Content uploaded by Umaru Hussaini
Author content
All content in this area was uploaded by Umaru Hussaini on Jan 05, 2019
Content may be subject to copyright.
ISSN: 2249-7196
IJMRR/June 2018/ Volume 8/Issue 6/Article No-2/13-32
Hussaini Umar et. al., / International Journal of Management Research & Review
*Corresponding Author www.ijmrr.com 13
THE EFFECT OF INTERNAL CONTROL ON PERFORMANCE OF
COMMERCIAL BANKS IN NIGERIA
Hussaini Umar*1, Muhammed Umar Dikko1
1Waziri Umaru Federal Polytechnic, Birnin Kebbi, Kebbi State.
ABSTRACT
The globalization process, the complexity of banking transactions and the increase in
fraudulent activities have recently prompted scholars and experts, and authorities to divert
their attention to internal control systems in the banking sector. The objective of this study is
to find the effect of internal control systems on the performance of commercial banks in
Nigeria. A survey method was employed and the study used stratified random sampling, in
which a total of 382 questionnaires were administered to either staff of operations, marketing,
or security department in the Nigerian commercial banks. The questionnaire is a 5 point
Likert-scale while the data collected was analyzed using Statistical Package for the Social
Sciences (SPSS) version 23 (v23) and Smart PLS 3. The findings of the study revealed that
there is a positive and significant relationship between the four components of internal
control (control environment, control activities, monitoring and risk assessment) and bank
performance. While information and communication were found to have an insignificant
positive relationship with bank performance. The study recommended that future research
should add other additional variables like risk culture, corporate governance. Likewise,
control variable (s) such as bank size, bank age, etc. can also be considered by future
researchers.
Keywords: Internal Control, Commercial banks, Bank performance, COSO.
1. INTRODUCTION
Internal control is a broad concept that covers the entire range of procedures, methods and
controls established by an organization to increase the probability to achieve its business
goals (Institute of Internal Auditors (IIA), 2012). Also, internal control can be seen as agroup
of policies and procedure that are embedded to form control on firm's activities to ensure the
entity followed objectives set by management and board of directors (Yousef, 2017).
Recent failures and the collapse of high-profit institutions around the world such as Barings
Bank, Tyco, Waste management, Bernie Madoff, Freddie Mac, Enron, and WorldCom, to
mention just a few have shown that no company can be too big to fail. The banking industry
worldwide has experienced significant bank failures and crises over the years in which
internal control weakness is among the reasons for this failure. Recent scandals had revealed
situations where firms engaged in unethical accounting strategies to omit relevant
information about firms’ financial data (Cohen, Holder-Webb, Nath, & Wood, 2012). Bank
failures are of great concerns to Central banks and other governing agencies because of its
Hussaini Umar et. al., / International Journal of Management Research & Review
Copyright © 2018 Published by IJMRR. All rights reserved 14
systematic nature on acting as a catalyst for financial crises (Bank for international
settlements, 2011).
The banking sector is a a special sector in the economy. It handles the massive volume of
funds transactions daily and provides a different kind of services to the customers. All
economic activities depend on the stability and strength of the banking sector(Gamage, Lock,
& Fernando, 2014). A system of tough internal controls can support to ensure that the goals
and objectives of banks will be met, that the bank will help to attain long-term profitability
targets and maintain reliable financial and managerial reporting (Gamage et al., 2014). This
type of system can help in ensuring that the bank will comply with procedures, internal rules,
plans, and laws and regulations as well decrease the risk of bank’s reputation damage or
unexpected losses to the bank. This help bank’s management and Board of directors to
comply with laws and regulations,produce reliable financial reports and safeguard the bank’s
resources (Gamage et al., 2014).
Internal control ineffectiveness is among the problems of the banking industry, and that
allowed rogue traders to cause huge financial losses to these banks (Ayagre, Appiah-
Gyamerah, & Nartey, 2014).The Nigerian financial sector has its crisis traceable to a number
of factors chiefly among which were huge non-performing loans, lack of transparency, capital
inadequacy, and in addition to this weak internal controls and ineffective or compromised
external audit also played a very significant role in the crisis that enveloped the sector,
especially from early 1990’s up till mid-2004 (Adeyemi & Adenugba, 2011). Despite the
2005 Nigerian banking sector reforms, a breakdown has occurred in the banks’ systems of
internal control, resulting in regulatory failures and poor corporate governance (Agbonkpolor,
2010).
In addition, due to ineffectiveness of internal control in the banking system of Nigeria, the
results of the stress tests conducted by the CBN in 2009 on the commercial banks revealed
that eight of the 24 commercial banks in the country were unhealthy, necessitating the
intervention of the CBN through the injection of 620 billion nairas of liquidity into the
banking sector (Sanusi, 2010).Internal control effectiveness of an organization defines the
extent to which the organizational system promotes the achievement of its corporate goals
and objectives. In the case of profit-based organizations like commercial banks, these
objectives and goals are related to financial and non-financial performance.
Despite the importance of this sector in regulating the economy, studies concerning the
relationship between internal control and the financial performance of banks are few, most of
the studiesthat established relationship between internal control and performance was
investigated using participants from multiple industries (Hunziker, 2016; Kinyua, Gakure,
Gekara, & Orwa, 2015; Saarni, 2012; Stoel & Muhanna, 2011; Tseng, 2017) thereby
neglecting the banking sector.The objective of this study is to review the literature on the
effectiveness of internal control on the performance of commercial banks in Nigeria, through
the use of five internal control components by Committee of Sponsoring Organizations’
([COSO] 1992).
Hussaini Umar et. al., / International Journal of Management Research & Review
Copyright © 2018 Published by IJMRR. All rights reserved 15
2. LITERATURE REVIEW
Internal control can be defined as the process designed and affected by those charged with
management, governance, and other personnel to provide reasonable assurance about the
attainment of entity’s objectives aboutefficiency and effectiveness of operations; compliance
with applicable laws and regulations; the reliability of financial reporting(Gamage et al.,
2014).According to Laufer (2011), internal controls consist of “an organization’s system of
checks and balances designed to ensure reliable financial reporting, effective and efficient
operations, safeguarding assets against theft and unauthorized use, and compliance with
applicable laws and regulations. The COSO definition of internal control extends to all
objectives of an entity from financial reporting to proficiency and effectiveness of operations
and compliance with applicable laws and regulations (COSO, 2013). It further helps to ensure
reliable financial reporting information and that a company complies with laws and
regulations (COSO 2013). It can be derived from these concepts that internal control
continues processing from a series of procedures and rules. It based on judgment and cost
/benefit considerations and is related to financial and non- financial activities. The COSO
framework came out with five components of internal control in organizations. Thus, are (i.)
the control environment (ii)the entity’s risk assessment process (iii)the information and
communication system, (iv)control activities, and (v) Monitoring.
