Azmera Mengesha Research Paper 2021_2

ST.
MARY’S UNIVERSITY
SCHOOL OF GRADUATE STUDIES
ASSESSMENT OF INTERNAL CONTROL PRACTICE

IN UNITED ALPHA COMMERCIAL PLC
ADDIS ABABA, ETHIOPIA
BY: AZMERA MENGESHA

SGS/0319/2012A
ADVISOR:
MISRAK TESFAYE (Asst. Prof.)
MAY, 2021

ST.MARY’S UNIVERSITY

A THESIS SUBMITTED TO ST. MARY’S UNIVERSITY SCHOOL OF

GRADUATE STUDIES IN PARTIAL FULFILLMENT OF THE
REQUIREMENTS FOR THE DEGREE OF MBA IN ACCOUNTING AND
FINANCE
BY: AZMERA MENGESHA

SGS/0319/2012A
MAY, 2021
I
ST.MARY’S UNIVERSITY

BY: AZMERA MENGESHA

SGS/0319/2012A
APPROVED BY BOARD OF EXAMINERS
_________________________ _____________________
Dean, Graduate Studies Signature and Date
_________________________ _____________________
Advisor Signature and Date
_________________________ _____________________
External Examiner Signature and Date
_________________________ _____________________
Internal Examiner Signature and Date
II
Declaration
I the undersigned, declared that the thesis entitled “ASSESSMENT OF INTERNAL
CONTROL PRACTICE IN UNITED ALPHA COMMERCIAL PLC ADDIS ABABA,
ETHIOPIA” is my original work, prepared under the guidance of Misrak Tesfaye (Asst.
Prof.). All the sources of materials used for this thesis have been duly acknowledged. I
further confirm that the thesis has not been submitted either in part or in full to any other
higher learning institution for the purpose of earning any degree.
NAME: Azmera Mengesha
Signature: _____________________________
Advisor’s Approval
This Research paper has been submitted for examination with my approval as a university advisor.
Advisor: Misrak Tesfaye (Asst. Prof.)
Signature: _____________________________
ST. MARY’S UNIVERSITY
MAY, 2021
ADDIS ABABA
III
Dedication
I dedicate this thesis to my mother Senbetu G/Selassie (Adeway) for nursing me with
affection and love and her dedicated partnership for success in my life.
IV
Acknowledgements
In the beginning I am indebted to the Almighty God and His mother “St. Marry” forgiving
me knowledge, patience and commitment to accomplish the work.
I would like to express my deepest heartfelt thanks to my Advisor Misrak Tesfaye (Ass.Prof.)
for his limitless effort, encouragement, academic stimulation as well as productive and
helpful comments starting from the research proposal to the end of thesis write up. Without
his encouragement, guidance, and professional expertise, the completion of this work may
not have been possible. I am highly indebted to all his patient and vigilant support to
successfully finalize the thesis on time.
Special appreciation is given to Bire, Bise, Dr. Filmon, Koki and all my sisters for their
constant encouragement and help in all my endeavors.
My appreciation also goes to United Alpha Commercial PLC employees for their great
cooperation during the data collection process and every support they provided me.
Finally, I want to express my deepest thanks to Ato G/Selassie G/annenia, Ato Djemal
Suleiman, Ato Biniam G/annenia, my colleagues, and all those who encouraged me, which I
did not mention their names, by providing all the necessary support in my endeavor.
V
Table of Contents
Acknowledgements ..................................................................................................................... V
Table of Contents....................................................................................................................... VI
List of Tables ........................................................................................................................... VIII
List of Acronyms ....................................................................................................................... IX
Abstract ...................................................................................................................................... X
1. INTRODUCDTION ............................................................................................................ 1
1.1. Background of the study ............................................................................................ 1
1.2. Background of the organization ................................................................................... 2
1.3. Statement of the problem .......................................................................................... 3
1.4. Research Questions ....................................................................................................... 4
1.5. Objective of the study ................................................................................................... 4
1.5.1. General objective of the study ........................................................................... 4
1.5.2. Specific Objectives .............................................................................................. 4
1.6. Significance of the study ................................................................................................ 4
1.7. Scope of the study ......................................................................................................... 5
1.8. Limitation of the study .................................................................................................. 5
1.9. Organization of the Paper .............................................................................................. 5
CHAPTER TWO ........................................................................................................................ 7
2. REVIEW OF RELATED LITERATURE ........................................................................... 7
2.1. Theoretical Literature Review ........................................................................................ 7
2.1.1. Definition of Internal Control ............................................................................... 7
2.1.2. Importance of Internal Control System ................................................................ 8
2.1.3. Objectives and Role of the Internal Control ......................................................... 9
2.1.4. Internal Control System ..................................................................................... 10
2.1.5. Types of Internal Control Systems ...................................................................... 10
2.1.6. Components of Internal Control ........................................................................... 12
2.1.6.1. Control Environment ........................................................................................ 12
2.1.6.2. Risk Assessment .............................................................................................. 13
2.1.6.3. Control Activities ............................................................................................ 13
2.1.6.4. Information and Communication ...................................................................... 14
2.1.6.5. Monitoring Activities ...................................................................................... 15
2.1.7. Internal Control Systems Effectiveness ................................................................. 16
VI
2.2. Review of empirical Studies ......................................................................................... 17
2.2.1. International studies ............................................................................................ 17
2.2.2. Local Studies ........................................................................................................ 17
2.3. Research Gap Analysis ................................................................................................. 21
CHAPTER THREE ......................................................................................................................... 22
3. RESEARCH DESIGN AND METHODOLOGY............................................................................. 22
3.1. Research Design ......................................................................................................... 22
3.2. Research Approach .................................................................................................... 22
3.3. Population under Study .............................................................................................. 23
3.4. Sources of Data ........................................................................................................... 23
3.5. Research Instruments ................................................................................................. 23
3.6. Methods of Data Analysis ............................................................................................ 24
3.7. Data Validity and Reliability......................................................................................... 24
CHAPTER FOUR .................................................................................................................... 26
4. FINDINGS, ANALYSIS AND PRESENTATION ........................................................................... 26
4.1. Respondents’ Profile ................................................................................................... 26
4.2. Components of internal control ................................................................................... 27
4.2.1. Control Environment ............................................................................................ 27
4.2.2. Risk Assessment.................................................................................................. 29
4.2.3. Control activities................................................................................................. 31
4.2.4. Information and communication .......................................................................... 33
4.2.5. Monitoring.......................................................................................................... 35
CHAPTER FIVE ...................................................................................................................... 38
5. SUMMARY OF FINDINGS, CONCLUSIONS AND RECOMMENDATIONS ................................ 38
5.1. Summary of Findings ................................................................................................... 38
5.2. Conclusion ................................................................................................................. 39
5.3. Recommendations ...................................................................................................... 40
5.4. Suggestion for further study ........................................................................................ 41
Reference ......................................................................................................................................
Appendix A ....................................................................................................................................
Appendix B ....................................................................................................................................
VII
List of Tables
Table 3.1 Reliability Test ....................................................................................................... 24
Table 4.1 Socio-Demographic Characteristics of the respondents ................................... 26
Table 4.2 Descriptive statistics of Control Environment .................................................. 28
Table 4.3 Descriptive statistics of Risk Assessment ............................................................ 30
Table 4.4 Descriptive statistics of Control Activity............................................................ 32
Table 4.5 Descriptive statistics of Information and Communication................................ 34
Table 4.6 Descriptive statistics of Monitoring .................................................................... 36
VIII
List of Acronyms
CA Control Activity
CE Control Environment
COSO: Committee and Sponsoring Organizations
IC Information and communication
INTOSAI International Organization of Supreme Audit Institutions
MA Monitoring Activity
RA Risk Assessment
SPSS Statistical Package for the Social Sciences
IX
Abstract
Internal control system is a processes aimed at ensuring the achievement of an

organization’s objectives in operational effectiveness and efficiency, reliable financial
reporting, and compliance with laws, regulations, and policies. The main purpose of the
study was to assess the internal control system practice in United Alpha Commercial Private
Limited Company. The study adopted a descriptive research design which allowed the
collection of primary and secondary data through structured questionnaires and document
review respectively. The collected data was analyzed with the aid of the Statistical Package
for Social Sciences (SPSS) Version 21. The data was analyzed using descriptive statistics like
mean and standard deviation. Generally, the researcher found that the company’s internal
control is not effective. This conclusion is confirmed throughout the specific findings for all
the assessed components of internal control. To cite some: the company under study has not
a standard code of conduct; lines of authority are not clearly understood by employees; key
information about the organization's operations are not identified and regularly reported;
management did not take adequate and timely action to correct deficiency reported by the
internal audit function. Finally, the researcher recommends that almost all specific aspects of
internal control in the company be improved, upgraded and enhanced. For instance,
management should assess whether controls are present and functioning as intended; the
company should periodically evaluate business processes.
Key Words: Internal Control, Control Environment, Risk Assessments, Control Activity
X
CHAPTER ONE
1. INTRODUCDTION
This chapter represents the background of the study which focuses on the importance of
internal control system for an organization. In addition to that the chapter includes statement
of the problem, research question, and objective of the study, significance of the study, scope
of the study, limitation of the study and organization of the paper.
1.1. Background of the study
An internal control system is defined as the policies and procedures put in place to ensure the
protection of an organization’s assets and the reliability of financial reporting. Internal
control can provide only reasonable assurance not absolute assurance regarding the
achievement of an organization's objectives. Implementing a proper system will help the
organization’s operations become more effective and efficient. The issue with internal control
of organizations is ensuring the efficiency and effectiveness of activities, reliability of
information, compliance with applicable laws, and timeliness of financial reports. A proper
internal control system ensures that the organization’s managers would utilize the financial
resources in a way that will safeguard the interests of the donors and/or contributors (Sanusiet
al, 2015).
The internal control system is the major part in any organization. “Internal control is the
process designed and affected by those charged with governance, management and other
personnel to provide reasonable assurance about achievement of entity’s objectives with
regard to reliability of financial reporting, effectiveness and efficiency of operations and
compliance with applicable laws and regulations. It follows that internal control is designed
and implemented to address identified business risks that threaten the achievement of any of
these objectives.” The Institute of Chartered Accountants of England and Wales (ICAEW),
“internal Control system is the whole system of controls, financial or otherwise, established
by the management in order to carry on the business of the enterprise in orderly and efficient
manner, ensure adherence to management policies, safe guard assets and secure as far as
possible the completeness and accuracy of records” (Gamage et al, 2014).
1
Internal control is a broad term with a wide coverage. It covers the control of the whole
management system in order to carry on the business of the enterprise in an orderly and
efficient way by having an automatic check and balance overall the transaction. The control
may be financial and or non-financial. It has become one of the basic and essential factors for
efficient and effective management. A properly designed and consistently enforced system of
operational and financial internal control helps a companies’ board of directors and
management to safeguard the organization’s resources, produces reliable financial reports,
and complies with laws and regulations. Effective internal controls also reduce the possibility
of significant errors and irregularities and assist in their timely detection frauds and error. The
internal control system is equally important to the management and the auditor concerned. It
helps to the organization to meet its own goals more effectively (Kumuthinidevi, 2016).
The objective of this research work is, therefore, to assess the internal control system of
United Alpha Commercial PLC.
1.2. Background of the organization
United Alpha Commercial PLC is one of the private sectors in Ethiopia which is engaged in
importing, supplying construction materials & manufacturing Gabion Box. It has a wide
range of trade relation with foreign and local suppliers to obtain its merchandising items. It
also creates relation with all kinds of construction contractors, retailers and individual users
in the industry. The company was established as profit seeking organization. Its operations
have been designed in such a manner that enables the company to generate profit with no
social and environmental costs. Besides its profit oriented target, it also aims to create job
opportunities. In this regard, it creates both permanent and temporary job opportunities. And
the aim under Nile Gabion Factory by producing gabion boxes and mattresses that contribute
to the prevention of environmental problems in the country such as soil erosion.
2
1.3. Statement of the problem
Internal control system is a process designed and affected by board of directors,

