International Research Journal of Finance and Economics ISSN 1450-2887 Issue 27 (2009) EuroJournals Publishing, Inc. 2009 http://www.eurojournals.com/finance.

htm

Evaluation of Internal Control Systems: A Case Study from Uganda

Angella Amudo Maastricht School of Management, Endepolsdomein 150 6229 EP Maastricht, The Netherlands E-mail: amudo@msm.nl Eno L. Inanga Maastricht School of Management, Endepolsdomein 150 6229 EP Maastricht, The Netherlands E-mail: inanga@msm.nl Tel: +31 43 387 08 08; Fax: +31 43 387 08 00 Abstract Internal control systems is a topical issue following global fraudulent financial reporting and accounting scandals in both developed and developing countries. A proactive preventive approach to the problem requires a critical evaluation of existing internal control structures in organizations to determine their capacity to ensure that the organizations activities are carried out in accordance with established goals, policies and procedures. This study is on the Regional Member Countries (RMCs) of the African Development Bank Group (AfDB) focusing on Uganda in East Africa. This paper develops a conceptual model used in evaluating the internal control systems in Public Sector Projects in Uganda financed by the African Development Bank. The outcome of the evaluation process is that some control components of effective internal control systems are lacking in these projects. This renders the current control structures ineffective. The study ends with recommendations to improve the existing internal control systems in the projects and suggests areas for further research.

Keywords: AfDB, RMCs, internal controls, Projects, evaluation, Uganda

1. Introduction and Overview

When companies suddenly collapse, the often-resounding question is, what went wrong? A breakdown in the internal control system is the usual cause. Internal control is a process that guides an organization towards achieving its objectives. These objectives include operational efficiency and effectiveness, reliability of financial reporting, and compliance with relevant laws and regulations (COSO 1992). Absence of these variables often results in organizational failure. The findings of the Treadway Commission Report of 1987 in the United States (USA) confirmed absence of, or weak, internal controls as the primary cause of many cases of fraudulent company financial reporting. The widespread global corporate accounting scandals that assumes near epidemic proportions in recent years inform this study. Notable cases include Enron and WorldCom in the USA, Parmalat in Europe, and ChuoAoyama in Asia. In South Africa, cases of accounting scandals have been recorded

International Research Journal of Finance and Economics - Issue 27 (2009)

125

in JCI and Randgold and Exploration companies. In Nigeria, the Managing Director and Chief Financial Officer of Cadbury Nigeria plc were dismissed in 2006 for inflating the profits of the company for some years before the companys foreign partner acquired controlling interest. These scandals emphasize the need to evaluate, scrutinize, and formulate systems of checks and balances to guide corporate executives in decision-making. These executives are legally and morally obliged to produce honest, reliable, accurate and informative corporate financial reports periodically.

2. Objectives of the Paper

This paper evaluates the internal control systems that the regional member countries (RMCs) of the African Development Bank Group (AfDB) institute for the management of the Public Sector Projects that the Bank finances. Specifically, the paper: ascertains whether such controls provide adequate internal framework of checks and balances to ensure that project funds are utilized solely and wholly for intended development goals of poverty reduction and inducement of social, economic growth and development of the respective RMCs. provides a basis for understanding the operations of the above framework of checks and balances established by governments of the respective RMCs for the management of Public Sector Projects funded by the development partners, and whether such systems comply with globally-accepted internal control mechanisms. These objectives raise a number of questions, answered in a later section of this paper. The major question is whether or not the established internal control systems in RMCs are effective. This raises the following minor but inter-related questions: What role should internal control system play in Public Sector Projects management? Does management of these projects appreciate, understand, and clearly respond to this role? What internal control systems are currently in use? Do they include all the expected elements of internal control systems? Are internal control systems in the projects adequately documented and regularly updated as changes occur? Should the AfDB continue to lend to RMCs that do not bring a project in compliance with the requirements of established internal control systems? Do the Projects that comply with recommended internal control systems realize their goals more often than those that do not? Answering the research questions requires use of research methods to address the concerns raised. A later section of the paper discusses the methods selected and the justification of choice.

3. Justification for the Study

The AfDB operates in RMCs where corruption is prevalent and transparency often lacking. Corruption is defined as abuse of public office for private gains. Examples include: bribery, kickbacks and embezzlement of public funds (Transparency International, 2006). Corporate accounting scandals occur where the systems of internal controls are abused by those responsible for their operational effectiveness. The Corruption Perceptions Index (CPI) 2006, compiled by Transparency International covering 163 countries, reveals that majority of the African countries in the index scored within the low range of 1.9 - 3.6. Not more than five African countries scored within the range of 4.1 - 4.6. In contrast, majority of the European countries scored between 7.4 and 9.6. The Corruption Perceptions Indices suggest a prevalence of corruption in African countries. This implies that the Public Sector Projects funded by AfDB could be in countries where transparency and accountability are lacking, together with the risk of senior public officers overriding internal controls to achieve their private

126

International Research Journal of Finance and Economics - Issue 27 (2009)

gains. Given such control environment within the RMCs, the AfDB operations face difficult and challenging scenarios. Under the circumstances, the Bank has a dual mandate to provide development assistance to the projects in RMCs and ensure that project funds are spent for development purposes. These issues and the findings of the Treadway Commission Report of 1987 further justify this study that focuses on Uganda in East Africa. The study investigates whether the controls used for directing, controlling and governance of the projects in this country are effective to ensure optimal utilization of funds for economic growth and developmental purposes. The study also provides a framework for assessing and understanding the structure of the systems of internal controls currently in use in the projects. If the systems are inadequate, the study suggests best internationally recognized internal control mechanisms to project managers.

