Internal Audit Procedures and Problems in a Banking Institution
REVIEW OF RELATED LITERATURE
This chapter is detailed with the review of the relevant and related literature in comparison with the study. The literature is gathered from different sources such as books, reports and electronic sources.
2.1 Theoretical Literature
2.1.1 Banking Institutions Financial Performance
A commercial bank is every type of bank that provides services such as accepting deposits, making business loans, and offering basic investment products (Beyanga, 2011).
They are many aspects of the financial performance of commercial banks that can be analysed. Muga (2012) stated that the importance of bank performance can be appraised at the micro and macro levels of the economy. At micro level, profit is the essential prerequisite of a competitive commercial banking institution and the cheapest source of funds. It is not merely a result, but also a necessity for successful banking in a period of growing competition on financial markets. Hence the basic aim of every bank management is to maximize profit, as an essential requirement for conducting business. At the macro level, a sound and profitable banking sector is better able to withstand negative shocks and contribute to the stability of financial system.
Commercial bank profits provide an important source of equity especially if re-invested into the business. This should lead to safe banks, and as such high profits could promote financial stability.
Schiuma (2003) mentioned accounting-based performance using the three indicators: Return on Assets (ROA), Return on Total Equity (ROE) and Return on Investment (ROI). These are widely used to assess the performance of firms including banking institutions. Bank regulators and analysts have used ROA and ROE to assess industry performance and forecast trends in market structure. The main purpose of this study is to examine if internal audit can actually enhance growth of banking institutions.
2.1.2 Internal Audit
According to Robertson (1976), internal audit may be defined in several ways depending upon what purpose is to be served. Pickett (1976) stated that “internal audit is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.
It helps an organization accomplish its objectives by a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes”. This definition actually seeks to demonstrate the depth and breadth of the internal audit activity within an institution as against the previous orientation of reviewing payment transactions over the years.
Internal audit is an objective and independent appraisal service within an organization on risk management, control and governance by measuring and evaluating their effectiveness in achieving the organization’s agreed objectives. In addition, internal audit’s findings are beneficial to the Board of Directors and line management in the audited areas. The service applies the professional skills of internal audit through systematic and disciplined evaluation of the policies, procedures and operations that management put in place to ensure the achievement in the organization’s objectives, and through recommendations for improvement (Dumitrescu, 2004).
The Board of Directors of the Institute of Internal Auditors in June 1999 described internal audit as an independent, material and consultancy activity which adds value and improves the functioning of an organization. It helps the organization achieve its aims by means of a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control and management process.
Internal audit has several aims and principles which bears final responsibility that the bank’s management applies an appropriate and effective system of internal audit, a system of evaluating banking activity risk and risks concerning bank capital, appropriate methods of monitoring compliance with laws measures and internal procedures. Likewise, the bank’s management is responsible for drawing up procedures which identify measure, monitor and control the risks that the bank faces. Internal audit is a part of the repetitive monitoring of the internal control systems of the bank and its procedures for evaluating internal capital. As such, it assists management and the board of directors in the effective performance of their responsibility as outlined above (Gramling, 1977). Although the need for objectivity and impartiality is of particular importance for the internal audit department in a commercial banking institution, this does not exclude the possibility that this department, too, may contribute to advisory and consultancy activity, if the independence of analyses and evaluations is ensured.
Some banking institutions have also introduced a system of evaluating their activities, which does not replace, but supplements the function of the commercial bank’s internal audit. This is a formal and documented process whereby management and employees analyse their activities and evaluate the effectiveness of the related internal control procedures (Hawkes, 1994).
2.1.3 Internal Audit and Organization Financial Performance
Most internal audit professionals argue that an effective internal audit function correlates with improved organization financial performance. According to Beyanga (2011), an effective internal audit service can, in particular, help reduce overhead, identify ways to improve efficiency and maximize exposure to possible losses from inadequately safeguarded company assets all of which can have a significant effect on the growth of an organization.
He also stated that internal audit is an invaluable tool of management for improving financial performance. Fadzil et al (2005) also noted that internal auditors help run a company more efficiently and effectively to increase shareholders value. Finally Hermanson and Rittenberg (2005) argued that the existence of an effective internal audit function is associated with superior organizational financial performance.
2.1.4 Independence of Internal Audit
According to Cai Chun (1997) independence is the essence of auditing. An internal auditor must be independent of both the personnel and operational activities of an organization. Otherwise, the integrity of the auditor‘s opinions, conclusions and recommendations would be suspect. So, independence is necessary for the effective achievement of the function and objective of internal audit. This independence is obtained mainly from two characteristics; organizational status and objectivity.
