be linked at various
levels and internally consistent are the prerequisites for
effective risk assessment. Risk assessment involves
identification of significant risks to achievement of established
objectives. It forms the basis for determination of an entity’s
risk management process. Risk assessment is of more importance in
contemporary business environment as a result of constant changes
in economic, industry, regulatory and operating conditions (KPMG,
2009).
20
2.4.3 Control activities
These are the policies and procedures adopted by management to
ensure that directives are carried out as required. Control
activities are enablers that ensure that the required actions are
taken to deal with risks that may hinder the achievement of the
entity’s objectives. Control activities take place at all levels
and functions throughout the organization. It is made up of a
number of activities as diverse as approval, authorizations,
verifications, reconciliations, and reviews of operating
performance, security of assets and segregation of duties (KPMG
October 1999)
2.4.4 Information and communication processes
To ensure that people play their assigned roles effectively and
efficiently the relevant information must be identified recorded
and/or captured and communicated within an appropriate time
frame. The products of information systems are business reports.
These reports often contain operational, financial and
compliance-related information, which aids management to run and
21
control the business. An information system deals with both
internal data and information about external events, activities
and conditions that are essential to business decision making and
external reporting.
Channels of communications are usually depicted in organization
structures. In a broader sense, communication flows down, across
and up the organization. There is also the need to also
communicate effectively with external parties such as customers,
suppliers, regulators and shareholders ((KPMG, 1999).
The information and communication process provide a source of
strategic flexibility. It enhances a firm’s ability to meet
customer’s expectation. Moreover effective information and
communication enhances understanding and flow of work among
employees in the organization as well as among those employees
and their counterparts such as suppliers and other stake holders
(Hitt et al, 2005).
2.4.5 Processes for monitoring the effectiveness of the
system of internal control
22
Internal control systems need to be monitored - a process that
assesses the quality of the system’s performance over time. This
is accomplished through ongoing monitoring activities, separate
evaluations or a combination of the two. Ongoing monitoring
occurs in the course of operations. It includes regular
management and supervisory activities, and other actions
personnel take in performing their duties. The scope and
frequency of separate evaluations will depend primarily on an
assessment of risks and the effectiveness of ongoing monitoring
procedures. Internal control deficiencies should be reported
upstream, with serious matters reported to top management and the
Board (KPMG, 1999).
2.5 Evolution of internal control systems (The Agency Theory)
Agency Theory describes the relationship both economic and
otherwise, within an entity and between the entity and other
parties that have vested interest in the entity. Organizations
are seen as an indispensable structure to maintain a healthy
contract in a relationship between an agent and principal.
23
Moreover, entities make it possible to exercise control which
minimizes opportunistic behavior of agents.
Accordingly, Barlie and Means (1932) put forward that in order to
synchronize the interests of the agent and the Principal, a
detailed contract is written to deal with their interest. In
addition they also stated that the relationship between the
principal and the agent is enhanced if the principal employ an
expert to keep an eye on the agent.
The stand of Barlie and Means (1932) is supported by Coarse
(1937). He argues that the existence of contract gives the
platform for conflict resolution between the agent and principal.
He also suggested that the principal suffers shirking which
denies him or her gains from the work of the agent.
2.5.1 Relevance of agency theory in public organization
From the perspective of the agency theory, managers of public
funds and public servants in general could be seen as agents
whilst the general public is seen as the principal. The public
servants are therefore expected to serve the public interest with
fairness and manage public resources properly. In addition the
24
citizenry should be treated impartially on the basis of legality
and justice. Ensuring public interest is therefore a prerequisite
to, and underpins public trust and is a keystone of good
governance (INTOSAI, 2004).
Moreover, new legal directives assert themselves in the domain of
corporate governance of companies to control management
decisions, define the role of independent committees, improve
principles of corporate governance and set up and control
internal control systems that are really effective in order to
limit failures (Woolf, 1990).
2.5.2 Historical Perspective of Internal Controls
The last 15-20 years, have seen a significant attention on
governance and business perspectives of controls than accounting
and finance orientation of internal control. Origin of the term
internal controls may be traced to the accounting and auditing
discipline (Pfister, 2009).
Traditionally, it was perceived as “accounting control” that are
restricted to the systems that are tested by auditors as part of
gaining assurance as to the reliability of the financial
25
reporting. Consequently, internal control discussions were made
in the context of auditing (Pfister, 2009).
The distinction between recognition and lack of it was found in a
publication entitled Auditing by Lawrence Dicksee in 1905 (Brown,
1962).
Internal controls emerged as a result of reactive evolution.
According to Heir et al. (2005), the emergence of talks,
deliberations, interpretations, definitions and applications of
internal controls was as a result of responses to changes in the
economic conditions of a country as a whole and actions and
responses of firms within the economy.
The series of company failures linked to the Enron and WorldCom
scandals in early 2000 that led to major legislative reactions
such as Sarbanes-Oxley Act of 2002 (SOX), are examples of such
events and reactions (Maijoor, 2000). The restoration of public
confidence in the capital markets by ensuring the reliability of
financial reporting and effectiveness of corporate governance
were reasons for SOX (Ge and McVay, 2005).
The response to these scandals and failures was introduction of
more regulation and mandatory disclosure of internal control
26
aspects and/or to a widening of the interpretation of internal
control in public policy documents (Pfister, 2009).
2.5.3 Viewpoints on Internal Controls
Two viewpoints can be identified from the above historical
perspective; the focused view and the comprehensive view on
internal control. The focused view equates internal controls to
check and balances in systems of accounting whilst the
comprehensive view stresses on holistic approach by looking at
efficiency and effectiveness of operations and adherence to laws,
regulations and internal policies. Dealers in enterprise resource
planning (ERP) systems software have capitalized on this focus on
internal controls by stressing that an outstanding feature of ERP
systems is the integrated controls that reflect a firm’s
infrastructure. These features are often given prominence in
their marketing literature, asserting that these systems will
assist organizations improve the effectiveness of their internal
controls as required by SOX (John J. Morris, 2011).
One of the significant means of dealing with agency theory is
internal controls coupled with financial reporting, budgeting,
27
audit committees, and external audits (Jensen and Payne, 2003).
Studies have established that effective internal control leads to
reduction in agency costs (Barefield et al., 1993). Other writers
have also observed that firms have an economic incentive to
report on internal control, irrespective of SOX requirements
(Deumes and Knechel, 2008).
It is argue that, giving out this additional information about
the agent (management) to the principal (shareholder) leads to
reduction in information asymmetry and lowers investor risk and,
consequently, the cost of equity capital. Many studies have
concluded that there exist a correlation between weaknesses in
internal controls and increased in levels of earnings management
(Chan et al, 2008).
2.6.0 Importance of Internal control
For many years, internal controls had played a significant role
in addressing the agency problem in corporations. A number of
internal control procedures employed by the Baltimore and Ohio
Railroad as early as 1831 had been documented (Samson et al.,
2006).
28
The creation of the Committee of Sponsoring Organizations of the
Treadway Commission (COSO) was as a result of a number of audit
failures in the 1980s. The main objective was to reshape the
orientation of internal controls and standards for determining
the effectiveness of an internal control system (Simmons 1997).
The factors that lead to fraudulent financial reporting were
studied and the appropriate recommendations were developed for
public companies, independent auditors, educational institutions,
the Securities Exchange Commission (SEC), and other regulatory
bodies (COSO, 1985). The outcome of their study is known as the
COSO Internal Control Integrated Framework (Simmons, 1997).
The framework sees controls that are integral part of an entity’s
infrastructure as the most effective. It also acknowledged that
built in controls support quality and empowerment initiatives, it
helps in avoiding unnecessary costs and enables quick response to
changing conditions (COSO, 1992). Consequently, the need for
mechanisms to identify and deal with risks associated with change
coupled with public expectation of healthy risk assessment and
evaluation have led to a corresponding increase in the importance
of internal control procedures.
29
Section 404 of the ACT demands a separate management report on
the entity’s internal control over financial reporting and as
well as a report from a registered public accounting firm
attesting to the existence and effectiveness of the internal
controls.
Internal controls have been categorized into general entity wide
and specific (account level) controls. The expectations are that
internal control weakness associated with general controls will
exist, even if specific controls remain effective as far as
management do away with control features in order to manage
earnings. (John J. Morris, 2011). During audit, it is expected
that audit process would revealed this kind of occurrence. This
concern is specifically raised in auditing standard no. 5,
paragraph 24. This states that “entity-level controls include
controls over management override.” This goes to emphasis the
importance place on general controls.
In the Executive Summary of “Enterprise Risk Management-
Integrated Framework” 2004 by the Committee of Sponsoring
Organizations (COSO, 2004), of the Treadway Commission, Internal
controls have been incorporated into policies, rules and
30
regulations to help organizations achieve their established
objectives.
This is in line with Pany, Gupta and Hayes’ assertion that
internal controls are meant to help an organization achieve its
objectives. The COSO commission was partly instituted in response
to a series of high profile scandals and business failures where
stakeholders (particularly Investors) suffered tremendous losses.
This study however differs in that it is done for an institution
that is not ailing though there are reported incidences of
scandals and financial misfeasance. The end results should
therefore aid the preventive mechanism rather than being
reactionary. Entities exist to provide value to its stakeholders
but are normally face with uncertainty. Uncertainty presents
risks and opportunities.
2.7.0 Conceptual frame work
The objective of the study is based on four key concepts; the
components of internal control (IC), Authority and working
relationship (AWR) and effectiveness of internal controls (EIC)
and Objectives. The interrelated objectives depicted in figure1
31
are made up of (1) executing orderly, ethical, economical,
efficient and effective operations (2) fulfilling accountability
obligations; (3) Complying with applicable laws and regulations
(4) Safeguarding resources against loss, misuse and damage.