4. Internal Control Mechanisms

In response to widely publicized business failures in the USA in the late 1970s and mid-1980s, the National Commission on Fraudulent Financial Reporting (the Treadway Commission) was inaugurated to identify factors that caused fraudulent corporate financial reports and make recommendations that resolve such issues. The recommendations directly addressed the problems of weakness of internal controls and emphasized the importance of the control environment, codes of ethical conduct, management reports on effectiveness of internal controls and development of a common definition and framework of internal control. The evolutionary process of developing a generally accepted definition and framework of internal control was realized in 1992 with the publication of a landmark report on internal control: Internal Control - Integrated Framework, referred to as COSO. According to COSO (1992), the internal control system has three primary objectives: effectiveness and efficiency of operations. reliability of financial reporting. compliance with applicable laws and regulations. COSO identifies essential components of an effective internal control system as: control environment, risk assessment, control activities, procedures and practices that ensure that management objectives are achieved and risk mitigation strategies implemented, information and communication, and monitoring. These elements must be present and functioning effectively for any internal control system to achieve organizations objectives. The COSO framework may be relevant to larger organizations, but inappropriate for small ones due to costs and operational complexity. Management of small organizations may not need formal internal controls for the reliability of the records and other information, because of their personal involvement in the operations of the organization. This raises a question whether the controls of small companies should be as complex as those of large companies for them to be effective. The COSO framework did not recognize and capture the delicate balance between formal and informal controls in smaller organizations. Furthermore, how can small companies internal controls be effective when only few of the components recommended by COSO are present and yet the controls could still be effective? COSO did not address this question. The final weakness of the COSO mechanism is failure to recognize Information Technology (IT) as one of the major control components. IT is crucial to an internal control framework. Today, organizations use IT for initiation, authorization, recording and processing of transactions. IT ensures effectiveness of internal controls. However, COSOs failure to recognize IT as a control component motivated other bodies to design and develop frameworks to remedy the omission. One such framework is the Control Objectives for Information and Related Technology (COBIT 1996, 1998, 2000, 2005, 2007). COBIT identifies IT resources as a source of information needed by organizations processes. The five types of IT resources are people, application systems, technology, facilities and data. COBIT groups the organizations individual activities within an IT environment into processes and domains.

International Research Journal of Finance and Economics - Issue 27 (2009)

127

The domains are: planning and organization with eleven processes; acquisition and implementation six processes; delivery and support thirteen processes, and monitoring four processes.

5. Conceptual Framework
Most of the literature on internal control frameworks includes information and communication as one of the internal control components. Smooth flow of information and communication across and within the organization is influenced by the nature of the working relationship within the organization at all levels. The working relationship coordinates organizations activities to achieve goal congruence. When effective working relationship exists in an organization, delegation of responsibilities is achieved. Then internal control functions as intended. However, when a communication gap exists for any reason, sub-optimization results with adverse consequences. Some internal control frameworks place unnecessary emphasis on detailed explanation of the different components of the system and methods for their design. They ignore details on how each of the components can be measured to assess their effectiveness. This causes a dilemma. For example, where two managers use different methods to measure the same subject and arrive at different conclusions. A challenge arises in ascertaining who is right or wrong. When a common benchmark for evaluation of measured results is missing, knowing the right approach becomes difficult. Other internal control frameworks ignore where one or more components are missing within a given structure, but are compensated for with other controls in other components. For example, in small companies segregation of duties is not possible, but is compensated by managements involvement in the day-to-day supervision, verification and review of records and processes, to ensure controls function effectively. Under the situation, all components of an effective internal control system may not be present but the system could still function effectively. The challenge is ascertainment of the effectiveness of the system. When such management styles extend to large organizations unscrupulous managers of these organizations can manipulate the organizations to meet their personal goals. After addressing the above limitations, internal control is a process of integrated sets of activities originated by top personnel of an organization and embedded within all the organizations activities to achieve goals. This comprises two sets of variables: dependent and independent. At the forefront of the independent variables is the influence of authority that ensures the independent variables function to generate the outcome of the dependent variable. Figure 1 shows the conceptual framework components of dependent and independent variables. The effectiveness of internal control is the dependent variable. This is achieved by the presence and proper functioning of all the predefined independent variables in relation to each category of the organizations objectives. Proper functioning of independent variables provides reasonable assurance of proper functioning of dependent variable. Then the organization realizes preset objectives of efficient and effective operations, generation of accurate, reliable and informative financial reports that comply with relevant legal and regulatory requirements. The objectives are overlapping. This means efficient and effective operations produces accurate, reliable and informative financial reports that comply with applicable laws and regulations.

128

International Research Journal of Finance and Economics - Issue 27 (2009)

Figure 1: Conceptual framework of internal control

Control environment
Authority

Invigorates independent variables

Risk assessment 1 Control activities Information & communication Monitoring Effectiveness of internal control Dependent variable 2 3 Objectives

I Technology

Independent variables

Working relationships

Objectives of the organisation are achieved when interferences on the variables caused by working relationships are taken into consideration

Source: Researchers Design

The objectives, depicting overlapping interrelationships are numbered 1, 2 and 3 in Figure 1 (1) include efficiency and effectiveness of operations (2) accuracy and reliability of informative financial reporting and (3) compliance with applicable laws, regulations, policies and procedures. The independent variables determine the effectiveness of an internal control system. The presence and proper functioning of all the components of the independent variables ensures effectiveness of internal control system. This achieves each category of objectives 1, 2 and 3 in Figure 1. The independent variables comprise major and minor components. Individual minor components jointly feed into and form a specific major independent variable. The measurement of minor independent variables locates any weaknesses existing in the major independent variables. The major independent variables include: Control environment Risk assessment Control activities Information and communication Monitoring Information Technology The minor independent variables include: Authorization and approval procedures Human resource policies and practices Assignment of authority and responsibility Ineligible expenditure Accountability obligations Segregation of duties Controls over access to resources Presence of internal auditors

International Research Journal of Finance and Economics - Issue 27 (2009)

129

Verification Reconciliation Review of operating performance Supervision A direct relationship exists between the outcomes of the dependent and the independent variables. All the independent variables are relevant to each category of objectives. Internal control processes (minor independent variables) affects the effectiveness of internal control systems, which is subject to the organizations determined objectives. All the independent variables are interdependent but each has an impact on the effectiveness of internal control systems. Different approaches to the evaluation of effectiveness of internal controls are available. The study uses the model in Figure 1. In this regard, controls evaluation is a step toward achieving the studys objectives once the research questions are answered. The research questions are formulated to identify the existence or otherwise of each variable of internal control.

