Evaluation of Internal Control System

7/29/2019 Evaluation of Internal Control System

1/21

International Research Journal of Finance and EconomicsISSN 1450-2887 Issue 27 (2009) EuroJournals Publishing, Inc. 2009http://www.eurojournals.com/finance.htm

Evaluation of Internal Control Systems: A Case Study

from Uganda

Angella Amudo

Maastricht School of Management, Endepolsdomein 150

6229 EP Maastricht, The Netherlands

E-mail: [email protected]

Eno L. Inanga

Maastricht School of Management, Endepolsdomein 150

6229 EP Maastricht, The Netherlands

E-mail: [email protected]

Tel: +31 43 387 08 08; Fax: +31 43 387 08 00

Abstract

Internal control systems is a topical issue following global fraudulent financialreporting and accounting scandals in both developed and developing countries. A proactivepreventive approach to the problem requires a critical evaluation of existing internal controlstructures in organizations to determine their capacity to ensure that the organizationsactivities are carried out in accordance with established goals, policies and procedures. Thisstudy is on the Regional Member Countries (RMCs) of the African Development BankGroup (AfDB) focusing on Uganda in East Africa. This paper develops a conceptual model

used in evaluating the internal control systems in Public Sector Projects in Uganda financedby the African Development Bank. The outcome of the evaluation process is that somecontrol components of effective internal control systems are lacking in these projects. Thisrenders the current control structures ineffective. The study ends with recommendations toimprove the existing internal control systems in the projects and suggests areas for furtherresearch.

Keywords: AfDB, RMCs, internal controls, Projects, evaluation, Uganda

1. Introduction and OverviewWhen companies suddenly collapse, the often-resounding question is, what went wrong? Abreakdown in the internal control system is the usual cause. Internal control is a process that guides anorganization towards achieving its objectives. These objectives include operational efficiency andeffectiveness, reliability of financial reporting, and compliance with relevant laws and regulations(COSO 1992). Absence of these variables often results in organizational failure. The findings of theTreadway Commission Report of 1987 in the United States (USA) confirmed absence of, or weak,internal controls as the primary cause of many cases of fraudulent company financial reporting.

The widespread global corporate accounting scandals that assumes near epidemic proportionsin recent years inform this study. Notable cases include Enron and WorldCom in the USA, Parmalat inEurope, and ChuoAoyama in Asia. In South Africa, cases of accounting scandals have been recorded


2/21

International Research Journal of Finance and Economics - Issue 27 (2009) 125

in JCI and Randgold and Exploration companies. In Nigeria, the Managing Director and ChiefFinancial Officer of Cadbury Nigeria plc were dismissed in 2006 for inflating the profits of thecompany for some years before the companys foreign partner acquired controlling interest.

These scandals emphasize the need to evaluate, scrutinize, and formulate systems of checks andbalances to guide corporate executives in decision-making. These executives are legally and morallyobliged to produce honest, reliable, accurate and informative corporate financial reports periodically.

2. Objectives of the PaperThis paper evaluates the internal control systems that the regional member countries (RMCs) of theAfrican Development Bank Group (AfDB) institute for the management of the Public Sector Projectsthat the Bank finances. Specifically, the paper:

ascertains whether such controls provide adequate internal framework of checks and balancesto ensure that project funds are utilized solely and wholly for intended development goals ofpoverty reduction and inducement of social, economic growth and development of therespective RMCs.

provides a basis for understanding the operations of the above framework of checks andbalances established by governments of the respective RMCs for the management of Public

Sector Projects funded by the development partners, and whether such systems comply withglobally-accepted internal control mechanisms.These objectives raise a number of questions, answered in a later section of this paper. The

major question is whether or not the established internal control systems in RMCs are effective. Thisraises the following minor but inter-related questions:

What role should internal control system play in Public Sector Projects management? Doesmanagement of these projects appreciate, understand, and clearly respond to this role?

What internal control systems are currently in use? Do they include all the expectedelements of internal control systems?

Are internal control systems in the projects adequately documented and regularly updatedas changes occur?

Should the AfDB continue to lend to RMCs that do not bring a project in compliance withthe requirements of established internal control systems?

Do the Projects that comply with recommended internal control systems realize their goalsmore often than those that do not?

Answering the research questions requires use of research methods to address the concernsraised. A later section of the paper discusses the methods selected and the justification ofchoice.

3. Justification for the Study

The AfDB operates in RMCs where corruption is prevalent and transparency often lacking. Corruptionis defined as abuse of public office for private gains. Examples include: bribery, kickbacks andembezzlement of public funds (Transparency International, 2006). Corporate accounting scandalsoccur where the systems of internal controls are abused by those responsible for their operationaleffectiveness. The Corruption Perceptions Index (CPI) 2006, compiled by Transparency Internationalcovering 163 countries, reveals that majority of the African countries in the index scored within thelow range of 1.9 - 3.6. Not more than five African countries scored within the range of 4.1 - 4.6. Incontrast, majority of the European countries scored between 7.4 and 9.6. The Corruption PerceptionsIndices suggest a prevalence of corruption in African countries. This implies that the Public SectorProjects funded by AfDB could be in countries where transparency and accountability are lacking,together with the risk of senior public officers overriding internal controls to achieve their private


3/21

126 International Research Journal of Finance and Economics - Issue 27 (2009)

gains. Given such control environment within the RMCs, the AfDB operations face difficult andchallenging scenarios. Under the circumstances, the Bank has a dual mandate to provide developmentassistance to the projects in RMCs and ensure that project funds are spent for development purposes.

These issues and the findings of the Treadway Commission Report of 1987 further justify thisstudy that focuses on Uganda in East Africa. The study investigates whether the controls used fordirecting, controlling and governance of the projects in this country are effective to ensure optimalutilization of funds for economic growth and developmental purposes. The study also provides a

framework for assessing and understanding the structure of the systems of internal controls currently inuse in the projects. If the systems are inadequate, the study suggests best internationally recognizedinternal control mechanisms to project managers.

4. Internal Control MechanismsIn response to widely publicized business failures in the USA in the late 1970s and mid-1980s, theNational Commission on Fraudulent Financial Reporting (the Treadway Commission) was inauguratedto identify factors that caused fraudulent corporate financial reports and make recommendations thatresolve such issues. The recommendations directly addressed the problems of weakness of internalcontrols and emphasized the importance of the control environment, codes of ethical conduct,

management reports on effectiveness of internal controls and development of a common definition andframework of internal control. The evolutionary process of developing a generally accepted definitionand framework of internal control was realized in 1992 with the publication of a landmark report oninternal control:Internal Control - Integrated Framework, referred to as COSO.

