Aklilu Fiseha Full Thesis
Aklilu Fiseha Full Thesis
Aklilu Fiseha Full Thesis
MARY’S UNIVERSITY
SCHOOL OF GRADUATE STUDIES
By
IDNo.SGS/OO64/2007A
JUNE 2016
ADDIS ABABA, ETHIOPIA
THE ROLE OF INTERNAL CONTROL TOWARDS RISK
MINIMIZATION IN THE CASE OF DASHEN BANK S.C
BY
AKLILU FISEHA ASEFA
IDNo SGS/0064/2007A
JUNE 2016
ADDIS ABABA, ETHIOPIA
ST. MARY’S UNIVERSITY COLLEGE
SCHOOL OF GRADUATE STUDIES
FACULTY OF BUSINESS
BY
______________________________ _____________________
Advisor Signature
______________________________ _____________________
External Examiner Signature
______________________________ _____________________
Internal Examiner Signature
DECLARATION
I, the undersigned, declare that this thesis is my original work, prepared under the
guidance of Asst.Prof Asmamaw Getie. All sources of materials used for the thesis have
been duly acknowledged. I further confirm that the thesis has not been submitted either
in part or in full to any other higher learning institution for the purpose of earning any
degree.
_________________________ ______________________
Name Signature
i
ABSTRACT
The study was conducted to assess the role of internal control towards risk minimization in Dashen Bank s.c. A
mixed both exploratory qualitative and conclusive quantitative research designs was employed to achieve the
goal of the research and purposive sampling was used in order to get the relevant data from the target population
questionnaire and interview method of data collection were used. The data collected using questionnaires were
presented using a table on percentage values and the interview were analyzed using descriptive explanations.
The findings of the study shows that the role of internal control towards risk minimization in Dashen Bank s.c is
in good state even though it still needs an improvement in assessing changes in external environment and
changes leadership and also an improvement on assessing incentives, pressures and motives, opportunities and
motives and rationalization .The study present some recommendation to improve the problem .These include
bank should take into major factors within while assessing incentives and pressures, opportunities and attitude
and rationalization, should take in to consideration on assessment of changes in external environment and
changes in leadership and the bank should take in to consideration on areas that are high potential risk areas
rather than the routine day to day activities.
ii
LIST OF ACRONYMS
iii
TABLE OF CONTENTS
CONTENT PAGE
ACKNOWLEDGEMENTS………………………………………………………………………………………………..i
ABSTRACT……………………………………………………………………………………………………………………ii
LIST OF ACRONYMS…………………………………………………………………………………………………….iii
TABLE OF CONTENT…………………………………………………………………………………………………….iv
LISTOF TABLES……………………………………………………………………………………………………………viii
CHAPTER 1
INTRODUCTION
1.1 Background of the Organization…………………………………………………….………1
1.2 Background of the Study…………………………………………………………………….1
1.3 Statement of the Problem……………..……………………………………………………..2
1.3.1 Basic Research Questions ….………………………….………………………………..3
1.4 Objectives of the Study.………………….…………………….…………………………… 4
1.4.1 General Objectives of the Study…………………….…………………………………. 4
1.4.2 Specific Objectives of the Study …………………………….………………………….4
1.5 Scope of the Study……………………………………………………………….…………..4
1.6 Significance of the Study……………………………………………...………….………….4
1.7 Limitation of the Study………………………………………………………………………5
CHAPTER 2
REVIEW OF RELATED LITERATURE
2.1 Definition of Internal control……………………………………………….……………….5
2.2 Objectives of Internal Control……………………………….…………………...………....8
2.3 Elements of Internal Control Structure…………………………………...………………....8
2.3.1 The Control Environment……………………………………………..………………..8
2.3.2 Risk Assessment………………………………………………………….…………….9
2.3.3 Information and Communication System…………………………..…………………. 11
2.3.4 Control Activities …………………………..……………...………………………..…..12
2.3.5 Monitoring ………………………………..…………………………………….............13
iv
2.4 Types of Internal Control ……………...…………………………………………..….13
2.5 Risk…..……………………..…………………………………………………….…..…...13
2.5.1 Inherent Risk ………………………………………………………………………....14
2.5.2 Control Risk……………………….…………………………………………………..15
2.5.3 Detection Risk ……………………………………………………………………….. 15
2.6 Fraud……………………………………………………...………………………………..15
2.6.1 Types of Fraud………………………………………………………………………...16
2.7 Limitation of Internal control………………………………………………………………16
CHAPTER THREE
RESEARCH DESIGN AND METHODOLOGY
3.1 Research Design……………………………………………...………………….………….18
3.2 Source of Data and Sampling……………………………………………………………….18
3.3 Method of Data Collection………………………………………………………………… 19
3.4 Validity and Reliability of Data……………………………………………………………..19
3.4.1Validity………………………………………….………………………………………19
3.4.2 Reliability……………………………………………………………………………… 19
3.5Method of Data Analysis…………………………………………………………………….19
3.6 Ethical Consideration……………………………………………..………………………...20
3.7 Organization of the Study ……………………………………………………………….… 20
CHAPTER FOUR
DATA PRESENTATION AND ANALYSIS
4.1 Introduction…………..…………………………………………………………………….. 21
4.2 The selection and development of control activities that contribute to
mitigation of risk to the achievement of objectives at acceptable level………….….…. 23
4.3 Consideration taken by the bank for the potential for fraud in assessing risk…………. 26
4.4 Identification and analysis of risks as a basis for determining
how they should be managed………………………………………….……………….. 27
4.5 Specification of objectives with sufficient clarity to enable identification
and assessment of risk relating to objectives……………..………………………….... 29
4.6 Summary of General opinion of respondents on the role of
v
4.7 Qualitative data Analysis…………………………………………………………..….....36
4.7.1 Risk identified and analyzed by the bank and contribution
towards achieving the objective at an acceptable level……………..……………...37
4.7.2 Consideration taken by the bank for the potential
for fraud in assessing risk……………………………………………………………37
4.7.3 Risk identified by the bank to be used as basis for
determining how the risk should be managed……………………………...…..…….37
4.7.4 Objectives of the bank specified clearly and sufficiently in order to be
used as basis for risk identification and assessment………………..……………….37
4.7.5 General opinion about “The Role of internal control
toward risk minimization" in DB S.C………………………………………………..37
CHAPTER FIVE
FINDINGS CONCLUSION AND RECOMMENDATION
5.1 Findings…………………………………………………………………………………..39
5.1 Conclusion…………………………………….………………………………………….39
5.2 Recommendation ………………………………………………………………………...40
References
Appendix 1 Survey Questionnaire
Appendix 2 Survey Interview
vi
LIST OF TABLES
Table 4.1 - General Information of the respondents…………………………………………………..22
Table4.2- Response on selection and development control activities that contribute to mitigation of risk
to the achievement of objectives at acceptable level………………………………………23
Table 4.3 - Response on consideration taken by the bank for the potential for
fraud in assessing risks…………………………………………………………………….26
Table 4.4 - Response on identification and analysis of risks as a basis for determining how they should
be managed………………………………………………………………………………….28
Table 4.5 - Response on specification of objectives with sufficient clarity to enable identification and
assessment of risk relating to operation objectives………………………………………..29
Table 4.6 - Response on specification of objectives with sufficient clarity to enable identification and
assessment of risk relating to external financial reporting objectives……………………..31
Table 4.7- Response on specification of objectives with sufficient clarity to enable identification and
assessment of risk relating to external non-financial reporting objectives…………….…..32
Table 4.8 - Response on specification of objectives with sufficient clarity to enable identification and
assessment of risk relating to internal compliance objectives………………………..........33
Table 4.9 -Response on specification of objectives with sufficient clarity to enable identification and
assessment of risk relating to compliance objectives……………………………………...34
vii
CHAPTER ONE
INTRODUCTION
Dashen Bank s.c was established in accordance with monetary and banking proclamation
number 83/1994 and the commercial code of 1960. The Bank started operation on
September 20, 1995 with initial capital of birr 14,900,000.00 and 11 shareholders.