FIGURE 2.1: CONCEPTUAL FRAME WORK OF INTERNAL CONTROLS
The main independent variables are made up of: 1) Control
environment 2) Risk assessment 3) Control activities 4)
Information and communication 5) Monitoring & supervision 6)
Information Technology.32
CONTROL ENVIROMENT
RISK ASSESSMNET
CONTROL ACTIVITIESINFORMATION
& COMMUNICATIO
NMONITORING & SUPERVISION
INFORMATION TECHNOLOGY
AUTHORITY
WORKINGRELATIONSHIP
EFFECTIVENESS OF
INTERNAL CONTROL
OBJECTIVE 4
OBJECTIVE 3
OBJECTIVE 2
OBJECTIVE 1
The effectiveness of internal control system is determined by the
existence and proper integration of the independent variables
into the organization’s infrastructure.
The moderating variables; thus authority and working relationship
feeds into the frame work to identify lapses and/or weaknesses in
the manner in which the major independent variables are employed.
There is a direct relationship between the results of the
dependent and the independent variables. The independent factors
are significant to each of the objectives. The minor independent
factors (internal control process) affect the effectiveness of
internal control systems. Notwithstanding the interdependency
among the independent variables, each has an impact on the
effectiveness of internal control systems.
Although there are other means of evaluating effectiveness of
internal controls, the model in Figure 2.1 is used. In this
respect, internal control evaluation is a step toward achieving
the objectives of the study.
33
CHAPTER THREE
METHODOLOGY AND ORGAINSATIONAL PROFILE
3.0.0 Introduction
This Chapter focuses on the methods that were used to collect
data and analyze it. It deals mainly with the research design,
the population that was studied, the sample selection procedures
and sampling techniques used, methods of verifying reliability
and validity of data and methods, as well as issues bothering on
ethics and the limitations of the methodology used and the
conclusions drawn from the methodologies used.
The rationale of this study is to analyze and appraise the
effectiveness of internal control systems in the Public Sector
34
and more specifically, in the Ashanti Regional Health
Directorate. In order to demonstrate the theoretical
understanding to the topic in the study, literature review was
conducted prior to the design of the research. The analyses in
this thesis were from senior management, staff in finance
department, program managers, administrators’ and other
perspective.
3.1.0 Data Sources
In an attempt to achieve the research objectives, data sources
both primary and secondary were gathered through administration
of questionnaires, interviews and documentary analysis.
3.1.1 Primary Data
The primary data provided first-hand information from the
finance, human resource, the clinical and the public health units
on their views and opinions on adequacy and effectiveness of
internal controls operation at the Ashanti Regional Health
Directorate and how they can affect 1) the orderly execution of
operations in an ethical, economical, and efficient manner, 2)
the fulfillment of accountability obligations, 3) complying with
35
applicable laws and regulations and lastly but not the least 4)
safeguarding resources against loss, misuse and damage. It also
provided information on how authority and working relationships
work to ensure the continuous effectiveness of internal control
operations.
3.1.2 Secondary Sources
The secondary sources on the other hand included desktop study of
policy manuals on human resources, accounting systems, internal
audit, procurement and the plan preventive maintenance (PPM) in
addition to financial reports of the institution, internal and
external audit reports, annual review reports, health programs
reports from program focal persons and the strategic plans of the
Ashanti Regional Health Directorate (ARHD).
3.2.0 Research design
A cross sectional survey designs and case study were used for
purposes of examining information, evaluating the internal
control system and analyzing the relationship between the
components of internal control system(IC), Authority and working
36
relationship (AWR), internal control effectiveness (EIC), and
objectives. Survey is an oriented methodology used in
investigating a population by analyzing a selected sample to
discover occurrences. Additionally, correlation and regression
were described as the determination of existence of relationship
or otherwise between two or more variables and extent of the
relationship. A case study is an Intensive descriptive and
holistic analysis of a single entity or a bounded case (Oso and
Onen, 2008).
In order to ensure economy, rapid collection of data and also
enhance ability to understand a population from part.(Oso and
Onen, 2008), a case study was used since RHD was chosen as a
representative of public sector organization where results of the
study can be replicated and applied to other public institutions.
Case study was also chosen because the study focused on the RHD
as representative of other Health Directorates in Ashanti Region.
3.3.0 Population of the Study, Sample and Sampling Techniques
Top and middle level management members were essentially targeted
for this study since they are the Custodians of Internal control.
37
Consequently all unit heads were targeted as respondent, but,
more prominence was giving to members in Finance and Finance
related offices. The aim was to interview at least 90% of the
departmental heads and all staff in finance and accounts related
offices. Both purposive and stratified random samplings were used
for the study. The purposive was used because it allows the use
of judgment to select cases that will best enable you to answer
your question(s) and to meet your objectives (Saunders et al.,
2009). This form of sampling is often used when working with very
small samples such as in case study research and when you wish to
select cases that are particularly informative (Neumann, 2000).
It was used simply because the study was targeting basically
custodians of the internal control systems.
The sample size was arrived at as per the formula in
(Saunders et al., 2009)
n = p% * q% *[Z/e %] ² and n' = n/1+ (n/p)
Where:
n= the minimum sample required
38
P% = the proportion of people belonging to the
specified category
q% = the proportion not belonging to the specified
category
Z = the z value corresponding to the level of
confidence required
℮% = the margin of error required
n' = adjusted sample size
p = the population
The Regional Health Directorate is made up of a population of
2900 Out these every 25 staff belongs to a specified category and
75 do not belong to the specified category. A confidence or risk
level of 90% is selected to ensure certainty and accuracy of the
estimate. The corresponding ‘z’ score is 1.65 and the acceptable
level of precision needed to guarantee the accuracy of the
estimate is±5% (the margin of error that can be tolerated) of the
true value of the population. Substituting all the parameters
where; p=25, q=75, z=1.65, ℮%=±5% in the formula gives;
n = 25 * 75 * [1.65/5]²
n = 1,875 * 0.1089
39
n = 204.1875
The minimum sample size required is 204. However the population
of the Directorate was 2900 as at 2013 therefore n' the adjusted
minimum was giving by:
n' = 204./1+(204/2900)
n' = 204.25 or rounded of to 200.
Stratified sampling and simple random sampling techniques were
applied. The population was first stratified into functional unit
and further into managerial levels within a functional unit
whereas among the junior staff, simple random sampling was used
right away.
3.4.0 Method of Data Collection
Data was gathered using both primary and secondary data
collection techniques. Primary data was gathered basically by
employing structured questionnaires and interviews with “Key
management members and units heads.” Secondary sources on the
other hand was collected through review of available financial
records like Audited Financial Statements, Auditor’s Management
letters, internal auditor’s reports, committee reports and
40
Publications. Besides desktop study of policy manuals on human
resources, accounting systems, internal audit, procurement and
the plan preventive Maintenance (PPM), annual review reports,
health programs reports from program focal persons and the
strategic plans of the Ashanti Regional Health Directorate
(ARHD).
Questionnaires are a data gathering technique in which a number
of issues are responded by respondents in writing (Oso and Onen,
(2008). The reasons for adopting Questionnaires were mainly
because of the time limitation and partly because the research
was dealing with an elite community (respondents). Interview was
the other data collection technique used by the Researcher to
gather additional data and also as a means to probe further into
the responses given in the questionnaires.
3.5.0 Method of Data Analysis
In order to assess the effectiveness of internal controls and its
impact on organizational objectives, primary data in the form of
responses to administered questionnaires and by means of
interviews were subjected to detailed analysis. Data gathered in
41
the questionnaires were both qualitative and quantitative in
nature. The collected data was statistically analyzed with the
aid of an Expert and using Statistical Package for Social
Sciences (SPSS) version 17.5 for easy analysis and interpretation
of results. The data was analyzed using both statistical and
narrative methods. Correlation was used as a way of assessing the
relationship between effective internal controls and objectives.
Narrative analysis was used to explain the qualitative results of
the survey.
3.6.0 Reliability and Validity
The instruments were tested to ensure reliability of values
(Alpha values) in accordance with Cronbatch, (1946)
recommendations for analysis for Alpha values for each variable
under study. Alpha values for each variable under study were
expected to be more than 0.6 for the statements in the
Instruments to be considered reliable (Sekaran 2001).
Accordingly, all the statements under each variable were
subjected to this test and were proven to be not less than 0.6.
The validity of the data collection instruments was done with the
help of an Expert to edit the questionnaire and the Interview
42
guide. The Researcher forwarded the structured Questionnaire to
Supervisor who is an expert in the area covered by the research
for editing and reviewing.
Table 1 Reliability tableConstructs Alpha ValuesControl Environment 0.88Control Activities 0.87Risk Assessment 0.70Information and Communication 0.72Monitoring 0.83
The table above 1 reveals that all the variables have Alpha
Values above 0.6 mark recommended by Sekaran. Therefore all the
variables in the instrument are deemed reliable.
3.7.0 Ethical consideration
Ethical considerations were fulfilled by first seeking
authorization from the top management of the ARHD prior to data
gathering and analysis. Questionnaires were structured in such a
way that personal details of the Interviewee’s were omitted. A
statement as to the strict confidentiality with which data will
be held was expressly stated in the questionnaire. Moreover,
responding or not was optional and was subject to the discretion
of respondents. Besides, the researcher briefed the respondents
43
as to the purpose of the research, their relevance in the
research process, and expectations from them.
3.8.0 Limitations
The Research was limited by the following factors:
Study area: The Regional Health Directorate was use as a case
study; with an assumption that the results can be replicated
and applied to any other public organization. However, the
focus and/or objectives of public entities determine their
characteristics; therefore the internal controls of differing
entities should be understood in this context (EIU Compendium
2012). Some are wholly Government owned, quasi government
organization, some are formed with a profit motive yet others
are not. However, it was not economically feasible or
operationally possible to study all public organizations thus
culminating into the selection of the RHD so as to have an in-
depth understanding of effects of an effective internal
controls system on the objectives of public organizations.