The banking institutions constitute a critical sector of any economy. Subsequently, the
aftermath of the financial crisis, in the early 1990’s, the stability of the financial system has
assumed a greater focus as a key objective of economic policy in Nigeria (Adeyemi &
Adenugba, 2011). Most of the Nigerian financial institutions have been in a circle of weak
internal controls thus constituting serious dangers to the existence and smooth running of
these firms (Adeyemi & Adenugba, 2011).
Reason for Internal Control
In the past studies, the key reason for adopting the internal control systems within the
banking sector can be identified as the need to assess continually that bank objectives
are being recognized. In research conducted to analyze the importance of internal
control for the Nigerian banks, Hayali, Dinç, and Sarılı reported that internal controls help
the financial sector in presenting it's strong and stable outlook in front of the international
spectators. It helps in monitoring the assets and maintaining the reliability of the
company’s accounts and keeping a strict eye on fraudulent activities. Similarly, Socol
has further added that the main the objective ofinternal banking control includes
continuous tracking of activities with international auditing standards.
This can help in solving any problem that may arise. An an effective system is capable of
detecting errors, fraudulent transactions as well as any irregularities and ultimately
reduces the percentage of such occurrences
2.1 Reason for Internal Control
Previous studies, the major reason behind implementing the internal control systems within
the banking sector can be attributed to the need to continuallymake sure that bank objectives
are being achieved(Socol, 2011). In research conducted toanalyze the importance of internal
Hussaini Umar et. al., / International Journal of Management Research & Review
Copyright © 2018 Published by IJMRR. All rights reserved 16
control for the Nigerian banks, Hayali, Dinc, Sarılı, Dizman, and Gundogdu (2013) reported
that internal controlshelp the financial sector in presenting its strong and stableoutlook in
front of the international spectators. It alsohelps inkeeping astrict eye on fraudulent
activities, monitoring theassets and maintaining the reliability of thecompany ’s accounts. An
effective internal control system is one capable of detecting any irregularities, fraudulent
transactions as well as errors, and ultimately reduces the percentage of such occurrences.
Poor internal controls often cause fraudulent activities to go unchecked and inevitably result
in the downfall of the organization. It is certain that without appropriatepracticing of the
internal control system, organizations will face numerous risks and problems. If the situation
persists, it will lead to loss of investors fund, employees’ welfare loss, customers’
dissatisfaction, disputes for company’s growth, image damage, and insolvency and finally, it
leads the problems to the government(Gamage et al., 2014).Also, Adeyemi and Adenugba
(2011)observe that the role of internal controls is to ensure that appropriate financial,
operational and compliance controls are in place. Also, Muraleetharan (2011) in the study of
internal control and its impact on financial performance of organization a case study of
University of Jaffna indicated that there was a relationship between internal control and
financial performance.
According to COSO (1992), the main objectives of the internal control process can be
categorized as follows: compliance with applicable laws and regulations; reliability of
financial reporting; and effectiveness and efficiency of operations. According to COSO
framework, it is proposed that internal controls are to be performed based upon five
principles components related to ensuring regularity, efficiency, operational effectiveness,
and reliable financial reporting which must be integrated into business processes across the
entire entity, in its efforts to achieve objectives.
Furthermore, the Basel Committee on banking supervision issued a framework for the
evaluation of Internal Control Systems. It emphasized that sound Internal Controls are
essential to the prudent operation of banks and promotes stability in the financial system. The
Basel committee developed thirteen principles for banking supervisory authorities to apply in
assessing bank’s internal control systems. These principles were structured under five main
areas namely; Management oversight and the control environment, Risk recognition and
assessment, Information Communication and Monitoring activities & Correcting deficiencies
which have their basis on the COSO Framework (Asiligwa, 2017).
The Basel Committee, (Basel 1998) along with banking supervisors throughout the world,
has focused increasingly on the importance of sound internal controls. Previous studies have
emphasized the necessity and importance of internal control system in the banking system.
Among the previous research’s that have established a relationship between internal control
and performance of organizations including banks are; Hayali et. al., (2013) discovered that,
internal control activities of the banks are adapted to the international standards in Turkey
and that effective control procedures exist in the banking system. The study further stated
thateffective internal control mechanisms have a great impact on the strong and stable
outlook of Turkish banking sector.
Hussaini Umar et. al., / International Journal of Management Research & Review
Copyright © 2018 Published by IJMRR. All rights reserved 17
Also, Olatunji (2009)studied the effect of an internal control system in the banking sector,
and according to the findings,poor effective internal control system is the major cause of
fraud in the banking sector. While, (Adeyemi & Adenugba, 2011) revealed that ineffective
internal control system often causes a decrease in the performance of the bank due to inability
to prevent and detect fraudulent activities in the system.
Other studies that establish relationship between internal control and performance of firms
includes;A study by Ayom (2013) on the internal controls and performance in Non-
Governmental Organizations in Sudan showed that, although internal auditing has led to
compliance with rules and regulations on operations, performance and procurement control, it
did not lead to proper financial accountability, budgetary control on the expenditure and
proper utilization of donor funding. Also, Ewa andUdoayang(2012)argued that a strong
internal control mechanism is a deterrence to staff fraud while a weak internal control
mechanism exposes the system to fraud and creates an opportunity for staff to commit fraud.
Also, Bett & Memba, (2017) revealed that control environment has a significant influence on
the financial performance of an organization. The author further revealed that information
systems have a significantinfluence on the financial performance of Menengai Oil Company.
2.2 Internal Control Components
Internal control comprises five components; the control environment, the entity’s risk
assessment process, the information and communication systems, control activities, and the
monitoring of controls (COSO, 1992). For an organization to achieve its organizational
objectives, then the five control components of internal control must be integrated into
management processes over the entire organization’s subsidiaries, divisions and units
(Ayagre et. al., 2014). In another study, Amudo and Inanga (2009) developed a model and
added information technology in their study, and revealed that measuring the effectiveness of
internal control is concerned with the existence and functioning of the six major control
components identified by the model.