Mgr Lon Bogdan Dumitrescu, (2004) in his article of internal audit in banking organizations acknowledges that every bank should have an internal audit department on which with regard to the volume and nature of its activities it can rely. In smaller banks internal audit is often provided externally. The internal audit department in a banking institution must be independent from the activities which it controls and must likewise be independent from the dayto-day internal control processes. In this way it is guaranteed that this department performs its activities objectively and impartially. Internal auditors may not have a conflict of interests with the bank. Every bank should have formalized principles of internal audit providing for its position and powers in the framework of the bank. There should here be codified the scope of work of internal auditors, the position of the whole department in the bank’s organizational structure, relations with other control departments (Eden, 1996).
Internal audit must be objective and impartial, meaning that it should perform its activity free of doubts and interference. Members of the internal audit team may not participate in the bank’s operations or in the selection and implementation of internal control systems. The professional competence, as well as internal motivation and systematic professional development of each internal auditor are essential factors for the correct functioning of the whole internal audit department of the bank. It is also recommended to rotate individual auditors in the framework of the department, so that the routine performance of work activities is avoided (Peursem, 2004).
The internal audit department manager should be responsible that the department performs its activities in accordance with the due principles of internal audit. Especial care should be taken that the audit plan is drawn up formally and procedures for all members of the team are in writing. The professional competence of the department’s employees must always be ensured, as must their regular training. The internal audit department is responsible to the bank’s management and its board of directors, possibly also to the audit committee, if the bank has one. These bodies of the bank should primarily be informed as to the progress of the audit plan and the attainment of the internal audit department‘s objectives (Mutua, 2012).
2.1.5 Internal audit Procedures and Objectives
The main objective of an internal audit is to assess and, when necessary, improve the effectiveness of internal business controls, risk-management plans and overall business processes. Audit procedures typically start by assessing current processes and procedures. Auditors then analyze and compare results against internal control objectives to determine whether audit results comply with internal policies and procedures as well as federal and state rules and regulations. As a final step, auditors compile an audit report to present to the business owner (Kubwimana, 2005).
2.1.6 Internal Auditing Reports
Internal auditors typically issue reports at the end of each audit that summarize their findings, recommendations, and any responses or action plans from management. An audit report may have an executive summary; a body that includes the specific issues or findings identified and related recommendations or action plans; and appendix information such as detailed graphs and charts or process information. The recommendations in an internal audit report are designed to help the organization achieve effective and efficient governance, risk and control processes associated with operations objectives, financial and management reporting objectives; and legal compliance objectives (Makuza, 2014).
Audit findings and recommendations may also relate to particular assertions about transactions, such as whether the transactions audited were valid or authorized, completely processed, accurately valued, processed in the correct time period, and properly disclosed in financial or operational reporting, among other elements. The critical component of the audit process is the preparation of a balanced report that provides executives and the board with the opportunity to evaluate and weigh the issues being reported in the proper context and perspective. In providing perspective, analysis and workable recommendations for business improvements in critical areas, auditors help the organization meet its objectives (Kamasa, 2010).
2.1.7 The Development of Commercial Banks in Nigeria
The development of commercial banks before the genocide of 1994 was slow. At the time, only three commercial banks and two specialized banks operated with a total of less than twenty branches in the country, and one microfinance (UBPR) with around 146 branches. The war and the genocide affected heavily the banking sector: The genocide itself resulted in closure of the central bank for four months. The former government left the country in 1994 for DRC, after committing the genocide, with two-thirds of the national monetary base in addition to US $ 7 million in cash which was taken from the UBPR (Alson, 2001). Consequently, it took two years for this bank to reopen in 1996. Moreover, almost both physical and human capitals of all banks were destroyed during the genocide.
The post genocide period was marked by increase in number of banks where in 2002 there were 6 commercial banks with 28 branches, 2 specialized banks and 1 union of financial institutions (UBPR) with 148 branches.
In 2007, commercial banks operated only 38 branches making only 7% of all branches of financial institutions and by end of 2008, 8 commercial banks, 2 specialized banks and 1 microfinance bank were operating (NBR, 2004).
However, there was a lack of competition as three banks (BCR, CBN and Ecobank) held 66 % market share before the licensing of UBPR as commercial bank in 2008. This situation has led to high interest rate spreads (8.6 % in 2005), a modest 16% per annum growth in deposits over the past 5 years and lending primarily to a core group of about 50 relatively large customers concentrated in Abuja and few sectors (Murgatroyd, 2007).
