AN INVESTIGATION INTO SIGNIFICANCE OF INTERNAL

CONTROL SYSTEMS ON FINANCIAL PERFORMANCE OF

COMMERCIAL BANKS LISTED AT THE NAIROBI SECURITIES

EXCHANGE

PRESENTED BY

XXXXXXXXXXX

A RESEARCH PROPOSAL SUBMITTED IN PARTIAL

FULFILMENT OF THE REQUIREMENTS FOR AWARD OF THE

DEGREE OF XXXXXXX IN THE SCHOOL XXXXXXXXAT MERU

UNIVERSITY

2024
Declaration

Dedication
Acknowledgements

Table of Contents

3
List of Figures and Tables

List of Acronyms

4
Definition of Operational Terms

5
 Abstract

CHAPTER ONE

6
 INTRODUCTION AND BACKGROUND TO THE STUDY

INTRODUCTION

1.0 Back Ground of the Study

Internal Control is the process designed and effected by those charged with governance,
management, and other personnel to provide reasonable assurance about the achievement of the
entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of
operations and compliance with applicable laws and regulations (ICPAK, 2014). Effective
internal controls are the foundation of safe and sound banking. A properly designed and
consistently enforced system of operational and financial internal control helps a bank’s board of
directors and management safeguard the bank’s resources, produce reliable financial reports, and
comply with laws and regulations. Effective internal control also reduces the possibility of
significant errors and irregularities and assists in their timely detection when they do occur.

According to (ICPAK, 2014) a bank’s board of directors and senior management cannot delegate
their responsibilities for establishing, maintaining, and operating an effective system of internal
control. The board must ensure that senior management regularly verifies the integrity of the
bank’s internal control.

Internal control systems including internal audits are intended primarily to enhance the reliability
of financial performance, either directly or indirectly by increasing accountability among
information providers in an organization (Jensen, 2003). Internal control therefore has a much
broader purpose such that the organization level of control problems associated with lower
revenues, which explore links between disclosure of material weakness and fraud, earnings
management or restatements (Doyle J. W., 2005).

Internal controls provide an independent appraisal of the quality of managerial performance in

carrying out assigned responsibilities for better revenue generation (Beasly, 1996). According to

7
(Kenyon, 2006), an effective internal control system unequivocally correlates with organizational
success in meeting its revenue target level. Effective internal control for revenue generation
involves; regular a review of the reliability and integrity of financial and operating information, a
review of the controls employed to safeguard assets, an assessment of employees' compliance
with management policies, procedures and applicable laws and regulations, an evaluation of the
efficiency and effectiveness with which management achieves its organizational objectives
(Gavrilov, 2001).

Most organizations no longer set up internal control system as a regulatory requirement but also
because it helps in ensuring that all management activities are appropriately carried out (Kenyon
and Tilton, 2006). Further, organizations are making it a point of duty to train, educate, and
sensitize their employees on how to use these internal control systems since its effectiveness
depends on the competency and dependability of the people using it. All these control actions
ensure that any risks that may affect the company’s ability to achieve its goals are appropriately
avoided and should occur at all levels and in all functions of the organization.

Internal control is designed to provide reasonable, cost-effective assurance of safeguards against

unauthorized access to or use of the enterprise's assets, that the financial records and accounts are
sufficiently reliable for reporting and management purposes, and of compliance with applicable
laws and regulations. Management of the business is responsible for the design and operation of
the accounting, reporting and internal control systems of the business--the independent auditors
may express an opinion on various aspects of the business's systems, but management remains
responsible for those systems. Internal control can only provide reasonable assurance of
achieving the business's internal control objectives--internal control can be breached by
unintentional noncompliance or neglect, management override, intentional noncompliance, or
collusion. (CBK, 2014).

Corporate governance and internal control became a highly pertinent and topical business issue
at the beginning of the 21st century following a series of large corporate scandals and failures.
These failures led to calls for enhanced corporate governance, risk management and internal
control. Governments and legislators, regulators, and standard setting groups came under

8
increasing pressure to take measures to assist in preventing similar shareholder losses from
occurring in the future. (COSO, 2014)

Shareholders expect those charged with governance of the company to manage the significant
risks the company is facing and to put controls in place to deal with such risks. These risks
encompass those risks related to business operations as well as risks related to compliance with
laws and regulations, and financial reporting. A company’s system of internal control therefore
has a key role in the management of risks that are significant to the fulfillment of its business
objectives. A sound system of internal control contributes to safeguarding the shareholders’
investment and the company’s assets. (KBA, 2014)

A company’s objectives, its internal organization and the environment in which it operates are
continually evolving and, as a result, the risks it faces are continually changing. A sound system
of internal control therefore depends on a thorough and regular evaluation of the nature and
extent of the risks to which the company is exposed. Since profits are, in part, the reward for
successful risk-taking in business, the purpose of internal control is to help manage and control
risk appropriately rather than to eliminate it.