administration and staff of an organization to effectively and efficiently achieve operational
financial and compliance objectives. Effective internal control system involves regular
review of quality of financial and operating information, review of policies regarding the
control of assets, employee’s assessment and compliance with organizational policies,
procedures, laws and regulations (Kumuthinidevi, 2016).
Internal control system and application of controls change overtime. This can be due to the
arrival of new personnel, varying effectiveness of implementing the procedures or
supervision, time and resource constraints or changes in the circumstances for which the
internal control system originally was designed. Thus the management needs to determine
and observe whether the internal control system continues to be relevant and effective in the
entity as intended (Gamage et al, 2014). If internal control system is weak, a significant
deficiency or significant deficiencies, that results in more than a remote likelihood that a
material misstatement of the annual or interim financial statements will not be prevented or
detected (Doyle & Mcvay, 2007).
Internal control is adequately designed and properly executed if all five internal control
components (Control Environment, Risk Assessment, Control Activities, Information and
Communication, and Monitoring) are present and functioning as designed. It is important to
monitor internal control to determine whether it is operating as intended and whether any
modifications are necessary. All employees need to understand the organization's mission,
objectives, and responsibilities and risk tolerance levels for monitoring to be most effective.
(Gamage et al, 2014).
It is hereby attempted to review some pertinent literature that deals with a wide range of
target group. In this respect, ‘Assessment of Internal Control System in Selected Micro
Finance Institution in Addis Ababa’(Ashenafi, 2017), ‘Assessment of Internal Control
System in Case of Development Bank of Ethiopia’(Alemayehu, 2016), ‘The Effectiveness of
Internal Control Systems of Banks: The Case of Ghanaian Banks’ (Ayagre, et al.,
2014),‘Assessing the Effectiveness of the Internal Control System in the Commercial Banks
of Ethiopia: A Case of Hawassa City’ (Tekalegn, 2019), ‘Internal Control Systems and
Financial Accountability in Uganda: A Case of Selected Districts in Western Uganda’ (Eton
et al.,2018) were tried to be reviewed thoroughly. Most of the studies focused on
3
governmental organizations, public sectors, and banks. Unlike the above mentioned works,
this paper particularly focuses on assessment of internal control practice in United Alpha
Commercial Private Limited Company. It is thus required to assess whether or not the
established internal control systems and elements do practically exist and are being
effectively practiced in the aforementioned target organization.
1.4. Research Questions
The study addresses the following research questions.

1. Do control environment exist in the company’s internal control system?
2. Does risk assessment exist in the company’s internal control system?
3. Do information and communication exist in the company’s internal control system?
4. Do control activities exist in the company’s internal control system?
5. Do monitoring activities apply in the company’s internal control system?
1.5. Objective of the study
1.5.1. General objective of the study
The general objective of the study is to assess the internal control system practice in United
Alpha Commercial Private Limited Company, Addis Ababa, Ethiopia.
1.5.2. Specific Objectives
The specific objectives of the study are:
 To assess the control environment that affects internal control system;

 To assess the risk assessment process of the company;
 To assess the information and communication system that affect internal control
system;
 To assess the control activities that affects the internal control system; and
 To assess monitoring activities that affects the internal control system.
1.6. Significance of the study
Internal controls system includes a set of rules, policies, and procedures an organization
implements to provide direction, increase efficiency and strengthen adherence to policies in
order to achieve the objectives of the organization. The study is important to top level
management and policy makers of United alpha commercial PLC in understanding of the
4
study finding and recommendation to improve their internal control system. In addition to
these, the study serves as a source of reference and guideline for other researchers who make
further studies in the area.
1.7. Scope of the study
The scope of this study is to assess internal control system practice in United Alpha
Commercial Private Limited Company with respect to the established five basic components
of internal control system - Control Environment, Risk Assessment, Control Activities,
Information and Communication, and Monitoring. In order to determine the nature of
company’s internal control system, it is imperative to see to it using these five elements as
parameters.
Since internal control is a means by which the company's resources are directed, monitored,
and measured, and since it plays a significant role in detecting and preventing swindle, fraud,
and embezzlement of resources, this study is thus designed to assess how adequate the
company’s internal control is in such respects.
On the other hand, data collection is limited to the company’s management, finance audit,
purchase and store departments only; it doesn’t cover other sections. Moreover, since internal
audit is highly related but quite different aspect of the company, this study limits its boundary
not to trespass into the audit functionalities.
1.8. Limitation of the study
It was expected in this study that certain aspects may come out to be limitations. The fact that
data is collected from limited organs of the company may pose a problem of not showing all
the necessary results. That other sections of the company are not involved may not give a
thorough picture of the effectiveness of the existing internal control mechanisms.
1.9. Organization of the Paper
The study is organized in to five chapters. The first chapter of the study concerned with the
background of study, statement of the problem, objectives, scope of the study and
significance of the study. The second chapter focuses on presenting the literature review in
related to the topic. The third chapter presents Design and Methodology. The fourth chapter
5
deals with the analysis, discussions and presentation of the research findings. The last
chapter, chapter five presents the summary of findings, conclusions, and recommendations.
6
CHAPTER TWO
2. REVIEW OF RELATED LITERATURE
This chapter reviews both the theories and empirical studies on internal control system. It
presents definition of internal control, objective and Role of internal control system, types of
Internal Control Systems, component of internal control system, internal control system
effectiveness and review of international & local empirical studies.
2.1. Theoretical Literature Review
2.1.1. Definition of Internal Control
The concept of internal control has developed along with audit practice. As demands have
been made for greater accountability in corporate governance, the significance of internal
control systems in companies has increased. Traditionally internal control has had a fairly
direct relationship to financial reporting quality but wider approaches to internal control have
expanded those boundaries much further. Stakeholders are increasingly concerned with the
effectiveness of internal controls and, disclosure requirements are making firms to go public
with regard to their internal control systems (COSO, 2004).
Internal control systems are processes aimed at assuring the achievement of an organization’s
objectives in operational effectiveness and efficiency, reliable financial reporting, and
compliance with laws, regulations, and policies (Michelon et al., 2015). Internal control
systems begin as internal processes with the positive goal of helping a corporation meet its
set objectives. Indeed, internal control systems are an integral part of any organizations’
financial and business policies and procedures (Mwakimasinde et al., 2014). This is because
internal control systems consist of all the measures taken by the organization for the purpose
of; protecting its resources against waste, fraud, and inefficiency; ensuring accuracy and
reliability of accounting and operating data; ensuring compliance with the policies of the
organization; evaluating the level of performance in all units of the organization (Kabuye et
al., 2017). According to Nyakundi et al., (2014), internal control systems can reveal problems
associated with lower revenues, and explore links between earnings management and
disclosure of material weakness and fraud. Like others, Akani et al., (2015) suggests that an
effective internal control system explicitly correlates with organizational success in meeting
its revenue target level. Descriptively, effective internal control for revenue generation
7
involves; regular review of the reliability and integrity of financial and operating information,
a review of the controls employed to safeguard assets, an assessment of employees’
compliance with management policies, procedures and applicable laws and regulations, an
evaluation of the efficiency and effectiveness with which management achieves its
organizational objectives. Having effective internal control system can strengthen the
organization's process, structure and value in the increasing oversight, reducing and
preventing misuse such as fraud and asset misuse (Zakaria et al., 2016)
2.1.2. Importance of Internal Control System
Good internal controls are essential to assuring the accomplishment of goals and objectives of
the organization. They provide reliable financial reporting for management decisions. They
ensure compliance with applicable laws and regulations to avoid the risk of public scandals.
Good internal controls help ensure efficient and effective operations that accomplish the
goals of the organization and still protect employees and assets (Tjiueza, 2018).
Implementation of an effective corporate internal control system can result in a number of
benefits for an organization. Good internal control system ensures that the resources are
utilized only for their intended purposes and help to overcome the risk associated with the
misuse of organization’s funds and other resources. Another important of internal control;
that it prevents errors and irregularities by detecting them timeously, thereby promoting
reliable and accurate accounting records. In addition, good internal control systems can
quickly resolve issues arising as a result of reporting errors. Good internal control systems
also protect the interests of employees by clearly specifying their duties and responsibilities
and safeguarding them from being accused of irregularities or misappropriations (Wolfgang,
2011).
It is important to apply strong internal controls to all areas of financial management, risk
management, staff management developments as well as asset control. The aforementioned
author further states that by adopting these principles it will minimize the rot in our
governments and agencies (Adepoju, 2011).
8
2.1.3. Objectives and Role of the Internal Control
In recent years, internal control and voluntary reporting on internal controls have been
receiving considerable attention in the accounting literature and by the accounting profession
and regulators. The main reason for the increased attention is to have a better
financial reporting quality which will give more certainty to financial statement users. For
this purpose, organizations, usually, disclose information on internal control to state
management's responsibility towards internal control explicitly or to describe specific
methods or instruments that support it. This exercise of disclosing on internal control helps
multinational corporations reduce the information asymmetry between the insiders and
outsiders. The disclosure on internal control, usually, includes the objectives of the
company’s internal control and a conclusion about the effectiveness of the internal control
disclosure based on an assessment conducted by management (Mohammed, 2014).
The most important objectives of internal control includes first Protect assets and reduce the
incidence of fraud and errors discovered, and the accuracy and completeness of the
accounting records, second the effectiveness and efficiency of the operations carried out by
the departments and employees and third Compliance with laws, regulations, and policies
adopted by the administration to achieve the goals established (Al-Hawatmeh et al., 2016).
Other, corroborative studies have indicated that effective internal control systems help to
assure the achievement of an organization’s objectives in operational effectiveness and
efficiency, reliable financial reporting, and compliance with laws, regulations, and policies
(Michelon et al., 2015). Thus, an organization should at all times ensure a favorable control
environment, appropriate information systems, effective risk assessment, strong control
activities and management should continuously monitor the operating effectiveness of the
internal control systems to enhance their financial performance.
Internal control systems are becoming an integral part of any multinational corporation. This
necessity is the result of the complexity of the landscape that these organizations operate in
globally. Internal control helps multinational corporations to monitor policies and procedures,
to enforce them better as well as to help reduce errors and fraud (Doupnik & Perera, 2012).
The role of internal control system can be explained by Accountability; good management
practices & facilitates preparation of audits & fraud prevention (Mohammed, 2014).
9
2.1.4. Internal Control System
It is a process affected by management designed to provide reasonable assurance regarding

