IMPACT of INTERNAL CONTROL SYSTEM on ORGANIZATION's PROFITABILITY

IMPACT Of INTERNAL CONTROL SYSTEM ON ORGANIZATION'S PROFITABILITY. CASE STUDY OF NILE COMMERCIAL BANK. JUBA SOUTHERN SUDAN.

PREPARED BY MADUK DAU KOOC DENG BBA/14321/71/Df.

A RESEARCH DISSERTATION SUBMITTED TO THE FACULTY OF BUSINESS AND MANAGEMENT IN THE PARTIAL FULFILLMENT FOR THE AWARD OF A BACHELOR DEGREE IN BUSINESS ADMINISTRATION Of KAMAPALAINTERNATIONAL UNIVERSITY.

MAY, 2010 TABLE OF CONTENTS

TABLE OF CONTENTS ...... i APPROVAL ...... iv

DECLARATION ·············································································································· V ACKNOWLEDGMENTS ...... vi

CHAPTER ONE ...... 1 INTRODUCTION ...... 1 1.0 Background of the study: ...... 1 1.1 Statement of the problem: ...... 2 1.2 Purpose of the study: ...... 2 1.3 Objectives of the study: ...... 3 1.4 Research questions: ...... 3 1.5 Geographic Scope of study: ...... 3 1.6 Subject matter scope of study: ...... 3 1. 7 Significance of the study: ...... 3 1.8 Justification of the study ...... 4 1.9 Conceptual Framework: ...... 5

CHAPTER TWO ...... 6- LITERATURE REVIEW ...... 6 2.0 lntroduction: ...... 6 2.1 Definition of concepts: ...... 6 Internal Control Systems ...... 6 2.2 Relationship between Internal Control Systems and Profitability: ...... 8 2.3 Components of an internal control system: ...... 8 2.4 Structure of internal control: ...... 9 2.5 Objective of an Internal Control System: ...... 11 2.6 The major elements of an effective Internal Control System: ...... 11 2.7 Evaluation of Internal Control Systems and validity ...... 21 CHAPTER THREE ...... 22 METHODOLOGY ...... 22 3.0 Introduction: ...... 22 3.1 Research design: ...... 22 3.2 Population of the study: ...... 22 3.3 Sampling size: ...... 22 3.4 Methods of data collection: ...... 23 3-4-1 Questionnaire ...... 23 3-4-2 Observation: ...... 23 3-4-3 Interviews: ...... 24 3.5 Data processing: ...... 24 3.6 Data analysis: ...... 25 3. 7 Methodology conclusions: ...... 25

CHAPTER FOUR ...... 26 INTERPRETATION, ANALYSIS AND DISCUSSION OF FINDINGS ...... 26 4.0 Introduction ...... 26 4.1 Background information of the respondents ...... 26 4. 1.1 Respondents gender ...... 26 4.1.2 Respondents Level of Education Qualification ...... 27 4.1.3 Period worked at Nile Commercial Bank, Juba Southern Sudan ...... 28 4.2 To find out whether internal control systems have been put in place by the management of Nile Commercial Bank ...... 28 4.3 To find out whether the existing internal system affects the profitability of the organization ...... 29 4.4 To find out how long does the organization review its internal control system ...... 30 4.5 To find out the Impact of ICS on profitability between 2005-2009 ...... 30 4.6 Analysis of the profitability trends in the years 2005-2009 ...... 31 4.7 To investigate the impact of ICS on employees performance ...... 31 4.8 To find out the hindrances faced in the implementation of ICS ...... 32 4.9 To investigate the extent to which !CS has been hindered in its implementation .... 32

ii 4.10 Solutions put in place to make internal control system more effective ...... 33

CHAPTER FIVE ...... 34 SUMMARY OF CONCLUSION AND RECOMMENDATIONS ...... 34 5.0 Introduction ...... 34 5.1 Summary of Findings ...... 34 5.2 Conclusion ...... 35 5.3 Recommendation ...... 35

APPENDICES ...... 37 APPENDIX (A) ...... 37 6.0 Time frame of study ...... 37 6.1 Budget for the study: ...... 37 APPENDIX (B) ...... 38 QUESTIONNAIRES ...... 38 References: ...... 42

Ill APPROVAL

This is to satisfy that approval has been given for the research dissertation to be submitted to the School of Business and Management.

Name of supervisor: HAJJI KIBIRIGE ALLY RAMATHAN .

Signature: ...... ~ -- 01~1?.§lc,._......

Date: ...... v=.r.LoiJ'l:)/..t) .: ......

iv DECLARATION

I MADUK DAU KOOC DENG, REG.NO BBA/14321/71/DF, hereby declare that this dissertation is of my own findings and has never been produced by any one else in the faculty of Business and Management for any award in this institution.

Name of student:

Signature:

Date:

V ACKNOWLEDGMENTS

I am grateful to mention by name all those who contributed to the success of this dissertation. Specifically, I thank Hajji Kibirige Ally Ramathan for contribution on the evaluation of Research and made it to be a success through a lot of correction; advising and consuming an extra time and sacrifice to accomplish this Project Report. I also, express my appreciation to Colleagues Ms. Amal Hassan as well as Mr. Samuel Ogera to whom I got some helpful advice during the formulation the questionnaires and the data interpretations.

I also sincerely and truly appreciate and thank my parents Mr. Dau Kooc and Mrs. Nyanak Lual in general as well as Late Uncle Captain Timothy Tiop Lual in particular for sending me to school and finally, thank goes to Major General Gier Chuang Aluang for accepting my application and providing me the study leave.

vi CHAPTER ONE

INTRODUCTION

This chapter covered the background of the study, statement of the problem, purpose of the study, specific objectives of the study, research questions, scope of the study, significance of the study and conceptual framework.

1.0 Background of the study:

Nile commercial bank (NCB) was born during the civil war on 8th march 2003. At that time there was no Southern Sudanese established Banks. Its capital was obtained by selling shares to the general public. From it humble beginning, (NCB) look back with much pride and satisfaction. It has come a long way and today they have more than (20) branches in Southern Sudan in the places like Juba the capital of South, Malakai, Wau, Rumbek, Awiei, Yambio, Torit, Bor, Bentiu, Renk, Kuajok, Yei and many others branches in the Northern Sudan, Kenya and Uganda.