Banking institutions occupy a central position in the nations‟ financial system and are essential
agents in the development process of the economy. By intermediating between the surplus and
deficit spending units, banks increase the quantum of National savings and investments and
hence national output. By granting credits, banks create money thus influencing the level of
money supply which is an essential item in the growth of national income as it determines the
level of economic activities in the country. Banks are central to the payments system by
facilitating economic transactions between various national and international economic units and
by so doing encourage and promote trade, commerce and industry. For banks to be able to
function effectively and contribute meaningfully to the development of a country, the industry
must be stable, safe and sound. And for these conditions to be obtained there must be a sound
accounting system, which is occasioned by an internal control system. In view of the economic
growth in companies‟ size and complexities, proper management of modern business
undertakings is not possible unless they have an effective system of internal control. A system of

9
effective internal controls is a critical component of bank management and a foundation for the
safe and sound operation of banking organizations. A system of strong internal controls can help
to ensure that the goals and objectives of a banking organization will be met, that the bank will
achieve long-term profitability targets and maintain reliable financial and managerial reporting.
Such a system can also help to ensure that the bank will comply with laws and regulations as
well as policies, plans, internal rules and procedures, and decrease the risk of unexpected losses
or damage to the Bank’s reputation. (CBK, 2014).
Internal control, the strength of every organization, has become of paramount importance today
in Kenya banks. The reason being that the control systems in any organization is a pillar for an
efficient accounting system. The need for the internal control systems in organizations,
especially banks, cannot be undermined, due to the fact that the banking sector, which has a
crucial role to play in the economic development of a nation, is now being characterized by
macro economic instability, slow growth in real economic activities, corruption and the risk of
fraud. Fraud, which is the major reason for setting up an internal control system, has become a
great pain in the neck of many Nigerian bank managers. It has also become an unfortunate staple
in Kenya’s international reputation. Fraud is really eating deep into the Kenyan banking system
and that any bank with a weak internal control system, is dangerously exposed to bank fraud.
(COSO, 2014)

1.1 Research Problem Statement

Internal control is the process designed and effected by those charged with governance,
management, and other personnel to provide reasonable assurance about the achievement of the
entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of
operations and compliance with applicable laws and regulations. However weak or ineffective
internal controls, such as inadequate record keeping, external audit, or loan review, has caused
operational losses in the banks subsector and has contributed to the failure of others. Commercial
banks in Kenya loose over $30 million through crime (PwC, 2014). The investigation report
cites identity theft, electronic funds transfer, cheques and credit card fraud, forgery of documents
and online fraud as among the ways through which financial institutions lost cash. Some of these
cases involved insider fraud that could have been prevented or discovered through effective

10
control mechanisms before the fraud resulted in loss to banks. Central bank has identified cases
resulting in banks losses in which internal control weaknesses included improper and untimely
reconcilements of major asset or liability accounts. In others, they did not institute or follow
normal separation of duties between the physical control of assets and liabilities and the record-
keeping functions involving those assets and liabilities. .

According to (Kinney, 2000) an internal control system creates an organization’s confidence in

its ability to perform or undertake a particular task and prevents errors and losses through
monitoring and enhancing organizational and financial reporting processes as well as ensuring
compliance with pertinent laws and regulations (Rezaee, 2001) studied the impact of internal
control systems on the financial performance of private hospitals in Nairobi and established a
significant relationship between internal control system and financial performance. Kakucha
(2009) evaluated the level of effectiveness of internal controls of Sacco’s operating in Nairobi
and established that there are deficiencies in the systems of internal controls, with the degree of
deficiencies varying from one enterprise to another. (Njui, 2012)investigated the effectiveness of
internal control and audit in promoting good governance in the public sector in Kenya and found
that internal control has the greatest effect on corporate governance within Kenya government
ministries followed by risk management while compliance and consulting had the least effect.
Ngugi (2011) survey of internal control systems among the listed private companies and the
public sector companies in Kenya in which the results indicated that the private sector compared
to the public sector has a strong internal control system.

Limited research has been carried out to investigate the significance of the internal control
system on financial performance of commercial banks listed at the Nairobi securities exchange in
Kenya. All the above research on internal controls has a gap as they did not take into
consideration on the objectives of internal control and risk analysis. It is due to this background
that the study sought to fill the knowledge gap by assessing the significance of internal control
on financial performance in Kenya while focusing on commercial banks listed at the Nairobi
securities exchange.

11
1.2 Objectives of the Study

General Objective

The general objective of this study is to investigate the significance of internal control systems
on financial performance of commercial banks listed at the Nairobi securities exchange.

Specific Objective

This research will be guided by the following specific objectives;

1. To assess the extent to which prevention and detection of fraud influence financial
performance of commercial banks listed at the Nairobi securities exchange

2. To establish the effect of completeness and accuracy of accounting record on financial

performance of commercial banks listed at the Nairobi securities exchange

3. To examine the extent to which safeguarding of assets influence financial performance of

commercial banks listed at the Nairobi securities exchange.