the achievement of objectives in Reliability of financial reporting, effectiveness and
efficiency of operations and Compliance with applicable laws and regulations (Rober et al.,
1996).
Similarly, INTOSAI (2004) also defined internal control systems as integral process that is
effected by an entity's management and personnel and is designed to address risks and to
provide reasonable assurance that in pursuit of the entity's mission, with general objectives of
executing orderly, ethical, economical efficient and effective operation, fulfilling
accountability obligation, complying with applicable laws and regulations and safeguarding
resources against loss, misuse and damage. Furthermore INTOSAI (2004) explains that
internal control needs commitment of management and employees at all levels to involve to
address risks and to provide reasonable assurance of the achievement of entity's mission and
general objectives as internal control is a dynamic and integral process that is continuously
adapting to the changes an organization is facing.
According to Arad and Jamshedy (2009) internal control system is a combination of financial
control and other controls where financial control addresses; Control for recording
accounting transactions properly, Control for proper safeguarding company assets, Early
detection and prevention of errors and frauds, Properly and timely preparation of financial
records, and Maximizing profit and minimizing of costs. Also other control emphasizes on
quality controls, control over raw material and finished products, marketing controls etc.
2.1.5. Types of Internal Control Systems
Different writers have come with different types of internal control systems. Milichamp
(2002) puts the types of internal controls as; Safeguarding assets, Separation of duties,
supervision, Verification, Approval and authorization, Documentation, Safeguarding Assets,
and Reporting. However, many other authors such as Galloway (1994), and Zabihollah
(2002), the state university of New York and di Napoli (2005) have agreed that the types of
internal controls includes directive controls, preventive controls, compensating controls,
detective controls, and corrective actions. These types of internal controls are explained
below.
10
2.1.5.1. Preventive Control
Controls can be either preventive or detective. The intent of these controls is different.
Preventive controls attempt to deter or prevent undesirable events from occurring. They are
proactive controls that help to prevent a loss. Examples of preventive controls are separation
of duties, proper authorization, adequate documentation, and physical control over assets.
(COSO, 2009).
Are controls that management puts in place to prevent problems from occurring. For
example, a company might install a firewall to prevent unauthorized access to the company’s
network, thereby safeguarding the disclosure, alteration, or destruction of sensitive
information from external hackers. Then, management must establish preventive controls to
minimize the likelihood of each problem they identify (Milichamp, 2002).
2.1.5.2. Detective Controls
This type of control uncovers violators of internal controls structures within an organization
after performing a random check to validate transactions and compliance practices. This
forms the basis of the work of internal and external auditors who perform reviews to ascertain
quality and reliability of accounting and financial events that have occurred within an
accounting year (Lartey, 2020). Detective controls, from a practical point of view, refer to a
control mechanism that is initiated to identify problems and keep management informed
timely about deviations in any process or activity. Detective controls investigative in nature
and their not meant to prevent unforeseen events. Any breach of internal control procedures
such as fraudulent recording can only be discovered after it has occurred. It is based on this
idea that many scholars prioritize preventive controls over detective (Jimmieson, Tucker, &
Campbell, 2017). The most common detective controls are the reconciliation of the
accounting ledgers and the bank statements to discover discrepancies. This action is closely
related to the role of external and internal auditors’ review of the entire accounting systems
and operations. Traditionally, apart from identifying accounting errors and fraudulent
reporting, the technique is also associated with daily compliance to standards and practically
focused on daily goals and objectives (Chang et al., 2014).
2.1.5.3. Corrective Controls
Corrective control is procedures a company uses to solve or correct problem. An example of

this type of corrective control procedure might be a change to the company’s procedures for
creating backup copies of important business files. Organizations can initiate corrective
11
action only if corrective controls are in place. A company establishes corrective controls to
remedy problems it discovers by the detective controls. The corrective controls are put in
place to address anything which is foreign every problem that has occurred in the system.
Interrelationship of Preventive and Detective Controls management should not treat
preventive control procedures and detective control procedures separately (Simmons, 1995).
2.1.6. Components of Internal Control
COSO integrated framework provides five integrated components of internal control. The
five components of internal control must be effectively designed, implemented, and operating
together in an integrated manner, for an internal control system to be effective. The five
components of internal control are as follows:
2.1.6.1. Control Environment
The control environment sets the tone for the organization and influences how employees
conduct their activities and carry out their control responsibilities. The control environment is
the foundation for all other components and provides structure and discipline. An effective
control must incorporate integrity and ethical values, commitment to competence,
management philosophy and operating style, organizational culture, attention and oversight
by directors or audit committee with the objective of good governance and adequate financial
reporting. The control environment is the basis for a complete internal control system. This
environment creates discipline and structure which influence the quality of internal control.
The control environment highly influences the establishment of the strategies, objectives and
structure of control activities (COSO, 1992).
Control environment: Is the major aspect of managing an organization this is because is a

reflection of the attitude and the policies of management in regard with the importance of
internal audit in the economic unit. It has influence over organization goals achievement.
However, it is the foundation for the other components of internal control and providing
structure. Control environment assist toward reducing the level fraudulent activities within
organizational operation also the quality of an entity’s internal controls system depend on the
function and quality of their control environment. Therefore, providing a proper control
environment for a local government is very essential to the effectiveness of their operation
(Badara, 2013).
12
An effective control environment is an environment where competent people understand their
responsibilities, the limit to their authority, and are knowledgeable, mindful, committed to
following an organization policy and procedure and its ethical and behavioral standards. The
control environment encompasses technical competence and ethical commitment
(Mohammed et al., 2013).
2.1.6.2. Risk Assessment
Every entity faces a variety of risks from external and internal sources. Risk is defined as the
possibility that an event will occur and adversely affect the achievement of objectives. Risk
assessment involves a dynamic and iterative process for identifying and assessing risks to the
achievement of objectives. Risks to the achievement of these objectives from across the entity
are considered relative to established risk tolerances. Thus, risk assessment forms the basis
for determining how risks will be managed. A precondition to risk assessment is the
establishment of objectives, linked at different levels of the entity. Management specifies
objectives within categories relating to operations, reporting, and compliance with sufficient
clarity to be able to identify and analyze risks to those objectives. Management also considers
the suitability of the objectives for the entity. Risk assessment also requires management to
consider the impact of possible changes in the external environment and within its own
business model that may render internal control ineffective (Sultana and Haque, 2011).
It also assesses the risks facing the entity as it seeks to achieve its objectives. This assessment
provides the basis for developing appropriate risk responses. Oversee management‘s
assessment of risks to the achievement of objectives, including the potential impact of
significant changes, fraud, and management override of internal control (COSO, 2009).
2.1.6.3. Control Activities
These are policies, procedures and mechanisms that ensure management’s directives are
properly carry out. Proper documentation of policies and procedural guidelines in these
aspects help to determine not only how the control activities are to be executed but also
provide adequate information for auditors examination of the overall adequacy of control
design over financial management practices. This control activities ensure that all necessary
actions should be taken with the aim to address risks so that organizational objectives are
achieves. Example of control activities include; segregation of duties, daily deposit of cash
receipts, bank reconciliations and limiting access to check stock (Aikins, 2011).
13
Control activities are policies and procedures that help ensure management directives are
carried out. Control activities are the actions supported by policies and procedures that help
assure management directives to address risks are carried out properly and timely. Control
activities has categorized as adequate separation of duties, proper authorization of
transactions and activities, adequate documents and records, physical control over assets and
records and independent checks on performances. Control activities in an organization consist
physical controls, segregation of duties, information processing and performance reviews
(Badara, 2013).
2.1.6.4. Information and Communication
Organizations need reliable, relevant and timely information related to both internal and
external events that can influence the company and its objectives. Information and
communication are a key element in the success of an organization. Accurate, current, and
reliable information about company’s plans, control environment, risks, control activities, and
performance should be communicated all over the company in a periodic manner (Horngren
et al., 2012).
The Standards for Internal Control requires that Information should be recorded and
communicated to management and others within the entity who need it and in a form and
within a time frame that enables them to carry out their internal control and other
responsibilities. Effective communications should occur in a broad sense with information
flowing down, across, and up the organization. Information flow is essential to effecting
control, information about an organization’s plan, control environment, risks, control
activities and performance must be communicated up, and access an organization (Ruttrman
Working Group, 1994). Reliable and relevant information flow both internal and external
sources must be identified, captured, processed and communicated to the people who need it
in a form and time frame that is useful (Chambers, 1995).
Management should ensure there are adequate means of communicating with, and obtaining
information from, external stakeholders that may have a significant impact on the agency
achieving its goals. Effective information technology management is critical to achieving
useful, reliable, and continuous recording and communication of information. Moreover, the
system should be communicated to everyone in the organization.
Information and Communication focuses on the nature and quality of information needed for
effective control that the systems use to develop such information, and reports necessary to
communicate it effectively. Information is needed at all levels of organization to assist
14
management in meeting the organization’s objectives. The information is used by inside
parties as well as outside parties. This information should be communicated from top to
bottom level that needs it in a form and within a time frame that helps them to carry out their
responsibilities. Communication also use by outside parties such as customers, suppliers and
regulators. Information about an organization’s plans, control environment, risks, control
activities, and performance must be communicated up, down, and across an organization.
Reliable and relevant information from both internal and external sources must be identified,
captured, processed, and communicated to the people who need it in a form and timeframe
that are useful (Fernando, 2014).
2.1.6.5. Monitoring Activities
Monitoring is the assessment of internal control performance over time; it is accomplished by

ongoing monitoring activities and by separate evaluations of internal control such as self-
assessments, peer reviews, and internal audits. The purpose of monitoring is to determine
whether internal control is adequately designed, properly executed, and effective. Internal
control is adequately designed and properly executed if all five internal control components
(Control Environment, Risk Assessment, Control Activities, Information and
Communication, and Monitoring) are present and functioning as designed. Internal control is
effective if management and interested stakeholders have reasonable assurance that: they
understand the extent to which operations objectives are being achieved, published financial
statements are being prepared reliably and applicable laws and regulations are being
compiled. Management's role in the internal control system is critical to its effectiveness.
Managers, like auditors, don't have to look at every single piece of information to determine
that the controls are functioning and should focus their monitoring activities in high-risk
areas. The use of spot checks of transactions or basic sampling techniques can provide a
reasonable level of confidence that the controls are functioning as intended (Gamage et al,
2014).
Monitoring is the assessment of internal control performance over time and not a snapshot
process. It is the process of assessing the quality of the system’s performance over time it is
accomplished by, self-assessments, peer reviews, and internal audits. It involves the activities
and procedures designed to assess the effectiveness of internal control in achieving the
organizations financial reporting objectives. This is accomplished through ongoing
monitoring activities, periodic evaluations, or better, a combination of the two (COSO, 2004).
These activities should be related to the entire organization, at all levels and in all functions.
15
The monitoring primary purpose is to determine whether internal control is properly
designed, established and effective. Internal control is considered appropriately designed and
maintained if all five internal control components are present and functioning as they should
be (Horngren et al., 2012).
Monitoring, the last component of internal control, is a process that assess the quality of
internal control over time. Also monitoring is the evaluation of an organization's events and
transactions to gauge the quality of performance throughout the period and to decide whether
controls are effective. Management should emphasis monitoring efforts on internal control
and accomplishes the organization objectives. It is important to monitor internal control to
determine whether it is operating as intended and whether any modifications are necessary.
All employees need to understand the organization's mission, objectives, and responsibilities
and risk tolerance levels for monitoring to be most effective (Fernando, 2014).
2.1.7. Internal Control Systems Effectiveness
COSO (1992) provided criteria’s against which effectiveness of internal controls can be
assessed. Internal control can be judged effective if the entity’s operations objectives are
being achieved; published financial statements are being prepared, reliable and applicable
laws and regulations are being complied with.
While internal control is a process, its effectiveness is a state or condition of the process at a
point of time. Accordingly, the effective functioning of components of internal control
provides a reasonable assurance regarding achievement of one or more of the stated
categories of objectives to ensure high levels of organizational performance. Thus the
company’s criteria for effective internal control and success of the entire organization.
Efficiency and effectiveness of operations have been taken to mean efficiencies and effective
use of its resources including personnel, accurate information for decision making and
safeguarding of assets and records (Aren and Lwebbecke, 1994).
As stated in internal control frame work of COSO (1994) an effective internal control should
in priority encompass the five elements the control. In addition effective, internal controls
must satisfy three basic criteria:-
• They must be appropriate (that is, the right control in the right place and commensurate to
the risk involved).
• They must function consistently as planned throughout the period (that is, be complied with
carefully by all employees involved and not bypassed when key personnel are away or the
workload is heavy).
16
• They must be cost effective (that is, the cost of implementing the control should not exceed
the benefit).
2.2. Review of empirical Studies