This however does not vitiate the results of the study since
44
almost all public organizations have similar or related
objectives and have the same clientele.
Sample size used: The Researcher used Senior Managers, Heads
of departments and staff in
Finance and Finance related offices yet the Directorate has
other staff, implying that valuable information could have
been left out among the un-sampled staff members. The time
allocated to the study could not permit inclusion of other
staffs who are not directly involved with internal control
systems of the Directorate, even though some of them could
have had very valuable information in the area under study. It
is however presumed that a greater proportion of the un
sampled staff’s ideas were captured through their
representation by the Departmental heads, Management Committee
members and Finance and Accounts staff members, especially
given that the mentioned staff are the custodians of internal
controls or are the ones greatly involved with the Internal
control systems of the Directorate.
3.8.1 Organizational Profile
45
The Ashanti Regional Health Directorate (ARHD) is one the ten
(10) regional health Directorates in Ghana and as a division of
Ghana Health Service (GHS) which is a Public Service body
established under Act 525 of 1996 as required by the 1992
constitution. It is an autonomous Executive Agency responsible
for implementation of regional policies under the control of the
Director General of Ghana Health Services. The ARHD continue to
receive public funds and thus remain within the public sector.
However, its employees will no longer be part of the civil
service, and like all GHS agencies and divisions managers will no
longer be required to follow all civil service rules and
procedures. The independence is designed primarily to ensure
that staffs have a greater degree of managerial flexibility to
carry out their responsibilities, than would have been possible
if they remained wholly within the civil service. The RHD does
not include Komfo Anokye Teaching Hospital, Private and Mission
Hospitals. However, a close collaboration is required to ensure
effective and holistic approach to Health delivery in the Ashanti
Region.
46
3.8.2 Mission and Vision
As one of the critical sectors in the growth and development of
the Ghanaian economy, the mission of the ARHD is to improve the
health status of all people living in Ghana through the
development and promotion of proactive policies for good health
and longevity; the provision of universal access to basic health
services which are affordable and accessible. These services will
be delivered in a humane, efficient, and effective manner by
well-trained, friendly, highly motivated and client oriented
personnel. Whilst the vision of the ARHD is to provide quality
driven, results oriented, client focused and affordable health
service.
3.8.3 Composition of the ARHD
It is made up of the Office of the Regional Director (ORD), the
Regional Health Committees (RHC), Public Health Unit (PHU),
Clinical Care Unit (ICU), Regional Hospital (RH), Regional Health
Services Support Unit (RHSSU), Training Institutions (TI),
District Health Management (DHMT) Teams and Sub Districts Health
Teams (SDHT).
47
The ORD is made up of the health information Unit, the Accounts
and Finance Units, The Internal audit unit and the Training Unit.
PHU is made up of Public Health Nurses, Diseases Control unit,
Health Learning Materials Unit and the Family Planning Units. The
ICU is made up of the Laboratory technician, the pharmacist Unit,
the office of the director of Nursing, specialist and medical
Doctors. The HSSU also comprises of the procurement unit, human
resources Unit, estate and works unit, and the Transport unit.
The PHU is headed by a Deputy Director of Public Health, ICU is
headed by Deputy Director Clinical Care and Deputy Director
Pharmaceuticals, and the HSSU is headed by the Deputy Director
Administration.
3.8.4 Staff strength
The whole staff strength of the RHD as at 2013 was two thousand,
nine hundred (2900)
This is made up of health professionals and other auxiliary
staff.
3.8.5 Source of funding
48
Funding are mainly from internally generated fund (IGF),
Government of Ghana (GOG), and Donor Pool fund.
CHAPTER FOUR
PRESENTATION OF FINDINGS AND ANALYSIS
4.0 Introduction
This chapter presents the findings and the discussion of the
study. The discussion is tailored along finding solutions to the
research questions. It begins with the profile of the respondents
which is made up of staff of the ARHD. The subject of the
discussions was centered mainly on the types of controls in
operations at the ARHD, effectiveness of these internal controls
in operations as well as the challenges associated with the
internal controls in operation at the ARHD.
4.1 Background of Respondents
The background information of respondents was deemed necessary
because the study essentially targeted those who are the
Custodians of Internal control. Besides, the ability of the
respondents to give satisfactory information on the study
49
variables depends largely on their background. The data on
background information of respondents solicited for has been
categorized into gender, education levels, position held, age and
length of service in the organization.
4.1.1 Gender characteristics of respondents
A total of Two Hundred (200) respondents of diverse background
were interviewed. Females constituted fifty (50) representing 25%
of the total respondents whilst male formed one hundred and fifty
(150) representing 75% as depicted in table 1.The findings
represent the views of the two sex groups about the effectiveness
of internal controls in the public sector.
Table 2: Gender characteristics of respondentsGENDER OF RESPONDENT
Frequency Percent Valid Percent Cumulative Percent
ValidMALE 150 75.0 75.0 75.0FEMALE 50 25.0 25.0 100.0Total 200 100.0 100.0
Source: Primary data
4.1.2 Educational background of respondents
50
Details about the education levels of respondents were obtained
and the results are revealed in table 3 below. The statistics
provided in the table and figure below shows that majority of
respondents hold bachelor’s degree, followed by masters,
certificate/diploma, others, and PHD, in the orders of 49.5%,
27%, 20.5%, 2.5% and .5% respectively. This means that the
respondents are adequately qualified persons academically. It was
also gathered from respondents interviewed that 90% of
respondents had their masters whilst they were in active
employment through study leave with pay.
Table 3: Educational Levels of RespondentsEDUCATIONAL LEVELFrequency
Percent(%)
ValidPercent
(%)
CumulativePercent(%)
Valid
PHD 1 0.5 0.5 0.5CERTIFICATE/DIPLOMA 41 20.5 20.5 21.0BACHELOR 99 49.5 49.5 70.5MASTERS 54 27.0 27.0 97.5OTHERS 5 2.5 2.5 100.0Total 200 100.0 100.0
51
Source: Primary datafigure1: Pie chart of educational levels of
respondents
4.1.3 Description of the Positions of respondents
The study sought and obtained details about the positions held by
the respondents in the organization for purposes of understanding
their role in the variables of study. Details of the respondents
and their positions are shown in table 4 below;
Table 4: Position held in the organizationCURRENT POSITION OF RESPONDENT
Frequency
Percent
ValidPercent
CumulativePercent
Valid
UNIT HEAD 41 20.5 20.5 20.5FINANCE AND ACCOUNTS STAFF 101 50.5 50.5 71.0
INTERNAL AUDIT STAFF 24 12.0 12.0 83.0HEALTH ADMINISTRATION AND SUPPORT
STAFF 11 5.5 5.5 88.5
PUBLIC HEALTH STAFF 23 11.5 11.5 100.0Total 200 100.0 100.0
Source: Primary data
The analysis of results in table 3 show that majority of
respondents in this study are Finance and Accounts staff (101)
52
followed by Unit Heads (41), Internal Audit Staff (24), then
Public Health Staff (23), and Health Administration and Support
Staff (11). These represent 50.5%, 20.5%, 12.0%, 11.5%, and 5.5%
respectively. Besides, it was also ascertained that by virtue of
being a unit Head one automatically becomes a member of the
Regional Health Management Team (RHMT) or a member of the
District Health Management Team (DHMT).
However, there is also another group of managers who made up the
core management Team. This includes the Regional Director, all
deputy Directors and key unit’s heads of the organization.
The above description denotes that majority of the respondents in
this study are those directly responsible for or directly
involved in the implementation of the Internal Control Systems.
Consequently, their responses are deemed to be the true
reflection of what actually takes place at the ARHD.
4.1.4 Description of age groups of respondents
The age groupings of the respondents were obtained for purposes
of understanding their level of maturity (age wise) and possibly
53
the experience they possess in their respective positions.
Details of the findings are shown in table 5 below;
Table 5: Age Groups of RespondentsAGE OF RESPONDENT
Frequency
Percent
ValidPercent
CumulativePercent
Valid
18-25YRS 5 2.5 2.6 2.626-35YRS 76 38.0 38.8 41.336-45YRS 75 37.5 38.3 79.646-55YRS 35 17.5 17.9 97.4
ABOVE 56 YRS 5 2.5 2.6 100.0Total 196 98.0 100.0
Missing System 4 2.0
Total 200 100.0Source: Primary data
From the description above it is clearly evident that the
majority of the respondents are in the age bracket of 26-35,
followed by 36-45, 46-55, 18-25, and 56+ in the orders of 38.8%,
38.3%, 17.9%, 2.6% and 2.6% respectively. It can therefore be
concluded that the majority of the respondents are in the most
productive age brackets of their life and are reasonably
experienced (considering that an average Ghanaian starts work at
the age of 23 years).
54
4.1.5 Longevity of service
Data on the number of years that the respondents have served in
the organization was obtained as part of the study and the
findings are presented in table 6 below.
Table 6: Length of Service in the organizationNUMBER OF YEARS IN ORGANISATIONFrequency Percent Valid Percent Cumulative Percent
Valid
1-3YRS 60 30.0 30.6 30.64-6YRS 35 17.5 17.9 48.57-10YRS 11 5.5 5.6 54.1
ABOVE 10YRS 90 45.0 45.9 100.0Total 196 98.0 100.0
Missing System 4 2.0Total 200 100.0 As Source: Primary data
In table 6 above, it can be revealed that majority of respondents
have been in active service for a period above 10yrs (90),
followed by 1-3 years (60), then 4-6 years (35), and lastly, 7-
10years (11). These represent 45%, 30%, 17.9%, and 5.5%
respectively. This could also mean that majority of the
respondents have worked in the Institution for less than 10
years, as per the illustration 1-10 years (106).