The penetration of banking sector is very low and worse in rural areas. The survey conducted by FinMark Trust in 2008 showed that in general only 14 % of the active population use banks, 7% use MHIs, 26% are informally served and 52% are financially excluded. In rural areas, less than 6 % of the population hold savings account in a formal finance institution. It is important to note that that due to relative higher penetration of UBPR, it has been upgraded to commercial bank in 2008 and became BPR S.A and that KCB, Equity Bank and Crane Bank new regional banks from Kenya have been licensed.
2.2 Empirical Literature
Only a few academic studies have examined the effectiveness of internal audit, and even fewer have dealt with the issue empirically. In one of the very few studies that examined the effect of internal auditing on organizational performance, Eden D. (1996) assigned 224 bank branches to experimental conditions (audited or not audited) and monitored their performance for a year. Their findings showed that performance significantly improved during the half year following the audit in the experimental branches, while the control branches experienced a decline due to poor general business conditions. While that study offers a useful jumping-off point for understanding how good auditing can improve a company‘s performance, it does not go far enough in explaining when and why internal audit works, and the conditions that facilitate or impede it. Helping to bridge this gap will be one of the main contributions of this study.
According to Cooper and Craig (1983), on his study on the role of internal audit in the Asia Pacific region. This seminal research on internal audit in Australia found a number of issues that were of concern to the profession.
It was found that there were a number of misconceptions about what internal auditors were doing and what their chief executive officers (CEO) perceived was being done and in fact there were expectations by the CEO‘s that internal audit could do more than the traditional financial auditing work mainly being done at the time. There was nevertheless strong support for internal audit by CEO‘s and at the time it was seen as offering long-term career prospects.
However, the profession in Australia in the early 1980‘s suffered from an image problem, it did not have a strong professional body to represent its interests as it has now, and there were no generally accepted professional qualifications recognized as necessary to practice as an internal auditor. The study was undertaken before the development of modern internal auditing, as we know it now. It did, however, set the scene for a number of subsequent studies in Australia, Hong Kong and Malaysia.
According to Peursem (2004), a major study was been undertaken in New Zealand on internal auditor‘s role and authority. In this study, internal auditors were asked to come to a view on whether functions they perform in connection with audit engagements are essential, and to what degree they feel they enjoy the authority over, and independence from, management that we might expect of a professional. The research constituted a survey of New Zealand auditors, all of whom were members of the New Zealand branch. A very high percent (73%) response rate was achieved over the original and follow-up survey.
The study found that characteristics of a true profession exist but do not dominate. Significantly, and as subgroups, Peursem also observed that public practice and experienced auditors may enjoy greater influence over management, and accountancy-trained auditors may enjoy greater status owing to the mystique of the activities emanating from their membership of well-known accountancy professional bodies. The research supports prior studies by Coopers and Craig (1983), Cooper, et al. (1966) and Gramling (1997) which all expressed serious reservations about the effectiveness of the internal auditor‘s role.
In a follow up study in New Zealand, Peursem examined the role of the New Zealand internal auditor and conceptualizes on the auditor‘s influence over that role. The fundamental questions how an effective internal auditor can overcome the tension of working with management to improve performance, while also remaining sufficiently distant from management in order to report on their performance. The research found that there are three concepts characteristic of those who best balanced their role: the internal auditor’s external professional status; the presence of a formal and an informal communication network; and the internal auditor‘s place in determining their own role. Informing these concepts is the auditor‘s ability to manage ambiguity. This was a qualitative study using a multiple case-based approach in which the researcher made observations, examined documents and interviewed senior internal auditors in six New Zealand organizations. However, it is a very thorough study and offers insights arguably not readily available in more traditional quantitative research.
According to Basel Committee report (2002) each bank should have a permanent internal audit function in order to fulfill its duties and responsibilities. The senior management should take all necessary measures so that the bank can continuously rely on an adequate internal audit function appropriate to its size and to the nature of its operations. These measures include providing the appropriate resources and staffing to internal.
A survey, by Ernst & Young, polled 695 chief audit executives and C-suite executives and found that 80 per cent of them admitted that their organization‘s internal audit function has room for improvement. The report found that 75 per cent of the survey respondents believe strong risk management has a positive impact on their long-term earnings performance. An equal percentage of the respondents believe that their internal audit function has a positive impact on their overall risk management efforts. As the role of the internal auditor evolves and stakeholder expectations rise, internal audit functions increasingly require competencies that exceed the more traditional technical skills, such as the ability to team with management and business units on relevant business issues, (Davoren, 1994).