In the organizational structure of the DB the control department is headed by the controller
at the top of the hierarchy which is responsible to the board followed by the Deptuy
Controller and then divided in to three divisions that are System, Inspection and Audit. An
internal audit control of DB covers all activities performed by the bank. The activities of
internal audit of the bank are divided in to two that is pre-audit and post-audit. The pre-
audit areas of the bank activities include account opening, loans and advances,
payrolls ,foreign outgoing payment transactions opening like LC,TT,CAD,IP whereas the
post audit area covers most of the operational activities of the bank like deposits and
withdrawals from various types of customer accounts, local money transfers and foreign
money transfers Western Union ,Money Gram, X-press Money, Dahabshil, Trans Fast etc
and settlement of different international banking transactions imports and exports.
Internal control has been recognized in the most organization as one of the most essential
ingredients, necessary for the survival of the business enterprise and government agencies.
Apart from the problem of scarce resources, organizations run a high risk of fraud, errors,
miss appropriation of funds and inefficient and ineffective operations. Step are required
therefore to minimize, if not eliminate completely, these risks, by establishing internal
control system (Odunayo, 2014).
Internal control systems represent all the approved policies and procedures used by the
management in order to achieve an effective management of the business (Damitrascu &
lulian,2012). Internal control is the whole system of controls ,financial and
otherwise ,established by the management in order to carry on the business of the company
1
in orderly manner ,safeguard its assets and secure as far as possible the accuracy and
reliability of its records (Kurt & O Ray, 2000). An organization internal control structure
consists of the policies and procedures established to provide reasonable assurance that the
organization’s related objectives will be achieved (Walter, O Ray, Kurt and Robert, 1989).
Internal control is a process, effected by an entity’s board of director, management and
other personnel ,designed to proved reasonable assurance regarding the achievement of
objectives relating to effectiveness and efficiency of operations, Reliability of financial
reporting and Compliance with applicable laws and regulations (Brain, Christopher and Jim,
2013). Operations Objectives related to the effectiveness and efficiency of the entity’s
operations, including operational and financial performance goals, and safeguarding assets
against loss. Reporting Objectives related to internal and external financial and non-
financial reporting to stakeholders, which would encompass reliability, timeliness,
transparency, or other terms as established by regulators, standard setters, or the entity’s
policies. Compliance Objectives related to adhering to laws and regulations that the entity
must follow (Brain et al., 2007).
Risk management and internal control can be viewed as two sides of the same coin in that
risk management focuses on the identification of threats and opportunities, and controls are
designed effectively counter threats and take advantage of opportunities (J. Stephen and
Vincent, 2015).
For every organization, there are risks that the organizational goals and objectives are not
achieved. All efforts aimed at preventing such risks or identifying and correcting such risks
are viewed as internal control (Odunayo, 2014).
The role of internal control towards risk minimization was assessed in line with the
principles articulated by Commission of sponsoring organization (COSO) of the Tread way
commission on the subject matter.
1.3 Statement of the Problem
A risk-based internal control approach allows concentrating on reviewing the major risks to
the organization. (Ian et al., 2012) The methodology of internal control concept is founded
on risk based concepts. An internal control system select or adapt of companies set up top
management it calls for the identification and preliminary assessment of external and
internal events that threaten entity objectives (strategic, operational and reporting,
2
compliance, etc.).It is important to note that risk management policies primarily risk
measurement (probability and impact), as well as risk appetite, tolerance, and acceptance
levels are fundamental in determining the prioritization of risk mitigation or control
objectives (Carolyn and Paolo, 2014). Without an effective internal control system
companies can confront with loses. Lack of internal controls and their deficient operation
make companies vulnerable to a number of risks. Risk is that possibility of loss as the
result of mixing of uncertainty (Dumitrascu et al., 2012).
The board of directors should have responsibility for approving and periodically reviewing
the overall business strategies and significant policies of the bank; understanding the major
risks run by the bank, setting acceptable levels for these risks and ensuring that senior
management takes the steps necessary to identify, measure, monitor and control these risks
and also provides governance, guidance and oversight to senior management. Board
members should be objective, capable, and inquisitive, with a knowledge or expertise of
the activities of and risks run by the bank (Basel Committee on Banking Supervision,
1998).
An internal control system in a company gives assurance to the management of the
company that it’s taking a safe path while moving towards a stated objectives and it keeps
getting stronger when it comes to the banking industry. A set up of internal control system
being implemented should be one of the major factor that organization should give more
attention because of it being all the way giving assurance that whether the organization is
taking the safest way to achieve its objectives so that, they want be difficult situation that
will create problems in the organizations future. When we came to the internal control
being adapted by banks within the industry differs from one bank to another even within
the context of our country. The setup of internal control system being implemented by bank
should minimize different kinds of risks faced.
1.3.1 Basic Research Questions
To achieve its objective; the study has raised the following questions,
1. How does the organization select and develops control activities that contribute to the
mitigation of risks to the achievement of objectives at an acceptable levels?
2. How the organization does consider the potential for fraud in assessing risks?
3
3. How the organization does identify and analyzes risks as basis for determining how
the risks should be managed?
4. How the organization does specify objectives with sufficient clarity to enable the
identification and assessment of risks relating to objectives?
The main objective of the study was assessing the role of internal control towards
minimizing different kinds of risks faced by the bank.
The study was important in obtaining a lot of information if it was conducted for all banks
in Ethiopia. However, it can be unmanageable for the researcher to include all the banks in
Ethiopia. Therefore, this study was delimited to Dashen Bank S.C
The research examined the role of internal control towards risk minimizations. The
importance of the study can be viewed from two dimensions; theoretical contribution and
practical implementation that the research was conducted with an expectation of DB using
4
the information as decision making tool for future reference of its internal control system
setup.
The limitation faced by the researcher while conducting this research was time and
availability of data on the subject matter since there has not been much studies on the
subject matter.
5
CHAPTER TWO
Internal control is the whole system of controls ,financial and otherwise ,established by the
management in order to carry on the business of the company in orderly manner ,safeguard
its assets and secure as far as possible the accuracy and reliability of its records (Council of
certified accountants of England and Wales as cited in D.P.Jain, 2002).
6
Differences of opinion have existed about the meaning and objectives of internal control.
Many people interpret internal control as the steps taken by the business to prevent fraud
both employee fraud and fraudulent financial reporting. Others, while acknowledging the
importance of internal control for fraud prevention, believe that internal control has equal
role in assuring over manufacturing and other processes (Kurt and O.Ray Whittington,
2000).
A system of strong internal controls can help to ensure that the goals and objectives of a
banking organization will be met, that the bank will achieve long-term profitability targets,
and maintain reliable financial and managerial reporting. Such a system can also help to
ensure that the bank will comply with laws and regulations as well as policies, plans,
internal rules and procedures, and decrease the risk of unexpected losses or damage to the
bank’s reputation (Basel Committee on Banking Supervision, 1998).
Internal control function activities which are performed under the governance and
organizational structure established by the bank’s board of directors and senior
management and in which each individual within the organization must participate in order
to ensure proper, efficient and effective performing of the bank’s activities in accordance
with the management strategy and policies, and applicable laws and regulations and to
ensure the integrity and reliability of accounting system and timeliness and accessibility of
information in the data system (Banking regulation and supervision boards, 2001).