6. Method
The research strategies include: experiments, survey, grounded theory, ethnography, action research, cross-sectional and longitudinal studies, exploratory, descriptive and explanatory studies and case studies (Saunders, Lewis, and Thornhill 2003). The study uses a case study method. The justification is that the study investigates details of a real life phenomenon using multiple sources of evidence. The sources of evidence are data collected through: questionnaires, interviews, observations, and documentary analysis. Since this study involves an investigation of whether internal control systems established by the RMCs of the AfDB in the management of the Public Sector Projects are effective, the case study method is used. Earl Babbie (1998 p.33) supports choice of case study method in opposition to others as follows: Whereas most research aims directly at generalized understanding, the case study aims at the comprehensive understanding of a single, idiosyncratic case. Whereas most research attempts to limit the number of variables considered, the case study seeks to maximize them. Ultimately, the researcher executing a case study typically seeks insights that will have a more generalized applicability beyond a single case under study, but the case study itself cannot ensure such generalizability. The case study method also generates answers to the what? and how? research questions asked in this study. This method also enables in-depth documentary analysis, extraction of data and information specific to an organization and use of confidential information tailored to suit the study. For instance documentary analysis of aide memoirs, audit reports, country portfolio review reports, and documents collected from the Banks database. The audited project reports ascertain whether internal control systems are effective or not based on the findings of the external auditors in auditing the projects. The audited reports that this study examines are from the Banks fiscal year 2006. This fiscal year is selected because the Banks Board of Governors approved a new organizational structure on 1 January 2002 and the Banks first strategic plan 2003-2007 (African Development Bank Strategic Plan 2003-2007). The reforms set new policies and procedures to adapt the new organizational structure to suit decentralized activities and delegated authority to perform those activities to Field Offices. Included in the reforms are new policies and procedures for improved portfolio management, business processes and client service. June 2006 has been selected to evaluate the functioning of the new policies and procedures for portfolio management, business processes and client service, effected in 2002. The main reason for evaluation of this fiscal year is enormity of the resources the AfDB channels to Public Sector Projects and critical evaluation of the internal control systems used in management of these resources. This leads to optimum resource use through accountable and transparent mechanisms that fuel the much-needed development in the RMCs.

130

International Research Journal of Finance and Economics - Issue 27 (2009)

The research process builds on development of knowledge of the subject matter. Saunders et al. (2003) presents three views on research process. The first is Interpretivism. Interpretivism argues that to develop knowledge, interpreting and understanding the situation being studied is required in order to appreciate the motives, actions and intentions of the research participants. According to this view, knowledge develops from the understanding that organizations experience frequent changes that makes what was relevant yesterday irrelevant to the same organization in the future. The second view is realism. Realism develops knowledge on the premise that external social factors and processes independent of human thoughts and beliefs exists, which make people interpret situations differently and arrive at different conclusions on the same subject matter, without their knowledge of existence of such factors. Positivism assumes that the researcher is independent of, and neither affects nor is affected by the subject of the research (Remenyi et al. cited by Saunders et al. 2003). Another assumption is the researcher as an objective analyst interprets collected data in a free manner emphasizing the use of highly structured method and quantifiable observations that uses statistical analysis. Under positivism approach, knowledge builds from using quantitative data which undergoes statistical processing, analysis and interpretation Since the causal relationships between the dependent and independent variables of internal controls in the Public Sector Projects are to be tested and analyzed statistically, positivism approach is selected for the development of knowledge of this study. With the research philosophy for the study in place, choice of research approach is the next logical step. Saunders et al. (2003) identifies two research approaches: deductive and inductive. Inductive approach first collects data and develops theory based on the results of analyzed data. The deductive approach on the other hand explains causal relationships between variables. Research hypothesis are developed and research strategies designed to test them. Quantitative data is used in testing hypotheses. Qualitative data can also be used. In deductive approach, the researcher is independent of observed phenomenon and the research uses highly structured methodology to facilitate replication (Gill and Johnson 1997; cited by Saunders, et al. 2003). A further argument is that the concepts of the research are operationalized to measure quantitatively the relationship between relevant variables. This study establishes the causal relationships between the dependent and independent variables of internal control system through quantitative operationalization of the identified variables. The quantified observations are processed and the results measured statistically to obtain evidence on the relationships between the variables. Understanding the research framework is important so as to know areas of focus when evaluating the internal control systems. The evaluation scope includes: project-level controls, period end financial reporting processes and IT controls. Public Sector Projects for this purpose are selected from one RMC, Uganda. The evaluation of effectiveness of internal control involves control elements of identified major independent, in relation to the dependent variables. Processes that impact significantly the project objectives are included in the evaluation. Understanding and analyzing the overall internal control environment, risk assessment, control activities, information and communication, monitoring of operations are critical to this study. The validating procedures are review of aide memoirs, audit reports, management letters and country portfolio review report. The financial reporting processes evaluated include controls that affect reliability of financial reporting. The processes are: authorization procedures, segregation of duties, reconciliation of key accounts, updating of books of accounts and records. This information evaluates whether key controls in place reduce the risk of material misstatements. Focusing on both material fraud and material errors or omissions identifies risk. Evaluation of the design of effectiveness of internal control requires reviewing appropriate documentation; directing relevant questions to employees and observing the process and underlying control techniques. Evaluation of operational effectiveness of internal control requires review of appropriate documentation, interviewing appropriate employees, inspecting operational evidence of internal control, and appraising the results of project management selfassessment on control operational effectiveness.

International Research Journal of Finance and Economics - Issue 27 (2009)

131

The significance of IT role in internal controls effectiveness calls for, IT general controls evaluation. These include: IT development and maintenance processes, system operations management, system security management (access controls for internal and external parties) and contract management of service organizations. Control deficiencies are automatic material weaknesses. They must be evaluated to determine their impact on IT applications controls. IT controls are evaluated through understanding organizational structure of IT functions, IT specific policies and procedures, hardware, key software, networks and use of service organization. Since IT applications controls are embedded in project processes, these controls are evaluated to determine design and operational effectiveness, completeness, input data accuracy and validity, adjustment of error data and reprocessing, master data accuracy and access control. In this study internal control systems are evaluated in the context of the Projects financed by AfDB. A useful starting is the categorization of the Banks RMCs.