Today Nile commercial bank (NCB) is the biggest indigenous bank in Southern Sudan, with many shareholders. It is regulated by central bank of Sudan as well as the bank of Southern Sudan (BOSS) under whose jurisdiction fall. Nile commercial bank is licensed by the bank of Southern Sudan (BOSS) to operate as a commercial bank.

Nile commercial bank has a very close relationship with Stanbic bank and is particularly close to the Stanbic of Kenya and Uganda. Stanbic is part of the Standard Bank Group LTD, the largest bank in Africa and it operates in more than 20 countries in Africa and over 50 countries in world wide.

Southern Sudan has a heavily cash economy and Nile commercial bank (NCB) handles transactions in Sudanese Pounds and other currencies such as the USA Dollars, Kenyan Shillings, Ugandan Shillings, European Euros and GB Sterling Pounds. The bank offer numerous services that include: Current account, Savings account, funds on fixed deposits. Loans are also granted for many purposes such as building, purchase of motor vehicle, consumer goods, and other business operations.

1.1 Statement of the problem:

An effective internal control system requires that the material risks that could adversely affect the achievement of the bank's goals are being recognized and continually assessed. This assessment should cover all risks facing the bank and the consolidated banking organization (that is, credit risk, transfer risk, market risk, interest rate risk, liquidity risk, operational risk, legal risk and reputation risk). Internal control may need to be revised to appropriately address any new or previously uncontrolled risks.

Hongren et-al (1998 pg 282-283) points out that despite internal control system, there still exist ineffective risk as a result of employee fatigue, carelessness or indifference. That will lead to the organizational failure to achieve its reason of existence, and general profitability of organization. Despite of all the above measures kept in place, Nile Commercial Bank was still faced by inefficiency, fraudulent, inadequacy of records, embezzlement and the poor management that led to the losses of organization profitability.

Therefore, the researcher wanted to have a thorough investigation as regards the impact of internal system in leading to profitability of organization such as banking institutions and the study was conducted in Nile Commercial Bank, Juba Southern Sudan.

1.2 Purpose of the study:

The purpose of this study was to establish the relationship between Internal Control System and Profitability at Nile Commercial Bank Limited (NCB), Southern Sudan.

2 1.3 Objectives of the study:

The researcher sought to meet the following objectives; • To establish the relationship between internal system and profitability at Nile commercial bank limited (NCB) Southern Sudan. • To examine the impact of internal control system on profitability at Nile commercial bank limited (NCB) Southern Sudan. • To investigate the weakness within the internal control system at Nile commercial bank with a view to advice for improvements after the Findings.

1.4 Research questions:

• What is the relationship between the internal control system and profitability in the Nile commercial bank (NCB} So!Jthern Sudan. • What are the weaknesses within the internal control system at Nile commercial bank (NCB) Southern Sudan? • What is the impact of internal control systems to profitability at Nile commercial bank (NCB) Southern Sudan?

1.5 Geographic Scope of study:

The study was carried out at Nile commercial bank headquarters in Juba, Southern Sudan, located at Juba main market. The researcher chose the case study in Juba due to its accessibility and size.

1.6 Subject matter scope of study:

The study was limited to Internal Control System. It was carried on 20th January 2010-February 20th 2010 from 09:00 am up to 05:00 pm that was on Monday - Friday at Nile Commercial Bank.

1.7 Significance of the study:

► The research was useful in finding out how best the management can strengthen Internal Control System within Nile commercial bank. The findings would help in developing a competitive Internal Control System useful for accurate data.

3 ► The researcher would also provide data for management which would aid in policy formulation and better decision-making, also;

► The information could be used by other organizations to assist them in coming up with efficient internal controls.

► The researcher's educational requirement for award of a degree shall be met and the fact findings report can be used by other researchers on the same topic.

1.8 Justification of the study

In today's banking institutions, there seems to be an increase in the need to achieve the goals and objectives of the bank due to the increase in banking needs by the business community and the general public. The central Bank on the other hand is responsible for formulation of the policies and operational guidelines for the banks so as to ensure that the banks do not become bankrupt and this puts the Internal Control Systems to be the major consideration in order to achieve the banking goals and objectives and to be able to survive in today's competitive environment. Therefore, the research was justifiable in that the policy makers both in the Central Bank, Nile Commercial Bank and other Commercial Banks or financial institutions for formulating the policies on how the existing Internal Control Systems could be used or applied to enhance proper performance and to ensure achievement of the objectives and goals of the Bank.

4 1.9 Conceptual framework:

Independent Dependent Positive impacts • Detection of fraud • Checking of errors • Improving accuracy of records • Improve efficiency • Enhance decision making

Internal control Systems Profitability

Negative impacts

• Will lead to losses • Will lead to lack of trust by customers • Will lead to closure of business • Create room for fraud and embezzlement • Will lead to poor decisions making

5 CHAPTER TWO

LITERATURE REVIEW

2.0 Introduction:

This chapter covered the view of all others scholars in the area of internal control. On literature review Amin (2005 pg 215) say that; "From the review of other people's research, opportunities for more research are unveiled by the indicated next step studies which need to be done." Mugenda and Mugenda (1999 pg 115) say that, " review of literature enables to know what has been done in that particular field, makes one aware of what achievements have been made and what challenges remain."

2.1 Definition of concepts:

Internal Control Systems. Dukes (2003 pg 317), describes Internal Control System as a set of policies and procedures designed to protect assets, ensure compliance with laws and company policy. Internal Control provided in 1977 by the French Institute of Chartered Accountants; Internal Control is the set of security measures which contribute to the Control of a company. Its aim is to ensure, on the one hand, the security and safeguard of assets and the quality of information, on the other hand, the application of instructions given by Senior Management, and to encourage improvements in performance. It is evidenced through the organization, methods and procedures for each of the company activities, so as to ensure the continuity of that company.

Internal control of accounting and financial information is effected through a system designed and implemented by a company to ensure, as far as possible, that the accounting and financial aspects of its business are rigorously managed and monitored so as to meet the objectives set out above. Internal control of accounting and financial

6 information is a key component of internal control. It covers the processes for producing and disseminating companies accounting and financial information and contributes to the production of reliable information that complies with legal and regulatory requirements. As for general internal control, it relies on an overall system that includes the design and implementation of the company's information system, as well as the policies and procedures for monitoring, supervision and control.

Htip/Answers.com/Internal control; Internal control is defined as a process effected by an organization structure, work, and authority flows, incorporating people and Management Information, designed to help organization meet specific objectives.