55
4.2.0 The types of internal controls in operations at ARHD
The study seeks to identify the types of controls in operations
at the ARHD as part of its objectives. In pursuant of this
objective the research examined and interviewed a number of key
personnel as to whether the organization operates systems of
internal control and as to whether the controls in operations can
be described as comprehensive internal controls which stresses on
holistic approach by looking at efficiency and effectiveness of
operations and adherence to laws, regulations and internal
policies or focused controls which equates controls to check and
balances in systems of accounting.
The respondents seem to agree that ARHD operates a system of
internal control; implementing strategic plans and measuring
actual performance against budgets, stating priorities and
implementing them on an annual basis through the budgeting
process, ensuring policies and procedures are followed in all
financial and operations of the organization, safeguarding assets
through the maintenance of a fixed assets register and updating
it regularly.
56
Additionally, it ensures (1) executing orderly, ethical,
economical, efficient and effective operations, (2) fulfilling
accountability obligations; (3) Complying with applicable laws
and regulations, and (4) Safeguarding resources against loss,
misuse and damage. The respondents also accepted that the type of
internal controls in operation can be described as comprehensive
internal controls.
4.2.1 organizational structure
Details of the descriptive statistics as depicted by the values
of the respective frequencies and percentages of the key
empirical references in respect of types of internal controls in
operations at the ARHD are shown in table 6:4.3.0 below;
Descriptive statistics of types of controls
Table 7a: Frequencies and Percentage of key referencesORGANIZATIONAL STRUCTURE N YES % No % missi
ng%
written policies and procedures 187
180 90.0
7 3.5
13 6.5
Policies and procedures for major Areas ofoperations
181
177 88.5
4 2 19 9.5
Financial & accounting systems 182
170 85 12 6 18 9
Human resource policies & procedures 174
164 82 10 5 26 13
consistency of policies and procedures withstatus
186
174 87 12 6.0
14 7
Integration of controls into policies and 18 173 86 16 8. 11 5.
57
procedures 9 .5 0 5Comprehensive controls 18
5160 80
.025 12
.515 7.
5Focused controls 10
575 37
.530 15
.095 47
.5Executing orderly, ethical, economical,efficient and effective operations
180
150 75.0
30 15.0
20 10.0
Complying with applicable laws and regulations 185
170 85.0
15 7.5
15 7.5
Fulfilling accountability obligations 190
180 90.0
10 5.0
10 5.0
Safeguarding resources against loss, misuse anddamage
175
150 75.0
25 12.5
25 12.5
Source: Primary data
4.3.1 Policies and procedures
The study as reflected in table 7a found that majority
representing 88.5% of respondents agree that the organization has
writing policies and procedures for all major areas that governs
internal and external operations, and in particular, 170 of the
respondents constituting 85% agreed that accounting & financial
management systems are in existence whilst 82% said there are
human resource policies and procedures governing the activities
of the organization. Besides, 87% of respondents agreed that
policies and procedures are consistent with statutory authority
and operations are performed in accordance with status governing
the organization.
58
4.3.2 Integration of controls
As shown in table 6, 173 constituting 86.5% of the respondents
are of the view that controls and control objectives are built
into policies and procedures of the entity. Integrating controls
and control objectives into policies and procedures ensures that
controls permeate all aspects of the entity’s activities.
However, 16 constituting 8% of the respondents thought otherwise.
They were of the view that controls and control objectives are
not built into policies and procedures. However, 11 respondents
making up of 5.5% of the total respondents did not provide any
answer at all. If Controls are embedded in the operations of an
entity it becomes part of its infrastructure and culture. This
assertion is in line with KPMG 2009 argument that internal
controls are most effective when embedded in the operations of an
entity. By building controls into the infrastructure (policies
and procedures) of the entity as agreed to by respondents means
individuals and/or groups responsible for achievement of
objectives are also accountable for control operations and this
increases the likelihood that controls are operated properly.
59
4.3.3 Comprehensive and focused internal controls
185 Out of the population of 200 provided responses as to whether
the controls in operations at the ARHD could be describe as
comprehensive or focused internal controls. Out of the 185
respondents 160 admitted that the controls in operations can be
described as comprehensive internal controls. The remaining 25
respondents representing 12.5% of the 185 respondents said the
internal controls in operations cannot be described as
comprehensive controls. 15 of the respondents however refrained
from giving any answer. Clearly majority of respondents
representing 80% of respondents assented that the controls in
operations at the ARHD is a comprehensive controls. As to whether
the controls in operations could be described as a focused
internal controls, 75 of the respondents said yes, whilst 30 said
no. the remaining 95 refrained from giving any answers. These
represents 37.5%, 15% and 47.5% respectively. The large number of
respondents who refrained from saying yes or no may be attributed
to the fact that majority of them had already assented that
comprehensive internal controls are in operations at the ARHD.
Whilst the 75 that said the control operations are focused were
60
influenced by the fact that focused control is an integral part
of comprehensive controls.
J. Pfister2009 asserts that a comprehensive control is seen as an
all-inclusive approach to internal control which duels much on
effectiveness and efficiency of operation, compliance with laws,
regulations and internal policies. The adoption and operation of
a comprehensive internal control system rhymes well with (Pfaff
and Ruud, 2007 assertion that “Internal control is pervasive
throughout any organization’s primary and secondary activities
and is inherently affected by the way management runs the
business”
4.3.4 Internal control objectives
4.3.5 Executing orderly, ethical, economical, efficient and
effective operations
150 of the respondents constituting 75% said policies and
procedures ensures executing orderly, ethical, economical,
efficient and effective operations whilst 30 of them representing
15% said the policies and procedures do not ensure executing
orderly, ethical, economical, efficient and effective operations
61
and 20 of them abstained from giving any answers. Clearly those
who said No added to those who abstained made up of 25% of the
sampled population for the study. Implying that majority of the
staffs agreed that policies and procedures ensure executing
orderly, ethical, economical, efficient and effective operations.
4.3.6 Complying with applicable laws and regulations
170 of the respondents assented that the policies and procedures
ensures compliance with applicable laws and regulations, 15 of
them dissented and the remaining 15 were not sure. These
represents 85%, 7.5% and 7.5% respectively.
4.3.7 Fulfilling accountability obligations
180 of the respondents said policies and procedures ensures
fulfillment of accountability obligations, 10 of them disagreed
and 10 did not say either Yes or No to the question. These
constitute 90%, 5% and 5% respectively. Clearly those who said No
62
and those who abstained, put together forms the minority. They
constitute 20% of the sampled population for the study.
4.3.8 Safeguarding resources against loss, misuse and damage
Lastly in respect of safeguarding resources against loss, misuse
and damage 150 of the respondent said yes and 25 of them said no,
whilst 25 of them refrained from saying yes or no. clearly those
who affirmed that the policies and procedures ensures
Safeguarding resources against loss, misuse and damage were in
the majority. They constituted 75% of the 200 respondents.
Majority of respondents did consent that the policies and
procedures among others ensures the 1) Executing orderly,
ethical, economical, efficient and effective operations, 2)
Complying with applicable laws and regulations, 3) Fulfilling
accountability obligations and 4) Safeguarding resources against
loss, misuse and damage. This is in consonance with the
perspective of the INTOSAI (2004) on internal controls.
4.4.0 Effectiveness of controls in operations
63
The study sets as one of its objectives to critically examine and
reveal how effective the Internal Controls in operation are. In
table 7b are details of the measures of effectiveness of internal
control under different key statements obtained from the
respondents. The statements have been presented in terms of their
frequency and percentages so as to deduce meaning out of the
results. Therefore, the details of the table are discussed under
sub-headings of the corresponding internal control elements
tested.
Descriptive statistics on elements of Internal Controls
Table 7b: frequency and percentages of statements testedRisk assessment N YES % No % missi
ng %Established objectives in the form ofmission statement
200 195 97.
5 5 2.5
Objectives of key areas in line withmission statement
200 185 92.
5 15 7.5
Measurable performance targets andindicators
185 165 82.
5 20 10.0 15 7.5
Awareness of objectives, targets andindicators
190 120 60.
0 70 35.0 10 5.0
Policies and procedures anticipate,identify and react to risk
190 135 67.
5 55 27.5 10 5.0
Provision of effective direction on riskand control issues
135 115 57.
5 20 10.0 65 32.
5Risk identification and assessment acontinuous process
180 120 60.
0 60 30.0 20 10.
0Integration of risk identification and assessmentinto entity’s operations
135 115 57.
5 20 10.0 65 32.
5The acceptable level of risk is wellunderstood by all
180 90 45.
0 90 45.0 20 10.
0Source: Primary data
64
4.4.1 Risk assessment
4.4.2 Established objectives, related plans and key
performance indicators
Given 195 yes responses in table 7b above, which represents 97.5%
of the respondent’s clearly indicates that respondents agreed
that there exist a mission statement that reflects the general
objectives of the organization. Besides, with a percentage value
of 92.5% respondents affirm that the objectives of key units and
department are in alignment with the organization’s mission
statements. There is also a general acceptance that objectives
and related plans include measurable performance targets and
indicators as expressed in a yes value of 165 constituting 82.5%
of responses in table 7b above. This is consistent with KPMG 2009
processes for review of effectiveness of internal controls which
makes establishment of objectives, linked at different levels and
internally consistent as prerequisite to risk assessment. It
advocates for identification of all the strategic business
objectives which are vital to the success of the organization.
65
4.4.3 Awareness of objectives, targets and indicators
Considering the yes value of 120 which constitute 60% of
respondent shows that objectives have been well communicated and
employees in all areas are fully aware of objectives, targets and
key performance indicators so as to provide effective directions
to employees on risk and control issues. By making the objectives
clear and creating awareness, the likelihood of overlooking key
business risks which threaten the survival of the organization or
could lead to a significant impact on its performance or
reputation will be reduced. However, giving the values of 70 and
10 for No and missing respectively means that a considerable
number of staffs of the ARHD are not aware of stated objectives,
targets and performance indicators. From the interview conducted
it was clear that only the senior managers and head of units
have a clear understanding of set objectives and are aware of
targets and indicators. This was however attributed to inadequate
guidance and processes for setting targets and weak process
indicators.