2.2.1 Control Environment
The control environment includes the attitudes, awareness, and actions of management and
directors, management and those charged with governance concerning the entity’s internal
control and their importance in the entity(Gamage et al., 2014; Mary, Albert, & Byaruhanga,
2014). In another study, Control environment refers to all factors which are effective in
determining, increasing or decreasing the effectiveness of policies, procedures, and methods
specific to a process. Control environment stands out with the basic understanding adopted by
the senior management of the corporation to control the organization, its attitude toward
problems and approach to solving problems and their perspective of the importance of moral
values (Hayali et al., 2013).The element of control environment includes communication,
enforcement of integrity, and ethical values. No wonder, Hooks (1994) describes the control
Environment as in part an operationalization of organization culture.
Furthermore, Gamage et. al., (2014) and Norton Rose Fulbright (2016)five factors are
identified that affect control environment;integrity and ethical values, human resource
policies and practices, assignment of authority and responsibility, a commitment to the
Hussaini Umar et. al., / International Journal of Management Research & Review
Copyright © 2018 Published by IJMRR. All rights reserved 18
competence, organizational structure, and management's philosophy and operating style, and
board of directors or audit committee. The following are control environment principles
which organization should consider;
(i) The organization should demonstrate a commitment to ethical values and
integrity.Through attributes of establishing standards of conduct evaluate adherence to
standards of conduct; setting the tone at the top; and address deviations promptly(Janvrin,
Payne, Byrnes, Schneider, & Curtis, 2012; Norton Rose Fulbright, 2016).
(ii) The board of directors demonstrates independence of management and exercises
oversight for the development and performance of internal control. Through attributes:
provide oversight during the development and performance of the system of internal control;
retain or delegate oversight responsibilities as appropriate; establish board of directors
oversight responsibilities; board of directors operate independently of the organization; and
apply relevant expertise (Janvrin et. al., 2012; Norton Rose Fulbright, 2016).
(iii) Management establishes with board, an appropriate authorities and responsibilities in the
pursuit of objectives, reporting lines, and oversight structures, through the following
attributes: consider all structures of the organization (including out-sourced service
providers), establish reporting lines; limit authorities, define, and assign
responsibilities(Janvrin et. al., 2012; Norton Rose Fulbright, 2016).
(iv)The organization should demonstrate a commitment to retain, develop, and attract
competent individuals in alignment with its objectives. Attributes: plan and prepare for
succession, develop, attract, and retain the individual, establish policies and procedures,
evaluate competence and address shortcomings (Janvrin et. al., 2012; Norton Rose Fulbright,
2016).
(v)The organization should also hold individuals accountable for their internal control
responsibilities in the pursuit of objectives.This can be achieved through the following
attributes: establish performance measures, authorities, and responsibilities, enforce
accountability through structures, rewards, and incentives,evaluate performance measures,
incentives, and rewards for ongoing relevance, evaluate performance and rewards or
discipline individuals, consider excessive pressures(Janvrin et. al., 2012; Norton Rose
Fulbright, 2016).
2.2.2 Risk Assessment
Risk assessment is among the component of internal control. Risks threaten the achievement
of objectives. An entity’s risk assessment process is the process of identifying and responding
to business risks and the results thereof (Mary et. al., 2014). Risk Assessment is also defined
as identification of potential errors and implements procedures, policies,and control to detect
those errors and prevent them.Risk assessment can also be the identification and analysis of
risks relevant to the achievement of objectives (Frazer, 2012). In order word risk assessment
is the process of detecting, assessing and determining how to succeed these things.
Both external and internal risks could prevent the achievement of established objectives at
every level in an organization.According to COSO (1992) every organization, be it private or
public, large or small, faces risks from both external and internal sources that must be
Hussaini Umar et. al., / International Journal of Management Research & Review
Copyright © 2018 Published by IJMRR. All rights reserved 19
assessed.Therefore, management should take necessary actions to prevent these risks. But,
sometimes management cannot avoid the risk from occurring. In these situations,
management should determine whether to accept the risk, reduce it up to the acceptable
levels, or avoid. An organizationprincipally establishes an early warning system to determine
risks with low-probability, and take the necessary steps to minimize or remove such
risks(Hayali et al., 2013).Norton Rose Fulbright(2016) identified the following risk
assessment principles which organization should consider;
i. The organization should assess and identifies changes that could significantly impact the
system of internal control. Control operations consist of a variety of activities,according to
Frazer (2012) these activies are; Physical controls (such as controlling whether necessary
measures are taken in order to reach assets and records or not, controlling the physical
presence or absence of assets, comparison between accounting records and periodic
inventory); Performance assessment (to confare between the actual operations and objectives
of a corporate); Information processing controls; Should also; assess changes in leadership;
assess changes in the business model; assess changes in the external environment;
Segregation of duties (for instance registration procedures, and custody of assets; assigning
different employees with different tasks such as procurement of assets)(Janvrin et al., 2012;
Norton Rose Fulbright, 2016).
ii. The organization should consider the potential for fraud in assessing risks to the
achievement of its objectives. The organization should specify objectives with sufficient
clarity to enable the identification and assessment of risks relating to objectives. Should;
consider toleration for risk and required level of precision/materiality comply with externally
established standards and frameworks and laws and regulations reflect management’s
choices; reflect entity activities; include operations and financial performance goals; form
basis for committing of resources. Should also consider various ways that fraud can occur;
consider risk factors; assess incentive and pressures; assess opportunities; assess attitudes and
rationalizations (Janvrin et. al., 2012; Norton Rose Fulbright, 2016).
iii. The organization should identify risks across the entity to the achievement of its objectives
and should also analyze those risks as a basis for determining how the risks should be
managed.This can be achieved through the following attribute; involve appropriate levels of
management; division, subsidiary, functional levels, and operating unit; analyze both external
and internal factors; the determine how to respond to risks, and estimate the significance of
risks identified (Janvrin et. al., 2012; Norton Rose Fulbright, 2016).
iv. The organization specifies objectives with sufficient clarity to enable the assessment and
identification of risks relating to objectives. Attributes: consider toleration for risk and
required level of precision/materiality; comply with externally established standards and
frameworks and laws and regulations; reflect management’s choices; reflect entity activities;
include operations and financial performance goals; form basis for committing of resources
(Janvrin et. al., 2012; Norton Rose Fulbright, 2016).