Effective internal control system plays an important role in ensuring objective achievement
of organizations ( Mu’azu et al.,2013). Effective internal control is an integral part of an
organization’s governance system and ability to manage risk (J. Stephen and Vincent,
2013). A system of effective controls is a critical component of bank management and a
foundation for the safe and sound operation of banking organizations. A system of strong
internal controls can help to ensure that the goals and objectives of a banking organization
will be met, that the bank will achieve long-term profitability targets, and maintain reliable
financial and managerial reporting. Such a system can also help to ensure that the bank will
comply with laws and regulations as well as policies, plans, internal rules and procedures,
7
and decrease the risk of unexpected losses or damage to the bank’s reputation (Basel
Committee on Banking Supervision, 1998).
2.2 Objectives of Internal Controls
The objectives internal control are validity, completeness, valuation, classification, timing
and properly handling master’s files and correctly summarized Posting and summarization
(Alvin and James ,1991).
The internal control process, which historically has been a mechanism for reducing
instances of fraud, misappropriation and errors, has become more extensive, addressing all
the various risks faced by banking organizations. It is now recognized that a sound internal
control process is critical to a bank’s ability to meet its established goals, and to maintain
its financial viability (Basel Committee on Banking Supervision, 1998). Internal control
varies significantly from one organization to the next, depends on factors as their size,
nature of operations, and objectives.
Internal control within an organization includes five components these are the control
Environment, Risk Assessment, Information and communication, Controls activities and
Monitoring (Kurt and O Ray, 2000).
The control environment is the set of standards, processes, and structures that provide the
basis for carrying out internal control across the organization. The board of directors and
senior management establish the tone at the top regarding the importance of internal
control and expected standards of conduct (Brain et al., 2007). The control environment
sets the tone of an organization, influencing the control consciousness of its people. It is the
foundation for all other components of internal control, providing discipline and structure
(Guide line to internal control over financial reporting, www.TheCAQ.org). The
foundation components of internal control, which also provides discipline and structure,
factors include ethical values and competence (quality) of personnel, direction provided by
the board and effectiveness of management (Hong Kong Institute of Certified Public
Accountants,2005).
8
The control environment consists of the actions policies and procedures that reflect the
overall attitude of top management, the directors and the owners of the entity about control
and its importance to the entity for the purpose of understanding and assessing the control
environment, the following are the most important sub-elements the auditor should
consider Management philosophy and operating style, Organizational structure, Audit
committee, Methods to communicate the assignment of authority and
responsibility ,Management control methods, Internal audit function and Personnel policies
and procedures (Alvin and James, 1991).
In varying degrees, internal control is the responsibility of everyone in a bank. Almost all
employees produce information used in the internal control system or take other actions
needed to effect control. An essential element of a strong internal control system is the
recognition by all employees of the need to carry out their responsibilities effectively and
to communicate to the appropriate level of management any problems in operations,
instances of non-compliance with any code of conduct, or other policy violations or illegal
actions that are noticed. This can best be achieved when operational procedures are
contained in clearly written documentation that is made available to all relevant personnel.
It is essential that all personnel within the bank understands the importance of internal
control and are actively engaged in the process (Basel Committee on Banking Supervision,
1998).
2.3.2 Risk Assessment
Risk assessment involves a dynamic and iterative process for identifying and analyzing
risks to achieving the entity’s objectives, forming a basis for determining how risks should
be managed. Management considers possible changes in the external environment and
within its own business model that may impede its ability to achieve its objectives (Brain et
al., 2013). COSO’s Enterprise Risk Management (ERM) Framework was published in
2004 and provides guidance to help businesses and other entities develop and apply their
ERM activities. The Framework expands on internal control and provides key principles
and concepts on the broader subject of ERM. Specifically, the COSO ERM Framework
identifies and describes eight interrelated components that are necessary for effective ERM,
including internal environment, objective setting, event identification, risk assessment, risk
9
response, control activities, information and communication, and monitoring. Internal
control is an integral part of ERM, which is part of an organization’s overall governance
arrangements (J. Stephen and Vincent, 2014).
Risk assessment involves the identification and analysis of risks underlying the
achievement of objectives, including risks relating to the changing regulatory and operating
environment and business strategy, as a basis for determining how such risks should be
mitigated and managed (Hong Kong Institute of Certified Public Accountants, 2005).
10
2.3.3 Information and Communication
Information is necessary for the entity to carry out internal control responsibilities in
support of achievement of its objectives. Communication occurs both internally and
externally and provides the organization with the information needed to carry out day-to-
day internal control activities. Communication enables personnel to understand internal
control responsibilities and their importance to the achievement of objectives (Brain et al.,
2013). Information and communication refers to effective processes and systems that
identify capture and report operational, financial and compliance-related information in a
form and time frame that enable people to carry out their responsibilities. This includes, in
its broadest sense, communication from the top about the importance of control-related
matters and the role of individuals, channels for communicating significant information
upstream, and also effective communication with external stakeholders (Hong Kong
Institute of Certified Public Accountants, 2005). An effective internal control system
requires that there are adequate and comprehensive internal financial, operational and
compliance data, as well as external market information about events and conditions that
are relevant to decision making. Information should be reliable, timely, accessible, and
provided in a consistent format. Adequate information and effective communication are
essential to the proper functioning of a system of internal control. From the bank’s
perspective, in order for information to be useful, it must be relevant, reliable, timely, and
accessible and provided in a consistent format. Information includes internal financial,
operational and compliance data, as well as external market information about events and
conditions that are relevant to decision making. Internal information is part of a record-
keeping process that should include established procedures for record retention (Basel
Committee on Banking Supervision, 1998).
The purpose of an entity’s accounting system is to identify, assemble, analyze, record and
report the entity’s transactions and to maintain accountability for the related assets. An
effective accounting system must satisfy all of the seven detailed internal control objectives
(Alvin and James, 1991).
11
2.3.4 Controls Activities
Control activities are the actions established by the policies and procedures to help ensure
that management directives to mitigate risks to the achievement of objectives are carried
out. Control activities are performed at all levels of the entity, at various stages within
business processes, and over the technology environment. They may be preventive or
detective in nature and may encompass a range of manual and automated activities such as
authorizations and approvals, verifications, reconciliations, and business performance
reviews. Segregation of duties is typically built into the selection and development of
control activities. Where segregation of duties is not practical, management selects and
develops alternative control activities (Brain et al., 2013). Control activities comprise a
diverse range of policies and procedures that help to ensure that relevant management
directives are carried out and any actions that may be needed to address risks to achieving
company objectives are taken. These may include approvals and verifications, reviews,
safeguarding of assets and segregation of duties. Control activities can also be divided into
operations; financial reporting and compliance (Hong Kong Institute of Certified Public
Accountants, 2005).Control activities are designed and implemented to address the risks
that the bank identified through the risk assessment process described previously. Control
activities involve two steps: (1) the establishment of control policies and procedures; and (2)
verification that the control policies and procedures are being complied with and it involves
all levels of personnel in the bank, including senior management as well as front line
personnel (Basel Committee on Banking Supervision, 1998). Control procedures and
policies are those policies and procedures, in addition to the sub elements of the control
environment and features of the accounting system that management has to meet its
objectives. Generally the policies and procedures fall in to the following categories,
adequate separation of duties, proper authorization of transactions and activities, adequate
documents and records, physical control over assets and records and finally independent
checks on performance (Alvin and James ,1991).
Control activities should be an integral part of the daily activities of a bank. An effective
internal control system requires that an appropriate control structure is set up, with control
activities defined at every business level. These should include: top level reviews;
appropriate activity controls for different departments or divisions; physical controls;
12
checking for compliance with exposure limits and follow-up on non-compliance; a system
of approvals and authorizations; and, a system of verification and reconciliation (Basel
Committee on Banking Supervision, 1998).