4.4.4 Risk identification and assessment process
66
The Respondents by the yes value of 135 which constitute 67.5%
said the Directorates policies and procedures are designed to
anticipate, identify and react to risk. It also provides
effective direction on risk and control issues as indicated in
table 7b by the yes frequency value of 115 and percentage value
of 57.5%. Additionally, majority of the respondents as
represented by a percentage value 60% affirmed that risk
identification and assessment is a continuous process in the
organization. This is also in line with KPMG review on internal
control practical guide, 1999. This is of the view that corporate
objective and environment in which firms operate in this
contemporary business world are continuously changing.
Consequently, the risks that firms are encountering are
constantly evolving too and In order to ensure faster adaptation
to these changes, an effective internal control must necessarily
be responsive to changes. Successful risk management and internal
control therefore depends on regular appraisal of the nature and
extent of risk.
67
4.4.5 Integration of risk identification and assessment into
entity’s operations
115 of the respondents representing 57.5% agree that risk
identification and assessment are integrated into the entity’s
operations. Respondents were evenly divided as to whether the
organization risk appetite is well defined and understood by
management and others within the Directorate. As depicted in
table 7b above, 90 of the respondents agree that the acceptable
level of risk is well understood by all whilst 90 disagree.
However, giving a frequency value of 20 of miss outs coupled with
the 90 respondents who dissented clearly indicates that the
acceptable level of risk is not well understood by significant
number of staffs. This implies that the likely hood of
overlooking a significant risk by a significant number of staff
is higher and might compromise the effectiveness of internal
controls. This is even more serious considering that a
significant number of staffs are not aware of objectives, targets
and indicator as reflected in 4.4.3 above.
Table 8: Control environment and control activities
68
Control environment & activities N YES % NO % MISSING %
Are there strategies for dealing withidentified risk
185 135 67.
5 50 25.0 15 7.5
Culture, ethical values risk managementand internal controls
175 145 72.
5 30 15.0 25 12.5
Management actions and policiesdemonstrate their commitment
165 150 75.
0 15 7.5 35 17.5
Authority, responsibility andaccountability clearly defined
175 160 80.
0 15 7.5 25 12.5
Decisions and actions are taken byappropriate people at all times
170 130 65.
0 40 20.0 30 15.0
Staffs are aware of what is expected ofthem and their scope of work
175 160 80.
0 15 7.5 25 12.5
Segregation ensure checks and balances 180 150 75.
0 30 15.0 20 10.0
Source: Primary data
4.5.1 Strategies, culture and ethical values
From table 8 above, with a frequency value of 135 representing
67.5% of the responses, respondents seemed to confirm that the
directorate has a strategy for dealing with identified risk
Additionally, considering frequency values of 145, 30 and 15 for
‘Yes’, ‘No’ and ‘Missing out’ respectively, it is obvious that
respondents are saying that the Organization’s culture, ethical
values, risk management policies and reward systems supports
objectives, and effective operations of internal controls. This
is represented by 72.5%, 15% and 12.5% respectively. However,
there are variation in their responses regarding the
69
organization’s culture, ethical values, policies and reward
systems supporting objectives and effective operations of
internal controls. This is revealed by 15% of respondents who
holds a dissenting view coupled with 12.5% of respondents (shown
in table 8) who were not sure. Upholding ethical values in
management decisions is in line with Cohen et al. (2002) where he
state that “the tone at the top refers to a company’s ethical
values, management’s philosophy and operating style” which are
reflected in the code of conduct or code of ethics.
4.5.2 Management commitment
The frequency and percentage values of 150 and 75% respectively
obtained under Management actions and policies demonstrate their
commitment to the operations of internal controls reflects
respondent’s acceptance that management demonstrate, through its
actions as well as its policies, the necessary commitment to
competence, integrity and fostering a climate of trust within the
organization and effective operations of internal controls. The
assertion by the respondents reinforces the opinion expressed by
70
them under strategies, culture and ethical values above. Although
the frequency and percentage values of 15 and 7.5% representing
respondents who hold a dissenting view is not significant it
still suggests varied responses regarding management’s
commitment. This is pugnacious issue. However, this could also be
construed to imply that respondents might not have clearly
understood the dimensions of commitment in this context. However,
the views of the majority of the respondents on commitment by
management are in consonance with Whittington and Pany’s views on
control environment which sees control environment as setting the
tone of the organization and shapes the control awareness of its
staffs. Besides, the control environment (especially management
philosophy and operating style) is seen as a threshold upon which
all other elements of internal controls are built.
4.5.3 Authority, responsibility and accountability clearlydefined
Giving the values of 160, 15 and 25 representing yes, no and
missing out respectively, indicates respondents affirmation that;
Authority, responsibility and accountability are clearly defined
71
such that decisions are made and actions are taken by the
appropriate people. This is reflected in the frequency values of
130 constituting 80%, of the responses.
Table 9: frequency table on information and communication
Information & communication N YES % NO % MISSING %Management receive progress reports 195 180 90.0 15 7.5 5 2.5Timely, relevant and reliable progress reportsfor decision making 175 125 62.5 50 25.
0 25 12.5
Information needs and related informationsystems re-assessment 165 130 65.0 35 17.
5 35 17.5
Channels of communication 125 120 60.0 5 2.5 75 37.5Source: Primary data
4.6.0 Information and communication
4.6.1 Progress reports
The results as reflected in table 9 show that 180 of respondents
representing 90% of the respondents indicated that management do
received progress reports on the operations of internal control
system. Giving a frequency value of 15, constituting 7.5%
respondents who hold dissenting view and 5 representing 2.5%
respondents who were not sure as shown in table 9 above reveals
72
that very few respondents had a varied opinion about progress
report
This could also mean that besides disagreeing about the progress
report, they could also be in disagreement with the type of
feedback or progress report provided to management. However
majority (constituting 90%) of the respondents agree with
Whittington and Pany (2001)’s requirement for management to
include programs for preparing, verifying and distributing
reports and analyses to various level of management to enable
them maintain control over a variety of activities.
4.6.2 Timely, relevant and reliable progress reports for
decision making
From the table above, 125 out of the total respondents of 175
constituting 62.5% answered yes indicating progress reports
received by management are timely, relevant and reliable for
decision making. Whilst 50 respondents think otherwise represent
25% of responses obtained. Besides, 25 respondents failed to
answer the question to this effect which represents 12.5%.
73
However, the results shows that majority of respondents agreed
with Hayes et al 2005 assertion that to ensure that people play
their assigned roles effectively and efficiently the relevant
information must be identified recorded and/or captured and
communicated within an appropriate time frame.
4.6.3 Information needs and related information systems re-
assessment
From the above table out of total number of 165 respondents, 130
representing 65% agreed that information needs and related
information systems are re-assessed. On the other hand 35
respondents representing 17.5% disagree to the fact that
information needs and related information systems are re-
assessed. Additionally, 35 respondents representing 17.5% were
not sure. The Ghana health service monitoring and evaluation plan
(MEP) that was review as part of this study confirms the
majority’s stand point that information needs and related
information systems are re-assessed. It states “in Ghana almost
all the yearly health sector reviews and aide memoirs have called
for an improvement in the existing health information systems for
74
better decision making”. Consequently the DHIMS software was
developed and successfully deployed in 2008.
4.6.4 Channels of communication
120 out of the 125 respondent agree that there are channels of
communication for reporting breaches of law and improprieties. 5
respondent according to the table responded “NO” to this effect.
However the number of respondents who miss out is rather on the
higher side. They represent 37.5% of the total sample size.
This is in line with Hitt et al, 2005 assertions that
information and communication process provide a source of
strategic flexibility. It enhances a firm’s ability to meet
customer’s expectation. Moreover effective information and
communication enhances understanding and flow of work among
employees in the organization as well as among those employees
and their counterparts such as suppliers and other stake holders.
4.7.0. Monitoring implementation of Internal Control system
In table10, the researcher set out to examine the monitoring,
supervision and the internal audit function as part of monitoring
and supervision component of the internal control system, as a
75
way of examining the effectiveness and functionality of the
internal control system.
The test statements were arranged in terms of their frequency and
percentages as a way of interpreting the results. The details of
the survey in this regards are discussed under the sub headings
of the corresponding statements tested as follows;
Table 10: Monitoring Implementation of Internal ControlMonitoring & supervision N YES % NO % MISSING %Monitoring and supervision processes integralpart of procedures
190 180 87.
5 15 7.5 5 2.5
Continuous monitoring process 50 40 20.0 10 5.0 150 75.
0Monitoring of effective application ofpolicies and related controls
160 140 70.
0 20 10.0 40 20.
0Ability to re-evaluate risk and adjustcontrols
190 175 87.
5 15 7.5 10 5.0
Internal audit unit 180 165 82.
5 15 7.5 20 10.0
Internal audit unit sufficiently staffed 165 130 65.
0 35 17.5 35 17.
5
Conduct of audit inspections 160 125 62.
5 35 17.5 40 20.
0
Internal audit reports produce regularly 180 155 77.
5 25 12.5 20 10.
0Internal audit reports address weaknesses incontrols
165 55 27.
5110
55.0 35 17.
5Source: Primary data
4.7.1 Monitoring and supervision processes integral part of
procedures
76
The perceptions of respondents as shown in the table above
indicates that 180 of the respondents representing 87.5% agree
that monitoring and supervision processes are integral part of
the organizations procedures. Whilst 15 of the respondents
representing 7.5% disagree that monitoring and supervision
processes are integral part of procedures. Additionally with a
frequency value of 40 representing 20% of the 50 responses
obtained for continuous monitoring process the position of the
majority who agree that monitoring and supervision processes are
integral part of procedures is reaffirmed.