Hussaini Umar et. al., / International Journal of Management Research & Review
Copyright © 2018 Published by IJMRR. All rights reserved 20
2.2.3 Information and Communication System
Another component of the internal control system is to be able to obtain information both
horizontally and vertically and ensure communication among employees. Theseare only
possible if the management information system and its information subsystems are arranged
in a disciplined and responsive manner (Hayali et. al., 2013). Effective communication
should be established including all employees at all levels of the corporate. Information and
communication focus on the quality and nature of information needed for effective control
that the systems use to develop such information, and reports necessary to communicate it
effectively. Information systems produce reports of operational, financial, and compliance-
related information that make it possible to run and control the business (COSO, 1992).
Effective communication also must exist with external parties, such as customers, suppliers,
regulators, and shareholders (COSO, 1992).
Organizations need information at all levels the to assist the management in meeting it’s
objectives (Douglas (2011). This information should be communicated from top to bottom
level that needs it within a specific time that helps them to carry out their objectives.
Communication also uses by outside parties such as customers, suppliers, and regulators.
Control environment, control activities, risks, information about an organization’s plans, and
performance must be communicated down, up, across an organization. Reliable and relevant
information from both external and internal sources must be processed, captured, identified
and communicated to the people who need it in a form and timeframe that are useful.
Information and communication can reduce the risk of fraud in two ways. First, the
possibility of fraudulent concealment is reduced using the accuracy of information and
integrity, thus that a person who commits a fraud can’t have the opportunity of hiding it for a
long time. Secondly, an effective and open communication adopted in an organization helps
to detectand prevent the possibility of fraud in advance(Hayali et al., 2013).
The following are information and communication principles organization should consider;
(i) The organization obtains or generates and uses relevant, quality information to support the
functioning of other components of internal control. Attributes: identify information
requirements; capture internal and external courses of data; process relevant data into
information; maintain quality throughout processing; consider costs and benefits (Janvrin et.
al., 2012; Norton Rose Fulbright, 2016).
(ii) The organization internally communicates information, including objectives and
responsibilities for internal control, necessary to support the functioning of other components
of internal control. Attributes: communicate internal control information with personnel;
communicate with the board of directors; provide separate communication lines; select the
relevant method of communication (Janvrin et. al., 2012; Norton Rose Fulbright, 2016).
(iii) The organization communicates with external parties regarding matters affecting the
functioning of other components of internal control. Attributes: communicate to external
parties; enable inbound communications; provide separate communication lines;
communicate with the board of directors; select the relevant method of communication
(Janvrin et. al., 2012; Norton Rose Fulbright, 2016).
Hussaini Umar et. al., / International Journal of Management Research & Review
Copyright © 2018 Published by IJMRR. All rights reserved 21
2.2.4 Control Activities
The fourth component of internal control is controlled activities, the procedures and policies
that ensure how management directives have executedthat help ensure that necessary actions
are taken to address the risks involved in the achievement of the entity’s objectives(Frazer,
2012; Ndamenenu, 2011). Control activities are tools both manual and automated that help
prevents or reduce the risks that can impede accomplishment of the organization's objectives
and mission. Management should establish control activities to effectively and efficiently
accomplish the organization's objectives and mission.
Accordingly, the control activities that are relevant to the audit include Performance review;
Information processing; Physical control; Segregation of duties. Amudo & Inanga (2009)
viewed that authorization, segregation of duties, and verification before making the
payments, control over access to resources, reconciliation, review operations and supervision
as the control activities in any organization The literature highlighted those benefits of
relevant, timely and effective internal and external communication;improved communication
about expectation, responsibilities, and objectives of an organization; Enhanced decision
making;reduced dependence on individual employees who assist in the prevention and
detection of frauds. The following are control activities attributes organization should
consider
(i) The organization should develop and selects control activities that contribute to mitigating
of risks to the achievement of objectives to acceptable levels. This can be achieved through
the following attributes: address segregation of duties; consider at what level activities are
applied; evaluate a mix of control activity types; consider entity-specific factors; determine
relevant business processes; integrate with risk assessment.
(ii) The organization should select and develops general control activities over technology to
support the achievement of objectives. With the help of the following attributes: establish
relevant technology acquisition, development, and maintenance process control activities;
establish relevant technology infrastructure control activities; establish relevant security
management process control activities; determine dependency between the use of technology
general controls and technology in business processes.
(iii) The organization deploys control activities as manifested in policies that establish what is
expected and in relevant procedures to affectthe policies. This can be achieved through the
following attributes: the reassess policies and procedures,take corrective action; perform
promptly; perform using competent personnel; establish accountability and responsibility for
executing policies and procedures; and establish policies and procedures to support the
deployment of management’s directives(Janvrin et al., 2012).
2.2.5 Monitoring
The quality of the internal control system’s can be accessed through monitoring over time
through separate evaluations, ongoing monitoring activities, or a combination of the two
(COSO, 1992). Internal control system and application of controls change overtime. This can
be due to the arrival of new personnel, varying effectiveness of implementing the procedures
Hussaini Umar et. al., / International Journal of Management Research & Review
Copyright © 2018 Published by IJMRR. All rights reserved 22
or supervision, time and resource constraints or changes in the circumstances for which the
internal control system originally was designed (Gamage et. al., 2014).
The objective of monitoring is to determine whether internal control is effective, properly
executed, and adequately designed. Internal control is adequately designed and properly
executed if all five internal control components (Control Environment, Risk Assessment,
Control Activities, Information and Communication, and Monitoring) are present and
functioning as designed (Ofori, 2011).The ability to identify risks that may occur due to some
changes within the organization and among employees and the ability to provide continuity
of internal control need to be monitored in the course of time (Hayali et. al., 2013).
Management should emphasize monitoring efforts on internal control and accomplishes. The
organization objectives.Monitoring should be performed on a regular basis to assess the
process of design and operational actions and controls to be taken covers the assessment of
internal control quality. Continuous monitoring of the internal control system and discovery
of deviations is required to achieve organizational objectives (Hayali et. al., 2013).Also, It is
important to monitor internal control to determine whether any modifications are necessary or
whether it is operating as intended. All employees need to understand the organization's
objectives, mission, and responsibilities and risk tolerance levels for monitoring to be most
effective.Organizations should consider the following attributes under monitoring:
(i) The organization selects, develops, and performs ongoing and separate evaluations to
ascertain whether the components of internal control are present and functioning. This can
also be achived through the following attributes: adjust scope and frequency; evaluate
objectively; integrate with business processes; use knowledgeable personnel; consider the
rate of change; establish baseline understanding; and consider a mix of ongoing and separate
evaluations.