1.3 Research Questions

This research will be guided by the following research questions;

1. To what extent does prevention and detection of fraud influence financial performance of
commercial banks listed at the Nairobi securities exchange?

2. What is the effect of accuracy and completeness of accounting records on financial

performance of commercial banks listed at the Nairobi securities exchange?

3. To what extent does safeguarding of assets influence financial performance of

commercial banks listed at the Nairobi securities exchange?

1.4 Significance of the Study

12
First, the study will benefit the central bank of Kenya as the commercial banks regulator by
assuring itself that appropriate processes are functioning effectively to monitor the risks to which
banks are exposed and that the system of internal control is effective in reducing those risks to an
acceptable level. Secondly, the findings will be of great use to commercial banks management in
accounting to the Board for developing, operating and monitoring the system of internal control
and for providing assurance to the Board that it has done so. Third, the results of the findings will
be used by the employees to in improving their financial performance through effective
implementation of the internal control systems and processes.

Researchers and Scholars

This study contribute to the existing knowledge, address and provide the background information
to research organizations, individual researchers and scholars who would want to carry out
further research in this area. The study will help researchers and academicians to expand their
research into the significance of internal control on financial performance (both public and
private) in Kenya as literature review.

13
CHAPTER TWO

REVIEW OF RELATED LITERATURE

2.1 Introduction
This chapter presents a broader context of the study subject in terms of past scholarly works and
what other authors have written about internal controls and financial performance. This section
reviews the correlation between internal control systems as an independent variable and financial
performance as a dependent variable by particularly focusing on the objectives of internal
control. The review also examined the common systems of internal controls employed by
organizations, the theories surrounding systems of internal control, and the methods used by
previous researchers in dealing with internal control systems.

2.2 Internal Control

Internal control is the whole system of control, financial and otherwise established by
management in order to carry on the business of the enterprise in an orderly but effective manner
to ensure adherence to managerial policies and directives, safeguard the assets and ensure as far
as possible the completeness and accuracy of the records the prevention and detection of errors
and fraud, and the timely preparation of financial information. (United Kingdom Auditing
Practices Committee, 2000)
According to statement of accounting standards, (SAS, 2000) internal control is the combined
plan, method and procedures which can safeguard the firm’s assets promote operational
efficiency and encourage adherence to prescribed policies. Internal control system is a set of
client procedures both computerized and manual imposed on the accounting system for the
purpose of preventing, detecting and correcting errors and irregularities that might enter the
system and thereby affect the firm’s financial statement (ICPAK, 2014) The SAS (statement of
accounting standard) further explains that internal control maybe categorized as either
accounting or administrative controls. Accounting control is concerned with the plan of the
organization and all the co- coordinated methods and procedures which are implemented with a
view of safeguarding assets and enhancing reliability of financial records.

14
An administrative control comprises of the plan of the organization and all co-ordinates methods
and procedures that are concerned with operatically efficiency an adherence to management
policies and directives. This is also known as operational controls.
2.2.1 Role and Purposes of Internal Control
According to COSO (2001), the role and purpose of internal control system is meritable because
internal control consists of the measures, record procedures and plan of an organization that
deals mainly with safeguarding asset and ensuring financial records are accurate and reliable.
They further explained that the need for internal control can be seen in its roles and purposes
which are: Safe and sound operations. The integrity of records and financial statements,
Compliance with laws and regulations, detection and prevention of errors and fraud and orderly
and efficient conduct of business.
2.2.2 Accounting Processes
The accounting processes at the heart of internal control of accounting and financial information
are a set of uniform activities that transform business transactions – all the basic events that make
up the company's business – into accounting and financial information by putting them through
the accounting mechanism, composed of accounting policies and ground rules. They include an
accounting production system, preparation of financial statements and communications.
Accounting, information, and communication systems capture and impart pertinent and timely
information in a form that enables the board, management, and employees to carry out their
responsibilities. Accounting systems are the methods and records that identify, assemble,
analyze, classify, record, and report a bank’s transactions. Information and communication
systems enable all personnel to understand their roles in the control system, how their roles relate
to others, and their accountability. Information systems produce reports on operations, finance,
and compliance that enable management and the board to run the bank. Communication systems
impart information throughout the bank and to external parties such as regulators, examiners,
shareholders, and customers
2.2.3 Safeguarding of Assets
2.2.3.1. General Safeguards
The enterprise maintains an organizational chart of personnel and a chart of accounts. The
enterprise has adopted and documented its ethics and policies, and the responsibilities and