Internal Control Systems are means by which organizations resources are directed, monitored and measured, playing an important role in preventing and detecting fraud. Organizations resources include physical assets like machinery, intangible assets i.e. reputation and intellectual property like patents and trade marks.

This is an Application Guide to the general principles governing internal control procedures related to the preparation and processing of accounting and financial information for publication. The guide is not a binding set of rules or standards; it is a tool to enable management bodies (senior management, management boards, financial departments, etc) and decision-making bodies (boards of directors, supervisory board) to understand and improve their internal control system for accounting and financial reporting.

It is designed to help companies and entities, especially those that are publicly listed, that wish to analyze their accounting and financial internal control procedures. This Application Guide covers the principles and key analytical points that apply in all business sectors; many definitions have weakness in emphasizing the detective role of control systems, other than its role in improving general efficiency of business

7 operations. Control systems allow accurate and timely information which is the goal of every organization.

2.2 Relationship between Internal Control Systems and Profitability:

According to Kimmel et al (1998), by setting acceptab~e levels of risk control and ensuring that Management takes necessary steps in monitoring, identifying and evaluating the internal control, will lead to increase of profitability in an organization.

2.3 Components of an internal control system:

According to Kyra pany et al (2001), certain features are essential to any internal control system they include; • The control environment • Risk assessment • The accounting information and information and communication system • Control activities • Monitoring Control environment is the foundation of the other component, this is the organizations policy or culture that influence control consciousness of employee. It's built on values like integrity, ethical issues, and is laid down by board of directors and the Committee organization structure. It's influenced by the management philosophy and operating style.

Risk assessment as explained by Simon (1998 pg 115) is a responsibility of management. Management should carefully identity and analyze the factors that affect the risk (risk means that organization's objective will not be achieved), and then attempt to manage those risks.

On accounting information Zorn Assini (2003 pg 320) says that an organization's accounting control information consists of methods and records established to record,

8 process, summarize, report, and communicate an entity's transaction to maintain accountability for related assets.

Control activities, www/tutor 2 u.com/internal controls. Defines control activities as policies and procedure that ensure management directive are carried out. Internal controls have checks and balances (evaluating models) which are the following: - • Performance reviews • Information processing • Physical controls • Segregation of duties Monitoring is the process of evaluating internal control over a period of time to assess their validity/efficiency, since the systems require constant upgrading. The above information on components of internal control is important as it will be used as a benchmark to measure the validity of the internal control system at the Nile commercial bank limited (NCB) Southern Sudan. The researcher however would want to emphasize the importance of staff members, staff members should be treated as a component of the system. Human element influences the success or failure of the system, more than any other single factor, and can't therefore be ignored nor their importance downplayed.

2.4 Structure of internal control:

The research case study being a banking institution, the asset of consideration was cash, fees (2002 pg 237) defines cash as coins, currency/paper money, cheques, money orders and money deposits (near money). Internal control was structured into five (5) stages, according to chauppata (2002). These stages are:-

Segregation and retaining of duties Here the work/duties involved in a transaction is allocated to different persons in such a way that the work of one person, complements the other person's or is a check of accuracy and correctness, on the other persons without duplication of work. At this

9 stage the researcher will involve himself in seeing how checks and balances could be developed which are tailor made to suite the case study.

Authorization of transactions Kieso et al (2002 pg 331) says that it is necessary to establish procedures that provide adequate assurance that authorization of any transaction is issued by persons acting within the scope of their authority.

Maintenance of adequate records and document According to Chauppata (2002) internal accounting control systems should ensure that the transactions are recorded at correct amounts and in the accounting period which they are executed.

Accountability for and safeguarding of assets According to miller (2002 pg 237) the accountability for assets should start at the time of their acquisition and continues until the use or disposal of such items.

Independent check This is the periodic measure of the systems performance by an independent party like an auditor. Dukes (2000 pg 317) recommend that a cash control system should be able to: • Separate physical custody of the money and the accounting duties, recording and receiving persons should be different. • Able to Account for all transactions • Maintain only the minimum cash needed • Provide for periodic test-count for the cash balances • Achieve an adequate return in idle cash balances • Result in the physical control of cash.

10 2.5 Objective of an Internal Control System:

Fess et-al (2002 pg 237) summarized the objective of a control system as: • To safeguard and ensure correct use of business assets • To provide accurate business information • To ensure that employees comply with laws and regulation The researcher would however like to highlight that the objectives are incomplete without including a vital objective which is to ensure accurate, reliable and efficient business transactions data for better decision making.

2.6 The major elements of an effective Internal Control System:

Internal control is a process affected by the board of directors, senior management and all levels of personnel. It is not solely a procedure or policy that is performed at a certain point in time, but rather it is continually operating at all levels within the bank. The board of directors and senior management are responsible for establishing the appropriate culture to facilitate an effective internal control process and monitoring its effectiveness on an ongoing basis, however, each individual within an organization must participate in the process. The main objectives of internal control system can be categorized as follows: Efficiency and effectiveness of activities (performance objectives) Reliability, completeness and timeliness of financial and management information (information objectives), and Compliance with applicable laws and regulations (compliance objectives).

Performance objectives for internal controls pertain to the effectiveness and efficiency of the bank in using its assets and other resources and protecting the bank from loss. The internal control system seeks to ensure that personnel throughout the organization are working to achieve its goals with efficiency and integrity, without unintended or excessive cost or placing other interests (such as an employee's, vendor's or customer's interest) before those of bank.

11 Information objectives address the preparation of timely, reliable, relevant reports needed for decision-making within the banking organization. They also address the need for reliable annual accounts, other financial statements and other financial-related disclosures and reports to shareholders, supervisors, and other external parties. The information received by management, board of directors, shareholders and supervisors should be of sufficient quality and integrity that recipients can rely on the information in making decisions. The term reliable, as it relates to financial statements, refers to the preparation of statements that are presented fairly and based on comprehensive and well-defined accounting principles and rules.

Compliance objectives ensure that all banking business complies with applicable laws and regulations, supervisory requirements, and the organizations policies and procedures. This objective must be met in order to protect the bank's franchise and reputation.

The internal control system, which historically has been a mechanism for reducing instance of fraud, misappropriation and errors, has become more extensive, addressing all the various risks faced by banking organizations. It is now recognized that a sound internal control system is critical to a bank's ability to meet its established goals, and to maintain its financial viability. Internal control consists of five (5) elements:

► Management oversight and control culture.