According to COSO (1992), the internal control system has three primary objectives:

effectiveness and efficiency of operations. reliability of financial reporting. compliance with applicable laws and regulations.COSO identifies essential components of an effective internal control system as: control

environment, risk assessment, control activities, procedures and practices that ensure that managementobjectives are achieved and risk mitigation strategies implemented, information and communication,

and monitoring. These elements must be present and functioning effectively for any internal controlsystem to achieve organizations objectives.

The COSO framework may be relevant to larger organizations, but inappropriate for small onesdue to costs and operational complexity. Management of small organizations may not need formalinternal controls for the reliability of the records and other information, because of their personalinvolvement in the operations of the organization. This raises a question whether the controls of smallcompanies should be as complex as those of large companies for them to be effective. The COSOframework did not recognize and capture the delicate balance between formal and informal controls insmaller organizations. Furthermore, how can small companies internal controls be effective when onlyfew of the components recommended by COSO are present and yet the controls could still beeffective? COSO did not address this question.

The final weakness of the COSO mechanism is failure to recognize Information Technology(IT) as one of the major control components. IT is crucial to an internal control framework. Today,organizations use IT for initiation, authorization, recording and processing of transactions. IT ensureseffectiveness of internal controls. However, COSOs failure to recognize IT as a control componentmotivated other bodies to design and develop frameworks to remedy the omission. One suchframework is the Control Objectives for Information and Related Technology (COBIT 1996, 1998,2000, 2005, 2007).

COBIT identifies IT resources as a source of information needed by organizations processes.The five types of IT resources are people, application systems, technology, facilities and data. COBITgroups the organizations individual activities within an IT environment into processes and domains.


4/21


The domains are: planning and organization with eleven processes; acquisition and implementation sixprocesses; delivery and support thirteen processes, and monitoring four processes.

5. Conceptual FrameworkMost of the literature on internal control frameworks includes information and communication as oneof the internal control components. Smooth flow of information and communication across and within

the organization is influenced by the nature of the working relationship within the organization at alllevels. The working relationship coordinates organizations activities to achieve goal congruence.When effective working relationship exists in an organization, delegation of responsibilities isachieved. Then internal control functions as intended. However, when a communication gap exists forany reason, sub-optimization results with adverse consequences.

Some internal control frameworks place unnecessary emphasis on detailed explanation of thedifferent components of the system and methods for their design. They ignore details on how each ofthe components can be measured to assess their effectiveness. This causes a dilemma. For example,where two managers use different methods to measure the same subject and arrive at differentconclusions. A challenge arises in ascertaining who is right or wrong. When a common benchmark forevaluation of measured results is missing, knowing the right approach becomes difficult.

Other internal control frameworks ignore where one or more components are missing within agiven structure, but are compensated for with other controls in other components. For example, insmall companies segregation of duties is not possible, but is compensated by managementsinvolvement in the day-to-day supervision, verification and review of records and processes, to ensurecontrols function effectively. Under the situation, all components of an effective internal controlsystem may not be present but the system could still function effectively. The challenge isascertainment of the effectiveness of the system. When such management styles extend to largeorganizations unscrupulous managers of these organizations can manipulate the organizations to meettheir personal goals.

After addressing the above limitations, internal control is a process of integrated sets ofactivities originated by top personnel of an organization and embedded within all the organizations

activities to achieve goals. This comprises two sets of variables: dependent and independent. At theforefront of the independent variables is the influence of authority that ensures the independentvariables function to generate the outcome of the dependent variable.

Figure 1 shows the conceptual framework components of dependent and independent variables.The effectiveness of internal control is the dependent variable. This is achieved by the presence andproper functioning of all the predefined independent variables in relation to each category of theorganizations objectives. Proper functioning of independent variables provides reasonable assuranceof proper functioning of dependent variable. Then the organization realizes preset objectives ofefficient and effective operations, generation of accurate, reliable and informative financial reports thatcomply with relevant legal and regulatory requirements. The objectives are overlapping. This meansefficient and effective operations produces accurate, reliable and informative financial reports that

comply with applicable laws and regulations.


5/21


Figure 1: Conceptual framework of internal control

Working

relationships

Effectiveness

of internalcontrol

Authority

Monitoring

Control

activities

Information &communication

Risk assessment

Control

environment

Independent

variables

Dependent

variable

1

3

2

Objectives

Invigorates

independent

variables

I Technology

Objectives of theorganisation are achieved

when interferences on thevariables caused by working

relationships are taken intoconsideration

Source: Researchers Design

The objectives, depicting overlapping interrelationships are numbered 1, 2 and 3 in Figure 1 (1)include efficiency and effectiveness of operations (2) accuracy and reliability of informative financialreporting and (3) compliance with applicable laws, regulations, policies and procedures.

The independent variables determine the effectiveness of an internal control system. Thepresence and proper functioning of all the components of the independent variables ensures

effectiveness of internal control system. This achieves each category of objectives 1, 2 and 3 in Figure1.The independent variables comprise major and minor components. Individual minor

components jointly feed into and form a specific major independent variable. The measurement ofminor independent variables locates any weaknesses existing in the major independent variables. Themajor independent variables include:

Control environment Risk assessment Control activities Information and communication Monitoring Information Technology The minor independent variables include: Authorization and approval procedures Human resource policies and practices Assignment of authority and responsibility Ineligible expenditure Accountability obligations Segregation of duties Controls over access to resources Presence of internal auditors


6/21


Verification Reconciliation Review of operating performance SupervisionA direct relationship exists between the outcomes of the dependent and the independent

variables. All the independent variables are relevant to each category of objectives. Internal controlprocesses (minor independent variables) affects the effectiveness of internal control systems, which is

subject to the organizations determined objectives. All the independent variables are interdependentbut each has an impact on the effectiveness of internal control systems.

Different approaches to the evaluation of effectiveness of internal controls are available. Thestudy uses the model in Figure 1. In this regard, controls evaluation is a step toward achieving thestudys objectives once the research questions are answered. The research questions are formulated toidentify the existence or otherwise of each variable of internal control.