15
authority of each significant participant or group of participants in the accounting and internal
control system. Procedures have been adopted and documented safeguarding access to and
storage of the accounting records, including computerized records. The enterprise has adopted
procedures for testing and investigating the integrity and reliability of its accounting and internal
control systems (including the use of individuals outside the enterprise, such as attorneys, when
necessary for independence or confidentiality purposes with respect to discovery by outside
third-party persons, entities, or agencies, or people inside the enterprise).
2.2.3.2 Cash Receipts and Disbursements Safeguards
Pre-numbered receipts or other transactional documentation records are prepared for cash sales,
and cash sales are reconciled daily with cash collections and receipts records. Personnel
independent of the sales, accounts receivable, and cash functions review customer discounts and
allowances. Expense and other payments (other than payments from petty cash) are made by
pre-numbered check. Checks are signed by an appropriately authorized person who is
independent of the employee(s) who prepares the checks. Payments are made only if a check or a
request for payment from petty cash is accompanied by supporting documentation and the
documentation then is marked as paid.
2.2.3.3. Receivables: Notes and Accounts Safeguards
Notes require proper authorization. The notes custodian is independent of the cashier and other
accounts receivable personnel. An aging of accounts is maintained and reviewed by an employee
who is independent of credit and accounts receivable personnel. Write-offs and pre-numbered
credit memoranda require approval by a designated employee who is independent of the credit
manager and accounts receivable personnel. Employee advances require authorization.
2.2.3.4. Inventory Safeguards
Inventory access is limited to authorized personnel and, when necessary, is controlled by a
documented log. Inventory receiving, issuance, and shipping reports are maintained. Inventory
records are maintained by personnel who do not have access to the inventory. Physical
inventories with the use of pre-numbered tags are taken by personnel who are independent of
inventory personnel.

16
2.2.3.5. Investments Safeguards
Securities are stored in a vault that requires at least two authorized persons for access. A log is
maintained of all persons visiting the vault. A log of securities placed in and taken out of the
vault is maintained by personnel who are independent of personnel who have access to the vault.
Pre-numbered vault deposit and withdrawal vouchers are required. Physical securities
inventories are taken periodically by personnel who do not have access to the vault or the vault
records. The securities custodian is independent of the securities records, general ledger, and
cash receipts and disbursements functions.
2.2.3.6. Property, Plant, and Equipment Safeguards
Purchases, retirements, and dispositions of property or equipment require authorization, and a
work order or voucher system is maintained for such. A record is kept of assets assigned for use
by employees, and that record is periodically verified by physical confirmation. Property and
equipment inventories are taken periodically by employees who do not have access to inventory
records.
2.3 Review of Related Theories
2.3.1 The Agency Theory
According to the agency theory, a firm consists of a nexus of contracts between the owners of
economic resources (the principals) and managers (the agents) who are charged with using and
controlling those resources (Jensen, 2003). The theory posits that agents have more information
than principals and that this information asymmetry adversely affects the principals‟ ability to
monitor whether or not their interests are being properly served by agents. As such, the theory
describes firms as necessary structures to maintain contracts, and through firms, it is possible to
exercise control which minimizes opportunistic behaviour of agents (Jensen, 2003). According to
the theory, in order to harmonize the interests of the agent and the principal, a comprehensive
contract is written to address the interest of both the agent and the principal. The agent-principal
relationship is strengthened more by the principal employing an expert and systems (auditors and
control systems) to monitor the agent (Jussi, 2004).

Further the theory recognizes that any incomplete information about the relationship, interests or
work performance of the agent described could be adverse and a moral hazard. Moral hazard and
adverse selection impact on the output of the agent in two ways; not possessing the requisite
17
knowledge about what should be done and not doing exactly what the agent is appointed to do.
The agency theory therefore works on the assumption that principals and agents act rationally
and use contracting to maximize their wealth (Jensen, 2003). This theory is applicable to this
study simply because internal control is one of many mechanisms used in business to address the
agency problem by reducing agency costs that affects the overall performance of the relationship
as well as the benefits of the principal (Abdel-Khalik, 1993)). Internal control enhances the
provision of additional information to the principal (shareholder) about the behavior of the agent
(management) reduces information asymmetry and lowers investor risk and low revenue.

Wilks, T. J and Zimbelman, M. F. (2004), “Decomposition of Fraud-risk Assessments and Auditors‟

Sensitivity to Fraud Cues”, Contemporary Accounting Research, 21(3), 719-723. (Wilks, 2004)
2.3.2 Attribution Theory
Attribution theory is a social psychology theory that explores how people interpret events and
behaviours and how they ascribe causes to the events and behaviours. According to (Schroth,
2000), studies using attribution theory examine the use of information in the social environment
to explain events and behaviours. Reffett, (2007) asserts that when evaluators believe
comparable persons would have acted differently in a given circumstance, they (evaluators) tend
to attribute responsibility for an outcome to the person. On the other hand, when evaluators
believe comparable persons would have acted similarly, the evaluators tend to attribute
responsibility for the outcome to the situation. According to Wilks (2004), the first case refers to
internal or dispositional attributions while the second one refers to external or situational
attributions. Earlier literature shows that people are inclined to attribute others behavior to
dispositional tendencies and to attribute their own behavior to situational circumstances ((Wilks,
2004; Schroth, 2000). Often, this is when the observed behavior is negative. Consequently,
evaluators are expected to infer the failure to detect internal control on financial performance as
a dispositional tendency on the auditor’s part which concludes that auditors are negligent.
Bonner (1998) found that auditors are more likely to be sued when they fail to detect common
misappropriations that would result to decreased revenues, and the evaluators believe that the
fraud could have been detected by other auditors. The auditor’s accountability for detecting fraud
is extended by Reffett (2007)) study which predicted that auditors are more likely to be held