2.3.5 Monitoring
Monitoring entails a process that assesses the quality of the internal control system’s
performance over time. This is accomplished through ongoing monitoring activities and/or
separate evaluations. Deficiencies in internal control should be reported to the appropriate
level upstream, which may be, for example, senior management, the audit committee, or
the board (Hong Kong Institute of Certified Public Accountants, 2005).
The overall effectiveness of the bank’s internal controls should be monitored on an
ongoing basis. Monitoring of key risks should be part of the daily activities of the bank as
well as periodic evaluations by the business lines and internal audit. The frequency of
monitoring different activities of a bank should be determined by considering the risks
involved and the frequency and nature of changes occurring in the operating environment
(Basel Committee on Banking Supervision, 1998).
i) Administrative Control
It refers to the system which is related to decision making processes leading to the
management’s authorization of transactions.
It comprises the plan of organization and the procedures and records that are concerned
with the safeguarding of assets and the reliability of financial records. They are concerned
with achieving the following objectives;
2.5 Risk
Risk can be defined as the probability of decrease in economic benefit due to a monetary
loss or an unexpected expense or loss occurred concerning a transaction (Banking
regulation and supervision boards, 2001). Risk refers to the uncertainty that surrounds
future events and outcomes (Heinz-Peter Berg, 2010). Each risk in the overall risk model
should be explored to identify how it potentially evolves through the organization. It is
important to ensure that the risk is carefully defined and explained to facilitate further
analysis (Helenne, 2008).
2.5.1 Inherent Risk
Inherent risks vary by nature of the account. Assume that in a given business the balance of
cash account amounts only one-tenth that of the building account. Does this relationship
indicate that the auditor should spend only one tenth as much time in the audit of cash as in
the audit of buildings? The answer to this question is no. Cash is much more susceptible to
error or theft than are buildings, and the great number of cash transaction affords an
opportunity for misstatements to be well known. Inherent risk also varies by the assertion
about the particular account. As an example, valuation of assets is often more difficult
assertion to audit than is existence of the assets. In general assertions with high inherent
risk involves; difficult to audit transactions or balances, complex calculation, difficult
14
accounting issues, significant judgment by management or valuation that vary significantly
based on economic factors ( Kurt and O Ray,2000).
The risk that a material misstatement will not be prevented or detected on a timely basis by
the client’s internal control is referred to as control risk. This risk is entirely based on the
effectiveness of clients’ internal control (Kurt and O Ray, 2000).
The risk that the auditor fails to detect the misstatement with their audit procedures is
called detection risk. In other words, detection risk is the possibility that auditors’
procedures will lead them to conclude that a material misstatement does exist. The term
audit risk refers to the possibility that the auditors may unknowingly or appropriately
modify their opinion on financial statements that are materially (Kurt and O Ray, 2000).
2.6 Fraud
The term ‘fraud’ commonly includes activities such as theft, corruption, conspiracy,
embezzlement, money laundering, bribery and extortion. Fraud essentially involves using
deception to dishonestly make a personal gain for oneself and/or a loss for another
(Helenne Doody, 2008).Fraud may also take in the form of misuse of expense account,
secret commission, false invoicing, electronic and telecommunication fraud, unauthorized
use of information, cheque forgery, cheque clone, false financial statements, and so on, but
whichever form it takes, the fundamental point is that the banking industry falls victim to
fraudulent acts suffers and bears the brunt (Olaoye and Dada,2014). Fraud is rampant in
both developed and developing countries and as well varies across places in its magnitude,
its sources, the way it manifests itself and in its effects on administrative performance and
development (Nwankwo, 2013).
A major reason why people commit fraud is because they are allowed to do so. There are a
wide range of threats facing businesses. The threat of fraud can come from inside or
outside the organization, but the likelihood that a fraud will be committed is greatly
decreased if the potential fraudster believes that the rewards will be modest, that they will
be detected or that the potential punishment will be unacceptably high. The main way of
15
achieving this must be to establish a comprehensive system of control which aims to
prevent fraud, and where fraud is not prevented, increases the likelihood of detection and
increases the cost to the fraudster (Helenne, 2008).
2.6.1Types of Fraud
Fraud can be classified in various ways using various parameters but for the purpose of this
study the following types of fraud are discussed, Management fraud is frequently
committed by management staff of a reporting entity, which comprises the director, general
managers, and managing directors to mention but a few, Insiders or Employees Frauds is
the fraud perpetrated/committed by the employees of the bank or organization is also
known as non management fraud, Outsiders Frauds these are frauds perpetrated by
customers and non-customers at the detriment of the banks and Outsiders/Insiders Fraud is
the types of fraud committed by outsiders (customers/non-customers) of the bank with
effort of insider ( Adeyemo,2012).
The 2013 Framework acknowledges that there are limitations related to a system of internal
control. For example, certain events or conditions are beyond an organization’s control,
and no system of internal control will always do what it was designed to do. Controls are
performed by people and are subject to human error, uncertainties inherent in judgment,
management override, and their circumvention due to collusion. An effective system of
internal control recognizes their inherent limitations and addresses ways to minimize these
risks by the design, implementation, and conduct of the system of internal control.
However, an effective system will not eliminate these risks. An effective system of internal
control (and an effective system of internal control over financial reporting) provides
reasonable assurance, not absolute assurance, that the entity will achieve its defined
operating, reporting, and compliance objectives (Brain et al., 2013).
Internal control can do much to protect both errors and irregularities and ensure the
reliability of accounting data. Still, it is important to recognize the existence of inherent
limitations of internal control. Mistakes may be made in the performance of controls as a
result of misunderstanding of instructions, mistakes of judgment, carelessness, distraction
or fatigue. In addition without the active participation by the Board of directors and an
16
effective internal audit department, top management can easily avoid internal control.
Finally, control activities depend upon separation of duties may be circulated by collusion
among employees. The extent of the controls adopted by a business also is limited by cost
considerations. It is not feasible from accost stand point from controls that provide absolute
protection from fraud and waste; reasonable assurance in this regard is the best that
generally can be achieved (Kurt and O. Ray, 2000).
17
CHAPTER THREE
RESEACH DESIGN AND METHODOLGY
This part of the study includes research design, source of data and sampling, methods of
data collection, validity and reliability of data collection tools, methods of data analysis and
ethical considerations.
The types of research designs employed for this study are mixed both exploratory
qualitative and conclusive quantitative research designs. The exploratory research design
was used to provide insights and understanding for decision makers on the subject matter.
The conclusive research design was used to quantify the implementation of those focus
points provide by COSO’S frame work for internal control system setup of a company.
Assessment was made on the role of internal control towards risk minimization based on
the implementation of focus points provided in relation with the study to collect the
necessary data for the research.
The target populations of the study are employees of Dashen Bank s.c working under the
control department which are Auditors, Inspectors and their respective Team leaders and
divisions heads and Manager and Deputy Manager. Purposive sampling was used to that
will best enable to answer the basic research questions and to meet the objectives.
The Main Branch of the bank was purposely selected to represent the operational areas of
the bank since basic operational areas have the same characteristics across the bank and all
Auditors at departmental levels were included in the sample in order to cover areas other
than operations by taking all consideration which were mentioned above out of 150 target
population which are working under the control department 30 (20%) was taken as a
sample size of the study.
18
3.3 Method of Data Collection
The study used a primary source of data collection that is questionnaire for Auditors and
Inspectors to get the quantified results and an interview were prepared to Audit, Inspection
and System divisions heads and their respective team leaders to get the qualified ones. A
total of 30 questionnaires were distributed and all of them were responded. An interview
were made to 8 employees of the bank which were Audit , Inspection and system division
heads and their respective team leaders and the manager and deputy manager of the main
branch. A questionnaire and interview were prepared for the selected sample population in
order to gather the necessary data needed to conduct the research. Also secondary data was
gathered from the company’s internal control manuals’ which was written in relation to the
subject matter.