2.2.1. International studies
Ayagre et al. (2014) conducted a study on the evaluation of the control environment and
monitoring activities components of Internal Control Systems of Ghanaian Banks using
COSO‟s principles and attributes of assessing the effectiveness of internal control systems. A
five point Likert scale was used to measure respondent’s knowledge and perception of
internal controls and the banks internal control system effectiveness. Statistical Package for
Social Sciences (SPSS) was used to analyze data and presented in the form of means and
standard deviations for each question and each section of the questionnaire. The study found
out that, strong controls exist in the control environment and monitoring activities
components of the internal control systems of banks in Ghana. The two components were
highly rated by respondents with average means of 4.72 and 4.66 respectively.
Eton et al. (2018) conducted a study to examine the role of Internal Control system in
supporting financial accountability in Uganda. The study found out that the relationship
between internal control systems and financial accountability in local governments appeared
to be weak, and the actual contribution of internal control systems in the financial operations
of the district is negligible. The study however, revealed that internal control system is
inadequate in accounting for the staffing gaps in local governments and the untimely release
of financial reports. Staff in the local governments investigated, particularly those handling
finance related matters had low training in financial accountability. Underpinning this truth is
the fact that government grants are not allocated in accordance with grants procedures and
later funds diversion. These deductions are made by the finance department, yet the records
indicating their remittance to Uganda Revenue Authority are lacking of the masses. There
should be urgent recruitment of staff in local governments to bridge the staffing gap and staff
should be trained on the current finance management systems to speed up financial reporting
system and timely release of financial reports.
2.2.2. Local Studies
Tekalegn (2019) conducted a study on assessing the effectiveness of the internal control
system in the commercial bank of Ethiopia a case of Hawassa city. The paper used a mixed
17
research design. Data are collected by using a self-administered survey, which has both open
ended and closed ended question. the researcher found that the company’s internal control is
effective in the following internal components viz., the company under study has a clear
codes of conduct; managements of the company periodically reviews policies and
procedures; organization under study have clear objectives, and this are communicated to all
staff for direction on risk assessment; there is an adequate and strong dual control and
separation of duties in the organization and there is effective reporting procedure in the
organization and this also communicated to the employees.
Seble (2018) conducted a study on assessment of the Perception of internal control systems
on financial performance of commercial banks in Ethiopia. The study adopted a mixed
research approach. The quantitative component used survey of employees working in 8
commercial banks in Ethiopia. A random sampling of 240employees in internal audit, finance
and internal control departments were covered by the survey; the response rate was 90%.
Survey data was collected by use of a structured questionnaire. Multiple regression models
were used to test whether internal control activities, risk management, monitoring, corporate
governance have any relation with financial performance. As part of the qualitative
component interviews with internal audit and internal control manager were held. It was
found that internal control systems had a significant relationship with financial performance.
The findings of the study suggested that internal control systems especially corporate
governance and control activity are important areas that management of commercial banks
should give attention to improve financial performance of commercial banks in Ethiopia.
Fikru (2018) conducted a research on the Effectiveness of Internal Control System in

Detection and prevention of Fraud in Ethiopian Banking Industry. The banks and regulatory
authorities have proposed and allowed internal control(IC) measures to check the practice of
bank fraud. But the effectiveness of any internal control system is dependent on how fluid the
system interacts with itself and how embedded it is into the organization’s business
processes. This paper examines the issues of effective internal control vs. fraud Detection and
prevention in the Ethiopian banking industry by adopting primary data. Using a survey
method, this work examined how the internal control systems in the Ethiopian banks have
aided in combating or preventing fraud in the banking industry. The study examines the
effectiveness of internal control in Ethiopian banking industry and based on that effectiveness
the researcher test the effectiveness of ICs in preventing and detection of fraud in Ethiopian
banking industry. Among the findings were those internal control techniques employed by
18
banks in checking fraud have been effective but put marks on some improvements and the
final conclusion of this study is that there is a significant relationship between internal control
system component (control environment (CE), risk assessment (RA), control activity(CA),
information and communication (IC) and monitoring(MA)) and fraud.
Rahel (2017) carried out a study the main purpose of which was to determine the impact of
internal control systems on financial performance on Ethiopian shipping and Logistics
Services Enterprises. Specific objectives include evaluating the existing internal control
system in the organization and investigating the relationship between the five internal control
elements and financial performance. The study used explanatory research design research
design by using both descriptive and quantitative methods where primary data is collected
using Likert-scale questionnaires distributed and interviews made with employees in the
finance department. Secondary data was gathered from company's financial statements and
publications. The dependent variable was financial performance measured in-terms of
profitability and ROA. The predictors or independent variables were the five elements of
internal control system, control environment, control activities, risk assessment, monitoring
and information and communication. The target population was 40 employees in the finance
department and census design was adopted. The study period covers 9 years 2005-2013.
Effectiveness of the elements of internal control system was analyzed from the descriptive
statistics result. Multiple regression analysis was done to determine the relationship and the
significance level of elements of internal control system towards financial performance. The
result revealed that internal control system contributed only31% variation on financial
performance. The descriptive result shows there is weak internal control system in the
organization.
Ashenafi (2017) conducted a study on Assessments of internal control system in a selected

Micro finance institution. Micro finance institutions have a critical role on the growth and
development of a country by providing different financial services to the poor and low
income people in both rural and urban area. The previous studies on micro finance institution
showed that the main problem of micro finance institution were weakness of their internal
control system. This study focused on assessment of the internal control system in the micro
finance institution to identify the possible areas of deficiencies in the system. The study used
survey method of data collection through questionnaires to employees of the institution and
semi-structured interview with the institution management. The data gathered from the
respondent was analyzed and interpreted by the help of SPSS software program with the help
19
of bar frequency table, minimum & maximum value, mean and standard deviation. The result
indicated that internal control in the institution is satisfactory. Though risk assessment
elements with the average mean value of 3.81 is better in the institution, there is adequate
control environment, control activity, information & communication and monitoring activity
components in the institution.
Alemayehu (2016) conducted a study on assesses internal control system: a case of

development bank of Ethiopia. The study used explanatory design and quantitative research
approach. Primary data was used. The collected data were taken the dispatched questioner
from the bank staff. The study covers the components of internal control such as Control
activities, Control environment, risk assessment, information & communication, and
monitoring. In the study, descriptive method was used to assess the components of internal
control. The paper reveals that the mean value of the components is less than three which is
lower in the standard out of the total respondents 80%, 82%, 82%, 83% and 86 % of them
were disagree on strengthen of the Bank`s internal control system in terms of control
environment, monitoring activity, control activity, information system and risk assessments
respectively. The policy implications of the study suggest that Development Bank of Ethiopia
should properly segregate the duties, safeguarded computer systems, proper review and
approval process of credit, purchases & procedures. The bank should make periodic
assessment and discussion by identifying, the bank`s risk tolerances, highest risk arising areas
of both internal and external sources, and processes are should in place to minimize the
identified risks.
Tsedal (2015) conducted a research focused on assessment of the effectiveness of the internal
control system in the universities to identify the possible areas of deficiencies in the system.
The study used cross sectional survey through questionnaires to employees of the universities
and semi structured interview with OFAG directors. Data were analyzed using descriptive
statistics and inferential statistics using SPSS results. The result indicates that internal control
in the universities is not effective. Particularly the risk assessment component of internal
control is not practiced in the universities. Though monitoring is better in the universities,
there is in adequate control environment, control activities and inadequate flow of
information and communication in those universities.
20
2.3. Research Gap Analysis
Under the components of internal control system study shows that it has very much impact on
the effective and efficient performing of the organization goal. There are studies on internal
control systems practices in Ethiopia but they focused on governmental organizations and
private banks. Result of the studies conducted by Tsedal (2015) and Rahel (2017), show that
there is weak internal control system in the organizations. On the other hand, Result of the
studies conducted by Ashenafi (2017) and Tekalegn (2019) indicated that internal control in
the respective institutions is satisfactory. According to Fikru (2018) the findings on those
internal control techniques employed by banks in checking fraud have been effective, but put
marks on some improvements. The final conclusion of this study is that there is a significant
relationship between internal control system component (control environment (CE), risk
assessment (RA), control activity (CA), information and communication (IC) and monitoring
(MA)) and fraud.
Accordingly, the researcher attempted to carry out this study for the reason that it is
unexplored area in manufacturing & merchandizing companies particularly in United Alpha
Commercial Private Limited Company examining the internal control systems practice helps
in promoting effective corporate governance and performance of the organization and could
fill the gap to the literature in general in Ethiopian context.
21
CHAPTER THREE
3. RESEARCH DESIGN AND METHODOLOGY
Research design and methodology is the path through which researchers need to conduct their
research. It shows the path through which researchers formulate their problem and objective
and present their result from the data obtained during the study period (Sileyew, K. J., 2019).
Accordingly, this chapter presents the activities and processes that will undertake to gather
data for the research work. It gives full details of how data are collected and processed for
this research. The discussion was centered on the following: Research design, Population
under study, sample size, sources of data, research instruments, and method of data analysis.
3.1. Research Design
As a research design is intended to provide an appropriate framework for a study, this study
employs a descriptive research design. "This design offers to the researchers a profile of
described relevant aspects of the phenomena of interest from an individual, organizational,
and industry-oriented perspective” (Sileyew, K. J., 2019).
Saunders et al., (2012) and Miller et al., (2002) say that descriptive research portrays an
accurate profile of persons, events, or situations. Therefore, this research design enables
researchers to gather data from a range of respondents.
With this in mind, a descriptive research design was employed in this study using a
quantitative research design (self-administered questionnaire) to assess internal control
system practice of the company. In addition, review of secondary data was deployed to
triangulate/ explore the company’s perspectives.
3.2. Research Approach
Research approaches are plans and procedures for research that span the steps from broad
assumptions to detailed methods of data collection, analysis, and interpretation. The overall
decision involves which approach should be used to study a topic. The selection of a research
approach is also based on the nature of the research problem or issue being addressed, the
researchers’ personal experiences, and the audiences of the study (Kothari, 2004).
22
In this particular study, mixed research approach is opted. That is, both quantitative as well as
qualitative research approaches were employed so as to suite the nature of the research and
the issue being addressed. Quantifiable data obtained from questionnaires necessitate a
quantitative approach whereas the data to be obtained by means of documents review make
qualitative approach a default approach. Hence mixed research approach is chosen to be best
suitable aspect of this research’s methodology. It practically grants the freedom to use any of
the methods, techniques and procedures typically associated with quantitative or qualitative
research approaches which, in this research, was complementary.
3.3. Population under Study
The target population of the study is 55 staff members. The study was used a census and all
targeted population were enumerated. This includes senior management team of the
company, senior staffs of Human Resource Department, Finance Department, Audit
Department, Local and Foreign Purchase Department, Sales Department and Supply
Department. The study participants were those, who have served in the company at least for a
period of one year.
3.4. Sources of Data
Both primary and secondary data was used for the study. Primary data was obtained from the
original source of information using self-administered Likert-scale questionnaire. The
primary data are more reliable and will render more confidence level of decision-making. In
this study, the primary data sources are the company's employees (management and other
selected workers) through the questionnaires they were made to fill. In addition to primary
data, secondary data was obtained and reviewed from reports, organizational policy and
manuals of internal control procedures.
3.5. Research Instruments
Self- administered questionnaire was deployed to staff involved in this research. Moreover, to
enhance the effectiveness of the data collection method and to make the data quality more
reliable, the purpose of the study was explained to the study subjects. It was made clear to
them that the information they provide is so vital and kept confidential and that their
identities would not be revealed in association with the information they provide.
23
Relevant secondary data from reports and documents were reviewed to complement the
findings obtained from primary data.
3.6. Methods of Data Analysis
The quantitative data collected through self-administered questionnaires were entered and
analyzed using Statistical Package for Social Sciences (SPSS) software. The analyzed data
was described and summarized by using the descriptive statistics methods by measure of
central tendency (mean) values, frequency, percentage, measure of central dispersion
(standard deviation). Results of the study were presented by using tables and figures.
3.7. Data Validity and Reliability
Validity consideration is an indicator that makes some variables reasonable. It is the

subjective judgment that the instrument measures what it intends to measure in terms of
relevance. Thus, the researcher of this study, when developing the instruments, ensured that
uncertainties are eliminated by using appropriate words and concepts in order to enhance
clarity and general suitability.
This study assesses the internal control practice in United Alpha Commercial Plc using
primary data. Questionnaire is one of the best methods of collecting valid information. The
questionnaires are taken from Tekalegn (2019) and Ashenafi (2017) and they were strong and
Supportive to measure the assessment of internal control practice.
Reliability refers to the consistency of a measure. Reliability in this study considers internal
consistency which is the consistency of people’s responses across the items on a multiple-
item measure. There was thus undertaken a reliability analysis to check the stability and
consistency of the data.
Table 3.1 Reliability Test
S.No. Items No. Of Cronbach’s alpha