18
accountable by evaluators when the auditors fail to detect fraud after they had identified the
fraud occurrence as a fraud risk.

Attribution theory thus advocates for auditors to report on the effectiveness of firms internal
control. Auditors are therefore expected to gain a better understanding of the internal controls in
place, assess the design and implementation of the internal controls, and test the operating
effectiveness of the internal controls. This is deemed necessary for the auditors’ reliance and
possibly scaling back of other substantive audit procedures for the required financial
performance. According to Bonner (1998), evaluators can use the audit processes as a basis to
determine negligence if auditors fail to detect internal control related fraud that may occur. The
attribution theory suggests that when fraud occurs, identified parties should be held accountable
and auditors, being the public watch dogs are most likely to be held accountable if evaluators
determine substandard audit services were provided (Reffett, 2007).

2.3.3 Reliability Theory

Reliability theory simply describes the probability of a system completing its expected function
during an interval of time (Gavrilov, 2001). It was originally a tool used to help nineteenth
century maritime insurance and life insurance companies in computing profitable rates to charge
their customers. According to the reliability theory, an internal control system comprises of
components that are interrelated and for each component, there needs to be a de-fined measure of
success. As such, the state of a component is determined by whether the com-ponent is
successful or not successful. The reliability of a component is defined as the probability of the
component being found in the success state. In addition, the reliability of the entire internal
control system is a binary combination with two possible values, success and failure. This study
considered the part of the reliability theory which relates the internal control system to
component reliabilities.

The tractability of reliability theory to the evaluation and design of internal control systems have
appeared in the professional literature but no applications have been reported that draw upon the
substantial power of the theory of reliability (Kinney, 2000). The two potential users of the
reliability theory are the external auditor and organization management. Kinney (2000) states
that; during the external audit, evidence is gathered to support a professional opinion. Internal
19
control systems have a primary purpose of assessment and control of risks; that a material error
was not be prevented or detected on a timely basis by the system leaving to losses. Weak internal
control systems result in more substantive work and hence greater cost. According to Gavrilov
(2001), the determination of the weakness of any internal control system is primarily judgmental.
Upon the formulation of the process and system reliability estimates, comparison with data from
the organization’s past performances or other firms may provide a more solid basis for judgment
of the impact of an internal control system on the firm’s income risk and hence provide for more
rational allocation of the auditor's time and effort.

2.4 Review of Empirical Studies

Abbott (2000), while focusing on control environment, investigated whether audit committee
activity and independence is inversely related to fraudulent financial statements, using 156 firms
subject to SEC Accounting and Auditing Enforcements Releases (AAERs) between 1980 and
1986. In the study, Abbott (2000) substituted the variable audit committee presence used in
earlier studies with audit committee activity and independence, since the earlier studies reported
mixed results about the association of audit committee and likelihood of fraud. The results of the
study indicated that firms with independent directors and with the minimum activity level are
less likely to be associated with fraudulent financial statements.

Case studies on internal controls in Belgium illustrate the importance of the control environment
when studying internal auditing practices. Sarens and De Beelde (2006) found that certain
control environment characteristics like tone-at-the-top, level of risk and control awareness,
extent to which responsibilities related to risk management and internal controls are clearly
defined and communicated are significantly related to the role of the internal audit function and
fraud detection within an organization.

Using the analytical approach and focusing on control activities and monitoring, Barra (2010)
investigated the effect of penalties and other internal controls on employees’ propensity to be
fraudulent. Data was collected from both managerial and non-managerial employees. The results
showed that the presence of the control activities, separation of duties, increases the cost of
committing fraud. Thus, the benefit from committing fraud has to outweigh the cost in an
environment of segregated duties for an employee to commit fraud. Further, it was established
20
that segregation of duties is a least-cost fraud deterrent for non-managerial employees, but for
managerial employees, maximum penalties are the „least-cost‟ fraud disincentives. The results
suggest the effectiveness of preventive controls (control activities) such as segregation of duties
is dependent on detective controls (monitoring).

Amudo and Inanga (2009) carried out an evaluation of Internal Control Systems on the Regional
Member Countries (RMCs) of the African Development Bank Group (AfDB) focusing on
Uganda in East Africa. The study established that some control components of effective internal
control systems are lacking in these projects which renders the current control structures
ineffective. The study recommended an improvement of the existing internal control systems in
the projects.