(ii). The organization evaluates and communicates internal control deficiencies in a timely
manner to those parties responsible for taking corrective action, including senior management
and the board of directors, as appropriate. Attributes: assess results; communicate
deficiencies to management; report deficiencies to senior management and the board of
directors; monitor corrective actions.
Integrated Internal Control Framework for an organization
Fig. 1: COSO’s Internal Control framework
Source: Researchers design based on COSO’s Internal Control framework
Control Activities
Control Environment
Risk Assessment
Information
&
Communication
Monitoring
Entity
Hussaini Umar et. al., / International Journal of Management Research & Review
Copyright © 2018 Published by IJMRR. All rights reserved 23
2.3 Performance
Organizations are created for specific objectives. For an organization to achieve its
objectives, they must be able to perform their operations efficiently and effectively.
Organizations need to adopt effective business practices to help them accomplish their
objectives as well as sustain their organizational performance. The performance of
organizations is measured regarding their abilities to achieve their specific organizational
objectives. Performance refers to the ability to operate efficiently, profitably, survive, grow
and react to the environmental opportunities and threats (Mawanza, 2014).
Performance is one of the major indicators that explain the level of development of any
society. Recently, the challenges of the global business environment have re-echoed the need
for corporate organizations to have more concerns about the success of business firms. Firm
performance has been viewed as one of the most important variables that attracted the
attention of researchers in both finance and management literature (Gavrea, Ilies, &
Stegerean, 2011). Firm performance is a concept that explains the extent to which an
organization achieves objectives. It indicates how organizations have been peering overtime
(Saeidi, Sofian & Siti Zaleha, 2014). Firm performance is an indicator that helps to evaluate
and measure how an organization succeeds in realizing business objectives to all its
stakeholders(Antony & Bhattacharyya, 2010). Firm performance refers to firms’ ability to
achieve its goal through the application of available resources efficiently and effectively
(Asat, Maruhun, Haron & Jaafar 2015).
The study by (Galbraith & Schendel, 1983) specifically found that financial indicators such
as return on sales,return on assets, profit margin, and return on equity are considered to be the
common measures of financial performance of organizations. Similarly, in the context of the
performance of manufacturing firms in Malaysia, the study by Abu Kasim, Minai and Chun
(1989) found sales, sales growth, net profit and gross profit as the common financial
measures preferred by the Malaysian manufacturing firm (Jusoh & Parnell, 2008).However,
in the case of commercial banks, practitioners and researchers agree that these banks need to
adopt different measures of organizational performance. As a social business, commercial
banks have both financial as well as social objectives. Given this, the performance of
commercial banks should be measured by using not only financial but also non-financial or
social measures (Thomasa & Kumara, 2016).
Bank performance: To measure bank performance, the extant literature relies on both
accounting and market measures (Seelanatha, 2007). Market performance reflects
expectations of firm’s prospects and its ability to adapt to potential changes (Belkhaoui,
Lakhal, Lakhal, & Slaheddine Hellara, 2014). It includes the present value of expected future
profits valued by the financial market. However, the market measure fits only listed firms and
is appropriate if the market is efficient.
Some studies have used different types of performance indicators to measure firm
performance. For example, (Murphy, Trailer, & Hill, 1996) identified 71 performance
parameters that have been used by researchers to measure both financial and non-financial
performance. In most situations, researchers use financial measures to explain firm
performance. For instance, measures such as return on investment, return on sale and return
Hussaini Umar et. al., / International Journal of Management Research & Review
Copyright © 2018 Published by IJMRR. All rights reserved 24
on equity are some of the commonly used parameters to measure performance (Saeidi et. al.,
2014). Thus, for a more comprehensive assessment, organizations have resorted to the
utilization of both financial and non-financial performance measures. For example, Judge,
Naoumova, and Koutzevol (2003) have used both financial and non-financial indicators such
as process improvements, customer satisfaction, capacity utilization and product service
quality to measure firm performance (I;e., financial profitability, growth in size/assets,
customer satisfaction, product/service quality, capacity utilization, process improvements,
employment stability, employee training).
Return on Equity (ROE), Return on Assets (ROA) and Net Interest Margin (NIM) are often
used to proxy the measurement of Financial Performance. According to available literature,
appropriate performance measures are those that enable organizations to direct their actions
towards achieving their strategic objectives. Financial performance measures have mostly
been done using three indicators; return on assets (ROA), return on equity (ROE) and return
on sales (ROS). A study conducted by Hakkak and Ghodsi (2015) revealed that
implementation of nonfinancial performance measures (BSC) in organizations has a
significant positive effect on firms’ competitive advantage and sustainability.
Moreover, researchers have opined that the current emphasis on traditional performance
measures such as return on investment or net earnings diverts firm’s attention from non-
financial factors such as customer satisfaction, product quality, productivity and business
efficiency (Hussain & Hoque, 2002). There is that perception that non-financial measures are
better forecasters of a long run firm’s performance, as well the business leaders to monitor
and assess their company's efficiently (Hussain & Hoque, 2002; Kaplan & Norton, 2001;
Robert S. Kaplan & Norton, 1996). Even though nonfinancial performance may have lower
measurement accuracy, but they focus on components that directly relate to operations that
are within the control of the management (Stede, Wim, Chow, & Lin, 2006).
These and several other issues have encouraged organizations to adopt one form of non-
financial measures or the other (Ahmed & Manab, 2016). Hence, this study will adopt both
the financial and the nonfinancial performance to measure the performance of commercial
banks in Nigeria. Below is the research framework:
Independent Variable Dependent Variable
Fig. 2: Conceptual Framework
3. METHODOLOGY
Data for the study was gathered from questionnaires administered to bank staffs (including
managers, internal control officers, and security officers of the bank) of all branches of
INTERNAL CONTROL
Ø Control environment
Ø Risk assessment
Ø Information and
communication
Ø Control activities
Ø Monitoring
BANK
PERFORMANCE
Ø Financial
Ø
Non
-
Hussaini Umar et. al., / International Journal of Management Research & Review
Copyright © 2018 Published by IJMRR. All rights reserved 25
commercial banks in Nigeria. The study targeted internal control officers, security officers,
and managers because of their good understanding of the internal control system of banks. A
total of 381 questionnaires were distributed through self-hand delivery. The questionnaires
were distributed based on simple random selection from 5,495 branches of commercial banks
in Nigeria as advice by (Krejcie & Morgan, 1970). Out of 381 questionnaires distributed,
only 255 were returned. Out of the 255 collected questionnaires only 223 were found to be
useful for further analysis because 32 questionnaireswere excluded from the analysis due
nonsuitability of either not duly completed or problems of outliers. The questionnaire was
adapted with some modifications from several studies, it was divided in to seven main
sections representing the demographic section, five control components (control
environment, risk assessment, information and communication, control activities, and
monitoring) of the COSO model adapted from (Collins, 2014), and performance adapted
from (Muraleetharan, 2011; Otache & Mahmood, 2015). Responses received from
respondents were based on a five (5) point likert scale, ranging from strongly disagree to
strongly agree, on all the questions on internal control components, where 1 represented
strongly disagree (SD) and 5 represented strongly agree (SA). While likert scale for
performance range from not improved to highly improved. The likert scale was used to
measure respondent’s knowledge and perception of internal controls effectiveness and the
banks performance.