7. Grouping of the African Development Bank Group (AfDB) member countries

The principal activities of the AfDB are financing development projects and programs in the RMCs. The RMCs are classified into three categories for financial allocations purposes (African Development Bank (2005) Basic Information). Category A comprises 38 countries with per capita gross domestic product (GDP) of less than US$540. These countries access African Development Fund (ADF) resources. The United Nations (UN) classifies them as the least developed countries, because they are economically underdeveloped with limited access to international capital markets. Category B comprises two countries with per capita GDP between US$940 and US$1,050. Nigeria and Zimbabwe are in this category and both access ADB and ADF resources. Category C comprises fourteen countries eligible only to ADB loans. Their per capita GDP is above US$ 1,050 and have high AfDB financial rating. Libya, a non-borrowing country is in this category. The Bank has approved loans and grants to finance 3,111 projects under three funding windows, since 1967 till 2005 as Table 1 shows.
Table 1:
Year Number of approvals b/f Number of ADB approvals b/f Number of ADF approvals b/f Number of NTF approvals b/f Note: The cumulative totals go as far back to initial operations of the three institutions: ADB 1967 ADF 1974 NTF 1976
Source: AfDB Statistics Division for data on operations; AfDB Financial Control Department for Data on Resources and Finance

Summary of the Banks operations for the period 2001-2005

2001 134 26 107 1 2002 118 31 84 3 2003 145 28 112 5 2004 125 23 99 2 2005 102 34 65 3 Cumulative total 3,111 991 2,045 75 Percentage 100 32 66 2

Out of the 3,111 projects, 2,045 are for ADF, 991 for ADB and 75 for Nigerian Trust Fund (NTF) windows respectively. The Banks concessional loans and grants finances 66 percent of the projects portfolio in category A countries. These countries are among the poorest in the world and they constitute 73 percent of the RMCs of AfDB (African Development Bank 2006 Financial Profile.

132

International Research Journal of Finance and Economics - Issue 27 (2009)

This affirms that majority of the Banks projects are financed from ADF resources. Uganda in East Africa is selected for this study. The Bank grants concessional loans to support each countrys economic and social development initiative. The loans designed to aid the development needs of the RMCs have a repayment term of 50-year with a 10-year grace period. The 2006 Corruption Perceptions Index (CPI) of the Banks category A countries are within the range of 1.9 3.3. Thus the Bank operates in environments characterized by high level of corruption. Consequently, accountability and transparency are lacking. Yet the Banks concessional lending arm relies on the capital replenishment by member nations in order to continue lending operations. The Banks 2005 approvals confirm that ADF funded projects are sector-specific. The RMCs identifies specific sectors to which development assistance is channeled. The development of such sectors has the greatest development impact on the countrys overall economic production and living standards. In line with the RMC development strategy and the Banks strategic orientations, priorities and operational guiding principles, the Bank focuses funding on: agriculture and rural development, infrastructure comprising: transport, power supply, communications, water supply and sanitation, education, health, private sector development and good governance as priority areas. Uganda selected from category A represents countries in this group with sector-specific projects and delegated authority to manage the portfolio. In line with the Banks strategic priorities and new policies and procedures effected in 2002, the Banks projects in the Uganda Portfolio are in priority areas of intervention as shown in Table 2.
Table 2: A snap shot of the Banks Active Public Sector Uganda Portfolio (UA Millions)
Sectors Agriculture & Rural Development Industry & Mining Water Supply & Sanitation Social Transport Multi-sector Total No. of Operations 5 1 2 3 2 1 14 Amount Approved 117.23 5.35 58.41 69.82 43.50 9.00 303.32 Breakdown by Sector (%) 38.65 1.76 19.26 23.02 14.34 2.97 100 Cumulative Disbursements 12.81 0.10 8.10 61.38 8.60 0.80 91.79 % Disbursed 10.93 1.87 13.87 87.91 19.77 8.89 30.26

Source: African Development Bank Uganda Field Office Country Portfolio Review Report 2007

This study evaluates the controls that the government of Uganda implements for management of these projects to assess their effectiveness.

8. Data analysis and discussion of findings

Table 2 shows 14 projects of the Banks Public Sector Portfolio in Uganda. The data received and analyzed are for eleven projects. Three projects are omitted because they are not fully operational to install effective internal control systems. The management letters of the eleven projects analyzed drew managements attention to weaknesses in the internal controls in the respective projects. The weaknesses concern minor independent variables of the major independent variables of the control system. The study classifies the weaknesses in each project under the following minor independent variables: authorization, verification, segregation of duties, accountability, ineligible expenditure, operations and procurement processes. The analysis determines the financial costs of non-compliance with laid down policies and procedures to ascertain whether such costs are material to the achievement of the objectives of the organization. This study also observes and quantifies the frequency of non-compliance of each project with applicable policies and procedures. The monetary costs of non-compliance is extracted and

International Research Journal of Finance and Economics - Issue 27 (2009)

133

recorded. This enables the relationship between the dependent and independent variables to be measured quantitatively. This determines in financial terms the level of materiality of non-compliance in relation to funds disbursed to the respective projects per sector. Materiality level is set by dividing the cost of noncompliance by the total funds disbursed to each project as at 30 June 2006. The result in excess of 5 percent means that both the dependent variable and the organizations objectives are distorted. This means non-compliance with laid down policies and procedures, where a significant proportion of projects funds are either rightly or wrongly spent in a manner consistent or not with the laid down policies and procedures. The figure of 5 percent is an estimate from the researchers judgment of what is material. Information is material if omission or misstatement of such in a financial statement influences the economic decisions of users that are based on the financial statements. Materiality is relative and depends on the error judged in particular scenarios of omission or misstatement. The following equation demonstrates the structure: Materiality = Total cost of non-compliance with policies and procedures per sector *100 Total amount of funds disbursed to the projects per sector The variables in the above equation are identifiable on a case-by-case basis at the individual project level. A template was opened in an Excel worksheet to which relevant information was posted and stored. The frequency of each observation and the corresponding values were extracted. The findings were classified, recorded and updated under the minor independent variables in the excel worksheet. These findings were summed up on a sector-by-sector basis for all the projects in the Uganda portfolio. The materiality level computed to determine whether non-compliance with minor independent variables has an impact on effective functioning of the internal controls as explained above. Figure 2 shows the results per sector.
Figure 2: Materiality level
Total monetary value of non compliance as a proportion of total disbursed funds per sector as at 30 June 2006 18.00% 16.00% 14.00% 12.00% Materiality 10.00% 8.00% 6.00% 4.00% 2.00% 0.00% Agriculture (4) Materiality per sector 8.93% Industry (1) 4.92% Multisector (1) 16.67% Social (3) 11.54% Transport (1) 2.53%