Mawanda (2008), conducted a research on effects of internal control systems on the performance in institution of higher learning Uganda. In his study he investigated and sought to establish the relationship between internal control systems and financial performance in an institution of higher learning in Uganda. Internal controls were looked at from the perspective of Control Environment, Internal Audit and Control Activities whereas Financial performance focused on Liquidity, Accountability and Reporting as the measures of Financial performance. The Researcher set out to establish the causes of persistent poor financial performance from the perspective of internal controls.
The study established a significant relationship between internal control system and financial performance. The investigation recommends competence profiling in the Internal Audit department which should be based on what the University expects the internal audit to do and what appropriate number staff would be required to do this job. The Study therefore acknowledged role of internal audit department to establish internal controls which have an effect on the performance of organization.
Mutua (2012), researched on impact of risk based audit on performance of commercial banks in Kenya. Although her study concentrated on risk based audit, she acknowledged that the performance requires appropriate effective and efficient internal audit. From the findings, the study concluded that risk based auditing through internal auditing standards and internal auditing staffing should be enhanced to enable firms to be able to detect risks on time and concentrate on high risk areas leading to increased transparency and accountability, hence enhancing organizational performance. This showed that there is indeed a relationship between internal audit and organizational performance.
Ndege (2012) researched on Performance and financial ratios of commercial banks in Kenya. The objective of his study was to identify factors, in a ratio form that shape bank performance as measured through return on assets (ROA) and return on equity (ROE).I n his study he concluded that ROA and ROE can be used to measure the performance of banks in Kenya.
2.3 Critical Review of the Literature
In this section, the researcher assorted some findings from previous researchers that show the relationships existing between internal audit and banking institutions performance.
According to Basel Committee report (2002) each bank should have a permanent internal audit function in order to fulfill its duties and responsibilities. The senior management should take all necessary measures so that the bank can continuously rely on an adequate internal audit function appropriate to its size and to the nature of its operations. These measures may include providing the appropriate resources and staffing to internal will help the institution to achieve its goals and objectives efficiently and effectively.
The survey conducted by KPMG (1999) found that the internal audit function in organizations where it exists, contributes substantially to performance improvement and assist in identifying profit evidence in corporate disasters, particularly financial fraud consistently documents an association between weak governance. Thus internal audit by acting as a watchdog could save the organization from malpractices and irregularities thus enabling the organization to achieve its objectives of ensuring high level of productivity and profit. Hodgson (1997) said that internal audit operations and recommendations do not only have short-term effect on the running of an organization but is the backbone of an organization and it dictates the prosperity or the down fall of the particular organization. Its effectiveness and acceptability should be stressed at all levels and especially the management to enhance its viability.
However it seems that laxity has crept in and it is in light of this view that we seek to analyse the impact of internal audit on the performance of commercial banks in Nigeria.
2.3.1 Research Gap
As developed in the empirical review, this study is about internal audit as a factor of performance of banking institutions in Nigeria. The current research will cover the level of Ecobank Nigeria.
Many studies have been done in Nigeria on performance of banking institutions (Byusa, 2012), (BNR, 2009), (Ukwibishaka, 2010) and (MINICOM& NISR, 2011). However no other research conducted showing the performance of banking institutions in Nigeria as a result of effective internal audit. In addition, all studies show the situation in Nigeria but none has focused on Ecobank Nigeria in particular.
2.4 Theoretical Framework
Various theories have been formulated on internal audit and organization performance. They include agency theory, contingency theory and lending credibility theory. These are discussed below:
2.4.1 Agency Theory
Agency theory and the internal audit as propounded by Adams (1994) is one of the theoretical framework that guided this study. Agency theory is extensively employed in the accounting literature to explain and predict the appointment and performance of external auditors and financial consultants. He argued that, agency theory also provides a useful theoretical framework for the study of internal auditing function. He also proposed that agency theory not only helps to explain and predict the existence of internal audit but that is also helps to explain the role and responsibilities assigned to internal auditors by the organization and that agency theory predicts how the internal audit function is likely to be affected by organizational change. He concludes that agency theory provides a basis for rich research, which can benefit both the academic community and internal auditing profession. This theory no doubt relates to this study as it helps to explain the role and responsibilities of internal auditors which if methodically applied would help to improve the performance of commercial banks in Nigeria.