4 DATA ANALYSIS
4.1 Descriptive Analysis
There were 223 responses received for this study out of the 381 questionnaires distributed to
the bank staffs. In the demographic part, the questions consist of gender, education level,
department, and age of the respondents. In total, 160 (71.7 per cent) respondents involved in
this study are male, while 63 (28.3 per cent) are female. As for the age, majority of the
respondents are aged between 30 and 39 years (38.6 per cent), followed by respondents aged
40-49 years (29.6 per cent), 20-29 years (18.8 per cent), and 50-59 years (13 per cent).
However, there are no respondents at the age of 60 and above. Subsequently, the question
asked about their department in the bank. There are three department in the bank that the
researcher targeted to reached, including operations, marketing, and security. Of the 223 total
respondents, 104 (46.6 per cent) of them are from marketing department, 76 (34.1 per cent)
of them are from operations department and 43 (19.3 per cent) are from security department.
The last question for the demographic section was to enquire about the level of education
among the respondents. The level of education can be categorized into five levels, which are
Secondary Certificate, OND/NCE, University degree/HND, Postgraduate, and others.
Majority of the respondents have University degree/HND, which is 126 (56.5 per cent),
followed by Postgraduate with 90 (40.4 per cent). Among all the respondents only 7 (3.1 per
cent) of them have OND/NCE and no any respondents had secondary certificate.
4.2 Normality Test and Reliability
Prior to testing the data using PLS-SEM, the data were tested for normality. Skewness and
kurtosis testing have been used to describe the normality of the data. The data are assumed to
Hussaini Umar et. al., / International Journal of Management Research & Review
Copyright © 2018 Published by IJMRR. All rights reserved 26
be normally distributed when the value of skewness is close to 0 and value of kurtosis does
not exceed 3.0. The results show that the value for skewness ranges from -0.190 to -0.890,
and the kurtosis values of all the variables are between -0.360 and 2.239. This result indicates
that all of the variables are considered to have slight skewness and kurtosis, as both skewness
and kurtosis values are within the acceptable range. Therefore, the data are assumed to be
normally distributed. Reliability test revealed that the Cronbach alpha and composite
reliability ranges from 0.773 to 0.875 and 0.859 to 0.902 respectively, indicating that all
questionnaire items asked to measure the variables are valid. Figure below explained the
details
Table 1: Normality Test and Reliability
Variables Skewness Kurtosis Cronbach's
Alpha Composite
Reliability Average Variance
Extracted (AVE)
Control Activities -0.414 0.656 0.847 0.884 0.522
Control Environment -0.190 0.172 0.805 0.859 0.518
Inf.& Comm. -0.056 0.134 0.866 0.892 0.514
Monitoring -0.224 -0.360 0.773 0.849 0.533
Performance -0.890 2.239 0.875 0.902 0.539
Risk Assessment -0.518 0.626 0.857 0.886 0.527
Fig. 3: Measurement Model
Hussaini Umar et. al., / International Journal of Management Research & Review
Copyright © 2018 Published by IJMRR. All rights reserved 27
Fig. 4: Structural Model
Table 2: Results of Hypothesis
Hypothesis β T Statistics P Values
Control Activities -> Performance 0.193 2.193 0.029
Control Environment -> Performance 0.269 3.619 0.000
Inf & Comm -> Performance 0.045 0.562 0.575
Monitoring -> Performance 0.172 2.898 0.004
Risk Assessment -> Performance 0.217 2.586 0.010
5. FINDINGS
The first objective of the study is to examine the relationship between control activities and
bank performance. H1 proposed that there is a positive relationship between control activities
and bank performance. Based on Table 2, the coefficient for control Activities is 0.193, t
=2.193, p= 0.029, where p<0.05 indicates that the result supports H1. Thus, this study proves
that performance increase if there is control activities. This result has a similar finding with
(Janvrin et al., 2012). The second objective of the study is to examine the relationship
between control environment and bank performance. H2 proposed that there is a positive
relationship between control environment and bank performance. Based on Table 2, the
coefficient for control environment is 0.269, t = 3.619, p= 0.000, where p<0.01 indicates that
the result supports H2. Thus, this study proves that performance increase if there is effective
control environment. This result has a similar finding with(Mary et al., 2014).
The third objective of the study is to examine the relationship between information,
communication and bank performance. H3 proposed that there is a positive relationship
between information, communication and bank performance. Based on Table 2, the
coefficient for information, and communication is 0.045, t = 0.562, p= 0.575, where p>0.10
Hussaini Umar et. al., / International Journal of Management Research & Review
Copyright © 2018 Published by IJMRR. All rights reserved 28
indicates that the result does not supports H3. Thus, information and communication does not
influence bank performance. The fourth objective of the study is to examine the relationship
between monitoring and bank performance. H4 proposed that there is a positive relationship
between monitoring and bank performance. Based on Table 2, the coefficient for monitoring
is 0.172, t = 2.898, p= 0.004, where p<0.01 indicates that the result supports H4. Thus, this
study proves that performance increase if there is effective monitoring in the bank. This result
has a similar finding (Hayali et al., 2013). While the fifth (last) objective of the study is to
examine the relationship between risk assessment and bank performance. H5 proposed that
there is a positive relationship between risk assessment and bank performance. Based on
Table 2, the coefficient for risk assessment is 0.217, t = 2.586, p= 0.010, where p<0.01
indicates that the result supports H5. Thus, this study proves that performance increase if
there is effective risk assessment in the bank. This result has a similar finding (Frazer, 2012).