Item
1 Control Environment 8 .829
2 Risk Assessment 7 .870
3 Control Activity 6 .897
4 Information and Communication 6 .806
System
5 Monitoring 5 .863
Over all Items 32 .853
24
As indicated in the table above, α = .829 for control environment, α = 0.870 for risk
assessment, α = .897 for control activity, α = .806 for information and communication system
and α = .863 for monitoring. The overall reliability test (Cronbach’s alpha) for the items is
0.853. This implies that the items were reliable, clear and easily understandable by the
respondents.
25
CHAPTER FOUR
4. FINDINGS, ANALYSIS AND PRESENTATION

This chapter presents the findings, discussion and analysis of the study to answer the
objective of the research using descriptive analysis. The researcher distributed a total of 55
questionnaires to the target group of employees who are working with United Alpha
commercial PLC. Out of these total 55 questionnaires about 53 (96%) were fully filled and
returned, and further processed and analyzed for the study.
In order to determine the level of descriptive statistics of the study Best (1977) was applied
which is on a five point Likert scale, the mean score from 1-1.8 is lowest, from 1.81-2.61 is
low, from 2.62-3.41 is average/moderate, from 3.42-4.21 is good/high and from 4.22-5 is
considered very good/ very high. And a value of SD of 1 less shows less variability in five
point Linkert scale.
4.1. Respondents’ Profile
This section presents profile of respondents in relation to their Academic Qualification

(Educational background), field of study on their highest educational level, professional
certification and Years of experience.
Table 4.1 Socio-Demographic Characteristics of the respondents
Number Item Respondents Category Frequency Percentage

College Diploma 7 13.2
Bachelor’s Degree 40 75.5
1 Educational Status Masters 6 11.3
Accounting and Finance 24 45.3
Management 13 24.5
2 Field of study Marketing\Economics 8 15.1
Business Administration 4 7.5
Other 4 7.5
1-5 Years 6 11.3
6-10 Years 15 28.3
3 Year of Experience 11-15 Years 13 24.5
16-20 Years 11 20.8
Above 21 Years 8 15.1
4 Professional Non-certified 48 90.6
Certification Certified Public accountant 1 1.9
Other certified 4 7.5
Total 53 100
Source: Survey results, 2021
26
As is indicated in table 4.1 above, academically11.3% of respondents are Master Degree holders,
while 75.5%and 13.2% of them are respectively Bachelor Degree holders and College Diploma
holders. This implies that the majority of the employees have adequate educational
qualification to understand the concept of internal control system.
As the field-specific result in table 4.1 above shows, around half of the respondents are
accounting and finance professionals, whereas management and marketing/economics,
professionals consist of 25% and 15%, respectively. The rest 7.5% studied Business
Administration and 7.5% are trained in other fields. From this result we can conclude that a
great majority of the respondents – more than 92% - are professionals with sufficient
knowledge of internal control system in their studies.
When it comes to assessment of the experiential status of the employees, the data, as is shown
in table 4.1 above, indicates that about 45% of the respondents have long years of experience,
11 – 20 years of experience in the field.About28% of the respondents were found to have 6-
10 years and about 15% above 21 years of experience, while the remaining (about 11%) have
below five years of experience. This shows that employees working in the organization are
experienced and knowledgeable professionals. In whatever way, the employees’ academic
background and long years of work experience show that the organization has competent
professionals with long years of experience. And this means that the majority of the
respondents are educated and well experienced, who clearly understand and know in detail
the purpose and importance of internal control system.
From the data processing output, it is clear that the majority of employees in the organization
are not certified professionals. As is indicated in table 4.1 above, only 7.5% of them are
certified in other professional certificates and 1.9% of them, which actually only one person,
is a certified public Accountant. In other words the majority, about 91% are not certified in
any accounting and public finance certificates.
4.2. Components of internal control
4.2.1. Control Environment
The control environment sets the tone for the organization and influences how employees
conduct their activities and carry out their control responsibilities. The control environment is
the foundation for all other components and provides structure and discipline. An effective
control must incorporate integrity and ethical values, commitment to competence,
27
management philosophy and operating style, organizational culture, attention and oversight
by directors or audit committee with the objective of good governance and adequate financial
reporting. The survey result on this issue therefore, is presented as follows.
Table 4.2 Descriptive statistics of Control Environment
Control Environment
N Mean Std.
Deviation
The company has a standard code of conduct that has been 53 2.55 .932
communicated to all staff.
The company has well defined organizational structure. 53 3.57 .797
The company organizational structure and lines of 53 2.60 .968
authority clearly understand by the employees.
Policies regarding the importance of internal controls are 53 2.58 .842
communicated to all staff
The company provides mentoring and training 53 2.51 .912
opportunities needed to attract, develop and retain
competent personnel.
The company’s internal auditors periodically assess the 53 2.53 .868
adequacy of the company’s internal control system
The company’s external auditors periodically assess the 53 3.45 .952
adequacy of the company’s internal control system
Management periodically reviews policies and procedures 53 2.49 .912
to ensure that proper controls are in place
Over all Mean 2.80
In the above table (table 4.2) mean 2.55 with SD 0.932 shows a majority of the respondents
disagree that the company has a standard code of conduct that has been communicated to all
staff, while mean value 2.60 and SD 0.968 shows a majority of the respondents disagree on
the idea that the company organizational structure and lines of authority are clearly
understood by the employees. Mean value 2.58 with SD 0.842 indicated that a majority of the
respondents disagree that the policies regarding the importance of internal controls are
In the same table mean 2.51 with SD 0.912 implies that a majority of the respondents agree
that there is no mentoring and training opportunities needed to attract, develop and retain
competent personnel, whereas mean 2.53 & 2.60 with SD 0.868 & 0.968 respectively show a
majority of respondents agree that internal auditors did not periodically assess the adequacy
28
of the company’s internal control system and that the management did not periodically
review policies and procedures to ensure that proper controls are in place.
Based on the above table (table 4.2) the highest mean 3.57 with SD 0.797 indicates that a
majority of respondents agree that there is well defined organizational structure in the
company, and mean 3.45& SD 0.952 indicates that a majority of the respondents agree that
the external auditors periodically assess the adequacy of the company’s internal control
system.
The control environment is the foundation of all the control components, the board and senior
management should be setting the right tone at the top, giving direction to the rest of the
organization on the importance of effective internal controls. As indicated in the above table,
the overall mean of the control environment is 2.80, which indicates that there is a moderate
control environment of internal control system in United Alpha Commercial PLC.
To look this study with respect to the gap vis-à-vis other related studies, the finding in this
research is different from some previous studies conducted by different researchers. For
instance, it is different from a study carried out by Tekalegn (2019) that assesses the
Effectiveness of the Internal Control System in Commercial Bank of Ethiopia, a Case of
Hawassa City. The overall control environment mean value in Tekalegn’s study was about
3.98, which actually can be approximated to 4. This means the majority of the respondents
agreed that the control environment component of internal control system was good in CBE.
The finding in this research is also different from the study conducted on Assessments of
Internal Control System in a Selected Micro Finance Institution by Ashenafi (2017). The
overall mean of the control environment assessment in his study was about 3.76 which
indicate that the control environment in the institution is good.
Moreover, the pertinent finding in this research is in difference with that of a study carried
out by Ayagre, et al., (2014) on the Effectiveness of Internal Control Systems of Banks: The
Case of Ghanaian Banks. In that study, the overall mean score for control environment was
4.66 with an SD of 0.62.This result indicated that the majority of the respondents agreed that
the control environment component of banks is effective in the Ghanaian banking industry.
4.2.2. Risk Assessment
Risk assessment involves a dynamic and iterative process for identifying and assessing risks
to the achievement of objectives. Risks to the achievement of these objectives from across the
entity are considered relative to established risk tolerances. Thus, risk assessment forms the
basis for determining how risks will be managed.
29
A precondition to risk assessment is the establishment of objectives, linked at different levels
of the entity. Management specifies objectives within categories relating to operations,
reporting, and compliance with sufficient clarity to be able to identify and analyze risks to
those objectives. Management also considers the suitability of the objectives to the entity.
Risk assessment also requires management to consider the impact of possible changes in the
external environment and within its own business model that may render internal control
ineffective (Sultana and Haque, 2011).The survey result on this issue therefore, is presented
as follows.
Table 4.3 Descriptive statistics of Risk Assessment
Risk Assessment
N Mean Std.
Deviation
Management ensures that risk identification considers 53 3.60 .927
internal factors and their impact on the achievement of
objectives.
Management ensures that risk identification considers 53 3.66 .939
external factors and their impact on the achievement of
objectives.
The company follows established policies, procedure and 53 2.58 .819
process to periodically reconcile physical assets with the
accounting records to detect fraudulent activities.
There are sufficient staff members who are competent and 53 3.57 .821
knowledgeable to manage company activities
The company has designed internal controls that mitigate 53 2.49 .846
the identified risks.
Significant internal and external operational, financial, 53 2.53 .868
compliance and other risks are identified and assessed on
an ongoing basis
Responses are given timely to identified risks 53 2.28 .841
Overall Mean 2.95
As it is shown from the above table (table 4.3), the two least mean, 2.49 and 2.28 with SD
0.846 and 0.841, respectively imply that a majority of the respondents disagree on the idea
that the company design internal controls that mitigate the identified risk and that responses
are given timely to identified risks, whereas mean 2.58& SD 0.819 indicated that a majority
of the respondents disagree that the company follows established policies, procedure and
30
process to periodically reconcile physical assets with the accounting records to detect
fraudulent activities, while mean 2.53 with SD 0.868 imply that a majority of the respondents
disagree that significant internal and external operational, financial, compliance and other
risks are identified and assessed on an ongoing basis.
The two highest mean 3.60 and 3.66 with SD 0.927 and 0.939 respectively indicate a
majority of respondents agree that management ensures that risk identification considers
internal and external factors and their impact on the achievement of objectives. A majority of
the respondents also agree that there are sufficient staff members who are competent and
knowledgeable to manage company activity. This is revealed by mean 3.57& SD 0.821.
Risk assessment is responsibility of management. The management should identify and
assess control risk caused by failure of internal control. There should be strategies of
identifying risk, system to respond to risk and reduce the risk. The overall mean of risk
assessment is approximately 2.95. This result indicates a majority of the respondents agree
that there is an average risk assessment practice in United Alpha Commercial PLC.
With regard to risk assessment practice gap, the finding in this research is different from
research findings of Fikru (2018), Ashenafi (2017) and Alemayehu (2016). As per the
research done by Fikru (2018) on the Effectiveness of Internal Control System in Detection
and prevention of Fraud in Ethiopian Banking Industry, the overall risk assessment was
approximated to a mean of 3.5 which shows that there is a higher risk assessment practice in
ICs of Ethiopian banks.
The overall mean of risk assessment in Ashenafi’s study was 3.808 which indicate the
respondents’ agreement that there is a good risk assessments practice in the micro finance
institution.
Moreover, the pertinent finding in this research is in difference with that of a study carried
out by Alemayehu (2016) that assesses Internal Control System: a Case of Development
Bank of Ethiopia. Alemayehu’s pertinent overall mean, which is about 2.11, indicates that
there was lowest practice of risk assessments trend in Development Bank of Ethiopia.
4.2.3. Control activities
Control activities are policies and procedures that help ensure management directives are
carried out. Control activities are the actions supported by policies and procedures that help
assure management directives to address risks are carried out properly and timely. Control
activities are categorized as adequate separation of duties, proper authorization of
31
transactions and activities, adequate documents and records, physical control over assets and
records and independent checks on performances. Control activities in an organization consist
physical controls, segregation of duties, information processing and performance reviews
(Badara, 2013). Pertinent results of this study are indicated in the table below.
Table 4.4 Descriptive statistics of Control Activity
Control Activity
N Mean Std.
Deviation
53 2.49 .869
Management designs appropriate control activities in
response to the company’s objectives and risks to achieve
an effective internal control system.
The company has policies and procedure addressing proper 53 3.87 .708
segregation of duties among the tasks.