Ewa and Udoayang (2012) carried out a study to establish the impact of internal control design
on banks ability to investigate staff fraud and staff life style and fraud detection in Nigeria. Data
were collected from 13 Nigerian banks using a Four Point Likert Scale questionnaire and
analysed using percentages and ratios. The study found that Internal control design influences
staff attitude towards fraud such that a strong internal control mechanism is deterrence to staff
fraud while a weak one exposes the system to fraud and creates opportunity for staff to commit
fraud. In addition, most Nigerian banks do not pay serious attention to the life style of their staff
members and that most staff members are of the view that effective and efficient internal control
design could detect employee fraud schemes in the banking sector. The study concluded that
effective and efficient internal control system is necessary to stem the malaise in the banking
sector. The study therefore recommended that banks in Nigeria should upgrade their internal
control designs and pay serious attention to the life style of their staff members as this could be a
red flag to identifying frauds.

Michina (2011) carried out a survey of the impact of internal control on operational efficiency of
non-governmental organizations (NGOs) in Nairobi using a sample of fifty (50) NGOs. Data was
collected using a questionnaire consisting both open and closed ended questions. The study
established that that internal controls in the NGOs based in Nairobi were determined largely by
the organization structure such that it is the top management that decides on how the resources
received from donors and other financiers are to be allocated and distributed to the beneficiaries.
21
Further, cash management was ranked second internal control factor affecting NGOs operational
efficiency. As such, NGOs with good cash management were found to be in a position to attract
many sources of funds for their operations and as such, this called for proper use of resources at
their disposal. Also, NGOs with well-structured organizational structures had well-structured
policies and procedures on how activities were run. The findings also showed that much higher
operational efficiency was registered in big well known NGOs which lead to controlled internal
controls by the funding partners. The study concluded that internal control impacts operational
efficiency.

In a study on internal control function of the Kenya Polytechnic University College, Wainaina
(2011) shows that as a substitute of its presence on the scene of operations, management must
rely on internal control techniques to implement its decisions and to regulate the activities for
which she would ultimately be responsible for. It is in this light that use of effective Internal
Control Systems (ICS‟s) is deemed crucial in the management of business resources. As a result,
the management of any organization designs internal control procedures to allocate, control and
ensure efficient utilization of resources, in order to achieve the overall corporate goals. It was
found that Internal Control Systems (ICS‟s) play an important role in preventing and detecting
fraud and protecting the organization's resources, both physical and intangible. This is achieved
through proper authorization controls and documentation.

Fraud is one of the most significant risks affecting management of financial services in Eastern
Africa region. In Kenya it is one of the economic crimes – government of Kenya statistic report
on alarming annual 45% average increase in the number of economic crimes (GoK, 2011). The
global economic crime survey, a publication of the PwC (PwC, 2011) report that Kenya has the
highest incidences of fraud in the world, based on a global ranking of 78 countries surveyed. In
terms of frequency fraud, white collar theft or asset misappropriation is cited as the most
common type of economic crime in Kenya followed by accounting fraud corruption of money
laundering, cyber-crime originating from Africa is ranked as one of the top crimes in Kenya. The
perception of cyber-crime as a predominately external threat is changing and organization are
now recognizing the risk of cyber-crime coming from inside as well (PwC, 2011).

22
Beasley (2000) examined the differences in corporate governance mechanisms between
organization that were guilty of financial reporting fraud and those that were not. Unlike
previous researchers, Beasley et al segmented the organizations by industry concentration,
technology, health care and financial services. Beasley et al used allegations made by the
Securities and Exchange Commission (SEC) during the period 1987 and 1997 of fraudulent
financial reporting to establish fraud organizations and data from the National Association of
Corporations (NALD) to match the fraud organizations and establish a no fraud company
comparison base. Beasley findings indicated that organizations found guilty of financial
reporting fraud shall less independent boards, had few audit committees, the audit committee met
less often, the audit committees were less independent, the board and audit committees had less
internal audit support.

Similarly, Crutchley (2007) examined corporate governance characteristics as firms that suffered
accounting fraud during the period 1990 to 2003. Fraud firms were matched to no fraud firms by
Standard Industrial Classification (SIC) codes and markets values determines by book value to
market Value ratios. Crutchley (2007) found that certain characteristics increased the likelihood
of a firm being involved in an accounting scandal. The characteristics included high levels of
growth, engaging in earnings management techniques, audit committees composed of few
directors, and over extended outside directors.

23
Figure1.Conceptual Framework

Prevention and detection of

fraud

Accuracy and completeness of Financial performance

accounting records

Safeguarding of assets

Independent Variable Dependent Variable

24
 CHAPTER THREE

RESEARCH METHODOLOGY

3.0 Introduction

This chapter outlines the research design to be used by the study, the population targeted for the
study and the sampling procedure, and the methods of collecting and analysing data.