3.4.1 Validity
The Internal Validity deals with how the findings of the research will match with the reality.
Tried to come up a view of what reality looks like which improved my understand and
create a more accurate pictures of existing banks situation by asking peers to comment on
the findings, detail analysis of the material and also used comments provide by my advisor.
3.4.2 Reliability
The question about reliability is whether the findings will be found again but rather the
results was consistent with data collected. Reliability of the research was justified by the
procedures followed by the researcher for gathering of materials.
Quantitative methods’ of data analysis was used. Particularly with quantitative data that
was collected via questionnaire and a descriptive analysis was used to tabulate the data and
present it in tables. Qualitative method of data analysis was also used for information
obtained using an interview and also internal control manuals was used as supplementary
data to triangulate the responses gathered.
19
3.6 Ethical Consideration
Before conducting the research on the selected bank the researcher informed the
participants of the study about the objectives of the study and had consciously consider
ethical issues in seeking consent, avoiding deception, maintaining confidentiality,
respecting the privacy, and protecting the anonymity of all respondents. The researcher
considered these points because the law of ethics on research condemns conducting a
research without the consensus of the respondents for the above listed reasons.
This research is organized in way to make the research simple and clear. The first part of
the research includes Background of the study ,statement of the problem ,research question,
objectives of the study ,scope of the study ,significance of the study ,Review of the related
literature, research design and methodology ,organization of the study, time and financial
schedule needed to conduct the research and ends with mentioning the references used to
make this proposal feasible.
20
CHAPTER FOUR
DATA PRESENTAION AND ANALYSIS
4.1 Introduction
As discussed in the research design and methodology part of this study, data collected by
using questionnaire and interview techniques were analyzed in this chapter. Data were
collected through a questionnaire includes 28 close ended and 1 open ended were
administered to employees working under the control department of DB which are Internal
Auditors and Inspectors. Accordingly they gave response on the role of internal control
towards risk minimization. Therefore the data found and collected from the respondents
were analyzed and discussed in line with the research questions as follows. The researcher
also used interview method of data gathering technique to collect the necessary data for the
research and to validate the reliability of results eventually. An interview was conducted to
division heads that are Audit, Inspection and System and their respective Team leaders and
to Branch manager and Deputy Manager of the main branch.
The data gathered is summarized in tabular form and expressed in percentages. For
convenience of presentation data gathered through Questionnaire and Interview is
presented separately.
No Item Respondents
No Percentage
1 Gender
Male 22 73%
Female 8 27%
Total 30 100%
2 Age
20 – 25 4 13%
25 – 30 15 50%
30 – 45 11 37%
45 – 60
21
Above 60
Total 30 100%
3 Educational Qualification
Certificate
Diploma
Degree 29 97%
Masters/Postgraduate 1 3%
PhD
Others (ACCA and CIA)
Total 30 100%
4 Work Experience
Under 5 years 11 37%
5 - 10 years 18 60%
10 - 15 years 1 3%
Above 15years
Total 30 100%
The table shows that most of the respondents are male (73%) while 27% are females, so
that we can say that most employees working under the control departments of DB are
males.
As can be seen from the table that 13% of the respondents’ ages between 20 - 30, 50% age
under 30 and 37% age between 30 – 45 so that, we can understand that the control
departments staffed by young employees aging under 30.
Among the respondents educational qualification 97% of Auditors and Inspectors hold
Degree and 3% holds Masters Degree which indicates that the respondents have qualified
enough to collect the necessary data on the subject matter.
22
Regarding the respondents work experience 37% have been working in the bank under 5
years, 60% between 5 - 10years and 3% between 10 – 15years which indicates that most of
them stayed long enough so that, they can respond with an experience gathered by working
those years in the bank .
4.2 The selection and development of control activities that contribute to mitigation of
risk to the achievement of objectives at acceptable level
No Item Respondents
No Percentage
1 Integration with risk assessment
Strongly Agree 4 13.33%
Agree 20 66.67%
Neutral 4 13.33%
Strongly Disagree 2 6.67%
Disagree
Total 30 100%
2 Consider entity specific factors
Strongly Agree 1 3.33%
Agree 16 53.33%
Neutral 10 33.33%
Strongly Disagree 3 10%
Disagree
Total 30 100%
3 Determine relevant business
processes
Strongly Agree 1 3.33%
Agree 16 53.33%
Neutral 12 40%
Strongly Disagree
Disagree 1 3.33%
Total 30 100%
4 Evaluates a mix of control activity
types
Strongly Agree 3 10%
Agree 17 56.67%
Neutral 5 16.67%
Strongly Disagree 4 13.33%
Disagree 1 3.33%
Total 30 100%
5 Consider at what level activities are
applied
Strongly Agree 3 10%
23
Agree 13 43.33%
Neutral 10 33.33%
Strongly Disagree 3 10%
Disagree 1 3.33%
Total 30 100%
6 Addresses segregation of duties
Strongly Agree 7 23.33%
Agree 15 50%
Neutral 4 13.33%
Strongly Disagree 2 6.67%
Disagree 2 6.67%
Total 30 100%
Table 4.2 Response on selection and development control activities that contribute to
mitigation of risk to the achievement of objectives at acceptable level
As it shows in the above table “2” that 3% strongly agrees that the bank consider entity
specific factors, 53.33% of the respondents agrees and 13.33% are neutral towards the
consideration of entity specific factors based on the percentage of respondents towards this
focus point we can understand that the organization takes consideration of entity specific
24
factors while selecting and developing control activities that can contribute towards
mitigation of risk to achievement of objectives at unacceptable level .
As it can be seen from the above table item “3” 3.33% strongly agrees with the
determination of relevant business process, 53.33% of the respondents agrees with the bank
though 40% of the respondents are neutral about it and 3.33% strongly disagree. They
believe that the company determines the relevant business process in consideration while
selecting and developing the control activities that contributes towards mitigation of risk to
achievement of objectives at an acceptable level.
As it shown in the above table item “4” 10% strongly agrees with an evaluation of mix
control activity types and 56.67% agrees with a mix though 16.67% of the respondents are
neutral, 13.33% strongly disagree and 3.33% disagree, we can understand from the
percentages that the company evaluates a mix control activities type while selecting and
developing control activities that contribute towards mitigation of risks to achievement of
objectives at an acceptable level.
As can be seen from the above table item “5” 10% strongly agrees with the consider the
levels that those selected and developed control activities are being applied, 43.33% agrees
though 33.33% are neutral about it and 10% strongly disagree and 3.33% disagree with
consideration given to levels in which the activities are being applied, we can understand
from the percentages results that the company give consideration in levels of activities
being applied while the company select and develop control activities.
As can be observed from the above table item “6” 23.33% strongly agrees, 50% of the
respondents agree though 13.33% of the respondents are neutral, 6.67 strongly disagree and
6.67% disagrees. They believe that the company’s addresses segregation of duties in the
process of selection and development of control activities that contribute towards
mitigation of risk selection for achievement of objectives at an acceptable level.