Control activities employed by the company include 53 3.57 1.047
authorization, approval, comparison and supervisory
controls.
The company maintains policy and procedure to facilitate 53 3.50 1.067
the recording and accounting of transaction in compliance
with laws and regulation.
key managers review and approve all financial transaction 53 3.55 .889
The company provides adequate physical security for each 53 2.15 .794
asset subject to theft.
Overall Mean 3.19

In the above table (table 4.4) the highest mean 3.87 with SD 0.708 indicates that a majority of
respondents agree that the company has policies and procedure addressing proper segregation
of duties among the tasks, while mean 3.57 with SD 1.047 shows that the respondents agree,
though in variation, that the company employs control activities which include authorization,
approval, comparison and supervisory controls. Mean 3.5 indicates that the respondents agree
the company maintains policy and procedure to facilitate the recording and accounting of
transaction in compliance with laws and regulation. However, their agreement encompasses
variation as is implied by an SD value of 1.067. A majority of respondents also agree that key
manager’s review and approve financial transactions. This is revealed by mean 3.55& SD
0.889.
32
In the same table mean 2.49 with SD 0.869 indicates that a majority of respondents agree that
management does not design appropriate control activities in response to the company’s
objectives and risks to achieve an effective internal control system, while mean 2.15 with SD
0.794 indicates that a majority of respondents agree that there is no adequate physical
security for each asset subject to theft in the organization.
Control activities are specific methods and procedures of implementing internal control.
Effective internal control has a list of those methods and procedures that are to be
implemented consistently. The researchers’ assessment results indicate that there is an
average practice of control activity in terms of internal control practice in united alpha
commercial plc., with an estimated overall mean value of 3.19.
The researcher also reviews secondary data of united alpha commercial Plc. The secondary
data was obtained from reports and other related documents. Based on the secondary data the
researcher found that there are no policies and procedure manuals in each department except
in the finance department.
The pertinent finding of this study differs from a study carried out by Fikru (2018) on the
Effectiveness of Internal Control System in Detection and Prevention of Fraud in Ethiopian
Banking Industry. His Overall mean for the control activities was estimated to be 3.95 which
indicate that the respondents were in agreement that there was a good control activity in their
respective banking industry.
The pertinent finding of this research is also different from a study carried out by Seble
(2018) on Assessment of the Perception of Internal Control Systems on Financial
Performance of Commercial Banks in Ethiopia. Results pertaining to control activities in her
survey show that there was adequate segregation of duties in the banks’ finance and accounts
departments, that staff members were trained to implement the accounting and financial
management systems, that there was an up-to-date asset registering, authorization was made
to know whether employees confirm to effective and adequate operation. The overall mean
for control activities in Seble’s study was approximated to be 3.54 which indicate that there is
a higher practice of control activities in Financial Performance of Commercial Banks in
Ethiopia.
4.2.4. Information and communication
Information and communication is one of the main components of effective internal control
practice. Organizations need reliable, relevant and timely information related to both internal
33
and external events that can influence the company and its objectives. Information and
communication are a key element in the success of an organization. Accurate, current, and
reliable information about company’s plans, control environment, risks, control activities, and
performance should be communicated all over the company in a periodic manner (Horngren
et al., 2012). The table below shows the result of the survey collected from the respondents.
Table 4.5 Descriptive statistics of Information and Communication
Information and Communication
N Mean Std.
Deviation
53 3.62 1.023
The company considers internal source of data when
identifying relevant information to use in the operation of
internal control.
The company considers external source of data when 53 3.68 .872
identifying relevant information to use in the operation of
internal control.
Every transaction are clearly recorded and classified in 53 2.43 .887
order to provide reliable information to stakeholders.
The key information about the organization's operations 53 2.47 .889

are identified and regularly reported.
Information is available on a timely manner. 53 2.55 .952
The client complaints are taken seriously investing and 53 3.66 .807
acted upon
Overall Mean 3.07
In the above table mean 3.62 and 3.68 with SD 1.023 & 0.872 respectively show a majority
of the respondents agreed that the company considers internal and external source of data
when identifying relevant information to use in the operation of internal control. However,
the former result (mean 3.62) shows that their agreement regarding internal sources of data
was expressed in variation as the SD 1.023 implies. While, mean 3.66 with SD 0.807 shows
that a majority of the respondents agree that the client complaints are taken seriously
investing and acted upon.
34
The lower mean 2.43& SD 0.887indicates a majority of the respondents disagree that the
transaction are clearly recorded and classified in order to provide reliable information to
stakeholders, whereas mean 2.47& SD 0.889 shows a majority of respondents disagree that
the key information about the organization's operations are identified and regularly reported;
and mean 2.55 with SD 0.952 revealed that a majority of the respondents agreed that
information is not available on a timely manner.
In the researchers’ assessment, an estimated overall mean value of 3.07 for Information and
Communication component indicates that there is a moderate practice of Information and
Communication with regard to internal control system in united alpha commercial plc.
There is a significant gap between pertinent findings of this study and those of previous
studies by other researchers. Fikru (2018), for instance, conducted a research on the
Effectiveness of Internal Control System in Detection and prevention of Fraud in Ethiopian
Banking Industry and arrived at a different conclusion. The pertinent overall mean value in
Fikru’s study, which approximated to 3.73, shows that there is a good information and
communication flow/practice in ICs of Ethiopian banks.
Pertinent results in a related study conducted on internal control system in a selected Micro
finance institution by Ashenafi (2017) also are different from those found in this study.
Ashenafi’s overall mean for information and communication assessment, which is about 3.74,
indicates that a majority of respondents agreed that there prevails a higher practice of
information and communication in the institution.
4.2.5. Monitoring
Monitoring is the assessment of internal control performance over time; it is accomplished by

ongoing monitoring activities and by separate evaluations of internal control such as self-
assessments, peer reviews, and internal audits. The purpose of monitoring is to determine
whether internal control is adequately designed, properly executed, and effective. Internal
control is adequately designed and properly executed if all five internal control components
(Control Environment, Risk Assessment, Control Activities, Information and
Communication, and Monitoring) are present and functioning as designed (Gamage et al,
2014).
These activities should be related to the entire organization, at all levels and in all functions.
The monitoring primary purpose is to determine whether internal control is properly
designed, established and effective. Internal control is considered appropriately designed and
35
maintained if all five internal control components are present and functioning as they should
be (Horngren et al., 2012).
An ongoing monitoring of internal control is essential to ensure whether internal control is
achieving desired objectives. Pertinent result and interpretation of the survey is presented as
follows.
Table 4.6 Descriptive statistics of Monitoring
Monitoring
N Mean Std.
Deviation
Management establishes a baseline to monitor the internal 53 2.51 .891

control system.
Management has process in place to assess whether 53 2.42 .887
controls within each of the four components of internal
control are present and functioning as intended.
Management takes adequate and timely action to correct 53 2.40 .862
deficiency reported by the internal audit function, financial
and programmatic monitoring activities.
The company periodically evaluates business process such 53 2.57 .930
as cash management, procurement etc.…

Reports on significant failings or weaknesses are reported 53 2.55 .952
to management on a timely basis
Overall Mean 2.5
From the above table mean 2.51 with SD 0.891 shows that a majority of respondents disagree
that management established baseline to monitor the internal control system, while mean
2.42&SD 0.887 indicates a majority of the respondents disagree that controls within each of
the four components of internal control are somehow present and functioning as intended.
Mean 2.40 with SD 0.862 shows a majority of respondents agree that there is no adequate and
timely action to correct deficiency reported by the internal audit function, financial and
programmatic monitoring activities, whereas mean 2.57& SD 0.930 indicates that a majority
of respondents disagree that the company periodically evaluates business process. On the
other hand, mean 2.55& SD 0.952 shows that most of the respondents disagree on the point
that reports on significant weaknesses are reported to management on timely basis.
36
An estimated overall mean (2.50) for monitoring component indicates that there is a lower
monitoring practice in united alpha commercial plc.
The finding here on monitoring activity has similarity with that of a previous study by
Alemayehu (2016). He found that the Bank has a low monitoring practice in place with an
approximate mean value of 2.08. This means respondents generally disagree about the
existence of good monitoring activity in DBE.
However, there is a significant pertinent gap with other related studies. The finding in this
research is in difference with a study carried out by Ayagre, et al., (2014) on the effectiveness
of Internal Control Systems of banks: The case of Ghanaian banks. The results of that study
showed that the majority of the respondents were of the view that the existing monitoring
activities of the internal control systems were good in Ghanaian banks.
By the same token, another related study by Fikru (2018) shows a significant difference. The
finding in Fikru’s study on the monitoring component shows that there is a higher monitoring
practice respective to internal control system of Ethiopian banking industry with an estimated
overall mean value of 3.96, which actually can be approximated to 4.
37
CHAPTER FIVE
5. SUMMARY OF FINDINGS, CONCLUSIONS AND RECOMMENDATIONS
This chapter presents the summary of the findings for each of the five components of internal
control system, conclusions drawn from them, and the recommendations that can help in
improvement of internal control system practice in United Alpha Commercial PLC. Thus the
chapter is organized in such a way that section 5.1 lists out summary of the findings, section
5.2 narrates the Conclusion, and section 5.3 presents recommendations based on the findings.
5.1. Summary of Findings
The summary of findings for each of the five components of internal control practice in
United Alpha Commercial PLC, which are based on the detailed results obtained for the
breakdown variables the researcher used to assess the status of each component, are
separately presented hereunder.
As indicated in table 4.2 in Chapter Four above, the overall result for the component indicates
that there is a moderate control environment. The overall mean value that shows the status of
the ‘control environment’ component scored about 2.80.
The researcher found that risk assessment in United Alpha Commercial PLC is somehow
average. As is indicated in Chapter Four above, the overall result for the component indicates
that there is a moderate practice with respect to risk assessment. The overall mean value that
shows the status of the ‘risk assessment’ component is approximately 2.95, which actually
can be taken as 3. And this means a majority of the respondents agree that the risk assessment
in terms of internal control is not more than average as such in United Alpha Commercial
PLC.
The study found that there prevails a moderate control activity in terms of internal control
practice in United Alpha Commercial PLC. As is indicated in Chapter Four above, the overall
result for the component indicates that there is an average practice with respect to control
activity. The overall mean value that shows the status of this component is approximately
3.19. And this means a majority of the respondents agree that the control activity practiced in
their company in terms of internal control is moderate.
38
The research finding for the ‘Information and communication’ component of internal control
in United Alpha Commercial Plc. shows that there is a moderate practice. This was made
clear with an estimated overall mean value of 3.07. A significant majority of respondents
agree that there exists an average Information and Communication practice pertinent to
internal control system in their company.
The researcher found that monitoring practiced with respect to internal control in United
Alpha Commercial PLC is below average. As is indicated in table 4.6 in Chapter Four above,
the overall result for the component indicates that there is a low practice with respect to
monitoring. The overall mean value that shows the status of the ‘monitoring’ component is
approximately 2.50. And this means a majority of the respondents agree that monitoring in
terms of internal control is lower in their company.
5.2. Conclusion
Based on the findings of the assessment, the following conclusions are made. The internal
control system practice in United Alpha Commercial Plc. is not generally that satisfactory. It
was found to have a little strength but numerous weaknesses. Even though the company has
a well-defined organizational structure and is periodically assessed by external auditors, it has
not well-communicated standard code of conduct. Moreover, organizational structure and
lines of authority were not clearly understood by employees. Similarly, internal auditors did
not periodically assess the adequacy of the company’s internal control system. These key
factors of the study implicated that the company’s control environment is not above average.
On the other hand, the company’s risk assessment experience is not satisfactory. The
company did not follow established policies, procedure and process to periodically reconcile
physical assets with the accounting records to detect fraudulent activities. And it did not
design internal controls to mitigate the identified risk and give timely responses.
The company’s control activity is not satisfactory. Management did not design appropriate
control activities in response to the company’s objectives and risks to achieve an effective
internal control system. And there is no adequate physical security for each asset subject to
theft. In regard to information and communication, transactions are not clearly recorded and
classified in order to provide reliable information to stakeholders. Similarly, the key
information about the organization's operations is not identified, regularly reported and not
available on a timely manner. These and related factors have rendered information and
communication component not any more than average. Above all, the company has a poor
39
monitoring practice. The management doesn’t have process in place to assess controls within
each of the four components of internal control. Similarly, management doesn’t take adequate
and timely action to correct deficiency reported by the internal audit function, financial and
programmatic monitoring activities.
5.3. Recommendations
Going in line with the objectives of the study and with the detailed as well as the overall
findings for each of the assessed components of internal control system in United Alpha
Commercial Plc., the researcher hereby generally recommends that the company’s internal
control system needs to be improved. And this automatically implies the need to improve the
status of the five basic components, especially the practice of monitoring. The researcher
would also like to recommend the following specificities to lay more emphasis.
 The company ought to ensure that its organizational structure and lines of authority
are clearly understood by all employees and that standard code of conduct is
communicated to all staff. This can be done in various ways, for instance, by
providing training to employees. This may also include work, health and safety
guidelines, training manuals, mission statements and other relevant information.
 Management has to improve the practice of periodically reviewing policies and
procedures to ensure that proper controls are in place. Moreover, policies regarding
the importance of internal control should be communicated to all staff.
 The company has to enhance provision of mentoring and training opportunities
needed to attract, develop and retain competent personnel.
 The company’s internal auditors need to critically improve and upgrade their practice
of periodically assessing the adequacy of the company’s internal control system.
There need to be well-set plans and programs in order to accomplish this effectively.
 To minimize risk the company should follow established policies, procedure and
process to periodically reconcile physical assets with the accounting records to detect
fraudulent activities.
 The company ought to improve its designing of internal controls that mitigate the
identified risks and response should give timely. Control activities that mitigate
risk include segregation of duties, safeguarding of assets and policies related to
information processing.
40
 Management should improve designing appropriate control activities in response to
the company’s objectives and risks to achieve an effective internal control system.
 Every transaction ought to be more clearly recorded and classified in order to become
available on a timely manner and to provide reliable information to stakeholders.
 The company has to ensure that key information about the organization's operations
are identified and regularly reported.
 Management should assess and make sure whether controls within each of the four
components of internal control are present and functioning as intended.
 Management should take adequate and timely action to correct deficiency reported by
the internal audit function, financial and programmatic monitoring activities.
5.4. Suggestion for further study