However, with a miss out frequency value of 150 representing 75%
of the sample size there is the need to closely focus on the
significant differences in responses as regards monitoring and
supervision being integral part of responses and monitoring and
supervision being a continuous process notwithstanding the fact
that in each case those who hold dissenting views were in the
minority. The finding is in line with KPMG 1999 which asserts
that monitoring and supervision is accomplished through ongoing
monitoring activities, separate evaluations or a combination of
77
the two which should occur in the course of operations and it
should involve management.
4.7.2 Ability to Re-evaluate risk and adjust controls
Out of the 190 responses obtained 175 representing 87.5% of
respondents accepted that the monitoring and evaluation processes
is capable of re-evaluating risk and adjusting controls as
appropriate. This in line with the rationale for the development
and implementation of monitoring and evaluation plan which
provide guidance in the implementation of GHS POW derived from
the HSMTDP to achieve set objectives and targets. Additionally,
M&E plans make allowance for identifying challenges to
implementation for timely and appropriate remedial actions to be
taking (MEP of GHS 2012).
KPMG, 1999 advocate that the scope and frequency of separate
evaluations should depend primarily on an assessment of risks and
the effectiveness of ongoing monitoring procedures. Internal
control deficiencies should be reported upstream, with serious
matters reported to top management and the Board.
78
4.7.3 Existence of internal audit department
From the results in table 10 it is clearly evident respondents
were almost in total agreement as to the existence of the
internal audit function in the Institution. This is reflected by
a frequency value of 165 representing 82.5% of respondents.
However, 7.5% of respondents did not agree and 10% did not
provide any answers to the statements. This is because some
Budget Management Centres (BMCs) are not having a resident
internal auditor as gathered in the interviews conducted with key
management personnel.
Virtually all the writers (reviewed) underscore the importance of
an internal audit department in helping an organization achieve
its objectives. Notable among these are Subramaniam, (2006), Reid
and Ashelby, (2002) and Millichamp (1993) among others. Therefore
the finding is in tandem with literature.
4.7.4 Internal Audit sufficiently staffed
Results of the survey in table 10 show a frequency value of 130
representing 65% of respondents who did not agree that the
internal audit unit is sufficiently staffed; this suggests that
79
respondents don’t believe that the internal audit department is
sufficiently staffed.
4.7.5 Internal audit staff conducts regular internal audit
activities in the Institution
From the results of the survey as reflected by Table 10,
respondents agree as to whether the internal audit staffs conduct
regular internal audit activities. This is revealed by a
frequency and percentage values of 125 and 62.5% respectively.
The frequency of respondents who hold dissenting view is 35
representing 17.5%. From the interviews conducted the 17.5% of
respondents who disagree are mainly from the BMCs without
resident internal auditor as a result of insufficient number of
internal audit staff as reflected in 4.7.4 (internal Audit
Sufficiently staffed). This means that the internal auditor’s
role of examining and evaluating the effectiveness, efficiency
and the economy of the control system as advocated by
Subramaniam, (2006) may be achieved.
4.7.6 Internal audit reports are produced regularly
80
Results of the study in table 10 suggest that staffs accept that
the internal audit produce reports regularly. This is revealed by
a frequency value of 155 representing 77.5% of respondents.
However, 25 respondents representing 12.5% view and 20
representing 10% of respondents are not sure. This suggests that
a few staffs disagree or are not sure internal audit reports are
produced regularly. This could also imply that the staffs might
not be aware of audit reporting schedule since they are submitted
directly to management. The finding are in consonance with
Sebbowa (2009)’s suggestion that internal auditing is a
consulting activity designed to add value and improve an
organization’s operations. This therefore means that Zabihollah
(2001)’s assertion of internal audit procedures ensuring
reliability of financial statements, operational reports,
safeguarding corporate assets and effective organizational
controls may be achieved.
4.7.7 Internal audit report addresses weaknesses in the
internal control system
81
Results of the survey as reflected in table 10 suggest that
Respondents did not agree that the Internal audit reports address
weaknesses in the internal control system. This is revealed by a
frequency value 110 representing 55% of respondents. However, 55
of the respondents agree that the internal audit reports address
weaknesses in controls and 35 representing 17.5% did not provide
any answers. This is probably so because management do not read
and discuss internal audit reports coupled with the absence of a
functional audit implementation committees (ARIC) in the various
BMCs. The reports of both the internal and external audit reports
examined identified weaknesses and provided recommendations as to
how to address identified weaknesses in internal controls.
Besides, most of the reports examined and key personnel
interviewed as part of this study revealed that ARHD does not
have a functional ARIC.
This is at variance with Whittington and Pany (2001)’s suggestion
that “internal auditing is performed as part of the monitoring
activity of an organization”. Action being taken to address
weaknesses in the system is an indication of the commitment to
system by management as recommended by Sarbanes-Oxley Act of 2002
82
(SOX). This is the commitment referred to by Whittington and Pany
(2001)
4.8.0 Challenges in the internal control systems at the ARHD
This section answers objective three of the study. The challenges
in the internal control systems at the Ashanti Regional Health
Directorate was examined by analyzing data collected under
dimensions of control challenges and computing for the frequency
and percentages of the responses to the statements categorized
under implementation challenges, controls override, influences on
decision by influential individuals and budgetary allocation
among others. Details of these analyses are shown in tables
11below;
Table 11: Challenges in the internal control systems at the
ARHD
IMPLEMENTATION CHALLENGES OF CONTROLS
Frequency Percent ValidPercent Cumulative Percent
ValidYES 130 65.0 81.3 81.3NO 30 15.0 18.8 100.0
Total 160 80.0 100.0Missing System 40 20.0 100
Total 200 100.0
83
Source: Primary data
4.8.1 Implementation challenges of controls
As shown in table 11 above, 130 constituting 65% of respondents
accepted that there are challenges with the implementation of
controls. However, 30 said there are no challenges to control
implementation and 20 were not sure as to whether there are
challenges to controls implementation or not. These represent 15%
and 20% respectively. Majority of the respondents during the
interview with key personnel cited a number of challenges of
internal controls implementation. These have been categorized
into 1) Workforce gaps, 2) Resources management gap and 3)
Leadership & governance gaps.
4.8.1.1 Workforce gaps
Under work gaps, inadequate understanding of monitoring and
evaluation procedures and process, lack of capacity to conduct
organizational wide monitoring and evaluation activities and
inadequate workforce especially in the sub-districts are cited as
major challenges of internal controls implementation.
4.8.1.2 Resources management gap
84
Inadequate guidance and processes for setting targets and weak
process indicators, lack of standard operating procedures
documented for data management and inadequate linkage between
input, output and outcomes within sector and/or programme budgets
are the identified challenges of internal control implementation
under resources management gap
4.8.1.3 Leadership & governance gaps
Monitoring and evaluation not given the needed attention at all
levels coupled with monitoring and evaluation not included in
planning at all level and lack of a platform to link service
parameters to governance parameters were also identified as
internal controls implementation challenges.
4.8.2 Controls override
As shown in table 12 below, 100 of the respondents constituting
50% said that there have not been any instances where controls
had to be overridden. However, 75 of the respondents accepted
that there have been some instances where controls had to be
overridden and 25 of them were not sure. These represent 37.5%
85
and 12.5% respectively. The variation in the responses analyzed
in the table above is quite close.
Considering valid responses of 175 the difference between those
who gave “No” responses and those who gave “Yes” responses was 25
with a percentage value 12.5% which is not significant. It might
be that majority of staff are not aware of the occurrence of such
instances but rather a few key personnel are aware. The results
is in line with John J. Morris 2011 expectations that internal
control weakness associated with general controls will exist,
even if specific controls remain effective as far as management
do away with control features in order to manage earnings.
However, it is expected that audit process would revealed this
kind of occurrence. This concern is specifically raised in
auditing standard no. 5, paragraph 24. This states that “entity-
level controls include controls over management override.” This
goes to emphasis the importance place on general controls.
Table 12: Controls override
86
CONTROLS OVERRIDEFrequency Percent Valid Percent Cumulative Percent
ValidYES 75 37.5 42.9 42.9NO 100 50.0 57.1 100.0
Total 175 87.5 100.0Missing System 25 12.5Total 200 100.0
Source: primary data
4.8.3 Challenges associated with internal controls in
operations
In order to examine the challenges associated with internal
control operations at the ARHD, test statements were equally
ranked in terms of their mean and standard deviation as a way of
interpreting the results. The details of the survey in this
regards are discussed under the sub- headings of the
corresponding statements tested as follows;
Table 13: Challenges associated with internal controls in
operations at the ARHD
NMin Max
Mean
Std.Deviation
Influence on actions and decisions 160
1 5 2.69
1.314
Budgetary allocation 160
1 5 2.53
1.149
Existing controls can be 15 1 5 3.1 1.07387
circumvented 5 3A change in economics and governmentadversely affects controls inoperations
155
1 5 3.13
1.073
Source Primary Data
4.8.4 Influence on actions and decisions by influential
individuals
Results of the survey in table13 show a mean of 2.69 which is
below the average; this suggests that respondents are not sure
that both the internal and external influential individuals can
influence actions and decision. However, a standard deviation of
1.314 suggests a significant variation in the responses generated
by the analysis. This suggests that the influence on actions and
decisions by influential individuals may not be possible.
Contrary to this, the monitoring and evaluation plan of Ghana
Health Service 2012 cited political influence and governments
priorities as part of the challenges to effective monitoring and
evaluation. From the interview conducted it was gathered that the
government as major stakeholder is not considered as an
88
influential individual within or outside the organization by
greater number of respondents.
4.8.5 Circumventing existing controls
Giving a mean value of 3.13 in the table indicates that
respondents marginally agree that the existing controls can be
circumvented through collusion. However, a significant standard
deviation figure of 1.073 reveals varied responses from the
respondents. This implies that they have different opinions as
regard circumventing controls through collusion.
Control can help minimize the occurrence of errors and breakdowns
but cannot provide absolute assurance that they will not occur.
Human imperfection and the risk of unexpected happenings are
inherent limitations in any system of internal control.