Water & Sanitation (1) 7.51%

Source: African Development Bank Uganda Field Office Country Portfolio Review Report

In Figure 2, materiality of agriculture is 8.9 percent, industry 4.9 percent, multi-sector 16.7 percent, social 11.5 percent, transport 2.5 percent and water and sanitation 7.5 percent. In comparison with a 5 percent benchmark, the results imply that the proportions of non-compliance in the following sectors are material: agriculture, industry, multi-sector, social, water and sanitation. In transport sector,

134

International Research Journal of Finance and Economics - Issue 27 (2009)

the result indicates that non-compliance is immaterial. The results indicate that a significant proportion of the ADF project funds in Uganda are spent in non-compliance with applicable policies and procedures. The projects are at risk of failure to achieve intended development objectives. A qualitative analysis to confirm whether or not such risks can materialize was carried out. Qualitative evaluation used for the above purpose requires a benchmark against which to appraise the controls in the projects. A conceptual model in Figure 1 is used for this purpose. The conceptual model in Figure 1 identifies three objectives of the effectiveness of internal control systems. The first is operational efficiency and effectiveness. Effectiveness relates to the quality of controls over the achievement of specific management objectives, while efficiency addresses the quality of controls yielding an optimum measure of resource inputs to productive outputs. This objective determines whether the organization is reasonably assured that no material inefficiencies exist in the organization or the processes. The second objective related to the first one, is accuracy of financial reports and statements produced. This objective emphasizes the adequacy and effectiveness of management controls governing the reliability of financial data used for external reporting. The third is the organizations compliance with applicable laws, regulations, policies and procedures. This focuses on the adequacy and effectiveness of management controls that govern adherence to external laws and regulations. This checks the correlation between the laws and entitys procedures and actual practice. This study identifies the following six essential components of an effective internal control system: control environment, risk assessment, control activities, information and communications, monitoring and information technology. The model includes working relationships, which is taken into account to achieve effective functioning of the six core control components. These six control components are assessed before expressing opinion on the design and effectiveness of the overall internal control systems. But this alone cannot identify the exact weaknesses in the internal controls. To do this, core control components are broken down into minor independent variables and those that fall under each of the major independent variables identified. The control components instituted for management of these projects are measured against the components identified in the benchmark. Each of the models major independent variable is defined using several minor independent variables, which are used for rating the effectiveness of controls in the projects, and locate internal control weaknesses. To understand and apply the criteria to control components the analysis uses binary numbers of 0 and 1 as ratings. A rating of 1 reflects a control component with control problem, while 0 rating signifies a control component with no control problem.

International Research Journal of Finance and Economics - Issue 27 (2009)

Table 3: Criteria for rating internal control components
Rating criteria for internal control components as defined by the Benchmark Control Components Control environment Criteria for a 1 rating

135

Information & Communication

Minor independent variables Organizational structure does not adequately reflect chain of command Human resource policies and procedures not documented & updated Responsibilities are delegated and no follow up action is made to get feedback on results of performance of tasks delegated Not practicing honest and fair dealings with all stakeholders for the benefit of the projects. Management has not defined appropriate objectives for the projects The defined objectives are not compatible with the development objectives of the projects. Management has not identified risks that affect achievement of the objectives. Management does not have a criteria for ascertainment of which risks to the projects are most critical. Management has not put in place mechanisms for mitigation of critical operating risks that may arise. Documentary analysis of projects data and information identifies risks not contemplated by management. Key control activities of the projects are not functioning as intended: Transactions are not authorized There is no segregation of duties. Verifications of transactions before making payments are not done. Key accounts records like bank, cashbooks, loans, accounts payables etc are not reconciled on a regular basis. There is no control over access to resources There is no accountability of funds advanced for projects activities Management does not review operations Internal auditors are not present and where present there is limitation in scope of their responsibilities by management. Procedures have not been documented/ regularly updated in respective manual for example finance, staff rules and regulations and operations manuals Staffs are not supervised while they carry out their schedule of duties. Control activities designed for running the projects do not adequately reflect managements risk mitigation strategies. Key criteria for evaluating performance are not identified, collected and communicated. Employees do not understand their control responsibilities. Complaints and disputes by suppliers are not resolved in a timely manner. There are no independent process checks or independent evaluations of controls activities on ongoing basis. No internal reviews of implementation of projects No IT security procedures for accessing projects master data files No restriction of personnel in accessing all levels of different modules in computer applications

Major independent variables

Source: Researchers design

Table 3 defines each major independent variable with a set of corresponding minor independent variables, used as criteria for rating the effectiveness of controls in the projects. Each major

Information Monitoring technology

Control activities

Risk assessment

136

International Research Journal of Finance and Economics - Issue 27 (2009)

independent variable and their respective minor independent variables have to ensure consistency in the evaluation process. The assigned ratings must match the predefined criteria of the minor independent variables in Table 3 during evaluation. In the final evaluation, if controls provide reasonable assurance that management objectives will be achieved, a 0 rating is assigned. A 1 rating is recorded if controls do not provide such assurance. The judgments of the researchers play a significant role in assigning these ratings. However, the existence of corrective recommendations indicates a problem with the controls evaluated. The evaluation processes commences as shown in Table 4.
Table 4: Evaluation of controls of the Public Sector Projects against the models criteria
Benchmark for rating internal controls when a problem exists Minor independent variables (a) Organizational structure does not adequately reflect clear chain of command. (b) Human resource policies and procedures not documented and regularly updated. (c) Responsibilities are delegated and no follow up action is taken by management to get feedback. (d) Not practicing honest and fair dealings with all stakeholders for the benefit of the projects. (a) Management has not defined appropriate objectives for the projects. (b) The defined objectives are not compatible with the velopment objectives of the projects. (c) Management has not dentified risks that affect achievement of the objectives. (c) Projects loans remain outstanding past the repayment periods (ii) Price escalations in cost of goods,works and services nsumed by projects not identified appropriately (iii) Procurement of old and not in- calf animals for the projects (iv) Delivery of expired chemicals onlydiscovered during field inspections of projects (d) Projects outstanding loans referred to xternal lawyer for legal action & debt management unit for collection Assessment of functioning of internal control components of Public Sector Projects Minor independent variables Ratings of internal control components of Public Sector Projects 0 (a) 0 1

Control Comp.