► Risk recognition and assessment.

► Control activities and segregation of duties.

► Information and communication. And

► Monitoring activities and correcting deficiencies.

Management oversight and control culture: Board of directors, should have responsibility for approving and periodically reviewing the overall business strategies and significant policies of bank, understanding the major

12 risks run by the bank, setting acceptable levels for these risks and ensuring that senior management takes the steps necessary to identify, measure, monitor and control these risks, approving the organizational structure, and ensuring that senior management is monitoring the effectiveness of internal control system. The board of directors is ultimately responsible for ensuring that an adequate and effective system of internal control is established and maintained.

The board of directors provides governance, guidance and oversight to senior management; it is responsible for approving and reviewing the overall business strategies and significant pokies of the organization as well as the organizational structure. The board of directors has the ultimate responsibility for ensuring that an adequate and effective system of internal control is established and maintained. Board members should be objective, capable, and inquisitive, with a knowledge or expertise of the activities of and risks run by bank. The board should consist of some of members who are independent from the daily management of the bank. A strong, active board, particularly when coupled with effective upward communication channels and capable financial, legal, and internal audit functions, provides an important mechanism to ensure the correction of problems that may diminish the effectiveness of the internal control system.

The board of directors should include in its activities: periodic discussions with management concerning the effectiveness of the internal control system, a timely review of evaluations of internal controls made by management, internal auditors, and external auditors, periodic efforts to ensure that management has promptly followed up on recommendations and concerns expressed by auditors and supervisory authorities on internal control weaknesses, and a periodic review of the appropriateness of the bank's strategy and risk limits.

One option used by banks in many countries is the establishment of an independent audit member to assist the board in carrying out its responsibilities. The establishment

13 of an audit member allows for detailed examination of information and reports without the need to take up the time of all directors. The audit member is typically responsible for overseeing the financial reporting process and the internal control system. As part of this responsibility, the audit member typically oversee the activities of, and serves as a direct contact for, the bank's internal audit department and engages and serves as the primary contact for the external auditors. In those countries where it is an option, the member should be composed mainly or entirely of outside directors (i.e. members of the board that are not employed by the bank or any of its affiliates) who have knowledge of financial reporting and internal control. It should be noted that in no case should the creation of an audit member amount to a transfer of duties away from the full board, which alone is legally empowered to take decisions.

Senior management should have the responsibility for implementing strategies and policies approved by the board, developing processes that identify, measure, monitor, and control risks incurred by the bank, maintaining an organizational structure that clearly assigns responsibility, authority and reporting relationship, ensuring that delegated responsibility are effectively carried out, setting appropriate internal control policies, and monitoring the adequacy and effectiveness of internal control system.

Senior management is responsible for carrying out the directives of the board of directors, including the implementation of strategies and policies and the establishment of an effective system of internal control. Members of senior management typically delegate responsibility for establishing more specific internal control policies and procedures to those responsible for a particular business unit. Delegation is an essential part of management, however, it is important for senior management to oversee the managers to whom they have delegated these responsibilities to ensure that they develop and enforce appropriate policies and procedures.

Compliance with an established internal control system is heavily dependent on a well documented and communicated organizational structure that clearly shows lines of

14 reporting responsibility and authority and provides for effective communication throughout the organization. The allocation of duties and responsibilities should ensure that there are no gaps in reporting lines and that an effective level of management control is extended to all levels of the bank and its various activities. It is important that senior management takes steps to ensure that activities are conducted by qualified staff with the necessary experience and technical capabilities. Staff in control functions must be properly remunerated. Staff training and skills should be regularly updated. Senior management should institute compensation and promotion policies that reward appropriate behaviors and minimize incentives for staff to ignore or override internal control mechanisms.

Control culture, the board of directors and senior management are responsible for promoting high ethical and integrity standards, and for establishing a culture within the organization that emphasizes and demonstrates to all levels of personnel the importance of internal controls. All personnel at a banking organization need to understand their role in the internal controls process and be fully engaged in the process.

Risk recognition and assessment: Banks are in the business of risk-taking. Consequently it is imperative that, as part of an internal control system, these risks are being recognized and continually assessed. From an internal control perspective, a risk assessment should identify and evaluate the internal control and external factors that could adversely affect the achievement of the banking organization's performance, information and compliance objectives. This process should cover all risks faced by the bank and operate at all levels within the bank. It differs from the risk assessment process which typically focuses more on the review of business strategies developed to maximize the risk/ reward trade-off within the different areas of the bank.

!5 Effective risk assessment identifies and considers internal factors (such as the complexity of the organization's structure, the nature of the bank's activities, the quality of personnel, organizational changes and employee turnover) as well as external factors (such as fluctuating economic conditions, changes in the industry and technological advances) that could adverse~y affect the achievement of the bank's goals. This risk assessment should be conducted at the level of individual businesses and across the wide spectrum of activities and subsidiaries of consolidated banking organization. This can be accomplished through various methods. Effective risk assessment addresses both measurable and non-measurable aspects of risks and weights costs of control against the benefits they provide.

The risk assessment process also includes evaluating the risks to determine which are controllable by the bank and which are not. For those risks that are controllable, the bank must asses whether to accept those risks or the extent to which it wishes to mitigate the risks through control procedures. For the risks that cannot be controlled, the bank must decide whether to accept these risks or to withdraw from or reduce the level of business activity concerned.

Control activities and segregation of duties: Control activities must be an integral part of the daily activities of a bank. An effective internal control system requires that an appropriate control structure is set up, with control activities defined at every business level. These should include: top level reviews, appropriate activity controls for different departments or divisions, physical controls, checking for compliance with exposure limits and follow-up on non compliance, a system of approvals and authorizations, and a system of verification and reconciliation.

Control activities are designed and implemented to address the risks that the bank identified through the risk assessment process. A control activity involves two steps: the establishment of the control policies and procedures, and verification that the control

16 policies and procedures are being complied with. Control activities involve all levels of personnel in the bank, including senior management as well as front line personnel. Example of control activities include: Top level reviews- boards of directors and senior management often request presentations and performance reports that enable them to review the bank's progress toward its goals. For example, senior management may review reports showing actual financial results to date versus the budget. Senior management generates as a result of this review and the ensuring responses of lower levels of management represent a control activity which may detect problems such as control weakness, errors in financial reporting or fraudulent activities.