The study was conducted on United Alpha commercial PLC. Similar studies could be
replicated in other industries to assess internal control practices in merchandizing and
manufacturing companies. Similar studies can also be carried out to determine the impact of
effective internal control system on organization’s profitability and challenges in internal
control system. Most importantly, Future studies should attempt to achieve a larger sample to
determine whether the results can be generalized.
41
Reference
Adepoju, T. (2011). Managing internal control systems in Nigeria’s government Ministry- A

way forward. Available on Nigerian seminars and
trainings.blogspot.com/.../managing-internal-control.
Aramide, S. F., & Bashir, M. M. (2015).The effectiveness of internal control system and
financial accountability at Local Government level in Nigeria.Internal Journal of
research in Business Management.
Ashenafi, (2017). Assessments of internal control system in selected Micro finance

institutions (Case of Selected Micro Finance Institutions). Thesis Submitted to
Addis Ababa University.
Aikins, S. K. (2011). An examination of government internal audits’ role in improving

financial performance. Public Finance and Management, 11(4), 306-337.
Akani, F. N., &Akaninyene, O. U. (2015).Determinants of effective internal control system in

Nigerian banks. AFRREV STECH: An International Journal of Science and
Technology.
Alemayohu, (2016). Assessment of Internal Control System: A case of development of

Ethiopia . Thesis Submitted to St. Mary’s University.
Al-Hawatmeh, O. M., & Al-Hawatmeh, Z. M. (2016). Evaluation of Internal Control Units

for the Effectiveness of Financial Control in Administrative Government Units:
A Field Study in Jordan. European Scientific Journal, 12(13).
Ayagre, P., Appiah-Gyamerah, I., &Nartey, J. (2014).The effectiveness of Internal Control

Systems of banks.The case of Ghanaian banks.International Journal of
Accounting and Financial Reporting, 4(2), 377.
Arens, A. A., Elder, R. J., and Beasley, M. S. (2007). Auditing and Assurance Services (12th
ed.). Upper Saddle River, NJ: Prentice Hall.
Badara, M. (2013).Impact of the effective internal control system on the internal audit
effectiveness at local government level. Journal of Social and Development
Sciences, 4(1), 16-23.
Black, K. (2010). Business Statistics for Contemporary Decision Making: University of

Houston-Clear Lake.
Best, J. (1977).Research in Education. 3rd ed. Englewood Cliff, NJ: Prentice Hall.
Chang, S.-I., Yen, D. C., Chang, I.-C., & Jan, D. (2014). Internal control framework for a
compliant ERP system. Information & Management, 51(2), 187–205.
COSO (1992) Internal Control-integrated Framework, Committee of Sponsoring
Organizations of the Tread way Commission, Coopers and Lybrand, New York.
COSO (2009) committee of sponsoring organizations of the tread way Commission; Internal
Control - Integrated Framework.
Eton, M., Murezi, C., Fabian, M., &Benard, P. O. (2018). Internal control systems and
financial accountability in Uganda: A case of selected districts in western
Uganda.
Fernando, A. (2014). A proposed research framework: Effectiveness of internal control

system in state. International Journal of Scientific Research and Innovative
Technology, 1(5), 25-44.
Fikru, W. (2018).The Effectiveness of internal control system in Detection and prevention of

fraud in Ethiopia Banking Industry.
Gamage, C. T., Lock, K. L., & Fernando, A. A. J. (2014). A proposed research framework:
Effectiveness of internal control system in state commercial banks in Sri Lanka.
International journal of scientific research and innovative technology, 1(5), 25-
44.
Horngren, C. T., Harrison, W. T., Oliver, M. S. (2012). Accounting Pearson Education

Chambers, A. E., and Penman S. H. (1984), Timeliness of Reporting and the Stock Price
Reaction to Earnings Announcements. Journal of Accounting Research Vol. 22,
No. 1, pp. 21- 47.
Kabuye, F., Nkundabanyanga, S. K., Opiso, J., &Nakabuye, Z. (2017).Internal audit

organisational status, competencies, activities and fraud management in the
financial services sector.Managerial Auditing Journal.
Kothari, C. (2004). Research methodology. New age international publishers, 4835/24:

Ansari Road, Daryaganj, New Delhi-110002,ISBN(13):978-81-22488-1.
Kumuthinidevi, S. (2016).A study on effectiveness of the internal control system in the

private banks of trincomalee. International journal of scientific and research
publications, 6(6), 71-91.
Lartey, P. Y., Kong, Y., Bah, F. B. M., Santosh, R. J., & Gumah, I. A. (2020). Determinants
of internal control compliance in public organizations; using preventive,
detective, corrective and directive controls. International Journal of Public
Administration, 43(8), 711-723.
Michelon, G., Bozzolan, S., & Beretta, S. (2015).Board monitoring and internal control
system disclosure in different regulatory environments. Journal of Applied
Accounting Research.
Mohammed H.A, (2013),”Internal auditing practices and internal control system in Somali
remittance firms”, International journal of business and science Vol.4 No.4.
Mohammed Zakaria, N. T. (2014). An Analysis of the Determinants of Internal Control

Disclosure by Multinational Corporations.
Doupnik,T.&Perera,M.(2012).International Accounting.NewYork,NY:McGraw-Hill.
Jimmieson, N. L., Tucker, M. K., & Campbell, J. L. (2017). Task conflict leads to
relationship conflict when employees are low in trait self-control: Implications
for employee strain. Personality and Individual Differences, 113, 209–218.
Mwakimasinde, M., Odhiambo, A., & Byaruhanga, J. (2014).Effects of internal control

systems on financial performance of sugarcane out grower companies in Kenya.
Journal of Business and Management, 16(12), 62-73.
Negash, T.,(2019).Assessing the Effectiveness of the Internal Control System in the

Commercial Banks of Ethiopia: A Case of Hawassa City.
Nyakundi, D. O., Nyamita, M. O., &Tinega, T. M. (2014). Effect of Internal Control Systems
on Financial Performance of Small and Medium Scale Business Enterprises in
Kisumu City, Kenya. International Journal of Social Sciences and
Entrepreneurship, 1(11), 719-734.
Ruttman.L and John Mayne(1994) „ institutionalization of program evaluation in Canada

federal government‟ New direction in Evaluation ,san Francisco Jossey-Bass.
Prior, D. D., & Miller, L. M. (2012).Webethnography: Towards a typology for quality in

research design. International Journal of Market Research, 54(4), 503-520.
Sanusi, Z. M., Johari, R. J., Said, J., & Iskandar, T. (2015). The effects of internal control
system, financial management and accountability of NPOs: the perspective of
mosques in Malaysia. Procedia Economics and Finance, 28, 156-162.
Saunders, M. N., & Lewis, P. (2012). Doing research in business & management: An
essential guide to planning your project. Pearson.
Sultana, R., &Haque, M. E. (2011). Evaluation of internal control structure: Evidence from
six listed banks in Bangladesh. ASA University Review, 5(1), 69-81.
Sileyew, K. J. (2019). Research design and methodology.In Cyberspace.Intech Open.

Tjiueza, E. (2018). An assessment of the effectiveness of internal control practices: A case
study of the Roads Contractor Company (RCC) University of Namibia.
Tsedal, L. (2015). Assessment of Internal Control Effectiveness in Selected Ethiopian Public
Universities.
Weygandt, J. J., Kimmel, P. D., KIESO, D., & Elias, R. Z. (2010).Accounting principles.
Issues in Accounting Education, 25(1), 179-180.
Wolfgang, J. (2011). The Importance of Corporate Internal Control. from Woodridge Risk
Management Articles:
Worku, S. (2018).Perceptions on Internal control system and financial performance;

Evidence from commercial banks in Ethiopia.
Worku, R. B. (2017). Role of Internal control systems on performance of Ethiopian shipping

and logistics services enterprise.
Zakaria, K. M., Nawawi, A., &Salin, A. S. A. P. (2016). Internal controls and fraud–
empirical evidence from oil and gas company. Journal of Financial crime.
Appendix A
St. Mary’s University
School of Graduate Studies
AzmeraMengesha, Master of Science (MSC) - Accounting and Finance candidate

Telephone: 0929078678
E-mail: azmeramk19@gmail.com
Dear Respondents,
This questionnaire is prepared to collect data from United Alpha Commercial Private Limited
Company. The study is being conducted as part of the undersigned researcher’s study for the
degree of Master of Science in Accounting and Finance at St. Mary’s University. The results
of the study are expected to contribute to the understanding of internal control system
practices in United Alpha Commercial PLC.
Please note that there is no need of writing your name on the questionnaire.
I would like to assure you that the information you provide will be accessible only to the
investigator. Your involvement is regarded as a great input to the quality of the research
results. Hence, I believe that you will enlarge your assistance by participating in the study.
Your honest and thoughtful response is invaluable.
Thank you for your participation.
Kind regards,
Part I: - General Information
Instructions: Please tick (√) from the alternatives that are most applicable answer to you in
respect of each of the following items
1. Qualification (Educational background)
College Diploma Masters
Bachelor’s Degree Above Masters
Other Specify _____________________________
2. Field of study on your highest educational level:

Accounting and Finance Marketing / Economics
Management Business Administration
Other Specify _________________________
3. Professional certification (if any):

Certified Internal Auditor (CIA) Certified Public Accountant (CPA)
Certified Management Accountant (CMA)
Other (specify) _______________
4. Year of experience in years