6. MethodThe research strategies include: experiments, survey, grounded theory, ethnography, action research,

cross-sectional and longitudinal studies, exploratory, descriptive and explanatory studies and casestudies (Saunders, Lewis, and Thornhill 2003). The study uses a case study method. The justification isthat the study investigates details of a real life phenomenon using multiple sources of evidence. Thesources of evidence are data collected through: questionnaires, interviews, observations, anddocumentary analysis. Since this study involves an investigation of whether internal control systemsestablished by the RMCs of the AfDB in the management of the Public Sector Projects are effective,the case study method is used. Earl Babbie (1998 p.33) supports choice of case study method inopposition to others as follows:

Whereas most research aims directly at generalized understanding, the case study aims at thecomprehensive understanding of a single, idiosyncratic case. Whereas most research attempts to limitthe number of variables considered, the case study seeks to maximize them. Ultimately, the researcher

executing a case study typically seeks insights that will have a more generalized applicability beyond asingle case under study, but the case study itself cannot ensure such generalizability.The case study method also generates answers to the what? and how? research questions

asked in this study. This method also enables in-depth documentary analysis, extraction of data andinformation specific to an organization and use of confidential information tailored to suit the study.For instance documentary analysis of aide memoirs, audit reports, country portfolio review reports, anddocuments collected from the Banks database.

The audited project reports ascertain whether internal control systems are effective or not basedon the findings of the external auditors in auditing the projects. The audited reports that this studyexamines are from the Banks fiscal year 2006. This fiscal year is selected because the Banks Board ofGovernors approved a new organizational structure on 1 January 2002 and the Banks first strategic

plan 2003-2007 (African Development Bank Strategic Plan 2003-2007). The reforms set new policiesand procedures to adapt the new organizational structure to suit decentralized activities and delegatedauthority to perform those activities to Field Offices. Included in the reforms are new policies andprocedures for improved portfolio management, business processes and client service. June 2006 hasbeen selected to evaluate the functioning of the new policies and procedures for portfolio management,business processes and client service, effected in 2002. The main reason for evaluation of this fiscalyear is enormity of the resources the AfDB channels to Public Sector Projects and critical evaluation ofthe internal control systems used in management of these resources. This leads to optimum resourceuse through accountable and transparent mechanisms that fuel the much-needed development in theRMCs.


7/21


The research process builds on development of knowledge of the subject matter. Saunders et al.(2003) presents three views on research process. The first is Interpretivism. Interpretivism argues thatto develop knowledge, interpreting and understanding the situation being studied is required in order toappreciate the motives, actions and intentions of the research participants. According to this view,knowledge develops from the understanding that organizations experience frequent changes that makeswhat was relevant yesterday irrelevant to the same organization in the future. The second view isrealism. Realism develops knowledge on the premise that external social factors and processes

independent of human thoughts and beliefs exists, which make people interpret situations differentlyand arrive at different conclusions on the same subject matter, without their knowledge of existence ofsuch factors. Positivism assumes that the researcher is independent of, and neither affects nor isaffected by the subject of the research (Remenyi et al. cited by Saunders et al. 2003). Anotherassumption is the researcher as an objective analyst interprets collected data in a free manneremphasizing the use of highly structured method and quantifiable observations that uses statisticalanalysis. Under positivism approach, knowledge builds from using quantitative data which undergoesstatistical processing, analysis and interpretation Since the causal relationships between the dependentand independent variables of internal controls in the Public Sector Projects are to be tested andanalyzed statistically, positivism approach is selected for the development of knowledge of this study.With the research philosophy for the study in place, choice of research approach is the next logical

step.Saunders et al. (2003) identifies two research approaches: deductive and inductive. Inductive

approach first collects data and develops theory based on the results of analyzed data. The deductiveapproach on the other hand explains causal relationships between variables. Research hypothesis aredeveloped and research strategies designed to test them. Quantitative data is used in testing hypotheses.Qualitative data can also be used. In deductive approach, the researcher is independent of observedphenomenon and the research uses highly structured methodology to facilitate replication (Gill andJohnson 1997; cited by Saunders, et al. 2003). A further argument is that the concepts of the researchare operationalized to measure quantitatively the relationship between relevant variables. This studyestablishes the causal relationships between the dependent and independent variables of internalcontrol system through quantitative operationalization of the identified variables. The quantified

observations are processed and the results measured statistically to obtain evidence on the relationshipsbetween the variables.

Understanding the research framework is important so as to know areas of focus whenevaluating the internal control systems. The evaluation scope includes: project-level controls, periodend financial reporting processes and IT controls. Public Sector Projects for this purpose are selectedfrom one RMC, Uganda. The evaluation of effectiveness of internal control involves control elementsof identified major independent, in relation to the dependent variables. Processes that impactsignificantly the project objectives are included in the evaluation. Understanding and analyzing theoverall internal control environment, risk assessment, control activities, information andcommunication, monitoring of operations are critical to this study. The validating procedures arereview of aide memoirs, audit reports, management letters and country portfolio review report.

The financial reporting processes evaluated include controls that affect reliability of financialreporting. The processes are: authorization procedures, segregation of duties, reconciliation of keyaccounts, updating of books of accounts and records. This information evaluates whether key controlsin place reduce the risk of material misstatements. Focusing on both material fraud and material errorsor omissions identifies risk. Evaluation of the design of effectiveness of internal control requiresreviewing appropriate documentation; directing relevant questions to employees and observing theprocess and underlying control techniques. Evaluation of operational effectiveness of internal controlrequires review of appropriate documentation, interviewing appropriate employees, inspectingoperational evidence of internal control, and appraising the results of project management self-assessment on control operational effectiveness.


8/21


The significance of IT role in internal controls effectiveness calls for, IT general controlsevaluation. These include: IT development and maintenance processes, system operationsmanagement, system security management (access controls for internal and external parties) andcontract management of service organizations. Control deficiencies are automatic material weaknesses.They must be evaluated to determine their impact on IT applications controls. IT controls are evaluatedthrough understanding organizational structure of IT functions, IT specific policies and procedures,hardware, key software, networks and use of service organization. Since IT applications controls are

embedded in project processes, these controls are evaluated to determine design and operationaleffectiveness, completeness, input data accuracy and validity, adjustment of error data andreprocessing, master data accuracy and access control. In this study internal control systems areevaluated in the context of the Projects financed by AfDB. A useful starting is the categorization of theBanks RMCs.

7. Grouping of the African Development Bank Group (AfDB) member countriesThe principal activities of the AfDB are financing development projects and programs in the RMCs.The RMCs are classified into three categories for financial allocations purposes (African DevelopmentBank (2005) Basic Information).

Category A comprises 38 countries with per capita gross domestic product (GDP) of less thanUS$540. These countries access African Development Fund (ADF) resources. The United Nations(UN) classifies them as the least developed countries, because they are economically underdevelopedwith limited access to international capital markets.