3.1 Research Design

The research design will be formal study as it will involve descriptive account of the current
situation followed by the research questions and will involve precise procedures and data source
specification. The goal of a formal research design is to provide a valid representation of the
current state and answer the research questions posed. Cooper and Schindler (2011) defines
formal study as a process of a descriptive account of the current situation followed by the
hypotheses or research questions, and involves precise procedures and data source specifications.
With a goal to provide a valid representation of the current state and to test hypotheses or answer
the research questions posed. Formal study design research determines and reports the way
things are (Mathook M, 2011).

3.2 Target Population

The unit of analysis describes the level at which the research is performed and which objects are
researched (Schindler, 2011). The listed commercial banks at NSE are the unit of analysis for
this study. A population element is the subject on which measurement is being taken (Mathook
M, 2011). There are 11 commercial banks listed at NSE and their 44 top level management will
be the target population of this study.

25
3.3 Sampling Frame and Sample Size

A census will be done where all the firms in the target population will be selected for analysis.
This procedure is preferred to sampling as the small size of the population makes it possible to
study all the firms in the population to be done and at the same time a census solves the accuracy
problems associated with samples in representing the population.

Figure 2 Census Survey Frame

Stratum CEO Operations Audit IT

manager manager mana
ger

Population Size 11 11 11 11

Sampling Fraction 100% 100% 100% 100%

Final Sample Size 11 11 11 11

3.4 Data Collection

Formal study data are typically collected through a questionnaire, an interview or by observation
(Mathook M, 2011). Since this is formal study research design, data will typically be collected
through a questionnaire and interview. Interviews will be used in order to get detailed
information from the respondents. The questionnaires will be structured because they are easier
to analyze since they are in an immediate usable form, they are easier to administer because each
item is followed by alternative answers’ and are economical in terms of time and money.
Secondary data will be collected through study of available information from the regulatory
bodies’ internet portals, and periodicals regarding the subject under study. At the end of the
process the researcher is expecting to come up with the significance of internal control systems
on financial performance of commercial banks listed at the Nairobi securities exchange.
26
3.5 Data Analysis

Data gathered will be analysed using both descriptive and inferential statistical techniques.
Correlation analysis will be done to determine the relationship between prevention and detection
of fraud and completeness and accuracy of accounting records and safeguarding of assets using
the Pearson product-moment correlation coefficient. The significance of the correlation
coefficient will be tested using Student t-test. Data analysis will be done with the help of SPSS
and Microsoft Excel computer packages.

3.6 Ethical Issues

For this research the following ethical issues will be considered:

In general, research must be designed so a respondent does not suffer physical harm, discomfort,
pain, embarrassment or loss of privacy. To safeguard against these things, the researcher will
follow three guidelines: Explain the benefits of the study, explain the participant’s rights and
protection and obtain informed consent. Researcher and assistants will protect anonymity of the
respondents. Each assistant handling data will be required to sign a confidentiality and non-
disclosure statement. Lastly the researcher, is aware that others will use the results produced to
make decisions or to convince others in a debate. The researcher will be honest and open about
methodological limitations, as revealing of limitations will allow others to assess the quality and
reliability of the results more efficiently (Schindler, 2011)

27
References

Abdel-Khalik, A. R. (1993), Why do Private Companies Demand Auditing? A Case for

Organizational Loss of Control, Journal of Accounting, Auditing and Finance, 8 (1), 31-
52.

Amudo, A and Inanga, E. L. (2009), Evaluation of Internal Control Systems: A Case Study from
Uganda, International Research Journal of Finance and Economics, 3, 124 –144.

Barra, R. A. (2010), The Impact of Internal Controls and Penalties on Fraud, Journal of
Information Systems, 24(1), 11-29.

Beasley, M. (1996), An Empirical Analysis of the Relation between the Board of Director
Composition and Financial Statement Fraud, The Accounting Review, 71 (4) 943-465.
Retrieved from ProQuest Education Journals database.
Beasley, M. S., Carcello, J. V., Hermanoon, D and Capides, R. P. (2000), Fraudulent Financial
Reporting: An Analysis of Technology, Health Care and Financial Services Fraud Cases,
Accounting Horizons, 441-454.Retrieved from ProQuest Education Journals database.
Cooper, D. and Schindler, P. (2004), Business Research Methods, New Delhi: Tata McGraw
Hill.
Ewa, E. U and Udoayang, J. O. (2012), The Impact of Internal Control Design on Banks‟ Ability
to Investigate Staff Fraud, and Life Style and Fraud Detection in Nigeria, International
Journal of Research in Economics & Social Sciences, 2 (2), 32-43.
Gavrilov, L.A andGavrilova, N. S (2001), The Reliability Theory of Aging and Longevity,
Accounting, Auditing and Finance, 213 (4): 527–45.
Jensen, K. L. (2003), A Basic Study of Agency-Cost Source and Municipal Use of Internal
Versus External Control, Accounting and Business Research, 35(4), 33-48.