25
4.3 Consideration taken by the bank for the potential for fraud in assessing risk
No Item Respondents
No Percentage
1 Consider various types of fraud
Strongly Agree 4 13.33%
Agree 14 46.67%
Neutral 5 16.67%
Strongly Disagree 2 6.67%
Disagree 5 16.67%
Total 30 100%
2 Assess incentives and pressures
Strongly Agree
Agree 9 30%
Neutral 12 40%
Strongly Disagree 3 10%
Disagree 6 20%
Total 30 100%
3 Assess opportunities
Strongly Agree 1 3.33%
Agree 11 36.67%
Neutral 12 40%
Strongly Disagree 1 3.33%
Disagree 5 16.67%
Total 30 100%
4 Assess attitude and rationalization
Strongly Agree 1 3.33%
Agree 10 33.33%
Neutral 15 50%
Strongly Disagree 4 13.33%
Disagree
Total 30 100%
Table 4.3 Responses on consideration taken by the bank for the potential for fraud in
assessing risks
As can be seen from the above table item “1” 13.33% strongly agrees, 46.67% agrees with
the potential for fraud in assessing risks though 16.67% of the respondents are neutral
about it ,6.67% strongly disagree and 16.67% disagrees based on the percentage we can
ensure that the company takes into consideration various types of fraud in assessing risks.
26
As can be shown from the above table that item “2” 30% agrees with though 40% of the
respondents are neutral about it, 10% strongly disagree and 20% disagree ,we can
understand that the company should make an improvement on assessment of incentives and
pressures being taken into consideration for potentially fraud areas in assessing of risks.
As can be seen from the table item “3” 3.33% strongly agrees, 36.67% agrees with an
assessment of opportunities though 40% of the respondents are neutral about it ,3.33%
strongly disagree and 16.67% disagrees, so that we can understand that the company
should make an improvement on the assessment of opportunities for the potential for fraud
while assessing of risks.
As we can observe from the table item “4” 3.33% strongly agrees, 33.33% agrees with
assessment of attitude and rationalization though 50% of the respondents are neutral about
it and 13.33% strongly disagree. They believe that company is neutral about an assessment
of attitude and rationalization while taking consideration for the potential for fraud in
assessing risks which indicates that it requires an improvement on this subject matter.
4.4 Identification and analysis of risks as a basis for determining how they should be
managed
No Item Respondents
No Percentage
1 Assesses changes in the external
environment
Strongly Agree 2 6.67%
Agree 12 40%
Neutral 10 33.33%
Strongly Disagree 3 10%
Disagree 3 10%
Total 30 100%
2 Assess changes in the business
model
Strongly Agree 1 33.33%
Agree 16 53.33%
27
Neutral 12 40%
Strongly Disagree 1 33.33%
Disagree
Total 30 100%
3 Assess changes in the leadership
Strongly Agree 3 10%
Agree 10 33.33%
Neutral 12 40%
Strongly Disagree 1 3.33%
Disagree 4 13.33%
Total 30 100%
Table 4.4 Response on identification and analysis of risks as a basis for determining how
they should be managed
As it can be observed from the above table item ”1” 6.67% strongly agree, 40% agrees with
an assessment made on changes in external environment though 33.33% of the respondents
are neutral about it ,10% strongly disagree and 10% disagrees. We can understand from
respondents that the company assesses changes in external environment while identifying
and analyzing risk as a basis for managing them.
As we can see from the above table item “2” 33.33% strongly agree, 53.33% agrees with
the company assessing changes in business model though 40% of the respondents are
neutral about it and 33.33% strongly disagree .They believe that the company shows a good
performance while identifying and analyzing risks as a basis for managing them takes in to
consideration an assessment made to changes in business model.
As it shows in the above table item “3”10% strongly agrees, 33.33% agrees with
assessment of changes in leadership though 40% of the respondents are neutral about it,
3.33% strongly disagree and 13.33% disagree. Majority of the respondents believe that the
company considers assessing changes in leadership while identifying and assessing risks as
a basis for how they should be managed.
28
4.5 Specification of objectives with sufficient clarity to enable identification and
assessment of risk relating to objectives
No Item Respondents
No Percentage
1 Reflects management’s choice
Strongly Agree 2 6.67%
Agree 13 43.33%
Neutral 8 26.67%
Strongly Disagree 6 20%
Disagree 1 3.33%
Total 30 100%
2 Consider tolerance for risk
Strongly Agree
Agree 17 56.67%
Neutral 6 20%
Strongly Disagree 5 16.67%
Disagree 2 6.67%
Total 30 100%
3 Includes operation and financial
performance goals
Strongly Agree 4 13.33%
Agree 21 70%
Neutral 2 6.67%
Strongly Disagree 3 10%
Disagree
Total 30 100%
4 Forms as a basis for committing of
resources
Strongly Agree 3 10%
Agree 18 60%
Neutral 4 13.33%
Strongly Disagree 3 10%
Disagree 2 6.67%
Total 30 100%
As it can be observed from item “1” 6.67% strongly agrees, 43.33% agrees on reflection of
managements objectives though 26.67% of the respondents are neutral about it ,20%
29
strongly disagree and 3.33% disagree .They believe that objectives are specified with
sufficient clarity to enable identification of risk relating to operational objectives are driven
by management’s discretion.
As can be seen from item “2” 56.67% agrees on consideration of risk tolerance though 20%
of the respondents are neutral about it, 16.67% strongly disagree and 6.67% disagree. They
believe that companies consider tolerance for risk on specification of objectives with
sufficient clarity to enable an identification and assessment of risk relating to operational
objectives.
As can be observed from the above table item”3” 13.33% strongly agrees ,70% of the
respondents agree on operational and financial performance goals though 6.67% are neutral
about it and 10% strongly disagree. Based on the percentage we can understand that the
company’s specify objectives with sufficient clarity to enable identification and assessment
of risk by taking consideration of operational and financial performance goals of the
company.
As it is shows in the above table item “4” 10% strongly agrees, 60% agrees though 13.33%
of the respondents are neutral about it, 10% strongly disagrees and 6.67% agree. They
believe that objectives being specified with sufficient clarity which enables identification
and assessment of risks relating to operation forms as a basis of committing of resources.
No Item Respondents
No Percentage
1 Complies with applicable
accounting standard
Strongly Agree 12 40%
Agree 16 53.33%
Neutral 1 3.33%
Strongly Disagree 1 3.33%
Disagree
Total 30 100%
2 Consider materiality
30
Strongly Agree 11 36.67%
Agree 14 46.67%
Neutral 2 6.67%
Strongly Disagree 2 6.67%
Disagree 1 3.33%
Total 30 100%
3 Reflect entity activities
Strongly Agree 8 2.67%
Agree 18 60%
Neutral 3 10%
Strongly Disagree
Disagree 1 3.33%
Total 30 100%
As can be seen from the above table item ”1” 40% strongly agrees ,53.33% agrees that it
complies with applicable accounting standards though 3.335 are neutral about it and 3.33%
strongly disagree. Based on the percentage they believe that objectives are being specified
with sufficient clarity which enables identification and assessment of risks relating to
external financial reporting objectives are based on financial reporting assertion provided
by applicable accounting standards.
As it can be observed from the above table item”2” 36.67% strongly agrees, 46.67% agrees
with consideration of materiality though 6.67% are neutral about it, 6.67 strongly disagree
and 3.33% disagree .They believe that the company takes into consider materiality while
specifying objectives with sufficient clarity that enables identification and assessment of
risks relating to external financial reporting objectives.
As can be seen from the above table item “3” 2.67% strongly agrees, 60% agrees on
reflection of entities activity though 10% are neutral about it and 3.33% of the respondents
disagree. They believe that external financial reporting objectives that are specified with
sufficient clarity reflect activities of the entity.