Category B comprises two countries with per capita GDP between US$940 and US$1,050.Nigeria and Zimbabwe are in this category and both access ADB and ADF resources.

Category C comprises fourteen countries eligible only to ADB loans. Their per capita GDP isabove US$ 1,050 and have high AfDB financial rating. Libya, a non-borrowing country is in thiscategory. The Bank has approved loans and grants to finance 3,111 projects under three fundingwindows, since 1967 till 2005 as Table 1 shows.

Table 1: Summary of the Banks operations for the period 2001-2005

Year 2001 2002 2003 2004 2005 Cumulative total Percentage

Number of approvals b/f 134 118 145 125 102 3,111 100

Number of ADB approvals b/f 26 31 28 23 34 991 32

Number of ADF approvals b/f 107 84 112 99 65 2,045 66

Number of NTF approvals b/f 1 3 5 2 3 75 2

Note:

The cumulative totals go as far back to initial operations of the three institutions:

ADB 1967

ADF 1974

NTF 1976

Source: AfDB Statistics Division for data on operations; AfDB Financial Control Department for Data on Resources and Finance

Out of the 3,111 projects, 2,045 are for ADF, 991 for ADB and 75 for Nigerian Trust Fund(NTF) windows respectively. The Banks concessional loans and grants finances 66 percent of theprojects portfolio in category A countries. These countries are among the poorest in the world andthey constitute 73 percent of the RMCs of AfDB (African Development Bank 2006 Financial Profile.


9/21


This affirms that majority of the Banks projects are financed from ADF resources. Uganda in EastAfrica is selected for this study.

The Bank grants concessional loans to support each countrys economic and socialdevelopment initiative. The loans designed to aid the development needs of the RMCs have arepayment term of 50-year with a 10-year grace period. The 2006 Corruption Perceptions Index (CPI)of the Banks category A countries are within the range of 1.9 3.3. Thus the Bank operates inenvironments characterized by high level of corruption. Consequently, accountability and transparency

are lacking. Yet the Banks concessional lending arm relies on the capital replenishment by membernations in order to continue lending operations.

The Banks 2005 approvals confirm that ADF funded projects are sector-specific. The RMCsidentifies specific sectors to which development assistance is channeled. The development of suchsectors has the greatest development impact on the countrys overall economic production and livingstandards.

In line with the RMC development strategy and the Banks strategic orientations, priorities andoperational guiding principles, the Bank focuses funding on: agriculture and rural development,infrastructure comprising: transport, power supply, communications, water supply and sanitation,education, health, private sector development and good governance as priority areas.

Uganda selected from category A represents countries in this group with sector-specific

projects and delegated authority to manage the portfolio. In line with the Banks strategic priorities andnew policies and procedures effected in 2002, the Banks projects in the Uganda Portfolio are inpriority areas of intervention as shown in Table 2.

Table 2: A snap shot of the Banks Active Public Sector Uganda Portfolio (UA Millions)

SectorsNo. of

Operations

Amount

Approved

Breakdown by

Sector (%)

Cumulative

Disbursements

%

Disbursed

Agriculture & Rural Development 5 117.23 38.65 12.81 10.93Industry & Mining 1 5.35 1.76 0.10 1.87Water Supply & Sanitation 2 58.41 19.26 8.10 13.87Social 3 69.82 23.02 61.38 87.91

Transport 2 43.50 14.34 8.60 19.77Multi-sector 1 9.00 2.97 0.80 8.89

Total 14 303.32 100 91.79 30.26Source: African Development Bank Uganda Field Office Country Portfolio Review Report 2007

This study evaluates the controls that the government of Uganda implements for managementof these projects to assess their effectiveness.

8. Data analysis and discussion of findingsTable 2 shows 14 projects of the Banks Public Sector Portfolio in Uganda. The data received andanalyzed are for eleven projects. Three projects are omitted because they are not fully operational toinstall effective internal control systems.

The management letters of the eleven projects analyzed drew managements attention toweaknesses in the internal controls in the respective projects. The weaknesses concern minorindependent variables of the major independent variables of the control system. The study classifies theweaknesses in each project under the following minor independent variables: authorization,verification, segregation of duties, accountability, ineligible expenditure, operations and procurementprocesses. The analysis determines the financial costs of non-compliance with laid down policies andprocedures to ascertain whether such costs are material to the achievement of the objectives of theorganization. This study also observes and quantifies the frequency of non-compliance of each projectwith applicable policies and procedures. The monetary costs of non-compliance is extracted and


10/21


recorded. This enables the relationship between the dependent and independent variables to bemeasured quantitatively.

This determines in financial terms the level of materiality of non-compliance in relation tofunds disbursed to the respective projects per sector. Materiality level is set by dividing the cost of non-compliance by the total funds disbursed to each project as at 30 June 2006. The result in excess of 5percent means that both the dependent variable and the organizations objectives are distorted. Thismeans non-compliance with laid down policies and procedures, where a significant proportion of

projects funds are either rightly or wrongly spent in a manner consistent or not with the laid downpolicies and procedures. The figure of 5 percent is an estimate from the researchers judgment of whatis material. Information is material if omission or misstatement of such in a financial statementinfluences the economic decisions of users that are based on the financial statements. Materiality isrelative and depends on the error judged in particular scenarios of omission or misstatement. Thefollowing equation demonstrates the structure:

Materiality =Total cost of non-compliance with policies and procedures per sector *100

Total amount of funds disbursed to the projects per sectorThe variables in the above equation are identifiable on a case-by-case basis at the individual

project level. A template was opened in an Excel worksheet to which relevant information was postedand stored. The frequency of each observation and the corresponding values were extracted. Thefindings were classified, recorded and updated under the minor independent variables in the excelworksheet. These findings were summed up on a sector-by-sector basis for all the projects in theUganda portfolio. The materiality level computed to determine whether non-compliance with minorindependent variables has an impact on effective functioning of the internal controls as explainedabove. Figure 2 shows the results per sector.