Major independent variable Control Environment

(b) Human resource policies and procedures not updated with the requirements of new legislation. (c) 0

(b) 1

(d) Procurements done without sourcing for three quotations from three different suppliers. (a) 0

(d) 1

(b) 0

Major independent variable Risk assessment

(c) 1

(d) Management does not have criteria for determining which risks to the projects are most critical.

(d) 1

International Research Journal of Finance and Economics - Issue 27 (2009)

(e) Management has not put in place mechanisms for mitigation of critical operating risks that may arise. (e) Delays in implementation of projects activities because of delays in procurement processes. (e) Projects disbursed loans to entitys with no certificates of registration. (f) Documentary analysis of projects data and information identifies risks not contemplated by management. Control activities (a) Transactions are not authorized (f) No procurement plan in some Projects.This puts the projects at risk of wasteful expenditure. (a) Loan application forms not authorized by the ommittee. (ii) No loan applications were made and loans were granted to non members of the beneficiary organizations. (iii) Some beneficiaries were awarded loans on recommendation by Board members, no loan agreements signed and they have failed to repay the loans. (iv) Payment vouchers raised by Ministrys accountant without any input from project management. (b) Duties are not segregated. (b) Management of staff gratuity funds is not separated from management of general funds of the projects (c) No vehicle inspection reports for revalued vehicles in some projects. Reliability can not be placed on their values in financial reports (d) (i) Some projects bank reconciliation statementscould not be traced on file. (f) 1 (e) 1

137

(a) 1

(b) 1

(c) Verifications of transactions are not done.

(c) 1

(d) Key accounts records not reconciled on a regular basis.

(d) 1

138

International Research Journal of Finance and Economics - Issue 27 (2009)

(ii) Loan account balances not reconciled. Outstanding loan balances affect loan balances shown in the final accounts (e) Proper books and records of accounts are not kept. (e) (i) Some projects bank account balances as at 30 June, 2006 did not tally with bank reconciliation statements and bank statementbalances. (ii) Ledgers maintained at District levels not reliable No linkage with mainstream accounting system at Head Office. (iii) Fixed assets registers not kept and in few projects that keep them, they are not updated. (iv) List of loan beneficiaries from projects was not kept. (v) Bank statements and some loan files not kept by projects. (vi) No copy of loan agreement for loans. Cashbook, loan ledger cards were not kept. (vii) General ledgers are not kept and no up to date records. (viii) Books of accounts for financial reporting not kept. (f) (f) 0 (g) Advance of projects funds to staff not accounted for and no documentary evidence to prove intended activities were carried out. (h) Physical inspection of assets is not done regularly, to track movement of assets (i) Accountabilities are retired without being examined by auditors. (j) Conflicting staff loan policy manual with human resources manual. Ineligible loans given to staff (ii) No financial operations manual for some projects (g) 1 (e) 1

(f) There is no control over access to resources. (g)There is no accountability of funds advanced for projects activities

(h)Management does not review operation

(h) 1

(i) Internal auditors are not present and where present there is limitation in scope of their responsibilities by management (j) Procedures have not been documented/ regularly updated in respective manuals

(i) 1

(j) 1

International Research Journal of Finance and Economics - Issue 27 (2009)

(k)Staffs are not supervised while they carry out their schedule of duties. (l) Projects fixed assets are not engraved. (k) Projects accountants work not reviewed, bank reconciliations were inaccurate (l) roject fixed assets are not engraved. Recovery of fixed assets becomes difficult in case of loss (m) (i) Most projects invoices and office expenditures are not stamped with PAID stamp. (ii) Software does not reconcile outstanding loan balances to the general ledger accurately (iii) No motor vehicle movement registers in use for projects vehicles variableInformation Major independent & communication (a) Key criteria for evaluating performance are not identified, collected and communicated. (b) Employees do not understand their control responsibilities. (c) Complaints and disputes by suppliers are not resolved in a timely manner (a) There are no independent process checks or independent evaluations of controls activities on ongoing basis. (b) No internal reviews of implementation of projects (a) 0 (k) 1

139

(l) 1

(m) Control activities designed for running the projects do not adequately reflect managements risk mitigation strategies.

(m) 1

(b) 0 (c) 0

(a) 0

variableMonitoring

Major independent

(b) No monitoring & evaluation of projects implementation undertaken by management as stipulated in project appraisal reports.

(b) 1

Variable Information

Major independent

Technology

(a) No IT security procedures for accessing projects master data files. (b)No restriction of personnel to access of different levels of the system

(a) 0

(b) 0

Source: Researchers design

140

International Research Journal of Finance and Economics - Issue 27 (2009)

The findings of this study are summarized in Table 5 that determines whether project controls provide reasonable assurance that managements objectives are achieved.
Table 5: Control evaluation form

The Public Sector Projects Control Evaluation Form Report Title: Evaluation of internal control systems: A Case study from Uganda Project No: 1 Report No: 1 Report Date: 29 August 2007 Project Leader: Angella Amudo Project Specialist: Eno L. Inanga Ratings Models objectives 0: No problem exists Effectiveness and Reliability of financial Compliance with laws, efficiency of reporting regulations, policies and 1: Problem exists operations procedures Control environment 1 1 1 Benchmark control components Risk assessment Control activities Information Communication Monitoring Information Technology & 1 1 0 1 0 1 1 0 1 0 1 1 1 0 1 0 1

Overall 1 Detailed analysis of the above ratings is done in section 8 of this paper.
Source: Researchers design

Analysis and interpretation of the evaluation results in Table 5 generate interesting findings. Control environment attained a rating of 1. This indicates a possible problem with the control environment. An assumption was made that soft controls exist. During evaluation process this turned out to be otherwise. The implication is that the organizational structure with defined lines of authority and responsibilities needs competent management that is committed to proper use of the authority assigned to him or her by the structure to engage in genuine dealings with third parties and stakeholder for the benefit of the projects at all times. As a foundation upon which all other control components depend, this poses a challenge to the effective functioning of other control components. For example, updating the human resource policies and procedures are affected as a result. The evaluation informs that, one of the challenges of the internal control systems in AfDB-financed Projects in Uganda is weakness in the control environment. The risk assessment has a rating of 1. This indicates that project management ignored the mechanisms to mitigate risks that threaten achievement of the projects objectives. The risks; delivery of expired chemicals and unsuitable animals for projects activities came to managements attention during and after field visits. The implication is that management did not anticipate and plan for the risk of delivery of unsuitable materials for projects activities. When such risks are identified through documentary analysis, a 1 rating is awarded on this observation alone, even when the project objectives are defined and compatible with both development and the Banks objectives. When a risk factor is known in this manner, the other defined objectives become non-functional. The results of control activities in the evaluation form indicate a 1 rating. This means control activities in these projects have problems with minor independent variables, thus not functioning as they should due to weaknesses in the control environment. For example reconciliation of key accounts records is not carried out. This results in errors and undetected fraudulent transactions in account books and records. Poor record keeping and management incompetence results in substantial losses to these projects.