No Item Respondents
No Percentage
31
1 Complies with externally
established standards and
framework
Strongly Agree 10 33.33%
Agree 6 20%
Neutral 13 43.33%
Strongly Disagree
Disagree 1 3.33%
Total 30 100%
2 Consider the required level of
protection
Strongly Agree 7 23.33%
Agree 8 26.67%
Neutral 10 33.33%
Strongly Disagree 4 13.33%
Disagree 1 3.33%
Total 30 100%
3 Reflect entity activities
Strongly Agree 9 30%
Agree 10 33.33%
Neutral 8 26.67%
Strongly Disagree 2 6.67%
Disagree 1 3.33%
Total 30 100%
As it can be seen from the above table item”1” 33.33% strongly agrees, 20% agrees though
43.33% of the respondents are neutral about it and 3.33% disagree. They believe that
specification of objectives with sufficient clarity which enables identification and
assessment of risks relating to external non-financial reporting complies with externally
established standards and frameworks.
As can be observed from the above table item “2” 23.33% strongly agrees, 26.67% agrees
with considering the required level of protection though 33.33% are neutral about it ,13.33%
strongly disagree and 3.33% disagree .They believe that the company considers the
required level of protection while specifying objectives with sufficient clarity relating to
external non-financial reporting objectives .
32
As can be seen from the table item”3” 30%strongly agrees, 33.33% agrees with
consideration of entity activity though 26.67% of the respondents are neutral about it, 6.67%
strongly disagree and 3.33% disagree. They believe that the company considers entity
activities while specifying objectives with sufficient clarity relating to external non
financial reporting objectives.
No Item Respondents
No Percentage
1 Complies with applicable
accounting standard
Strongly Agree 11 36.67%
Agree 16 53.33%
Neutral 2 6.67%
Strongly Disagree 1 3.33%
Disagree
Total 30 100%
2 Consider materiality
Strongly Agree 9 30%
Agree 13 43.33%
Neutral 2 6.67%
Strongly Disagree 3 10%
Disagree 3 10%
Total 30 100%
3 Reflect entity activities
Strongly Agree 10 33.33%
Agree 12 40%
Neutral 4 13.33%
Strongly Disagree 1 3.33%
Disagree 3 10%
Total 30 100%
As can be seen from the above table item “1”that 36.67 strongly agree, 53.33% agrees with
the objectives being complied with applicable accounting standards though 6.67% of the
respondents are neutral about it, 3.33 strongly disagree. We can understand that the
33
company’s specifies objectives with sufficient clarity which enables identification and
assessment of risk relating to internal compliance objectives complies with the applicable
accounting standards.
It show’s in the above table item “2” 30% strongly agree, 43.33% agrees with the
company’s considering materiality though 6.67% of the respondents are neutral about it, 10%
strongly disagree and 10% disagree. They believe that the company considers materiality
while specifying objectives with sufficient clarity which enables identification and
assessment of risk relating to internal compliance objectives.
As it can be observed in the above table item “3” 33.33% strongly agree, 40% agrees with
the reflection of entity’s activity though 13.33% of the respondents are neutral about it,
3.33% strongly disagree and 10% disagree. They believe that the company reflects entity’s
activity while specifying objectives with sufficient clarity which enables identification and
assessment of risk relating to internal compliance objectives.
No Item Respondents
No Percentage
1 Reflect external laws and
regulations
Strongly Agree 15 50%
Agree 9 30%
Neutral 4 13.33%
Strongly Disagree 1 3.33%
Disagree 1 3.33%
Total 30 100%
2 Consider tolerance for risk
Strongly Agree 11 36.67%
Agree 11 36.67%
Neutral 5 16.67%
Strongly Disagree 3 10%
Disagree
Total 30 100%
34
As can be seen from the above table item “1” 50% strongly agree, 30% agrees that the
objectives of the bank reflects external laws and regulations of the respondents though
13.33% are neutral about it, 3.33% agree strongly disagree and 3.33% disagree. They
believe that the company’s objectives that are specified with sufficient clarity which
enables identification and assessment of risk relating to compliance objectives reflect
external laws and regulations.
As can be seen from the above table item “2” 36.67% strongly agrees, 36.67% agrees that
the company takes in to consideration about tolerance of risk though 16.67% are neutral
about it, 10% strongly disagree. They believe that the company takes in to consideration
about tolerance of risk while specifying objectives with sufficient clarity which enables
identification and assessment of risk relating to compliance objectives.
When we see the general opinion given by the respondents about the subject matter they
are presented below in a summarized form;
35
transactions and it has to work beyond that and focus on activities that may led the
bank to high risks.
The internal control of DB not effective on risk minimization rather giving attention
after occurrence of events.
The employees of the bank working under the control department should develop
themselves through education and reading different kinds of directives and
manuals that can control different kinds of risks identified and give due
concentration for responsibility give by the bank.
The employees of the bank working under the control department should be
experienced in different kinds of positions.
Based on the general opinion given by the respondents we can understand that the internal
control of DB shows a good performance in giving reasonable assurance on the day to day
activities performed by the bank, following rules and procedures of the bank, as per
national bank and international chambers directives even though shows a problem on
focusing on routine tasks rather than areas that can expose the bank to high risks.
4.7.1. Risk identified and analyzed by the bank and contribution towards achieving
the objective at an acceptable level
It assesses the bank in order to achieve its object by protecting those risky areas that affect
the attainment of its objectives. Once the risks identified and analyzed, the chance of
occurrence of risk that entail customer dissatisfaction or financial loss (if they are being
considered as the banks objectives) would be negligible or else acceptable level and also
those risks that already happen to be determining ones shall be managed and mitigated by
the implementation of strong system of internal control .
4.7.2 Consideration taken by the bank for the potential for fraud in assessing risk
The bank considered those areas as the center of attention, however the measure to be taken
determines by considering the impact on the operation and the degree of the associated
fraud risks.
36
The risk department every so often makes assessment on the subject matter as well as the
internal and external auditor’s findings enable the bank to identify potential exposed areas
by being used as a major input. In view of that systems, policies and procedures would be
regularly reviewed and systematically revised in order to prevent repeating mistakes of the
past and protect the bank from new risks.
4.7.3 Risk identified by the bank to be used as basis for determining how the risk
should be managed
In order to determine the method of mitigating a risk it is mandatory priority identifying the
risk that ought to be managed .Therefore being proactive assist the bank in determining the
control mechanism in managing its risks.
Once the risk is identified derived from the nature of the risk that is actual and potential, it
would be assessed and then the responsible organ of the bank which are the top
management having the BOD approves designed operational policies system and
guidelines that would enable to mange and mitigate the identified and assessed risk.
4.7.4. Objectives of the bank specified clearly and sufficiently in order to be used as
basis for risk identification and assessment
The objectives set by the bank are stated in way which can be understood and checked
whether they are being achieved or not at a level that are acceptable to the top management
and the BOD.
Setting objectives is the pre-condition to risk management, hence taking this fact into
consideration DB as premium bank in the country; it is our utmost believes that it certainly
fulfills the same.
4.7.5 General opinion about “The Role of internal control toward risk minimization"
in DB S.C
The general opinions given by the respondents on the role of internal control towards risk
minimization are presented as follows;
37
Generally the identified risks in the bank minimize or controlled by implementing
appropriate internal control system in each activities of the bank.
It can be deduced that internal control provides reasonable assurance that risks to the
achievement of organizational objectives are at acceptable levels. Once risks are identified,
understood and assessed, you need to have internal control to manage those risks and
ensure they are at and remain at acceptable levels .Therefore, in one way or another way,
internal control plays a vital role in risk minimization process of DB s.c.
38
CHAPTER FIVE
This chapter deals with the findings , conclusion and recommendation part of the study.
The major findings of the study were analyzed and discussed using table, percentage and
descriptive type of data analysis to give conclusion.
5.1 Findings
The first finding of the research is that the company shows a good performance
while selecting and developing of control activities that can contribute towards the
mitigation of risk and achievement of objectives at an acceptable level.