Figure 2: Materiality level

Total monetary value of non compliance as a proportion of total disbursed funds per sector

as at 30 June 2006

0.00%

2.00%

4.00%

6.00%

8.00%

10.00%

12.00%

14.00%

16.00%

18.00%

Materiality

Materiality per sector 8.93% 4.92% 16.67% 11.54% 2.53% 7.51%

Agriculture (4) Industry (1) Multisector (1) Social (3) Transport (1)Water &

Sanitation (1)

Source: African Development Bank Uganda Field Office Country Portfolio Review Report

In Figure 2, materiality of agriculture is 8.9 percent, industry 4.9 percent, multi-sector 16.7percent, social 11.5 percent, transport 2.5 percent and water and sanitation 7.5 percent. In comparisonwith a 5 percent benchmark, the results imply that the proportions of non-compliance in the followingsectors are material: agriculture, industry, multi-sector, social, water and sanitation. In transport sector,


11/21


the result indicates that non-compliance is immaterial. The results indicate that a significant proportionof the ADF project funds in Uganda are spent in non-compliance with applicable policies andprocedures. The projects are at risk of failure to achieve intended development objectives. A qualitativeanalysis to confirm whether or not such risks can materialize was carried out. Qualitative evaluationused for the above purpose requires a benchmark against which to appraise the controls in the projects.A conceptual model in Figure 1 is used for this purpose.

The conceptual model in Figure 1 identifies three objectives of the effectiveness of internal

control systems. The first is operational efficiency and effectiveness. Effectiveness relates to thequality of controls over the achievement of specific management objectives, while efficiency addressesthe quality of controls yielding an optimum measure of resource inputs to productive outputs. Thisobjective determines whether the organization is reasonably assured that no material inefficienciesexist in the organization or the processes. The second objective related to the first one, is accuracy offinancial reports and statements produced. This objective emphasizes the adequacy and effectiveness ofmanagement controls governing the reliability of financial data used for external reporting. The third isthe organizations compliance with applicable laws, regulations, policies and procedures. This focuseson the adequacy and effectiveness of management controls that govern adherence to external laws andregulations. This checks the correlation between the laws and entitys procedures and actual practice.

This study identifies the following six essential components of an effective internal control

system: control environment, risk assessment, control activities, information and communications,monitoring and information technology. The model includes working relationships, which is taken intoaccount to achieve effective functioning of the six core control components.

These six control components are assessed before expressing opinion on the design andeffectiveness of the overall internal control systems. But this alone cannot identify the exactweaknesses in the internal controls. To do this, core control components are broken down into minorindependent variables and those that fall under each of the major independent variables identified. Thecontrol components instituted for management of these projects are measured against the componentsidentified in the benchmark. Each of the models major independent variable is defined using severalminor independent variables, which are used for rating the effectiveness of controls in the projects, andlocate internal control weaknesses. To understand and apply the criteria to control components the

analysis uses binary numbers of 0 and 1 as ratings. A rating of 1 reflects a control component withcontrol problem, while 0 rating signifies a control component with no control problem.


12/21


Table 3: Criteria for rating internal control components

Rating criteria for internal control components as defined by the Benchmark

Control

ComponentsCriteria for a 1 rating

Minor independent variables

Organizational structure does not adequately reflect chain of command Human resource policies and procedures not documented & updated Responsibilities are delegated and no follow up action is made to get feedback on results of

performance of tasks delegatedCon

trol

environment

Not practicing honest and fair dealings with all stakeholders for the benefit of the projects. Management has not defined appropriate objectives for the projects The defined objectives are not compatible with the development objectives of the projects. Management has not identified risks that affect achievement of the objectives. Management does not have a criteria for ascertainment of which risks to the projects are

most critical.

Management has not put in place mechanisms for mitigation of critical operating risks thatmay arise.

Riskassessment

Documentary analysis of projects data and information identifies risks not contemplated bymanagement.

Key control activities of the projects are not functioning as intended: Transactions are not authorized There is no segregation of duties. Verifications of transactions before making payments are not done. Key accounts records like bank, cashbooks, loans, accounts payables etc are not reconciled

on a regular basis.

There is no control over access to resources There is no accountability of funds advanced for projects activities Management does not review operations Internal auditors are not present and where present there is limitation in scope of their

responsibilities by management.

Procedures have not been documented/ regularly updated in respective manual for examplefinance, staff rules and regulations and operations manuals

Staffs are not supervised while they carry out their schedule of duties.

Controlactivities

Control activities designed for running the projects do not adequately reflect managementsrisk mitigation strategies.

Key criteria for evaluating performance are not identified, collected and communicated. Employees do not understand their control responsibilities.

Information

&

Communication

Complaints and disputes by suppliers are not resolved in a timely manner. There are no independent process checks or independent evaluations of controls activities on

ongoing basis.

Monito

ring

No internal reviews of implementation of projects No IT security procedures for accessing projects master data files

Ma

jorindependentvariables

Information

technology

No restriction of personnel in accessing all levels of different modules in computerapplications

Source: Researchers design

Table 3 defines each major independent variable with a set of corresponding minor independentvariables, used as criteria for rating the effectiveness of controls in the projects. Each major


13/21


independent variable and their respective minor independent variables have to ensure consistency inthe evaluation process.

The assigned ratings must match the predefined criteria of the minor independent variables inTable 3 during evaluation. In the final evaluation, if controls provide reasonable assurance thatmanagement objectives will be achieved, a 0 rating is assigned. A 1 rating is recorded if controls do notprovide such assurance. The judgments of the researchers play a significant role in assigning theseratings. However, the existence of corrective recommendations indicates a problem with the controls

evaluated. The evaluation processes commences as shown in Table 4.

Table 4: Evaluation of controls of the Public Sector Projects against the models criteria

Control Comp.Benchmark for rating internal

controls when a problem exists

Assessment of functioning of

internal control components of

Public Sector Projects

Ratings of internal

control components of

Public Sector Projects

Minor independent variables Minor independent variables 0 1

(a)Organizational structure doesnot adequately reflect clearchain of command.

(a) 0

(b)Human resource policies andprocedures not documentedand regularly updated.

(b) Human resource policies andprocedures not updated withthe requirements of newlegislation.

(b) 1

(c)Responsibilities are delegatedand no follow up action istaken by management to getfeedback.

(c) 0

Majorindependentvariab

leControl

Environment

(d)Not practicing honest and fairdealings with all stakeholdersfor the benefit of the projects.

(d) Procurements done withoutsourcing for three quotationsfrom three differentsuppliers.

(d) 1

(a)Management has not definedappropriate objectives for the

projects.

(a) 0

(b)The defined objectives are notcompatible with the velopmentobjectives of the projects.

(b) 0

(c) Projects loans remainoutstanding past therepayment periods

(ii)Price escalations in cost ofgoods,works and servicesnsumed by projects notidentified appropriately

(iii)Procurement of old and notin- calf animals for theprojects

(c)Management has not dentifiedrisks that affect achievement ofthe objectives.