According to Anderson, Francis & Stokes (1993), agency theory describes firms as necessary structures to maintain contracts, and through firms, it is possible to exercise control which minimizes opportunistic behavior of agents. In order to harmonize the interest of the agent and the principal, a comprehensive contract is written to address the interest of both the agent and the principal; they further explain that the relationship is further strengthened by the principal employing an expert to monitor the agent.
Other related reviews include the Sarbanes-Oxley act of 2002 (SOX) which requires companies to report on the effectiveness as part of an overall effort to reduce fraud and restore integrity to the financial reporting process. Morris, J.J. (2011) assert that software vendors that market enterprise resource planning (ERP) system have taken advantage of this new focus on internal controls by emphasizing that a key feature of ERP system is the in-built controls that mirror a firm’s infrastructure. They emphasized these feature in their marketing literature, asserting that these systems will help firm’s improve the effectiveness of their controls as required by Sarbanes-Oxley Act.
2.4.2 Contingency Theory
The goal of an audit is to test the reliability of a company‘s information, policies, practices and procedures. Government regulations require that certain financial institutions undergo independent financial audits, but industry standards can mandate audits in other areas such as safety and technology.
Regardless of the audit subject, various factors impact a company‘s final results, and the contingency theory takes these factors into account during the audit process. The contingency theory of leadership and management states that there is no standard method by which organizations can be led, controlled and managed. Organizations and their functions depend on various external and internal factors. The functions of audits are themselves, types of organizations that are affected by various factors in the environment. The presence of such factors is why auditing can be managed by applying the contingency theory, with a recognition that processes and outcomes of audits are dependent on variable and contingent factors.
On a broad level, the audit process is straightforward. Auditors require access to documents, systems, policies and procedures to manage an audit. They must remain compliant with industry standards, government regulations and internal requests. Audit teams may begin the audit process with meetings where they gather risk and control awareness, after which the field work begins. During the audit process, auditors perform substantive procedures and test controls. They then draft reports that they submit to management and regulatory authorities. The audit processes, particularly in planning and field work, include contingencies such as business type, employee skill level, applicable laws, available audit workforce, available technology and systems, and deadline.
Daft (2012) in his book writes: contingency means: one thing depends on other things, and contingency theory means: it depends. Audit functions are task-oriented and can be loosely structured. The functions also can vary considerably, depending on the area of a company under audit and the type of business model, so auditors must carefully manage their inspections and take variables into account to get the job done. The contingency theory also can be applied to an audit team‘s structure. Typically, audit team managers receive audit projects. They then create audit teams for the projects, selecting auditors based on expertise and experience in the subject areas, and on auditor availability, all of which add up to contingencies for any given audit project.
Audit teams use a mix of structure and contingency to get the output rolling quickly. The subject of auditing projects can include such diverse areas as evaluation of production processes, inspection of company accounts, and assessment of compliance with industry standards. Selecting auditors with specialized training or those who have a particular skill set in the subject area minimizes the learning curve and reduces opportunities for errors. The quality and output of audits remain assured when audit teams use resources according to expertise and experience, and when auditors are flexible and can adapt to process fluctuations. (Davoren,1994).
2.4.3 Lending Credibility Theory
Volosin, (2007) in his book mentioned that the lending credibility theory is similar to the agency-theory and it states that audited financial statements can enhance stakeholders faith in management‘s stewardship. The business world consists of different groups that are affected by, or participate in, the financial reporting requirements of the regulatory agencies.
They are shareholders, managers, creditors, employees, government and other groups. The major recipients of the annual reports are the shareholders, including individuals with relatively small shareholding and large institutions such as banks or insurance companies. Their decision is usually based on the financial reporting and the performance of the company‘s management, who have a responsibility to act in the interests of investors. Thus, the purpose of the financial statements. The auditor is appointed by the company‘s shareholders and reports his results to his clients. The aim of the auditor‘s report is to comment on how accurately the company presents its financial situation and how it is performing. This should reassure the shareholders that their investment is secured and also help to reduce the practice of misleading accounting procedures designed to show the company in a more favorable light. Basically, the audit is represented as a process designed to evaluate the credibility of information of a company‘s financial statements, Letza, (1996).
2.5 Conceptual Framework
This is a tool intended to assist the researcher to develop a pattern of interconnected variables which will be involved in the case under study, say internal audit and performance of banking institutions with the case study of Ecobank Nigeria in the period of 2011-2014. The conceptual framework is built on concepts related to the financial performance of banking institutions, those reflecting internal audit and intervening variables which serve as linking up the dependent variable to the independent variable. Those concepts assisted the researcher in designing the researcher instruments, collecting, analyzing and interpreting data.