Part II: - Internal control system Questions
The Questionnaire is prepared in Likert-scale form with five (5) point scales. I ask you to tick
(√) that indicates your opinion in table below. The values of scales are 5= Strongly Agree
(SA), 4= Agree (A), 3= Neutral (N), 2= Disagree (D), 1= Strongly Disagree (SD)
S.N. Questions 1 2 3 4 5
I Control environment
1 The company has a standard code of conduct that has been
2 The company has well defined organizational structure.
3 The company organizational structure and lines of authority clearly
understand by the employees.
4 Policies regarding the importance of internal controls are
communicated to all staff
5 The company provides mentoring and training opportunities needed
to attract, develop and retain competent personnel.
6 The company’s internal auditors periodically assess the adequacy
of the company’s internal control system
7 The company’s external auditors periodically assess the adequacy
of the company’s internal control system
8 Management periodically reviews policies and procedures to ensure
that proper controls are in place
II Risk Assessment
9 Management ensures that risk identification considers internal
factors and their impact on the achievement of objectives.
10 Management ensures that risk identification considers external
factors and their impact on the achievement of objectives.
11 The company follows established policies, procedure and process
to periodically reconcile physical assets with the accounting records
to detect fraudulent activities.
12 There are sufficient staff members who are competent and
knowledgeable to manage company activities
13 The company has designed internal controls that mitigate the
identified risks.
14 Significant internal and external operational, financial, compliance
and other risks are identified and assessed on an ongoing basis
15 Responses are given timely to identified risks
III Control Activity
16 Management designs appropriate control activities in response to
the company’s objectives and risks to achieve an effective internal
control system.
17 The company has policies and procedure addressing proper
segregation of duties among the tasks.
18 Control activities employed by the company include authorization,
approval, comparison and supervisory controls.
19 The company maintains policy and procedure to facilitate the
recording and accounting of transaction in compliance with laws
and regulation.
20 key managers review and approve all financial transaction
21 The company provides adequate physical security for each asset
subject to theft.
IV Information and Communication System
22 The company considers internal source of data when identifying
relevant information to use in the operation of internal control.
23 The company considers external source of data when identifying
relevant information to use in the operation of internal control.
24 Every transaction are clearly recorded and classified in order to

provide reliable information to stakeholders.
25 The key information about the organization's operations are
identified and regularly reported.
26 Information is available on a timely manner.
27 The client complaints are taken seriously investing and acted upon
V Monitoring
28 Management establishes a baseline to monitor the internal control
system.
29 Management has process in place to assess whether controls within
each of the four components of internal control are present and
functioning as intended.
30 Management takes adequate and timely action to correct deficiency
reported by the internal audit function, financial and programmatic
monitoring activities.
31 The company periodically evaluates business process such as cash
management, procurement etc…
32 Reports on significant failings or weaknesses are reported to
management on a timely basis
Please suggest if you face any kind of idea in evaluation of internal control system practice in
your company that is not addressed in this questionnaire.
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
Thank You!
Appendix B
Frequency Table
Control Environment
The company has a standard code of conduct that has been communicated to all
staff.
Frequency Percent Valid Percent Cumulative

Percent
Disagree 38 71.7 71.7 71.7
Neutral 3 5.7 5.7 77.4
Valid Agree 10 18.9 18.9 96.2
Strongly Agree 2 3.8 3.8 100.0
Total 53 100.0 100.0
The company has well defined organizational structure.

Percent
Disagree 9 17.0 17.0 17.0
Neutral 6 11.3 11.3 28.3
Valid Agree 37 69.8 69.8 98.1
Total 53 100.0 100.0
The company organizational structure and lines of authority clearly understand by

the employees.

Percent
Strongly Disagree 2 3.8 3.8 3.8
Disagree 32 60.4 60.4 64.2
Neutral 5 9.4 9.4 73.6

Valid
Agree 13 24.5 24.5 98.1
Total 53 100.0 100.0

Policies regarding the importance of internal controls are communicated to all
staff
Frequency Percent Valid Percent Cumulative Percent
Disagree 34 64.2 64.2 64.2
Neutral 7 13.2 13.2 77.4

Valid
Agree 12 22.6 22.6 100.0
Total 53 100.0 100.0
The company provides mentoring and training opportunities needed to attract,

develop and retain competent personnel.

Percent
Disagree 39 73.6 73.6 73.6
Neutral 3 5.7 5.7 79.2
Valid Agree 9 17.0 17.0 96.2
Total 53 100.0 100.0
Management periodically reviews policies and procedures to ensure that proper

controls are in place

Percent
Disagree 38 71.7 71.7 73.6
Neutral 2 3.8 3.8 77.4

Valid
Agree 11 20.8 20.8 98.1
Total 53 100.0 100.0

Risk Assessment
Management ensures that risk identification considers internal factors and their
impact on the achievement of objectives.
V Disagree 11 20.8 20.8 20.8
a Neutral 4 7.5 7.5 28.3
l Agree 33 62.3 62.3 90.6

i Strongly Agree 5 9.4 9.4 100.0
d Total 53 100.0 100.0
Management ensures that risk identification considers external factors and their
impact on the achievement of objectives.

Percent
Disagree 11 20.8 20.8 20.8
Neutral 2 3.8 3.8 24.5
Valid Agree 34 64.2 64.2 88.7
Total 53 100.0 100.0
The company follows established policies, procedure and process to periodically

reconcile physical assets with the accounting records to detect fraudulent
activities.
Disagree 33 62.3 62.3 62.3
Neutral 9 17.0 17.0 79.2

Valid
Agree 11 20.8 20.8 100.0
Total 53 100.0 100.0
Significant internal and external operational, financial, compliance and other risks
are identified and assessed on an ongoing basis
Disagree 38 71.7 71.7 71.7
Neutral 2 3.8 3.8 75.5

Valid
Agree 13 24.5 24.5 100.0
Total 53 100.0 100.0

Responses are given timely to identified risks

Percent
Disagree 36 67.9 67.9 77.4
Valid Neutral 4 7.5 7.5 84.9
Agree 8 15.1 15.1 100.0
Total 53 100.0 100.0
Control activity
Management designs appropriate control activities in response to the company’s

objectives and risks to achieve an effective internal control system.
Disagree 40 75.5 75.5 75.5
Valid Agree 13 24.5 24.5 100.0
Total 53 100.0 100.0
The company has policies and procedure addressing proper segregation of duties
among the tasks.

Percent
Disagree 5 9.4 9.4 9.4
Neutral 2 3.8 3.8 13.2
Valid Agree 41 77.4 77.4 90.6
Total 53 100.0 100.0
The company maintains policy and procedure to facilitate the recording and
accounting of transaction in compliance with laws and regulation.

Percent
Disagree 12 22.6 22.6 26.4
Neutral 1 1.9 1.9 28.3

Valid
Agree 33 62.3 62.3 90.6
Total 53 100.0 100.0

key managers review and approve all financial transaction

Percent
Disagree 12 22.6 22.6 22.6
Neutral 2 3.8 3.8 26.4
Valid Agree 37 69.8 69.8 96.2
Total 53 100.0 100.0
Information and Communication
The company considers external source of data when identifying relevant

information to use in the operation of internal control.

Percent
Disagree 10 18.9 18.9 18.9
Neutral 1 1.9 1.9 20.8
Valid Agree 38 71.7 71.7 92.5
Total 53 100.0 100.0
Every transaction are clearly recorded and classified in order to provide reliable
information to stakeholders.

Percent
Disagree 29 54.7 54.7 69.8
Neutral 2 3.8 3.8 73.6

Valid
Agree 13 24.5 24.5 98.1
Total 53 100.0 100.0

The key information about the organization's operations are identified and
regularly reported.

Percent
Disagree 32 60.4 60.4 71.7
Neutral 2 3.8 3.8 75.5

Valid
Agree 10 18.9 18.9 94.3
Total 53 100.0 100.0
Information is available on a timely manner.

Percent
Disagree 34 64.2 64.2 71.7
Valid Agree 12 22.6 22.6 94.3
Total 53 100.0 100.0
The client complaints are taken seriously investing and acted upon

Percent
Disagree 9 17.0 17.0 17.0
Neutral 2 3.8 3.8 20.8
Valid Agree 40 75.5 75.5 96.2
Total 53 100.0 100.0
Monitoring
Management establishes a baseline to monitor the internal control system.

Percent
Disagree 37 69.8 69.8 71.7
Agree 13 24.5 24.5 100.0
Total 53 100.0 100.0

Management has process in place to assess whether controls within each of the
four components of internal control are present and functioning as intended.

Percent
Disagree 39 73.6 73.6 77.4

Valid
Agree 12 22.6 22.6 100.0
Total 53 100.0 100.0
Management takes adequate and timely action to correct deficiency reported by the
internal audit function, financial and programmatic monitoring activities.

Percent
Disagree 39 73.6 73.6 77.4
Agree 11 20.8 20.8 100.0
Total 53 100.0 100.0
The company periodically evaluates business process such as cash management,

procurement etc…

Percent
Disagree 38 71.7 71.7 71.7
Neutral 1 1.9 1.9 73.6
Valid Agree 13 24.5 24.5 98.1
Total 53 100.0 100.0
Reports on significant failings or weaknesses are reported to management on a

timely basis

Percent
Disagree 32 60.4 60.4 66.0
Agree 14 26.4 26.4 100.0
Total 53 100.0 100.0

Azmera Mengesha Research Paper 2021_2

Uploaded by

Copyright:

Available Formats

Azmera Mengesha Research Paper 2021_2

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Azmera Mengesha Research Paper 2021_2

Uploaded by

Copyright:

Available Formats

ST.

ASSESSMENT OF INTERNAL CONTROL PRACTICE

BY: AZMERA MENGESHA

MISRAK TESFAYE (Asst. Prof.)

ADDIS ABABA, ETHIOPIA

ASSESSMENT OF INTERNAL CONTROL PRACTICE

A THESIS SUBMITTED TO ST. MARY’S UNIVERSITY SCHOOL OF

BY: AZMERA MENGESHA

ADDIS ABABA, ETHIOPIA

ASSESSMENT OF INTERNAL CONTROL PRACTICE

BY: AZMERA MENGESHA

APPROVED BY BOARD OF EXAMINERS

NAME: Azmera Mengesha

Advisor: Misrak Tesfaye (Asst. Prof.)

ST. MARY’S UNIVERSITY

Table 3.1 Reliability Test ....................................................................................................... 24

Table 4.1 Socio-Demographic Characteristics of the respondents ................................... 26

Table 4.2 Descriptive statistics of Control Environment .................................................. 28

Table 4.3 Descriptive statistics of Risk Assessment ............................................................ 30

Table 4.4 Descriptive statistics of Control Activity............................................................ 32

Table 4.5 Descriptive statistics of Information and Communication................................ 34

Table 4.6 Descriptive statistics of Monitoring .................................................................... 36

COSO: Committee and Sponsoring Organizations

IC Information and communication

INTOSAI International Organization of Supreme Audit Institutions

SPSS Statistical Package for the Social Sciences

Internal control system is a processes aimed at ensuring the achievement of an

1.1. Background of the study

1.2. Background of the organization

Internal control system is a process designed and affected by board of directors,

1.4. Research Questions

The study addresses the following research questions.

1.5. Objective of the study

1.5.1. General objective of the study

1.5.2. Specific Objectives

The specific objectives of the study are:

 To assess the control environment that affects internal control system;

1.6. Significance of the study

1.7. Scope of the study

1.8. Limitation of the study

1.9. Organization of the Paper

2. REVIEW OF RELATED LITERATURE

2.1. Theoretical Literature Review

2.1.1. Definition of Internal Control

2.1.2. Importance of Internal Control System

It is a process affected by management designed to provide reasonable assurance regarding

2.1.5. Types of Internal Control Systems

2.1.5.2. Detective Controls

2.1.5.3. Corrective Controls

Corrective control is procedures a company uses to solve or correct problem. An example of

2.1.6. Components of Internal Control

2.1.6.1. Control Environment

Control environment: Is the major aspect of managing an organization this is because is a

2.1.6.2. Risk Assessment

2.1.6.3. Control Activities

2.1.6.4. Information and Communication

2.1.6.5. Monitoring Activities

Monitoring is the assessment of internal control performance over time; it is accomplished by

2.1.7. Internal Control Systems Effectiveness

2.2. Review of empirical Studies