(iv)Delivery of expired chemicalsonlydiscovered during fieldinspections of projects

(c) 1

MajorindependentvariableRiskassessment

(d)Management does not havecriteria for determining whichrisks to the projects are mostcritical.

(d) Projects outstanding loansreferred to xternal lawyer forlegal action & debtmanagement unit forcollection

(d) 1


14/21


(e) Delays in implementation ofprojects activities because ofdelays in procurementprocesses.

(e)Management has not put inplace mechanisms formitigation of critical operatingrisks that may arise.

(e) Projects disbursed loans toentitys with no certificates ofregistration.

(e) 1

(f)Documentary analysis ofprojects data and informationidentifies risks notcontemplated by management.

(f) No procurement plan in someProjects.This puts the projectsat risk of wastefulexpenditure.

(f) 1

(a) Loan application forms notauthorized by the ommittee.

(ii) No loan applications weremade and loans were

granted to non members of

the beneficiary

organizations.

(iii) Some beneficiaries wereawarded loans on

recommendation by Board

members, no loan

agreements signed and they

have failed to repay the

loans.

(a) Transactions are notauthorized

(iv) Payment vouchers raisedby Ministrys accountant

without any input from

project management.

(a) 1

(b)Duties are not segregated. (b) Management of staffgratuity funds is notseparated frommanagement of generalfunds of the projects

(b) 1

(c) Verifications of transactionsare not done.

(c) No vehicle inspectionreports for revaluedvehicles in some projects.Reliability can not beplaced on their values infinancial reports

(c) 1

(d)

Control

activities

(d)Key accounts records notreconciled on a regular basis.

(i)Some projects bankreconciliationstatementscould not be tracedon file.

(d) 1


15/21


(ii)Loan account balances notreconciled. Outstanding loanbalances affect loan balancesshown in the final accounts

(e)

(i)Some projects bank accountbalances as at 30 June, 2006

did not tally with bankreconciliation statements andbank statementbalances.

(ii)Ledgers maintained at Districtlevels not reliable No linkagewith mainstream accountingsystem at Head Office.

(iii)Fixed assets registers not keptand in few projects that keepthem, they are not updated.

(iv)List of loan beneficiariesfrom projects was not kept.

(v)Bank statements and someloan files not kept by projects.

(vi)No copy of loan agreementfor loans. Cashbook, loanledger cards were not kept.

(vii)General ledgers are not keptand no up to date records.

(e) Proper books and records ofaccounts are not kept.

(viii)Books of accounts forfinancial reporting not kept.

(e) 1

(f)There is no control over accessto resources.

(f)(f) 0

(g)There is no accountability offunds advanced for projectsactivities

(g)Advance of projects funds tostaff not accounted for and nodocumentary evidence to proveintended activities were carriedout.

(g) 1

(h)Management does not reviewoperation

(h)Physical inspection of assets isnot done regularly, to trackmovement of assets

(h) 1

(i)Internal auditors are not presentand where present there islimitation in scope of theirresponsibilities by management

(i) Accountabilities are retiredwithout being examined byauditors.

(i) 1

(j) Conflicting staff loan policymanual with human resourcesmanual. Ineligible loans givento staff

(j)Procedures have not beendocumented/ regularly updatedin respective manuals

(ii) No financial operationsmanual for some projects

(j) 1


16/21


(k)Staffs are not supervised whilethey carry out their schedule ofduties.

(k)Projects accountants work notreviewed, bank reconciliationswere inaccurate

(k) 1

(l)Projects fixed assets are notengraved.

(l)roject fixed assets are notengraved. Recovery of fixedassets becomes difficult in caseof loss

(l) 1

(m)

(i)Most projects invoices andoffice expenditures are not

stamped with PAID

stamp.

(ii)Software does not reconcileoutstanding loan balances

to the general ledger

accurately

(m)Control activities designed forrunning the projects do notadequately reflectmanagements risk mitigationstrategies.

(iii)No motor vehicle movementregisters in use for projects

vehicles

(m) 1

(a)Key criteria for evaluatingperformance are not identified,collected and communicated.

(a) 0

(b)Employees do not understandtheir control responsibilities.

(b) 0

Majorindependent

variableInformation

&communication

(c)Complaints and disputes bysuppliers are not resolved in a

timely manner

(c) 0

(a)There are no independentprocess checks or independentevaluations of controlsactivities on ongoing basis.

(a) 0

Majorindependent

variableMonitoring

(b)No internal reviews ofimplementation of projects

(b)No monitoring & evaluation ofprojects implementation

undertaken by management as

stipulated in project appraisal

reports.

(b) 1

(a)No IT security procedures foraccessing projects master datafiles.

(a) 0

Majorindependent

VariableInformation

Technology

(b)No restriction of personnel toaccess of different levels of thesystem

(b) 0

Source: Researchers design


17/21


The findings of this study are summarized in Table 5 that determines whether project controlsprovide reasonable assurance that managements objectives are achieved.

Table 5: Control evaluation form

The Public Sector Projects Control Evaluation Form

Report Title: Evaluation of internal control systems: A Case study from Uganda

Project No: 1 Report No: 1 Report Date: 29 August 2007Project Leader: Angella Amudo Project Specialist: Eno L. Inanga

Ratings Models objectives

0: No problem exists

1: Problem exists

Effectiveness and

efficiency of

operations

Reliability of financial

reporting

Compliance with laws,

regulations, policies and

procedures

Control environment 1 1 1

Risk assessment 1 1 1

Control activities 1 1 1

Information &

Communication

0 0 0

Monitoring 1 1 1Bench

markcontrol

components

InformationTechnology

0 0 0

Overall 1 1 1

Detailed analysis of the above ratings is done in section 8 of this paper.Source: Researchers design

Analysis and interpretation of the evaluation results in Table 5 generate interesting findings.Control environment attained a rating of 1. This indicates a possible problem with the controlenvironment. An assumption was made that soft controls exist. During evaluation process this turned

out to be otherwise. The implication is that the organizational structure with defined lines of authorityand responsibilities needs competent management that is committed to proper use of the authorityassigned to him or her by the structure to engage in genuine dealings with third parties and stakeholderfor the benefit of the projects at all times. As a foundation upon which all other control componentsdepend, this poses a challenge to the effective functioning of other control components. For example,updating the human resource policies and procedures are affected as a result. The evaluation informsthat, one of the challenges of the internal control systems in AfDB-financed Projects in Uganda isweakness in the control environment.

