Impact of Internal Control Systems on Performance of Universal Banks: Evidence from Ghana

What could be panacea to the global failures and crises that the banking industry is experiencing over the years? Is it the case that the growth and development of financial institutions are dependent on the effectiveness and efficiency of its internal controls? Are the problems at the banking sector ema-nating as a result of control systems that are not effective? These have been a few questions that both scholars and practitioners have been seeking answers to. This study, therefore, sought to examine the impact of internal control systems on the performance of universal banks in Ghana. The study employed quantitative research approach. Questionnaire was used to collect data from 160 respondents from 20 branches of universal banks in Ghana. Data processing was done using SPSS version 21, and the analytical tool used was regression analysis.

in August, 2018 to take over five struggling banks (Sovereign Bank, Royal Bank, The Beige Bank, Construction Bank and Unibank) in the country is another problem on the government. Government had to make GH₵450 million available for the Consolidated Bank as starting capital. An effective internal control system is the nerve centre of every organisation, the breakdown of which leads to the failure of organisations. Internal control is a crucial aspect of an organisation's governance system and ability to manage risk.
According to Kwayie (2015), the growth and development of financial institutions are dependent on the effectiveness and efficiency of its internal controls.
Meanwhile, control systems that are not effective can result in ineffective operations and can finally lead to losses (Amissah, 2017). For example, Kwayie (2015) reported that a private security man who worked with Ghana Commercial Bank (GCB) stole more than GH¢3 million belonging to the Market Circle Branch of GCB in Takoradi. Also arrested was another employee of GCB, the official responsible for operating the ATM system. It was realised that the closed-circuit camera did not cover that part of the banking hall. Andani (2008 as cited in Kwayie, 2015) claimed that, there is an increasing fraud in the Ghanaian business circles; therefore, vigilance is needed to prevent it through good internal controls.
Internal Control Systems (ICS) play a very crucial role in enhancing the performance of institutions (Ahiabor & Mensah, 2013). Hence, many studies have strived to evaluate the consequence of ICS on the performance of organisations (Ejoh & Ejom, 2014;Muraleetharan, 2011;Noel, 2010;Oyoo, 2014;Simangunsong, 2014). Even so, some of these studies were limited in scope in terms of choice of ICS dimensions or dimensions used. For example, Noel (2010) and Ayagre et al. (2014) used two components, while Mawanda and Oyoo employed three out of the five main dimensions proposed by Committee of Sponsoring Organisation (COSO) framework of internal control systems. For decision making purposes, their findings were not comprehensive as they had weaker R-square.
COSO posited that for ICS to be effective, all five the elements must work together in an inter-related and coordinated manner.
Additionally, some of the existing studies (example include Dineshkumar & Kogulacumar, 2013;Chebungwen & Kwasira, 2014;and Ejoh & Ejom, 2014) Gyebi and Quain (2013), Nkuah et al. (2013), Oscar-Akotey et al. (2013) and Boadi et al. (2013) were geared toward companies other than those in the Ghanaian banking sector. Again, the very few works geared towards the banking industry in Ghana, including Kwayie (2015); Amoateng (2017) Furthermore, most of these studies (example: Kwayie, 2015;Amoateng, 2017;Essuman, 2016) only concentrated on savings and loans institutions, and credit unions. The few (e.g., Owusu-Boateng et al., 2017;and Ayagre et al., 2014) that used universal banks were only interested in how ICS were and how they could help to prevent fraud. The implication of the above discussions is that a gap exists in the literature concerning the effect of ICS on the overall performance of banks in the Ghanaian banking industry. This is due to the fact that notwithstanding the crucial role of internal controls in the performance of organisations, there is no known study that has looked at the influence of ICS on the performance of universal banks. Thus, in a bid to fill these gaps and add to the existing body of knowledge, this study assessed the impact of the five elements of internal control systems on the performance of universal banks in the banking sector of Ghana.