6. CONCLUSION
This study consists of five objectives, which are to identify the relationship between the five
components of internal control and bank performance.The COSO framework identifies five
components that should be in place in order to achieve effective internal control and influence
performance. The findings of this study demonstrated evidence that internal control
components depicted from COSO integrated theoretical framework, can have positive effects
on the performance of banks. Furthermore, from the discussion of findings, it can be
concluded that the present study provides empirical evidence that there is a positive and
significant relationship between the four components of internal control (control
environment, control activities, monitoring and risk assessment) and bank performance.
While information and communication were found to have an insignificant positive
relationship with bank performance. The findings could be used by banks and other
regulatory bodies to improve their performance. More so, recommendation and suggestion
for future research are also provided. Future research should adopt a longitudinal study with
enough time for data collection. Intended scholars in this area of research can add other
additional variables like risk culture, corporate governance, Likewise, control variable (s) like
bank size, bank age, etc. can also be considered by future researchers.
REFERENCES
[1] Adeyemi B, Adenugba A.. Corporate Governance In The Nigerian Financial Sector: The
Efficacy Of Internal Control And External Audit. In Global Conference on Business and
Finance Proceedings 2011; 6: 691.
[2] Agbonkpolor T. Risk management and regulatory failures in banking: Reflections on the
current banking crisis in Nigeria. Journal of Banking Regulation 2010; 11(2): 146–155.
https://doi.org/10.1057/jbr.2010.5
[3] Ahmed I, Manab NA. Moderating Effects of Board Equity Ownership on the
Relationship between Enterprise Risk Management Implementation and Firms Performance:
A Proposed Model. International Journal of Management Research & Review 2016; 6(1):
21–30. https://doi.org/10.9790/487X-18126168
[4] Amudo A, Inanga EL. Evaluation of Internal Control Systems: A Case Study from
Hussaini Umar et. al., / International Journal of Management Research & Review
Copyright © 2018 Published by IJMRR. All rights reserved 29
Uganda. International Research Journal of Finance and Economics 2009; 1(27): 124–144.
[5] Antony JP, Bhattacharyya S. Measuring organizational performance and organizational
excellence of SMEs – Part 1: a conceptual framework. Measuring Business Excellence 2010;
14(2): 3–11. https://doi.org/10.1108/13683041011047812
[6] Asat SH, Maruhun ENS, Haron H, Jaafar M. Enterprise risk management (ERM) and
organisational performance: The case of housing developers in Malaysia. In MARIM
International Conference,. Langkawi. Malaysia, 2015.
[7] Asiligwa GR. The Effect of Credit Risk Management on the Financial Performance of
Commercial Banks in Kenya. Journal of Economics and Finance 2017; 8(3): 92–105.
https://doi.org/10.5897/AJBM2013.7171
[8] Ayagre P, Appiah-Gyamerah I, Nartey J. The Effectiveness of Internal Control Systems
of Banks. The Case of Ghanaian Banks. International Journal of Accounting and Financial
Reporting 2014; 4(2): 377. https://doi.org/10.5296/ijafr.v4i2.6432
[9] Ayom AA. Internal Controls and Performance in Non-Governmental Organizations: A
Case Study Of Management Sciences for Health South Sudan. University Uganda, 2013.
[10] Bank for international settlements. Basel Committee on Banking Supervision Charter.
Bank for International Settlements. Switzerland, 2011.
https://doi.org/10.1163/ej.9789004163300.i-1081
[11] Belkhaoui S, Lakhal L, Lakhal F, Slaheddine Hellara. Market structure, strategic choices
and bank performance: A path model. Managerial Finance 2014; 40(6): 538–564.
https://doi.org/http://dx.doi.org/10.1108/VINE-10-2013-0063
[12] Bett JC, Memba FS. Effects of Internal Control on the Financial Performance of
Processing Firms in Kenya : A Case of Menengai Company. International Journal of Recent
Research in Commerce Economics and Management 2017; 4(1): 105–115.
[13] Cohen JR, Holder-Webb LL, Nath L, Wood D. Corporate reporting of nonfinancial
leading indicators of economic performance and sustainability. Accounting Horizons 2012;
26(1): 65–90. https://doi.org/10.2308/acch-50073
[14] Collins OO. Effect of internal control on financial performance of micro-finance
institutions in Kisumu central constituency. Kenya. Journal of Scientific Research and Essay
2014; 3:, 139–155.
[15] COSO. Internal Control - Integrated Framework (executive summary). Jersey City, 1992.
Retrieved from www.coso.org/documents/Internal Control-Integrated Framework.pdf
[16] COSO. COSO - Internal control / integrated framework executive summary. Committe
of Sponsoring Organisation of the Treadway Commission 2013; 1–8.
[17] Ewa UE, Udoayang JO. The Impact Of Internal Control Design On Banks ’ Ability To
Investigate Staff Fraud and Life Style And Fraud Detection In Nigeria. International Journal
of Research in Economics & Social Sciences 2013; 2(2): 32–43.
[18] Frazer L. The Effect Of Internal Control On The Operating Activities Of Small
Hussaini Umar et. al., / International Journal of Management Research & Review
Copyright © 2018 Published by IJMRR. All rights reserved 30
Restaurants. Journal of Business & Economics 2012; 10(6): 361.
https://doi.org/10.5539/ijef.v4n3p46
[19] Galbraith C, Schendel D. An empirical analysis of strategy types. Strategic Management
Journal 1983; 4: 153–173.
[20] Gamage CT, Lock KL, Fernando AA. A Proposed Reaserch Framework : Effectiveness
of Internal Control System in State Commercial Banks in Sri Lanka. International Journal of
Scientific Research and Innovative Technology 2014; 1(5): 25–44.
[21] Gavrea C, Ilies L, Stegerean R. Determinants of organizational performance: The case of
Romania. Management & Marketing 2011; 6(2): 285–300.
[22] Hakkak M, Ghodsi M. Development of a Sustainable Competitive Advantage Model
Based On Balanced Scorecard. International Journal of Asian Social Science 2015; 5(5):
298–308. https://doi.org/10.18488/journal.1/2015.5.5/1.5.298.308
[23] Hayali A, Dinc Y, Sarılı S, Dizman AS, Gundogdu A. Importance of Internal Control
System in Banking Sector : Evidence From Turkey. Turkey: Marmara University, 2013.