Activity control- department or division level management receives and reviews standard performance and exception reports on a daily, weekly or monthly basis. Functional reviews occur more frequently than top-level reviews and usually are more detailed. For instance, a manager of commercial lending may review weekly reports on delinquencies, payments received, and interest income earned on the portfolio, while the senior credit officer may review similar reports on a monthly basis and in a more summarized form that includes all lending areas. As with the top-level review, the questions that are generated as a result of reviewing the reports and the responses to those questions represent the control activity. Physical controls- physical controls generally focus on restricting access to tangible assets, including cash and securities. Control activities include physical limitations, dual custody, and periodic inventories.

Compliance with exposure limits- the establishment of prudent limits on risk exposures is an important aspect on risk management. For instance, compliance with limits for borrowers and other counterparties reduces the bank's concentration of credit risk and helps to diversify its risk profile. Consequently, an important aspect of internal controls is a process for reviewing compliance with such limits and follow-up on instances non compliance.

17 Approvals and authorizations- requiring approval and authorization for transactions over certain limits ensure that an appropriate level of management is aware of the transaction or situation, and helps to establish accountability.

Verifications and reconciliations- verifications of transaction details and activities and the output of risk management models used by the bank are important control activities. Periodic reconciliations, such as those comparing cash flows to account records and statements, may identify activities and records that need correction. Consequently, the results of these verifications should be reported to the appropriate levels of management whenever prob~ems or potential problems are detected.

Control activities are most effective when they are viewed by management and all other personnel as an integral part of, rather than an addition to, the daily activities of the bank. When controls are viewed as an addition to the day- today activities, they are often seen as less important and may not be performed in situations where individuals feel pressured to complete activities in a limited amount of time. In addition, controls that are an integral part of the daily activities enable quick responses to changing conditions and avoid unnecessary costs. As part of fostering the appropriate control culture within the bank. Senior management should ensure that adequate control activities are an integral part of the daily functions of all relevant personnel.

It is not sufficient for senior management to simply establish appropriate policies and procedures for the various activities and divisions of the bank. The must regularly ensure that all areas of the bank are in compliance with such policies and procedures and also determine that existing policies and procedures remain adequate. This is usually a major role of the internal audit function.

An effective internal control system requires that there is appropriate segregation of duties and those personnel are not assigned conflicting responsibilities. Areas of

18 potential conflicts of interest should be identified, minimized, and subject to careful, independent monitoring.

Information and communication: An effective internal control system requires that there are adequate and comprehensive internal financial, operational and compliance data, as well as external market information about events and conditions that are relevant to decision making. Information should be reliable, timely, accessible, and provided in a consistent format.

Adequate information and effective communication are essential to the proper functioning of a system of internal control. From the bank's perspective, in order for information to be useful, it must be relevant, reliable, timely, accessible, and provided in a consistent format. Information includes internal financial, operational and compliance data, as well as external market information about events and conditions that are relevant to decision making. Internal information is part of a recording-keeping process that should include established procedures for record retention.

An effective internal control system requires that there are reliable information systems in place that cover all significant activities of the bank. These systems, including those that hold and use data in an electronic form, must be secure, monitored independently and supported by adequate contingency arrangements.

An effective internal control system requires effective channels of communication to ensure that all staff fully understand and adhere to policies and procedures affecting their duties and responsibilities and that other relevant information is reaching the appropriate personnel.

19 Monitoring activities and correcting deficiencies: The overall effectiveness of the bank's internal controls should be monitored on an ongoing basis. Monitoring of key risks should be part of the daily activities of the bank as well as periodic evaluation by the business lines and internal audit.

Since banking is a dynamic, rapidly evolving industry, banking must continually monitor and evaluate their internal control systems in the light of changing internal and external conditions, and must enhance these systems as necessary to maintain their effectiveness. In complex, multinational organizations, senior management must ensure that the monitoring function is properly defined and structured within the organization.

Monitoring the effectiveness of internal controls can be done by personnel from several different areas, including the business function itself, financial control and internal audit. For that reason, it is important that senior management makes clear which personnel are responsible for which monitoring functions. Monitoring should be part of the daily activities of the bank but also include separate periodic evaluations of the overall internal control process. The frequency of monitoring different activities of a bank should be determined by considering the risks involved and the frequency and nature of changes occurring in the operating environment.

Ongoing monitoring activities can offer the advantage of quickly detecting and correcting deficiencies in the system of internal control. Such monitoring is most effective when the system of internal control is integrated into the operating environment and produces regular reports for view. Examples of ongoing monitoring include the review and approval of journal entries, and management review and approval of exception reports.

In contrast, separate evaluations typically detect problems only after the fact; however, separate evaluations allow an organization to take a fresh, comprehensive look at the effectiveness of the internal control system and specifically at the effectiveness of the

20 monitoring activities. These evaluations can be done by personnel form several different areas, including the business function itself, financial control and internal audit. Separate evaluations of the internal control system often take the form of self assessment when persons responsible for a particular function determine the effectiveness of controls for their activities. The documentation and the results of the evaluations are then reviewed by senior management. All levels of review should be adequately documented and reported on a timely basis to the appropriate level of management.

2.7 Evaluation of Internal Control Systems and validity.

Meig et al (1997 pg 140) says to have a valid internal control that will protect business from losses occasioned by embezzlement; the system must have three things; • A strong system of control within the organization • Regular audits by internal and external auditors • Fidelity bonds protecting the company to an agreed amount against loss from employee dishonesty. Supervisors should require that all banks, regardless of size, have an effective system of internal controls that is consistent with the nature, complexity, and risk inherent in their on-and off-balance-sheet activities and that responds to changes in the bank's environment and conditions. Although the board of directors and senior management bear the ultimate responsibility for an effective system of internal control, a researcher show that supervisors should assess the internal control system in place at individual banks as part of their ongoing supervisory activities. The supervisors should also determine whether individual bank management gives prompt attention to any problems that are detected through the internal control process.

21 CHAPTER THREE

METHODOLOGY

3.0 Introduction:

This chapter explain the methods of data collection and analysis which the researcher employed in collecting and analyzing data, presented and described techniques used on the same and also includes: - Research design, population of the study, Sampling size, Methods of data collection, Research procedure, Observation, Interviews, Data processing, Time frame of the study, Budget of the study, Questionnaires and references:

3.1 Research design:

In the study the researcher used both quantitative and qualitative methods of data collection. Qualitative methods were employed to get detailed information and practical aspects while quantitative method was used on data and tables.