4.8.6 Adequate budgetary allocation for monitoring and
supervision
A result of the survey in table13 shows a mean of 2.53 which is
below the average; indicating that respondents do not believe
that the budgetary allocation for monitoring and supervision is
adequate. However, a standard deviation of 1.149 suggests varied
89
responses as to whether budgetary allocations to monitoring and
supervision are adequate. This was however confirmed by majority
of staff interviewed.
4.8.7 Adverse effects of changes in economics and government
Results of the survey in table 13 show a mean of 3.13 which is
above the average; indicating that respondents do believe that a
change in economics and government adversely affects controls in
operations. However, a significant standard deviation figure of
1.073 reveals varied responses from the respondents. This implies
that they have different opinions regarding how adversely a
change in economic and government affects controls in operations.
The MEP of GHS 2012 also identifies Political influence and
government’s priorities, Global economic instability and Donor
driven parallel to Monitoring and Evaluation systems as some of
the challenges associated with changes in Economic and
Government.
90
CHAPTER FIVE
5.0.0 SUMMARY OF FINDINGS, CONCLUSION AND RECOMMENDATION
5.1.0 Introduction
This chapter presents summaries of the study findings as per the
study objectives, conclusions based on those findings and
recommendations which are based on both the study findings and
other relevant literature considered necessary and vital to be
used in future to improve the study situation.
5.2.0 Summary of findings
91
This part presents the summarized results and interpretation
(findings) based on the study objectives as established at the
beginning of the study.
5.2.1 Types of internal controls
The study established that there exist writing policies and
procedures for all major areas that govern internal and external
operations and that controls and controls objectives are embedded
in the policies and procedures. This ensures that controls
permeate all aspects of the entity’s activities. The study also
found out that 80% of the respondents believe that the internal
controls in operations are comprehensive internal controls. This
is seen as an all-inclusive approach to internal control which
duels much on effectiveness and efficiency of operation,
compliance with laws, regulations and internal policies. By
building controls into the infrastructure (policies and
procedures) of the entity as agreed to by 86.5% of respondents
means individuals and/or groups responsible for achievement of
objectives are also accountable for control operations and this
increases the likelihood that controls are properly operated.
92
5.2.2 Effectiveness of internal controls in operation
From 5.2.1 above it is clear that internal controls are
functional and effective. This is because, internal controls are
most effective when they are embedded in the operations of an
entity and become part of its infrastructure and culture.
However, continuous functionality and effectiveness of internal
controls depends mostly on how elements of controls are deployed.
5.2.2.1 Risk assessment
It was established that there exist a mission statement that
reflects the general objectives of the organization and related
plans include measurable performance targets and indicators.
Besides, the objectives are linked at different levels and are
internally consistent. These are prerequisite for effective risk
assessment and vital for internal control effectiveness.
Objectives are well communicated and employees in all areas are
fully aware of it so as to provide effective directions to
employees on risk and control issues. Therefore the likelihood of
overlooking key business risks which threaten the survival of the
93
organization or could lead to a significant impact on its
performance or reputation are reduced. However acceptable level
of risk was found not to be well defined and understood by half
of the respondents.
5.2.2.2 Control environment and control activities
There are strategies for dealing with identified risks as
indicated by 67.5% of respondents. Organization’s culture,
ethical values, risk management policies and reward systems
supports objectives, and effective operations of internal
controls. According to Cohen et al. (2002) “the tone at the top
refers to a company’s ethical values, management’s philosophy and
operating style” which are reflected in the code of conduct or
code of ethics. This sets the tone of the organization and shapes
the control awareness of its staffs and it is seen as a threshold
upon which all other elements of internal controls are built.
Management also demonstrates their commitment to effective
operations of internal controls through its actions and policies.
5.2.2.3 Information and communication
94
Timely, relevant and reliable progress reports are produced for
decision making, the reports contain operational, financial and
compliance-related information, which aids management to run and
control the business and also ensure that people play their
assigned roles effectively and efficiently. Information needs and
related information systems are re-assessed. Consequently the
DHIMS software was developed and successfully deployed in 2008
for better decision making,
Information and communication processes provide a source of
strategic flexibility. It enhances a firm’s ability to meet
customer’s expectation, understanding and flow of work among
employees in the organization as well as among those employees
and their counterparts such as suppliers and other stake holders.
5.2.2.4 Monitoring implementation of Internal Control system
Monitoring and supervision processes are integral part of the
organizations procedures. The finding is in line with KPMG 1999
assertions that monitoring and supervision is accomplished
through ongoing monitoring activities and it occurs in the course
of operations and it includes regular management and supervisory
95
activities, and other actions personnel take in performing their
duties.
The existence of internal audit function in the organization as
reflected in the 82.5% of the responses implies that internal
auditor’s role of examining and evaluating the effectiveness,
efficiency and the economy of the control system as advocated by
Subramaniam, (2006) may be achieved.it is also expected it will
ensure reliability of financial statements, operational reports,
safeguarding corporate assets and effective organizational
controls
However, the study found out that the internal audit department
is under staffed. Besides, 55% of the respondents believe that
internal audit reports do not address weaknesses. But it was
established during interview and review of audit reports and
related documents that this was due to the absence of ARIC.
Besides, management does not discuss audit reports. This is at
variance with Whittington and Pany (2001)’s suggestion that
“internal auditing is performed as part of the monitoring
activity of an organization”.
96
5.2.3 Challenges associated with internal controls in
operation
65% of respondents accepted that there are challenges with the
implementation of controls. These includes inadequate work force
with capacity to understand monitoring and evaluation procedures
and process to conduct organizational wide monitoring and
evaluation activities.
No standard operating procedures documented for data management
and inadequate linkage between input, output and outcomes within
sector/programme budget.
5.2.3.1 Controls override
Though 50% of respondents said there have not been any instances
where controls had to be overridden, the number of staffs who
believed that control override occurs is significant. According
to John J. Morris 2011 expectations are that internal control
weakness associated with general controls will exist, even if
specific controls remain effective as far as management do away
with control features in order to manage earnings. However, it is
97
expected that audit process would revealed this kind of
occurrence.
5.2.3.2 Influence on actions and decisions by influential
individuals
The MEP of GHS 2012 cited political influence and governments
priorities as part of the challenges to effective monitoring and
evaluation. With a mean value of 3.13 it is established that
existing controls can be circumvented through collusion. Besides,
inadequate budgetary allocation for monitoring and supervision
government’s priorities, Global economic instability coupled with
Human imperfection and the risk of unexpected happenings are
inherent limitations in any system of internal control.
5.3 Recommendations
5.3.1 Types of controls in operation
Although the number of respondents who do not agree that the
exiting controls are meant to ensure (1) executing orderly,
ethical, economical, efficient and effective operations (2)
98
fulfilling accountability obligations; (3) Complying with
applicable laws and regulations (4) Safeguarding resources
against loss, misuse and damage are insignificant, it is
imperative to ensure that each and every staff is fully aware of
control objectives if individuals and /or groups who are
accountable for achievement of objectives are to be held
responsible for effectiveness of internal controls.
5.3.2 Effectiveness of controls in operations
5.3.2.1 Awareness of objectives, targets and indicators
The study recommends that adequate guidance and processes for
setting targets should be provided and processes indicators
should also be strengthened. This is to reduce the likelihood
that of overlooking key business risk are reduced
5.3.2.2 Acceptable level of Risk
The study recommends that the risk appetite should be well
defined to ensure that each member of staff understood the
99
acceptable level of risk to the organization and their level of
scope of activities is respect risk management and internal
controls issues.
5.3.2.3 Internal audit sufficiently staffed
Since it was evident in the study, that the staffing level in the
internal audit department is not adequate to cover the entire
organization set up, and there are challenges with workforce, the
study recommends competence profiling which should be based on
what the ARHD expects the internal audit to do and what
appropriate number staff would be required to do the job.
5.3.2.4 Functionality of ARIC
The study also recommends that to ensure effective independence
monitoring, evaluation and assessment of effectiveness of
internal controls systems, the ARIC should be functional. This
will ensure discussion of internal audit report and
implementation of recommendations that addresses identified
weaknesses.
100
5.3.3 Challenges in internal control systems
5.3.3.1 Control override
Additionally, the internal audit unit should plan the audit
process in a way that would reveal the occurrence of control
override. This concern is specifically raised in auditing
standard no. 5, paragraph 24. This states that “entity-level
controls include controls over management override.” This goes to
emphasis the importance place on general controls.
5.3.3.2 Workforce and resource management’s gaps
To address the challenges identified in the study coupled with
the fact that internal controls, are undertaking by individuals
who collectively possess the requisite skills, technical knowhow,
objectivity, and understanding of the entity and the environment
in which it operates, the study recommends capacity building
training workshops for staffs.
5.3.4 Suggestions for further studies
101
Finally, the study Suggest further research works in; 1) the
influence of ICT on the effectiveness on internal control system,
and 2) the effect of cultural and behavioral factors on public
sector internal controls (PIC)
5.4. Conclusions
Notwithstanding, the challenges associated with the internal
controls in operations, especially workforce gaps, resources
management gaps and leadership, governance gaps and adverse
effects of changes in economic and government, It is concluded
that the organization has an effective internal control system as
supported by the study findings. However it is imperative to note
that the controls of public sector organizations cannot be
separated from the changing situation in which they take place’.
Consequently, importance should be placed on control environment
and risk assessment components of internal controls.
Public Internal Control has become an integral and vital part of
a modern governance system. However, it should be underlined
again that there are many differences between public sector
organizations in terms of ‘why, when and how’ Public Internal102
Controls are carried out in the public sector as stated among the
limitations of the study.