The risk assessment has a rating of 1. This indicates that project management ignored themechanisms to mitigate risks that threaten achievement of the projects objectives. The risks; deliveryof expired chemicals and unsuitable animals for projects activities came to managements attention

during and after field visits. The implication is that management did not anticipate and plan for the riskof delivery of unsuitable materials for projects activities. When such risks are identified throughdocumentary analysis, a 1 rating is awarded on this observation alone, even when the project objectivesare defined and compatible with both development and the Banks objectives. When a risk factor isknown in this manner, the other defined objectives become non-functional.

The results of control activities in the evaluation form indicate a 1 rating. This means controlactivities in these projects have problems with minor independent variables, thus not functioning asthey should due to weaknesses in the control environment. For example reconciliation of key accountsrecords is not carried out. This results in errors and undetected fraudulent transactions in account booksand records. Poor record keeping and management incompetence results in substantial losses to theseprojects.


18/21


The information and communication results in the evaluation scored a rating of 0, indicatingabsence of a problem. This means that the criteria for performance evaluation are known by employeesand employees understand their internal control responsibilities. Furthermore, complaints that arisewhether from suppliers or employees are handled expeditiously. In conclusion, controls functions asintended.

The monitoring results scored a rating of 1, indicating that a problem exists. Documentaryanalyses reveal that the Bank established an independent check. However, monitoring and evaluations

of implementations of project activities are not carried out. This delays allocation of funds andassessment of project implementation against yearly work plans. Timely monitoring leads toidentification and correction of emergent problems. This is more effective than independent processchecks carried out annually. Internal reviews compensate few independent annual checks carried outby external parties.

IT attained 0 rating, indicating absence of a problem with the information technology controlsin place. This is confirmed by access to resources that attained a rating of 0, although the overall ratingchanged to 1.

The study evaluates minor independent variables to locate weaknesses in the major independentvariables. This succeeded because the findings of the study identified where weaknesses exists. Forexample, weaknesses are in: updating human resource policies and procedures; duties are not

segregated; key records are not reconciled; proper books of accounts are not kept; ineligibleexpenditures are incurred; funds advanced are not accounted for to mention a few. The impact of thesefindings on managements objectives determines whether or not internal controls are effective

The evaluation results of overall ratings in relation to managements objectives show thateffectiveness and efficiency of operations attained a rating of 1, indicating a problem. This is consistentwith the materiality level results in Figure 2. For instance, material amount of project funds advancedto staff for projects activities are not accounted for. Thus controls do not function as stipulated.Optimum spending on projects activities cannot be ascertained.

Reliability of financial reporting also scored a 1 rating, meaning that controls in these projectsdo not provide reasonable assurance of accurate and reliable financial reporting on the projects. Theevaluation results confirm that projects transactions and events are not verified; books and records of

accounts are not complete. The general ledger is missing and, as a result, key accounts not reconciled,fixed assets registers are not updated. Relying on the information presented in the projects balancesheet on assets and liabilities is difficult. This is because some project assets are revalued but notverified by professional evaluators. When key accounts are not reconciled, determining the exactamount of project debtors and the project indebtedness to creditors becomes difficult. This affects thequality of financial information generated by the control processes that feeds into financial reports.This will be inaccurate and thus affects the reliability of financial reports.

Compliance with the laws and regulations also attained a rating of 1, which means that controls doindicate managements non-compliance with applicable laws, regulations, policies and procedures. Themateriality level affirms this position. Non-compliance with Income Tax Act, Financing Agreement,Ugandan Government financial regulations, procurement policies and procedures, are major items of non-

compliance monetary values included in the computation of the materiality levels. Since non-compliance ismaterial and reaffirmed by the evaluation processes of the study, a conclusion is that controls in this area isnot functioning as intended and, as a result, are ineffective.

Based on the above results, the benchmark states that all the six major independent variablesmust be present and functioning properly for internal controls to be effective. From the above analysisand in line with the evaluation results of operational efficiency and effectiveness, reliability of financialreports, and compliance with applicable laws and regulations, this is not the case. This is because notall the six major independent variables are present and functioning properly. For major independentvariables, only information and communication and IT are present and functioning properly. The otherfour are not functioning. With this information and the analysis carried out, the study now answers theresearch questions raised in section 2.


19/21


9. Research Questions and AnswersThe project documents analyzed in the study confirm management design and implement controls tosteer the AfDB projects in Uganda to achieve the identified objectives of operational effectiveness andefficiency, accurate and reliable financial reports which comply with applicable laws and regulationsand management compliance with the established internal control policies and procedures. The studyalso identifies variance between expectations and realizations.

For example, the Banks procurement policies and procedures require management to obtain at

least three quotations from three different suppliers for purchases above established threshold. This isto compare and select the lowest price for the highest quality item to meet the objectives of economyand efficiency of operations (Banks procurement rules and procedures). When management disregardsthese rules no comparison of prices is made to ensure the highest quality items are acquired at thelowest price. The actual role of internal control then differs from expected role.

The evaluation results reveal the internal control structure policies and procedures in existencein these projects as:

Control over preparation of withdrawal applications of funds Control over bank and cash balances Control over purchases and payments Control over payroll Monitoring, evaluation and reportingThe challenge of these internal controls is weakness in the control environment. Since this is a

foundation of other control components, controls are designed and implemented poorly. Non-compliance with established policies and procedures is common practice. In this study, the findings arethat not all globally accepted elements of effective internal control system are present in the internalcontrol structure of these projects. This renders the project controls ineffective when measured againstrecognized control framework of an effective internal control system.

These challenges are addressable by instituting a code of ethical conduct to guide managementin their operations. All project personnel in executing day-to-day transactions are required to observethis code. The structure of internal control systems is strengthened through incorporation of missingelements of an effective internal control as Figure 1 shows.

The study demonstrates that the internal control systems are documented in some projects andin others not. Where policies and procedures are documented they are not updated with changinglegislations, regulations, policies and procedures. Adherence to outdated policies and procedures hasadverse consequences on the projects.

As the Banks mission is to aid development initiatives in the RMCs, the risk of lending to theRMCs that do not comply with internal controls requirements is high. This risk is avoided if the Bankintroduces heavy penalties on countries that do not maintain sound internal control systems for themanagement of projects funds. Poor internal controls undermine development initiative because fundsare not utilized for intended development purposes. This also undermines development efforts pursuedby the Bank and the RMCs.

The project management non-compliance with the financing agreements, government of

Uganda financial regulations, established policies and procedures are the weaknesses in internal controlsystems, cited by auditors in the management letters. This study identifies the following violations ofoperation processes, authorization policies, reconciliation of accounts record and books, segregation ofduties and accountability as indicated in the evaluation process. For instance, the financing agreementstipulates that the Banks funds are not for paying taxes. When counterpart funds are missing theBanks funds are used for paying taxes.