International Research Journal of Finance and Economics - Issue 27 (2009)

141

The information and communication results in the evaluation scored a rating of 0, indicating absence of a problem. This means that the criteria for performance evaluation are known by employees and employees understand their internal control responsibilities. Furthermore, complaints that arise whether from suppliers or employees are handled expeditiously. In conclusion, controls functions as intended. The monitoring results scored a rating of 1, indicating that a problem exists. Documentary analyses reveal that the Bank established an independent check. However, monitoring and evaluations of implementations of project activities are not carried out. This delays allocation of funds and assessment of project implementation against yearly work plans. Timely monitoring leads to identification and correction of emergent problems. This is more effective than independent process checks carried out annually. Internal reviews compensate few independent annual checks carried out by external parties. IT attained 0 rating, indicating absence of a problem with the information technology controls in place. This is confirmed by access to resources that attained a rating of 0, although the overall rating changed to 1. The study evaluates minor independent variables to locate weaknesses in the major independent variables. This succeeded because the findings of the study identified where weaknesses exists. For example, weaknesses are in: updating human resource policies and procedures; duties are not segregated; key records are not reconciled; proper books of accounts are not kept; ineligible expenditures are incurred; funds advanced are not accounted for to mention a few. The impact of these findings on managements objectives determines whether or not internal controls are effective The evaluation results of overall ratings in relation to managements objectives show that effectiveness and efficiency of operations attained a rating of 1, indicating a problem. This is consistent with the materiality level results in Figure 2. For instance, material amount of project funds advanced to staff for projects activities are not accounted for. Thus controls do not function as stipulated. Optimum spending on projects activities cannot be ascertained. Reliability of financial reporting also scored a 1 rating, meaning that controls in these projects do not provide reasonable assurance of accurate and reliable financial reporting on the projects. The evaluation results confirm that projects transactions and events are not verified; books and records of accounts are not complete. The general ledger is missing and, as a result, key accounts not reconciled, fixed assets registers are not updated. Relying on the information presented in the projects balance sheet on assets and liabilities is difficult. This is because some project assets are revalued but not verified by professional evaluators. When key accounts are not reconciled, determining the exact amount of project debtors and the project indebtedness to creditors becomes difficult. This affects the quality of financial information generated by the control processes that feeds into financial reports. This will be inaccurate and thus affects the reliability of financial reports. Compliance with the laws and regulations also attained a rating of 1, which means that controls do indicate managements non-compliance with applicable laws, regulations, policies and procedures. The materiality level affirms this position. Non-compliance with Income Tax Act, Financing Agreement, Ugandan Government financial regulations, procurement policies and procedures, are major items of noncompliance monetary values included in the computation of the materiality levels. Since non-compliance is material and reaffirmed by the evaluation processes of the study, a conclusion is that controls in this area is not functioning as intended and, as a result, are ineffective. Based on the above results, the benchmark states that all the six major independent variables must be present and functioning properly for internal controls to be effective. From the above analysis and in line with the evaluation results of operational efficiency and effectiveness, reliability of financial reports, and compliance with applicable laws and regulations, this is not the case. This is because not all the six major independent variables are present and functioning properly. For major independent variables, only information and communication and IT are present and functioning properly. The other four are not functioning. With this information and the analysis carried out, the study now answers the research questions raised in section 2.

142

International Research Journal of Finance and Economics - Issue 27 (2009)

9. Research Questions and Answers

The project documents analyzed in the study confirm management design and implement controls to steer the AfDB projects in Uganda to achieve the identified objectives of operational effectiveness and efficiency, accurate and reliable financial reports which comply with applicable laws and regulations and management compliance with the established internal control policies and procedures. The study also identifies variance between expectations and realizations. For example, the Banks procurement policies and procedures require management to obtain at least three quotations from three different suppliers for purchases above established threshold. This is to compare and select the lowest price for the highest quality item to meet the objectives of economy and efficiency of operations (Banks procurement rules and procedures). When management disregards these rules no comparison of prices is made to ensure the highest quality items are acquired at the lowest price. The actual role of internal control then differs from expected role. The evaluation results reveal the internal control structure policies and procedures in existence in these projects as: Control over preparation of withdrawal applications of funds Control over bank and cash balances Control over purchases and payments Control over payroll Monitoring, evaluation and reporting The challenge of these internal controls is weakness in the control environment. Since this is a foundation of other control components, controls are designed and implemented poorly. Noncompliance with established policies and procedures is common practice. In this study, the findings are that not all globally accepted elements of effective internal control system are present in the internal control structure of these projects. This renders the project controls ineffective when measured against recognized control framework of an effective internal control system. These challenges are addressable by instituting a code of ethical conduct to guide management in their operations. All project personnel in executing day-to-day transactions are required to observe this code. The structure of internal control systems is strengthened through incorporation of missing elements of an effective internal control as Figure 1 shows. The study demonstrates that the internal control systems are documented in some projects and in others not. Where policies and procedures are documented they are not updated with changing legislations, regulations, policies and procedures. Adherence to outdated policies and procedures has adverse consequences on the projects. As the Banks mission is to aid development initiatives in the RMCs, the risk of lending to the RMCs that do not comply with internal controls requirements is high. This risk is avoided if the Bank introduces heavy penalties on countries that do not maintain sound internal control systems for the management of projects funds. Poor internal controls undermine development initiative because funds are not utilized for intended development purposes. This also undermines development efforts pursued by the Bank and the RMCs. The project management non-compliance with the financing agreements, government of Uganda financial regulations, established policies and procedures are the weaknesses in internal control systems, cited by auditors in the management letters. This study identifies the following violations of operation processes, authorization policies, reconciliation of accounts record and books, segregation of duties and accountability as indicated in the evaluation process. For instance, the financing agreement stipulates that the Banks funds are not for paying taxes. When counterpart funds are missing the Banks funds are used for paying taxes. Since development goals are long-term, this question is for further research and requires collection of data over a number of years.