3.2 Population of the study:

The sample population in this study comprised twenty (20) respondents, the case Study comprised of ten (10) departments and two (2) respondents from every department were selected. This assisted in comparing the information given by the two respondents so as to come up with accurate information. The total population comprised of fifty two (52) which was the number of employees at the headquarters.

3.3 Sampling size:

The researcher used stratified sampling technique. The bank as an organization of study also called the population was divided into various departments charged with specific purpose. These departments formed the sub-population which was homogenous. A simple random sample was selected from each department. Identification of respondents was based on the willing and available employees.

22 3.4 Methods of data collection:

The researcher used several methods in order to come up or derive both primary and secondary data; these methods are questionnaire, interviews, and observation and the researcher used each method as explained below: - Primary sources. The researcher gathered primary data by conducting proper administration of questionnaires to the respondents whom supplied him with information regarding the topic. Also, interview and observation methods were used by the researcher and later the researcher analyzed and interpreted the findings.

3-4-1 Questionnaire

Pre-formulated questions were distributed to the selected respondents in the various departments, since the resercher knew exactly what information was required in relation to control systems and how to measure the variables of interest, which was why this method was included in this study. This was also in consideration of the busy schedule of the staff, the respondents carried the questionnaire to fill it out during their own free time or at their own convenience, it gave them time to reflect on the questions and not give answers while under pressure owing to the nature of their duties.

3-4-2 Observation:

Having developed a keen interest in the banking industry, the researcher used observation to determine how cash is received, how receipts are issued, the role of supervisors and chief/head cashiers in implementing the existing internal control, the keenness of cashiers as they carried their duties and other physical aspects related to control systems within the banking hall. The researcher used participatory observation through the use of an existing bank account opened in the institution by seeking several services to find out how exactly they are handled by the bank workers in general. After analyzing data from the accounts department, the researcher also

_.)?" observed the weaknesses presented and loopholes existing within the system which leads to losses.

3-4-3 Interviews: Since this method involved direct participation of individuals, time was created with the respondents especially during the tea break and lunch break, when the respondents were not attending to customers. The information gathered supplemented what was not adequately covered by the questionnaire. The researcher formulated set of questions and instruction to obtain information from the respondents.

The above said questions were structured whereby the same words to standardize the interview were asked to different respondents. The researcher also used unstructured interview where additional specific questions, relevant to only a specific department were asked to different respondents within the department.

Secondary sources. The researcher used or reviewed the literature, journals, accounting manuals and other financial information that was availed to him in Nile Commercial Bank. Juba Southern Sudan.

3.5 Data processing:

From the data collected, the researcher used the knowledge on se~ected discipline and inferential statistics to correctly analyze the data. Descriptive statistics was used to summarize data and describe the respondents input while inferential statistics enabled the researcher to infer the sample results to the population. These methods were important due to the anticipated form of data. Only correctly filled questionnaires were coded, edited and analyzed. Frequencies, percentages, graphs and true findings were represented using tables.

24 3.6 Data analysis:

The researcher used two different procedures or methods in analyzing data and this included the use of quantitative methods for numeral data and qualitative method for non numeral data.

3.7 Methodology conclusions:

The researcher believed that using the above techniques and procedures, would make him to be in a better position to gather the relevant information geared toward establishing the effect of internal control system on the organizational profitability in Nile Commercial Bank.

25 CHAPTER FOUR

INTERPRETATION, ANALYSIS AND DISCUSSION OF FINDINGS

4.0 Introduction

This chapter presents data presentation, analysis and discussions of findings. It mainly summarizes key issues from the theoretical and empirical literature, compares and contrasts findings systematically and possible relationships in the process of fulfilling the overall objectives of the study. The analysis was done in accordance with the research objectives and variables of the study. The variables understudy was internal controls system and profitability. The researcher employed various tools to analyze the data collected including but not limited to frequency distribution tables, simple bar graphs, pie charts and percentages. A descriptive analysis has also been given to enable easy understanding of the information given by various respondents.

4.1 Background information of the respondents

This section of the study sought to find out from the respondent about their gender, working period, position in the organization and the impact of internal control system on the profitability of Nile Commercial Bank, Juba Southern Sudan.

4.1.1 Respondents gender

This subsection sought to find out from the respondent their gender. Results are as presented in the figure 1 below.

26 Figure 1: Respondents Gender.

Female, 20%

■ Male ■ Female

According to the data presented above, 80% of the respondents were male and 20% were female.

4.1.2 Respondents Level of Education Qualification

To investigate the Level of education qualification by the respondents, table 1. Shows the findings. Table 1: Respondents Level of Education Qualification Level of qualification Frequency Percentages Sudan Certificate 33 63% Diploma 10 19% Degree 5 10% Master degree 3 6% PhD 1 2% Total 52 100%

The level of education was necessary to ascertain the knowledge and experience distribution among the respondents and to ascertain which education level was most conversant with the research study. Respondents who had certificates was the highest which represented 63%, while those with diplomas represented 19%, degree graduates

27 represented 10%, masters degree were only 6% and PhD holders were a mere 2% of the respondents.

4.1.3 Period worked at Nile Commercial Bank, Juba Southern Sudan.

To investigate the period the respondents have been working at Nile Commercial Bank, Juba Southern Sudan. The figure below depicts the results of the findings. Figure 2:

50% ~------~ 45% -+------=.,;~------<~&------'I ~% +------35% +------30% +------25% +------20% ---t----7i">icr------15% ---t------,--~~r---- 10% --+----

5% -+------t 0%+----'----L--~- Less than a year 1-3 Years 3-5 Years

From the above analysis, the researcher found out that the majority ( 43%) of the respondents have worked for a period of 1-3 years, while those who worked for more than 3 Years up to 5 years were 42% and less than a year were only 15%.

4.2 To find out whether internal control systems have been put in place by the management of Nile Commercial Bank.

This sub-section sought to find out from the respondents whether there was existing internal control systems in their organization. The results are represented in figure below.

28 Figure 3:

40% ~ ~ 60%

From the above analysis, the majority of the respondents 60% said that there was internal control system in the organization while 40% said no.