Jude, M. Francis, M., &Petronilla, M.(2011). Academic proposal writing. (2nded.) Nairobi,
Kenya: Danste Agencies

28
Jussi, N and Petri, S. (2004), Does Agency Theory Provide a General Framework for Audit
Pricing?International Journal of Auditing, 8 (2), 253-262.Retrieved from ProQuest
Education Journals database.

Kenyon, W and Tilton, P. D (2006), Potential Red Flags and Fraud Detection Techniques: A
Guide to Forensic Accounting Investigation, (1st ed.),New Jersey: John Wiley & Sons,
Inc.

Kinney, W. R. (2000), Research Opportunities in Internal Control, Quality and Quality

Assurance, A Journal of Practice and Theory, 19(4), 83-90.

Mugenda, O. M. and Mugenda, A. G. (2003), Research Methods: Quantitative and Qualitative

Approaches. Nairobi: ACTS Press.

Appendices
29
 Questionnaire

Introduction

My name is Jeremy Gitonga. I am carrying out a research study on significance of internal

control systems on financial performance of commercial banks listed at Nairobi Securities
Exchange. You are assured that every assistance rendered will be most appreciated and every
information given will be treated with utmost confidentiality.

Instructions

Please tick as appropriate

Section A-Internal Control Information

1. Do you agree that there is a direct relationship between a company’s objectives and the
components of internal control that are required to achieve them?
 Strongly agree
 Agree
 Neutral
 Disagree
 Strongly disagree
2. Directors and management should be provided with appropriate training to enable them
to gain a proper understanding of internal controls, their function and scope, including
reporting?
 Strongly agree
 Agree
 Neutral
 Disagree
 Strongly disagree

30
 3. Which of the following do you agree ICS do help achieve:
Parameter Strongly Agree Neutral Disagree Strongly
Agree Disagree
Help ensure the quality of internal and
external reporting.
help ensure compliance with applicable
laws and regulations,
facilitate effective and efficient operation

Section B- Safeguarding of Assets Information

4. Do processes exist to ensure ongoing and independent reconciliation of asset and liability
balances, both on- and off balance-sheet?
 Strongly agree
 Agree
 Neutral
 Disagree
 Strongly disagree
5. Is separation of duties and dual control over bank assets emphasized in the organizational
structure?
 Strongly agree
 Agree
 Neutral
 Disagree
 Strongly disagree
6. Are there sufficient staff members who are competent and knowledgeable to manage
current and proposed bank activities, and have they been provided with adequate
resources?
 Strongly agree
 Agree

31
  Neutral
 Disagree
 Strongly disagree
7. To what extent do you agree ICS has helped in efforts to safeguard bank assets:

Parameter Strongly Agree Neutral Disagree Strongly

Agree Disagree
Developing operating policies and
procedures for cash control;

Establishing dual control over cash;

Conducting periodic physical

inventories of assets;

Protecting assets by purchasing

adequate insurance;

Limiting physical access to cash and

the computer system

Section C-Accounting Records

8. Has a process been established to identify the resources required for the smooth operation
of the accounting function? Does it give due consideration to foreseeable developments?
 Strongly agree
 Agree
 Neutral
32
  Disagree
 Strongly disagree
9. Does the accounting and financial reporting function have access to the information
needed to prepare the financial statements from all of the entities covered by the
statements?
 Strongly agree
 Agree
 Neutral
 Disagree
 Strongly disagree

10. Does the group have an accounting principles manual that specifies the accounting
treatment for the most significant transactions?
 Strongly agree
 Agree
 Neutral
 Disagree
 Strongly disagree

11. If financial statements are published in accordance with several sets of accounting
standards at the individual company or consolidated level, have procedures been
established for explaining the main restatements?
 Strongly agree
 Agree
 Neutral
 Disagree
 Strongly disagree

NUMBER OF LISTED BANKS AT THE NSE

BANK ISIN CODE TRADING ISSUED SHARES

SYMBOL
33
 Barclays Bank of Kenya Ltd KE0000000067 BBK 5431536000
CFC Stanbic of Kenya Holdings Ltd KE0000000091 CFC 395321638
Diamond Trust Bank Kenya Ltd KE0000000158 DTK 242110105
Equity Bank Ltd KE0000000554 EQTY 3702777020
Housing Finance Co.Kenya Ltd KE0000000240 HFCK 235750000
I&M Holdings Ltd KE0000000125 I&M 392362039
Kenya Commercial Bank Ltd KE0000000315 KCB 2984227692
National Bank of Kenya Ltd KE0000000398 NBK 280000000
NIC Bank Ltd KE0000000406 NIC 597282563
Standard Chartered Bank Kenya Ltd KE0000000448 SCBK 309159514
The Co-operative Bank of Kenya
KE1000001568
Ltd COOP 4889316295

34