International Research Journal of Finance and Economics - Issue 27 (2009)

143

10. Conclusions and Suggestions for Further Research

The study provides an understanding of the structure of the internal controls in these projects. Internal control structure includes policies and procedures on controls over: withdrawal applications for funds from the loan and grant accounts, bank and cash, purchases, and payments and monitoring, evaluations and reporting. These indirectly fall under the six control components recommended by the model. On the outset, they are inadequate as a control mechanism. Risk assessment component and other components should be categorically and directly designed, embedded within the rest of the activities, and spelt out in the control structure. This is why, when the components were measured against the models control components, they were ineffective. Suggestions for improvements to the concerned parties are recommended. Monitoring of operations ensures effective functioning of internal controls. However, the projects paid less attention to this control component. The projects only carries out supervision mission arranged by the AfDB to identify major problems the projects experiences. These problems can be identified early if management monitors projects activities as stipulated in the appraisal reports. Not all the components of an effective internal control system recommended by the model are present in the control components of these projects. The projects concentrate on control activities, because they form majority of control activities as per the results of evaluation process. This is further supported by the internal control structure existing in these projects discussed above. Internal auditors responsibilities are limited in scope. For instance, accountability of projects funds is retired without verification by internal auditors. This leads to undetected errors. Although the internal auditor is not mandated to verify all projects transactions, he samples transactions and tests the effects of controls over them to ensure the organization is in the right track Evaluating internal controls requires measurement of minor independent variables to identify and locate weaknesses in the major independent variables of the internal control systems of these projects. The findings of the study under evaluation results are that measuring effectiveness of internal control is concerned with the existence and functioning of the six major control components identified by the model. The organizational structure with defined lines of authority and responsibilities does not ensure effective internal controls because in practice not all employees as depicted by the structure are present in the organization. The authority and responsibilities at times, does not flow as demonstrated by the organization structure because of the nature of working relationships that exist amongst personnel at different levels of the projects. The interferences caused by working relationships on controls should be addressed. The functioning of internal control systems in the Public Sector Projects in Uganda funded by the AfDB measured against the benchmark criteria of an effective internal control is that the controls in these projects are ineffective. To maintain a sound system of internal control, management should evaluate the risks the projects are exposed to, in the course of their operations. Continuous monitoring is undertaken to assess the achievement of preset objectives. The results of the study are either generalized or modified to suit the unique circumstances of the RMCs of the Bank. Out of the Banks fifty-two funded RMCs, the study was carried out only in Uganda. The adoption of the results of the study by a RMC depends on the circumstances in a particular country. If similar to the situations in Uganda they can be generally applied. In case differences exist, these are captured in the modification of the uniqueness in those respective countries. The Bank funds 3,111 projects in fifty-two RMCs. Selecting eleven projects from one RMC limits research using research methods identified in the study. Also generalization of the findings of the study to projects in other countries funded by the Bank is limited. To use selected research methods such as testing hypotheses and analysis of quantitative data using statistical tools to generalize findings to other RMCs, more countries should be included in the study to provide data for this purpose. The Bank and other development partners, assisting RMCs in poverty alleviation efforts can fund further research.

144

International Research Journal of Finance and Economics - Issue 27 (2009) African Development Bank (2002) Agreement Establishing the African Development Bank 6th Edition African Development Bank (2005) Annual Report African Development Bank Group (2005) Basic Information African Development Bank (2006) Disbursement Handbook African Development Bank (2006) Financial Profile African Development Bank (2003-2007) Strategic Plan African Development Bank Uganda Field Office (30 June 2006) Aide memoirs African Development Bank Uganda Field Office (2007) Country Portfolio Review Report African Development Bank Uganda Field Office (30 June 2006) Portfolio Audit Reports African Development Bank Rules of Procedure for Procurement of Goods and Works African Development Bank (2000) Rules of Procedure for the Use of Consultants African Development Bank Uganda Field Office (30 June 2006) Summary of Bank Group Portfolio of Ongoing and Newly Approved Projects/Programs/Studies African Development Bank (2005) Statistics Pocketbook Volume 7 African Development Bank (30 June 2006) Summary of Bank Group Portfolio of On-going and Newly Approved Projects/Programs/ Studies Country: Uganda Amudo, Angella, (2008), Evaluation of Internal Control Systems: The Case of Public Sector Projects Financed by the African Development Bank Group, An Unpublished MBA Thesis, Maastricht School of Management, The Netherlands, August. Babbie, Earl (1998) Survey Research Methods 2nd Edition. Wadsworth Publishing Company Celani Claudio (2004) The Story Behind Parmalats Bankruptcy Executive Intelligence Review January 2004 issue Champlain Jack J. (2003) Auditing Information Systems 3rd Edition. New Jersey: John Wiley & Sons, Inc. COBIT Internal Control Framework (2007), Available http://www.isaca.org/AMTemplate.cfm?Section=Downloads&Template=/ContentManagement /ContentDisplay.cfm&ContentID=34172 (Accessed: 21 July 2007). Full Volume of COBIT 4.1 Available, www.itgi.org (Accessed: 21 July 2007). COSO Definition of Internal Control, Available http://www.coso.org/key.htm (Accessed: 3 March 2007). COSO Internal Control Integrated Framework (1992), Available: http://www.coso.org/publications/executive_summary_integrated_framework.htm, (Accessed: 10 July 2007) COSO Project to Focus on Monitoring of Internal Control, Available http://www.coso.org/Publications/COSO%20Monitoring%20GT%20Final%20Release_1.8.07. pdf (Accessed: 12 July 2007) Saunders Mark, Lewis Philip & Thornhill Adrian (2003) Research Methods for Business Students 3rd Edition. United Kingdom: Prentice Hall The Vision of the African Development Bank (2005) 3rd Edition Transparency International Corruption Perceptions Index (2006) Available http://www.transparency.org/policy_research/surveys_indices/cpi/2006 (Accessed: 10 March 2007)

References
[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15]

[16] [17] [18] [19]

[20] [21] [22]

[23]

[24] [25] [26]