4.3 To find out whether the existing internal system affects the profitability of the organization.

This sub-section sought to establish the relationship between internal control system and profitability of the institution. The results are represented in the figure below.

Figure 4:

□ Yes • No □ Somehow

Somehow, 30%

No, 30%

29 From the above information, 40% of respondents said that there was correlation between internal control system and profitability, whereas 30% said no, and another 30% said somehow.

4.4 To find out how long does the organization review its internal control system. Figure 5

70%

60%

50%

40%

30%

20%

10%

for how long do you re\Aew the internal control system

According to the respondents, 70% said that the ICS are reviewed yearly, while 15% said quarterly, 9% said monthly, 4% said none at all while 2% said weekly.

4.5 To find out the Impact of ICS on profitability between 2005-2009. Table 2: Particulars Frequency Percentage Increased profitability 30 58% Made losses 15 29% No change 7 13% Total 52 100%

From the above table, the researcher found out that 58% of the respondents said that the profitability increased, while 29% said that there were losses, whereas 13% said there were no changes at all.

30 4.6 Analysis of the profitability trends in the years 2005-2009.

Table 3: Profitability trends increase Frequency Percentage Below 5% 17 33% At5% 29 56% More than 5% 6 11% Total 52 100%

29 of the respondents said that the profitability increase was at 5%, while 17 of the respondents said it was below 5% while 6 respondents said it was more than 5%.

4.7 To investigate the impact of ICS on employees performance. Figure 6:

40% 35% 30% 25% 20% 15% 10% 5% 0% Increase rm rale Prevert fraud M inirrize errors M lninize Efficiency in rrisapproprialions opl!f'1llions of assets

□ Increase morale □ Prevent fraud Ill Mnimi22 errors ■ Mnimi22 misappropriations of assets ■ Efficiency in operations

The above figure depicts that 40% of the respondents said that ICS aid in the prevention of fraud, while 34% said that it helps to minimize misappropriations of assets, 12% that it minimizes errors, 10% said that it increases the efficiency of operations and only 7% said that it helps to boost employee morale.

31 4.8 To find out the hindrances faced in the implementation of ICS. Table 4: Particulars Frequency Percentage Inadequate resources 4 8% Uncooperative management 8 15% Quality of staff 7 13% Quality of internal auditor 10 19% Unclear policies 23 44% TOTAL 52 100%

In the above table distribution, the researcher found out that the major hindrance faced by Nile Commercial Bank is unclear policies represented by 44% of the respondents, the quality of internal auditor represented 19%, uncooperative management represented by 15%, the quality of existing staff represented by 13%, while inadequate resources was not a primary hindrance, it only represented 8%.

4.9 To investigate the extent to which ICS has been hindered in its implementation. Table 5: Particulars Frequency Percentage Very severe 25 48% Severe 20 38% Minimal 4 8% No hindrance 3 6% Total 52 100%

The information above indicate that 48% of the respondents said that ICS was very severely hindered,38% said it was severe, while 8% and 6% said it was minimal and no hindrance respectively.

32 4.10 Solutions put in place to make internal control system more effective

Table 5: Particulars Frequency Percentage Independence of the internal 12 230/cr auditor Allocate more resources 4 8% Improve the quality of staff 6 11% Strengthen organization 30 58% policies Total 52 100%

The above table shows that 58% of the respondents said that strengthening organization policies was the major solution to make the ICS more effective, 23% said assuring the independence of the internal auditor, 11 % said improving the quality of staff and 8% said allocating more resources.

33 CHAPTER FIVE

SUMMARY OF CONCLUSION AND RECOMMENDATIONS

5.0 Introduction This chapter covers the summary of findings of the research carried out, conclusion and recommendation for further future research.

5.1 Summary of Findings

This study investigated internal control system impact on profitability. The study was carried out in Nile Commercial Bank, Juba Southern Sudan.

Chapter one comprises background information, problem statement, purpose of study, specific objective of the study, research questions, scope of study, significance and conceptual framework as well justification of the study among others. This information is vital for providing the introduction to the problem understudy.

Chapter two concentrate and emphasis more on literature review by different scholars and used as a base to equip researcher with more knowledge on the problem understudy.

Questionnaire was used in collecting the data for the study. Simple random sampling technique was employed to obtain information and the researcher sampled fifty two respondents.

The researcher used frequency distribution tables, percentages, pie charts and bar graphs to present and analyze the findings. The researcher selected the site of the study conveniently considering time and resources available.

34 5.2 Conclusion

The researcher revealed that there had been a lot of difficulties in the implementation of internal control system because of the poor management policies of concentrating all the authority in the hand of the few individuals that has made the majority of employees to be reluctant. The absent of the coordinated internal control team work has made the company not to realize it objectives. The absent of annually regular revision of financial statement reporting and evaluation of the activities carried out by the bank, has lead to the lack of proper accountability which had created the loophole for the fraud and embezzlement.

The researcher, further reveal that, there was even no good cooperation between the researcher and the staff due to the bad policies put down by top management and that don't a lot the employees to express, disclosed and examining the rules put to monitor the internal control system. The weak internal control certainly interferes with the profitability of Nile Commercial Bank as well as bad structure employed by management and unclear credit procedures.

5.3 Recommendation

The researcher made the following recommendation arising from the findings: There must be flexible measures put in place to implement the internal control system, organization should make an early and timely financial statement report. It must take caution, care and point out promptly any misappropriation. Bank must implement the Sc's as the term of its credit policy. This is a set policy actions designed to minimize costs associated with credit. character, the creditor manager should assess and ascertain customer financial position to meet his obligation such as: - Bank references, martial status, attachment to government agencies, level of education, contact, occupational stability, and historical background of the client. Credit is normally granted to those customers who have been

35 consistent in dealing with the firm. This gives assurance in determining their character. However, customers should be rated according to how fast they meet their obligations.

Capacity, the credit manager should at financial statements, previous experience of the client, trade references, bank references and amount and purpose of the credit. The following must be examined before extended the credit. I.e. Balance sheet, the income statements, forecasted cash flow statements, profit margin and cash inflows and outflows of the customer's business to ascertain the capacity to pay.

Condition, the credit manager should assess the prevailing economic and other factors such as social and political which may affect the customer's ability to pay. Economically, under inflationary conditions, it is unsuitable to grant credit because of low returns expected.