Retrieved from https://www.researchgate.net/publication/258258914
[24] Hunziker S. Efficiency of internal control: evidence from Swiss non-financial
companies. Journal of Management and Governance 2016; 21(2): 399–433.
https://doi.org/10.1007/s10997-016-9349-1
[25] Hussain M, Hoque Z. Understanding non‐financial performance measurement practices
in Japanese banks. Accounting, Auditing & Accountability Journal 2002; 15(2): 162–183.
https://doi.org/10.1108/09513570210425583
[26] Institute of Internal Auditors (IIA). International standards for the professional practice
of internal auditing, (October), 2012.
[27] Janvrin DJ, Payne EA, Byrnes P, Schneider GP, Curtis MB. The Updated COSO Internal
Control—Integrated Framework: Recommendations and Opportunities for Future Research.
Journal of Information Systems 2012; 26(2): 189–213. https://doi.org/10.2308/isys-50255
[28] Judge WQ, Naoumova I, Koutzevol N. Corporate governance and firm performance in
Russia: An empirical study. Journal of World Business 2003; 38(4): 385–396.
https://doi.org/10.1016/j.jwb.2003.08.023
[29] Jusoh R, Parnell JA. Competitive strategy and performance measurement in the
Malaysian context. Management Decision 2008; 46.
https://doi.org/10.1108/00251740810846716
[30] Kaplan RS, Norton DP. The Balanced Scorecard: Translating Strategy Into Action.
Proceedings of the IEEE, Boston, Massachussees: Harvard Business School Press, 1996; 85.
https://doi.org/10.1109/JPROC.1997.628729
[31] Kaplan RS, Norton DP. Transforming the Balanced Scorecard from Performance
Measurement to Strategic Management: Part I. Accounting Horizons 2001; 15(1): 87–104.
[32] Kinyua JK, Gakure R, Gekara M, Orwa G. Effect of Internal Control Environment on the
Hussaini Umar et. al., / International Journal of Management Research & Review
Copyright © 2018 Published by IJMRR. All rights reserved 31
Financial Performance of Companies Quoted in the Nairobi Securities Exchange.
International Journal of Innovative Finance and Economics Research 2015; 3(4): 29–48.
[33] Krejcie RV, Morgan DW. Determining sample size for research activities. Educational
and Psychological Measurement 1970; 38(1): 607–610.
https://doi.org/10.1177/001316447003000308
[34] Laufer. Small Business Entrepreneurs: A Focus on Fraud Risk and Prevention. American
Journal of Economics and Business Administration 2011; 3(2): 401–404.
https://doi.org/10.3844/ajebasp.2011.401.404
[35] Mary M, Albert O, Byaruhanga J. Effects of Internal Control Systems on Financial
Performance of Sugarcane outgrower companies inKenya. IOSR Journal of Business and
ManagementVer.I, 2014; 16(12): 62–73. Retrieved from www.iosrjournals.org
[36] Mawanza W. An analysis of the main forces of workplace fraud in Zimbabwean
organisations : The fraud triangle perspective. International Journal of Management Sciences
and Business Research 2014; (2): 86–94.
[37] Muraleetharan P. Internal control and impact of financial performance of the
organizations (special reference public and private organizations in Jaffna district).
University of Jaffna 2011; 1–14. Retrieved from http://repository.kln.ac.lk/25/
[38] Murphy G, Trailer J, Hill R. Measuring research performance in entrepreneurship.
Journal of Business Research 1996; 36(1): 15–23. https://doi.org/10.1016/0148-
2963(95)00159-X
[39] Ndamenenu DK. Internal Control and Its Contributions To Organizational Efficiency and
Effectiveness : a Case Study of Ecobank Ghana Limited . Masters Thesis Submitted to
KNUST, IDL 2011; 74.
[40] Norton Rose Fulbright. COSO ’ s new fraud risk management guidelines:What
companies need to know, 2016.
[41] Ofori W. Effectiveness of Internal Controls: A perception or Reality? The Evidence of
Ghana Post Company Limited in Ashanti Region. Kwame Nkrumah University of Science
and Technology, 2011.
[42] Olatunji OC. Impact of Internal Control System in Banking Sector in Nigeria. Pakistan
Journal of Social Sciences, 2009.
[43] Otache I, Mahmood R. Corporate entrepreneurship and business performance: The role
of external environment and organizational culture: A proposedframework. Mediterranean
Journal of Social Sciences 2015; 6(4): 524–531.
https://doi.org/10.5901/mjss.2015.v6n4s3p524
[44] Saarni J. Financial Fraud - Importance of an Internal Control System 2012; 1–75.
[45] Saeidi P, Sofian S, Siti Zaleha AR. A proposed model of the relationship between
enterprise risk management and firm performance. International Journal of Information
Processing and Management 2014; 5(2): 70–80.
Hussaini Umar et. al., / International Journal of Management Research & Review
Copyright © 2018 Published by IJMRR. All rights reserved 32
[46] Lamido SS. Funding of power projects: The role of the central bank of Nigeria (CBN). In
Gas To Power: Prospects and Challenges. The National Association of Energy
Correspondents 2010; 1-13.
[47] Seelanatha L. Market structure, efficiency and performance of banking industry in Sri
Lanka. Banks and Bank Systems 2007; 5(1): 20–31.
[48] Socol A. Internal Banking Control and Audit: a Comparative Approach in the Romanian
Banking Sector. Annales Universitatis Apulensis : Series Oeconomica 2011; 13(2): 396–403.
[49] Stede VD, Wim A, Chow CW, Lin TW. Strategy, choice of performance measures, and
performance. Behavioral Research in Accounting 2006; 18(2002): 185–205.
https://doi.org/10.2308/bria.2006.18.1.185
[50] Stoel MD, Muhanna WA. IT internal control weaknesses and firm performance: An
organizational liability lens. International Journal of Accounting Information Systems 2011;
12(4): 280–304. https://doi.org/10.1016/j.accinf.2011.06.001
[51] Thomasa JR, Kumara J. Social performance and sustainability of Indian microfinance
institutions: an interrogation. Journal of Sustainable Finance & Investment 2016; 22(1).
https://doi.org/10.1080/20430795.2015.1124237
[52] Tseng SM. Investigating the moderating effects of organizational culture and leadership
style on IT-adoption and knowledge-sharing intention. Journal of Enterprise Information
Management 2017; 30(4): 583–604. https://doi.org/10.1108/MBE-09-2016-0047
[53] Yousef AB. The impact of internal control requirements on profitability of Saudi
shareholding companies, 2017. https://doi.org/10.1108/IJCOMA-04-2013-0033