REFERENCES1. Stock M. (1999) ‘’the KPMG Review: ’’ Internal Control a
Practical Guide
103
2. Pfister J.A (2009) ‘’Managing organizational culture for
effective internal controls’’ contribution to management
science
3. Treadway Commission (1994), “Internal Control–IntegratedFramework,”
4. Sarens G., De Visscher C. and Van Gils D (2010), “Risk Management and Internal Control in the Public Sector”, An In-Depth Analysis of Belgian Social Security Public Institutions, http://www.docufin.fgov.be/intersalgnl/thema/publicaties/documenta/2010/
5. INTOSAI (2004), “Guidelines for Internal Control Standardsfor the Public Sector”, International Organisation ofSupreme Audit Institutions.
6. EIU Compendium (2012) “Compendium of the public internalcontrol systems in EU member states”
7. ACCA (2009/2010) “Advanced Audit and Assurance” KaplanPublishing ACCA- Audit and Assurance Services Text book
8. Adams, M. B. (1994), “Agency theory and the internal audit”,Managerial Auditing Journal.
9. Anderson, D., Francis, J. R. and Stokes, D. J. (1993),“Auditing, directorships and the demand for Monitoring”:Journal of Accounting and Public Policy.
104
10.Sebbowa Bamweyana B.K. (2009), the role of internal auditfunction in organizations
11. Boakye-Bonsu, V, (1997). “Developing internal AuditApproach”, Vol. 5, No. 6,
12. Brennan, N. M., and J. Soloman (2008). “Corporategovernance, accountability and mechanisms ofaccountability”: An overview. Accounting, Auditing &Accountability Journal
13. Committee of Sponsoring Organizations (COSO) (1985),“Organization background information” http://www.coso.org/.
14. Curtis C. Verschoor (1999) “Corporate Performance isClosely Linked to a Strong Ethical Commitment”
15. DeAngelo, L. (1981), “ Auditor size and audit quality”,Journal of Accounting and Economics, Vol. 3
16. Dittenhofer, M. (2001). Internal Auditing
Effectiveness. Vol. 16, No.10, 74
17. Ettredge, M. L., Sun L., and Li C.. (2006). “The impactof SOX Section 404 internal control quality assessment onaudit delay in the SOX era”. Auditing: A Journal of Practice& Theory
105
18.Garcia, B.M. A. (2004). Audit Reports on Financial Statements PreparedAccounting to IASB Standards. Vol. 8.
19. Gerrit S and Mohammad J. A (2010), “Monitoring Effectsof the Internal Audit Function”: Agency Theory versus otherExplanatory Variables. International Journal of Auditing.Blackwell Publishing Ltd
20. Jensen, M. C. and Meckling,W. H. (1976), Theory of thefirm: managerial behaviour, agency costs, and ownershipstructure’, Journal of Financial Economics.
21.John J. Morris (.2011), “The Impact of Enterprise ResourcePlanning (ERP) Systems on the Effectiveness of InternalControls over Financial Reporting”
22. Kochan, A. (1993). “Internal Evaluation”: TQM Magazine.Vol. 5.
23.Krishnan, J. (2005). “Audit committee quality and internalcontrol”: An empirical analysis. The Accounting Review
24. Hitt M.A et al (1996). “The Market for CorporateControl and Firm Innovation”
25. Millichamp, A.H. (1993). Auditing (6th ed.)
26.Whittington O.R and Pany K. (2001). “Principles of Auditingand Other Assurance Services”.
106
27. Ogneva, M, Subramanyam K.R, and Raghunandan K. 2007.“Internal control weakness and cost of equity”: Evidencefrom SOX Section 404 disclosures. The Accounting Review
28. Reid, K. & Ashelby, D. (2002). The Swansea InternalQuality Audit Processes Quality Assurance in Education. Vol.10,
29. Pearson Education Limited. SAP. (2005). “EnterpriseGovernance and Sarbanes-Oxley Compliance” Available at:http://www.sap.com/usa/solutions/business
30.Stephen Emasu (2007) public financial management – Concepts
& Practices
31. Watts, H. (1999). “A Conceptual Framework to FinancialReports and Internal Audits”. Vol. 20, Pp. 753-778.
107
QUESTIONNAIREDear Respondent, My name is Justice Ali Afful. I am currently
carrying out a study for the purpose of writing a dissertation as
a requirement for the award of Master of Business Administration
of Kwame Nkrumah University of Science and Technology (KNUST).
The topic of study is EFFECTIVENESS OF INTERNAL CONTROL SYSTEMS
IN THE PUBLIC SECTOR. You have been selected to participate in
this study due to the importance of your information in the
study. The information you provide will only be used for the
purpose of this study and will be treated with utmost
confidentiality. Please feel free and answer all the questions
truthfully.
SECTION A
RESPONDENT’S BACKGROUND
1. Gender (Please tick appropriately)
Male
108
Female
2. What is your highest level of education?
Certificate/Diploma
Bachelor
Masters
PhD
Other (PLEASE Specify)…………………………………………………………………...
3. What position do you currently hold in the
Organization/Institution that you work for?
Management Committee member
Unit head or head of BMC
Finance and Accounts staff
Internal audit staff
Health administration and support service
Public health staff
109
Clinical care
4. In what age bracket do you fall? (Circle where appropriate)
18-25
26-35
36-45
46-55
56+
5. For how long have you served in your organization/Institution?
1-3 years
4-6 years
7-10 years
10+ years
1. TYPES OF INTERNAL CONTROLS IN OPERATIONS AT ARHDORGANIZATIONAL STRUCTURE Ye
sNo
1) Do you have written policies and procedures?
2) If yes, do they include: Ye
s
No
110
a. Policies and procedures for major areas of
operations?
b. Financial and accounting systems?
c. Human resources policies and procedures?
3) Are policies and procedures consistent with
statutory Authority?
4) Are controls and control objective integrated into
policies and procedures?
5) If yes, what types of internal controls are in
operations?
Ye
s
No
a. Comprehensive controls (coordinated controls covering
all activities)
b. Focused controls (only financial and accounting
systems)
6) Does it ensures the following: Ye
s
No
a. Executing orderly, ethical, economical,
efficient and effective operations?
b. Complying with applicable laws and regulations?
c. Fulfilling accountability obligations?
111
d. Safeguarding resources against loss, misuse and
damage?
2. EFFECTIVENESS OF THE INTERNAL CONTROLS AT THE ARHD
RISK ASSESSMENT Yes No1. Do you have established objectives in a form of
mission statement? 2. If yes, are objectives of key areas in line with
mission statement?3. Do Objectives and related plans include measurable
performance targets and indicators?4. Are employees fully aware of objectives, targets
and indicators?5. Do Policies and procedures anticipate, identify and
react to risks?6. If yes, do they provide effective direction on risk
and control issues? 7. Is risk identification and assessment a continuous
process?8. If yes, is it embedded in the operations of the
entity?9. Is the acceptable level of risk well understood by
all?CONTROL ENVIRONMENT AND CONTROL ACTIVITIES Yes No
10. Are there Strategies for dealing withidentified risks?
112
11. Do Organization’s culture and ethical valuessupports risk management and internal controls?
12. Do Management actions and policies demonstratetheir Commitment to competence & integrity?
13. Is Authority, responsibility andaccountability clearly defined?
14. If yes, are decisions and actions taken by theappropriate people at all times?
15. If yes, are staffs aware of what is expectedof them and their scope of work?
16. If yes, does it ensure checks and balances?INFORMATION AND COMMUNICATION Ye
s No
17. Do management received Progress reports? 18. If yes, is it timely, relevant and reliable
for decision making?19. Are information needs and related information
systems reassessed? 20. Are there Channels of communication for
reporting breaches of law and improprieties? Monitoring and Supervision Yes No
21. Is monitoring and supervision processesintegral part of procedures?
22. If yes, is it a continuous process?23. Does monitoring process ensure effective
application of policies and related controls?24. Does the process monitor the ability to re-
valuate risk and adjust controls?25. Do you have an internal audit unit?26. If yes, is it sufficiently staffed?27. Does the unit conduct regular audit
inspections?28. If yes, does the unit produce reports
regularly?29. Do the reports address weaknesses in controls?
113
CHALLENGES IN THE INTERNAL CONTROL SYSTEMS AT THE ARHD30. Have there been instances where controls had to be
override? Yes No
31 Do you have challenges with implementation of controls? Yes No
32 If yes what are these
challenges?......................................................
...................................
……………………………………………………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………………………………………………………
Please rank the following statements on Likert scale ranging from
strongly disagrees to strongly agree. Where;1= strongly disagree,
2= disagree, 3= not sure, 4= agree, 5= strongly agree
1
2 3 4 5
33. Influential individuals both within andoutside can influence actions and decisions.
34. Budgetary allocation for monitoring and
supervision is adequate35. Existing controls can be circumvented
114
through collusion36. Changes in economics and government
adversely affects controls in operations
SECTION C:
Interview GuideEffectiveness of internal controls in the public sector a case ofRegional Health Directorate Interview Guide:Dear Respondent:
My name is Afful Ali Justice. I am currently carrying out a study
for the purpose of writing a dissertation as a requirement for
the award of Master of Business Administration of Kwame Nkrumah
University of Science and Technology (KNUST). You have been
selected to participate in this study as a staff of the RHD. The
information you provide will only be used for the purpose of this
study and will be treated with utmost confidentiality. Kindly
help me generate solutions to the following Questions:
1. What is your position in the Institution?
115
2. What management level do you occupy by virtue of your position
in the organization?
3. In your opinion, does the Institution operate systems of
internal controls? If so, how does your role supports it?
4. Are the systems of internal controls referred to in 3 above
functioning as they are intended to?
5. Has there been an occasion that the controls have to be over
looked by management?
6. Does the organization have an internal audit department?
7. Does your organization have functional Audit implementation
committee (ARIC)?
8. What is the composition of the membership of the ARIC?
9. Do you have challenges in the operations of the controls?
10. If so, what are the main challenges with operations of the
internal controls?
11. In your opinion, do you think your controls are effective
notwithstanding the challenges?
116
Related Documents