Capital, the credit manger must assess the contribution or interest of the customer in his business, and shown by; Capital = Assets - Liabilities. Therefore, credit manger should consider capital of determining stake of the person in his/her business. It is undesirable to grant credit to persons who have got little capital.

Collateral, credit manger must guarantee securities against failure to pay. The person seeking credit should offer his securities before credit is granted. This should be safe and easily marketable. However, collateral whether good or bad, should be a basis for consideration for credit and cannot be primary focus.

Finally, the government should endeavor to uphold good governance and accountability toward the bank to rescue it from collapsing. And make the management accountable for misappropriation of public /society wealth.

36 APPENDICES

APPENDIX (A)

6.0 Time frame of study The researcher hopes to conduct the study following the time schedule as indicated in table below. Event Time /Duration Proposal writing January 2010 Designing interview guide and necessary January 2010 authorization Data collection January 2010 - February 2010 Report writing /Dissertation February 2010 - April 2010 Submitting May 2010

6.1 Budget for the study: The researcher came up with the budget as indicated in table 2 to cover the study. Table 2 Item Amount in Uganda shillings Stationary e.g. pens and papers 50,000 Hiring personnel and clerical /Assistants 400,000 Transport expenses 150,000 Printing and typing 200,000 Collection of data 350,000 Literature collection 150,000 Miscellaneous 80,000 Total 1,380,000

37 APPENDIX (B) QUESTIONNAIRES

I am Maduk Dau Kooc Deng a student of Kampala International University in School of Business and Management conducting a research on the topic; "Impact of Internal Control System on the Organization Profitability" A case study of Nile Commercial Bank. Juba, Southern Sudan.

The purpose of this study is to fulfill my academic requirement, and also share the knowledge I have gained on internal control systems with your institution.

(A) Personal information questions (Qn 1-8) Please tick in the most appropriate box and fill in the blank spaces where applicable. 1. Age a) 18-30 ( ) (b) 31-45 ( ) (c) 45 and above ( )

2. Sex a) Male ( ) (b) Female ( )

3. Marital status a) Married ( ) (b) Singles ( )

4. Level of education a) Sudan Certificate ( ) (b) Diploma ( ) (c) Degree ( ) c) Master degree ( ) (d) PhD ( )

5. Departments a) Administration ( ) (b) Finance ( ) (c) Marketing ( ) Other department, specify ......

38 6) For how long have you been in this organization? a)Lessthanayear( ) (b)1-3years () (c)3-5years ()

7) Have you ever worked at any other bank? a) Yes ( ) (b) No ( )

8) If your answer in question 7 is yes, comment about the systems in your previous department......

(B) Research questions (Qn. 9-20) 9) Does Nile Bank has internal control procedures put down by the management? a) Yes ( ) (b) No ( )

10) Does the existing internal control system affect the profitability of your organization? a) Yes ( ) b) No ( ) c) Somehow ( )

11) For how long do you review the internal control system in your organization? a) A week ( ) (b) A month ( ) (c} Quarterly ( ) d) Yearly ( ) ( e) none ( )

12) How does the internal control system operate within your organization? a) Vertically ( ) (b) Horizontally ( ) (c) Non ( )

13) How has the formulation of internal control system impacted the profitability of your organization in recent years (2005-2009)? a) Increased profitability ( ) b) Made losses ( ) c) No change ( )

39 14) How would you analyze the increase in profitability trends in the years mentioned above? a) Below 5% ( ) b) Increase of 5% ( ) b) More than 5% ( )

15) Does the new employee always understand the type of internal control system within the bank? a) Yes ( ) (b) No ( ) (c) None ( )

16) What is the impact of internal control system on the employees working in your organization to enhance their performance? a) Increase morale ( ) b) Prevent fraud ( ) c) Minimize errors ( ) d) Minimize misappropriations of assets ( ) e) Efficiency in operations ( )

17) Has the Board been annually presented with accurate financial statements by the management? a) Yes ( ) (b) No ( ) (c) Not sure ( )

18) What are hindrances faced by your organization in the implementation of internal control system? a) Inadequate resources ( ) b) Uncooperative management ( ) c) Unclear policies ( ) d) Quality of staff ( ) e) Quality of internal audit ( )

40 19) To what extent has the internal control system been hindered in its implementation? a) Very severe ( ) (b) Severe ( ) ( c) Minimal ( ) d) No hindrance ( }

20) What are the solutions put in place to make the interna~ control more effective? a) Independence of the internal auditor ( ) b) Allocate more resources ( ) c) Improve the quality of staff ( ) d) Strengthen organization policies ( )

Thank you for your time and co-operation.

41 References:

th C. Rollin Niswonger and el al (1977) Accounting principles, 12 , edition, south-western published Co. Cincinnati, Ohio- USA.

Garry A. porter and Curtis L. Norton (1995).Financial accounting, the impact on decision makers, ih, editions, Harcourt brace college published by fort worth, Philadelphia - USA.

Belverd E. Needles and el al (2002). Principle of accounting, instructor's annotated edition (ISBN) published by Houghton Mifflin Co. Boston- USA.

Walter B. Meigs and Robert F. Meigs (1987). Accounting the basis for business decisions, ih, edition, Mc Graw- hill. New York- USA.

Weygrandt and el al (2002). Accounting principles, 6th edition, published in Canada.

Horngren and el al (1995). Accounting, 3rd edition, prentice- Hill, Inc.

Harry Simons and Jay M. Smith (1972). Intermediate Accounting-A comprehensive volume, 5th edition, published by south-western publishing Co. Brighton, England.

Kermit D. Larson and Paul B.W. Miller (1993). Fundamental of accounting principles, 13th edition, printed in USA.

Alvina A. Arens and James K. Loebrecke (1994}. Auditing an integrated approach, 6th edition, prentice hall, Englewood diffs, new jersey- USA.

Garry Desser, Principles and practices for tomorrow leaders, 3rd edition. Prentice hall.

42 William F. Messier (2003). Auditing and assurance services -a systematic approach, 3rd edition, Mc graw-hill.

Jack E. Kiger and James H. scheiner, (1997). Introduction to Auditing, 2nd edition, Houghton Miffin Co. Boston- USA.

William C. Boynton and Walter G. Kell (1996). Modern Auditing, 6th edition, published by John Wiley and Sons Inc.

Dan M. Guy and el al (1999). The Auditing environment, 5th edition, Dryden press Harcourt brace college.