Since development goals are long-term, this question is for further research and requirescollection of data over a number of years.


20/21


10. Conclusions and Suggestions for Further ResearchThe study provides an understanding of the structure of the internal controls in these projects. Internalcontrol structure includes policies and procedures on controls over: withdrawal applications for fundsfrom the loan and grant accounts, bank and cash, purchases, and payments and monitoring, evaluationsand reporting. These indirectly fall under the six control components recommended by the model. Onthe outset, they are inadequate as a control mechanism. Risk assessment component and othercomponents should be categorically and directly designed, embedded within the rest of the activities,

and spelt out in the control structure. This is why, when the components were measured against themodels control components, they were ineffective. Suggestions for improvements to the concernedparties are recommended.

Monitoring of operations ensures effective functioning of internal controls. However, theprojects paid less attention to this control component. The projects only carries out supervision missionarranged by the AfDB to identify major problems the projects experiences. These problems can beidentified early if management monitors projects activities as stipulated in the appraisal reports.

Not all the components of an effective internal control system recommended by the model arepresent in the control components of these projects. The projects concentrate on control activities,because they form majority of control activities as per the results of evaluation process. This is furthersupported by the internal control structure existing in these projects discussed above.

Internal auditors responsibilities are limited in scope. For instance, accountability of projectsfunds is retired without verification by internal auditors. This leads to undetected errors. Although theinternal auditor is not mandated to verify all projects transactions, he samples transactions and tests theeffects of controls over them to ensure the organization is in the right track

Evaluating internal controls requires measurement of minor independent variables to identifyand locate weaknesses in the major independent variables of the internal control systems of theseprojects. The findings of the study under evaluation results are that measuring effectiveness of internalcontrol is concerned with the existence and functioning of the six major control components identifiedby the model.

The organizational structure with defined lines of authority and responsibilities does not ensureeffective internal controls because in practice not all employees as depicted by the structure are present

in the organization. The authority and responsibilities at times, does not flow as demonstrated by theorganization structure because of the nature of working relationships that exist amongst personnel atdifferent levels of the projects. The interferences caused by working relationships on controls shouldbe addressed.

The functioning of internal control systems in the Public Sector Projects in Uganda funded bythe AfDB measured against the benchmark criteria of an effective internal control is that the controls inthese projects are ineffective. To maintain a sound system of internal control, management shouldevaluate the risks the projects are exposed to, in the course of their operations. Continuous monitoringis undertaken to assess the achievement of preset objectives.

The results of the study are either generalized or modified to suit the unique circumstances ofthe RMCs of the Bank. Out of the Banks fifty-two funded RMCs, the study was carried out only in

Uganda. The adoption of the results of the study by a RMC depends on the circumstances in aparticular country. If similar to the situations in Uganda they can be generally applied. In casedifferences exist, these are captured in the modification of the uniqueness in those respective countries.

The Bank funds 3,111 projects in fifty-two RMCs. Selecting eleven projects from one RMClimits research using research methods identified in the study. Also generalization of the findings of thestudy to projects in other countries funded by the Bank is limited. To use selected research methodssuch as testing hypotheses and analysis of quantitative data using statistical tools to generalize findingsto other RMCs, more countries should be included in the study to provide data for this purpose.

The Bank and other development partners, assisting RMCs in poverty alleviation efforts canfund further research.


21/21


References[1] African Development Bank (2002) Agreement Establishing the African Development Bank 6 th

Edition[2] African Development Bank (2005)Annual Report[3] African Development Bank Group (2005)Basic Information[4] African Development Bank (2006)Disbursement Handbook[5] African Development Bank (2006) Financial Profile[6] African Development Bank (2003-2007) Strategic Plan[7] African Development Bank Uganda Field Office (30 June 2006)Aide memoirs[8] African Development Bank Uganda Field Office (2007) Country Portfolio Review Report[9] African Development Bank Uganda Field Office (30 June 2006) Portfolio Audit Reports[10] African Development Bank Rules of Procedure for Procurement of Goods and Works[11] African Development Bank (2000) Rules of Procedure for the Use of Consultants[12] African Development Bank Uganda Field Office (30 June 2006) Summary of Bank Group

Portfolio of Ongoing and Newly Approved Projects/Programs/Studies[13] African Development Bank (2005) Statistics Pocketbook Volume 7[14] African Development Bank (30 June 2006) Summary of Bank Group Portfolio of On-going and

Newly Approved Projects/Programs/ Studies Country: Uganda

[15] Amudo, Angella, (2008), Evaluation of Internal Control Systems: The Case of Public SectorProjects Financed by the African Development Bank Group, An Unpublished MBA Thesis,Maastricht School of Management, The Netherlands, August.

[16] Babbie, Earl (1998) Survey Research Methods 2ndEdition. Wadsworth Publishing Company[17] Celani Claudio (2004) The Story Behind Parmalats Bankruptcy Executive Intelligence

Review January 2004 issue[18] Champlain Jack J. (2003)Auditing Information Systems 3rdEdition.New Jersey: John Wiley &

Sons, Inc.[19] COBIT Internal Control Framework (2007), Available

http://www.isaca.org/AMTemplate.cfm?Section=Downloads&Template=/ContentManagement/ContentDisplay.cfm&ContentID=34172 (Accessed: 21 July 2007). Full Volume of

[20] COBIT 4.1 Available, www.itgi.org (Accessed: 21 July 2007).[21] COSO Definition of Internal Control, Available http://www.coso.org/key.htm (Accessed: 3

March 2007).[22] COSO Internal Control - Integrated Framework (1992), Available:

http://www.coso.org/publications/executive_summary_integrated_framework.htm, (Accessed:10 July 2007)

[23] COSO Project to Focus on Monitoring of Internal Control, Availablehttp://www.coso.org/Publications/COSO%20Monitoring%20GT%20Final%20Release_1.8.07.pdf (Accessed: 12 July 2007)

[24] Saunders Mark, Lewis Philip & Thornhill Adrian (2003) Research Methods for BusinessStudents 3rdEdition. United Kingdom: Prentice Hall

[25] The Vision of the African Development Bank (2005) 3rdEdition[26] Transparency International Corruption Perceptions Index (2006) Availablehttp://www.transparency.org/policy_research/surveys_indices/cpi/2006 (Accessed: 10 March2007)

Evaluation of Internal Control System

Documents

Transcript of Evaluation of Internal Control System