About consideration taken by the company on the potential for fraud in assessing
risk even though it considers various types of fraud but it indicates a gap while
assessing incentives, pressures and motives, opportunities and motives and
rationalization at the end.
Regarding the identification and analysis of risks and used as a basis for how they
should be managed the company assess changes in business model but it indicates a
gap in assessing changes in external environment and changes leadership.
The company specifies objectives with sufficient clarity which enables
identification and analysis of risk relating to operational, external financial and non
financial reporting and internal compliance and compliance objectives.
The company should give more attention to potentially exposed risk areas rather
than the routine activity performed daily.
5.2 Conclusion
Internal control is a valuable and very important concept in the operation of any
organization or firm when we see its role towards minimizing risk selection and
development of control activities set by the company’s that contribute towards the
39
mitigation of risk and achievement of objectives at an acceptable level indicates that the
company shows a good performance.
A consideration taken by the company on the potential for fraud in assessing risk even
though the company considers various type of fraud, it indicates that the bank should make
an improvement on assessing incentives, pressures and motives, opportunities and motives
and rationalization at the end.
Regarding the identification and analysis of risks and used as a basis for how they should
be managed the company shows a good performance in assessing changes in business
model but still needs an some improvement in assessing changes in external environment
and changes leadership, so that we conclude that the bank should put in to considerations
all the major factors while identifying and analyzing of risks.
On the specification of objectives with sufficient clarity which enables identification and
analysis of risk relating to operational, external financial and non financial reporting and
internal compliance and compliance objectives indicates that the bank having a strong
stand on specifying objectives with sufficient which enables identification and analyzing of
risks relating to objectives.
Generally the role of internal control towards risk minimization in DB S.C is vital or major
to an extent to be used as an approach for its internal control even though it has problem
while assessing the potential for fraud in assessing risks and on assessing changes in
external environment and changes in leadership while identifying and analyzing risk as a
basis for how they should be managed.
5.3 Recommendation
The role of internal control on risk minimization can be seen as a risk based approach as in
the case of DB but only having that approach is not enough by itself, it should further
include within its content factors that play a great role as a setting up the system in general .
40
Based on the major findings of the study and conclusion drawn the researcher suggests the
following recommendation for the existing problem;
The bank should take into major factors within while assessing incentives and
pressures, opportunities and attitude and rationalization in consideration the
potential for fraud in assessing risks.
The bank should take in to consideration on assessment of changes in external
environment and changes in leadership in the process of identifying and analyzing
risks to be used as a basis for how they should be managed.
The bank should take in to consideration on areas that are high potential risk areas
rather than the routine day to day activities.
At last the bank should assess its operational areas in relation with their potential
for exposition of risk and give due attention for those areas rather than
concentrating on the routine daily activities.
41
References
Adeyemo, K.A. (2012): Frauds In Nigerian Banks: Nature, Deep-Seated Causes, Aftermaths and
Probable Remedies, Mediterranean Journal of Social Sciences Vol. 3 (2): 279-289
Alvin A.Arens and James K.Loebbecke (1991) Auditing An integrated approach, Fifth edition
Basle committee on banking supervision, (Sept, 1998), Frame work for Internal control system
in banking organization
Banking Regulation and Supervision Boards, Turkey (Feb, 2001), Regulation on Banks’ Internal
Control and Risk Management Systems
Basel Committee on Banking Supervision, (1998) Cayman Islands Monetary Authority.
Brain Christensen, Christopher Wright and Jim De Loach, 2013, COSO Internal Control
Integrated Frame Work.
Dumitrascu Mihaela and Savulescu Iulian, (2012).Internal Control and the Impact on Corporate
Heinz-Peter Berg, (Vol.1,2010, June) Risk Management : Procedures, Methods and Experiences ,
Bundesamt für Strahlenschutz, Salzgitter, Germany
Hong Kong Institute of Certified Public Accountants, (June, 2005), Internal Control and Risk
Management, A basic frame work , Hong Kong
Ian Peters and Andrew Baigent, (2012) Chartered Institute of Internal Auditors.
J. Stephen McNally and Vincent H. Tophoff, (April, 2015). Leveraging effective risk
management and internal control .
Kurt Pany, O Ray Whittington,(2000), Auditing, Second edition, United States of America
Mu’azu Saidu Badara and Siti Zabedah Saidin, Impact of the Effective Internal Control System
on the Internal Audit Effectiveness at Local Government Level, Journal of Social and
Development Sciences, Vol. 4, No. 1, pp. 16-23, Jan 2013 (ISSN 2221-1152)
United States general accounting office, (Nov 1999) Standards for Internal control In the Federal
government
Walter B.Meighs, O Ray Whittington, Kurt Pany, Robert F.Meighs, (1989), Principles of
Auditing , Ninth edition
APPENDIXES
APPENDIX A
SURVEY QUESTIONNIARE
The questionnaire to be filled by the staffs of Dashen Bank S.C . The objective of the
research is to collect the necessary data for research entitled, ” The role of internal control
towards risk minimization, A case study on Dashen Bank S.C.” I assure you that the
information to be shared by you will be used only and only for academic purpose and also
kept confidential.
Based on the score provided below put “ √“ on the space provided for the point of
focus being stated
1. Strongly Agree 2.Agree 3.Neutral 4.Strongly disagree 5.Disagree
1.1 Does the bank select and develop control activities that contribute towards
mitigation of risk to the achievement of objectives at acceptable level?
Item 1 2 3 4 5
1 Integration with risk assessment
2 Consider entity specific factors
3 Determine relevant business processes
4 Evaluates a mix of control activity types
5 Consider at what level activities are
applied
6 Addresses segregation of duties
1.2 Does the organization consider the potential for fraud in assessing risks?
Item 1 2 3 4 5
7 Consider various types of fraud
8 Assess incentives and pressures
9 Assess opportunities
10 Assess attitude and rationalization
1.3 Does the organization use the Identified and analyzed risks as a basis for
managing them?
Item 1 2 3 4 5
11 Assesses changes in the external
environment
12 Assess changes in the business model
13 Assess changes in the leadership
1.4 Does the objectives Specified with sufficient clarity to enable the identification
and assessment of risks relating to objectives?
Item 1 2 3 4 5
14 Reflects management’s choice
15 Consider tolerance for risk
16 Includes operation and financial
performance goals
17 Forms as a basis for committing of
resources
Item 1 2 3 4 5
18 Complies with applicable accounting
standard
19 Consider materiality
20 Reflect entity activities
Item 1 2 3 4 5
21 Complies with externally established
standards and framework
22 Consider the required level of protection
23 Reflect entity activities
Item 1 2 3 4 5
24 Complies with applicable accounting
standard
25 Consider materiality
26 Reflect entity activities
1.4.5 Compliance objectives
Item 1 2 3 4 5
27 Reflect external laws and regulations
28 Consider tolerance for risk
Please write down your opinion in general about the “The Role of internal control toward
risk minimization" in Dashen Bank S.C
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
__________________________
Thank You
APPENDIX B
SURVEY INTERVIEW
Interview prepared for a research to be conducted having a title called “The Role of
Internal Control towards Risk Minimization “
1. How does the risk identified by the bank helps to used as basis for determining how
the risk should be managed?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
____________________________________________________________
2. How does the bank consider areas that are potential exposed to fraud in assessing
risk?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
_____________________________________________________________
3. How does the risk identified and analyzed by the bank have contribution towards
achieving the objective at an acceptable level?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
_______________________________________________________________
4. Does the objectives of the bank are clearly or sufficiently stated in order to be used
as basis for risk identification and assessment?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
____
5. Please write down your opinion in general about the “The Role of internal control
toward risk minimization" in Dashen Bank S.C
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________
Thank you