Internal Control Systems
According to Hopkin (2012), internal control systems denote the combined methods, plans and procedures which safeguard the assets of a firm to improve financial and operational performance as well as foster observance of policies that are prescribed. It is a set of organisational procedures and policies that ensure that all transactions are processed in the proper way in order to avoid theft, waste and misuse of an organisation's resources (Ndungu, 2013). Correspondingly, a number of authorities such as International Organisation of Supreme Audit Institutions (INTOSAI, 2004), Kaplan (2008) and COSO (2013) are of the view that internal control systems are processes put in place by the management, board of directors and other personnel of an entity, to offer reasonable assurance as regard the realisation of organisational objectives.
INTOSAI (2004), Kaplan (2008) and COSO (2013) description focused on a risk-based approach to internal controls by adopting controls covering the company's entire range of activities or operations, and not just those directly re-Journal of Financial Risk Management lated to financial reporting (Moeller, 2013). A critical evaluation of the above definitions and descriptions point out that the purposes of internal controls are to enhance better operational efficiency and financial reporting of organisations (COSO, 1992). It is also evident from these definitions that internal controls affect all facet of an organisation and is therefore thought of as the responsibility of management, board of directors and other personnel in an organisation (Adams, Grose, Leeson, & Hamilton, 2004).
The framework for internal control systems developed by COSO (1994) claims that every sound system of internal control must have five components namely: control environment, risk assessment, control activities, information and communication and monitoring of internal control. According to Pickett (2010), these components interact among each other, forming an integrated system that reacts dynamically to changing conditions. In essence, the internal control systems are intertwined with the entity's operating activities and are fundamental to the successful operation of the enterprise (Steinberg, 2011). This framework has been an illustrious framework of internal control and has been adopted by several organisations, including the World Bank and World Health Organisation. Hence, in order to have a comprehensive finding all the five elements are considered in this study.

Organisational Performance
The term performance was sometimes misunderstood to be productivity. According to Ricardo and Wade (2001), there is a difference between performance and productivity; productivity is a ratio depicting the volume of work completed in a given amount of time while performance is a broader indicator that could include productivity as well as quality, consistency and other factors. In result-oriented evaluation, productivity measures were typically considered. Adenuga (2011); and Ricardo and Wade (2001) argued that performance measures could include result-oriented behaviour (criterion-based) and relative (normative) measures, education and training, concepts and instruments, including management development and leadership training, which were the necessary building skills and attitudes of performance management.
Previous research had used many variables to measure organisational performance. These variables include profitability, gross profit, Return-On-Asset (ROA), Return-On-Investment (ROI), Return-On-Equity (ROE), Return-On-Sale (ROS), revenue growth market share, stock price, sales growth, export growth, liquidity and operational efficiency (Gimenez, 2000). Although the importance of organisational performance is widely recognised, there has been considerable debate about both issues of terminology and conceptual bases for performance measurement. No single measure of performance may fully explicate all aspects of the term.
The definition of organisational performance has included both efficiency-related measures, which relate to the input/output relationship, and effec-  (Quartey, 2012). Additionally, performance has also been conceptualised using financial and non-financial measures from both objective and perceptual sources (Adenuga, 2011). Hence, from this few literature reviewed, the term "performance" should be broader based which include effectiveness, efficiency, economy, quality, consistency behaviour and normative measures (Ricardo & Wade, 2001;Quartey, 2012).

Internal Control Systems and Organisational Performance
Empirically, the positive relationship between the COSO internal control systems variables and performance is not quite clear. Muraleetharan (2011)  To augment the findings of Muraleetharan (2011) and Njeri (2014), results from Europe on the study of enterprise risk management and performance have shown a negative relationship between high levels of enterprise risk management and performance (Eikenhout, 2015). Per these findings, the relationship between the elements of internal control and performance is not quite clear. To add to the foregoing discussion, the literature on ICS lacks studies on the conditions of ICS and performance as well as differences in the components of internal control systems.

Conceptual Framework
Based on the overall review of related literature, the following conceptual model in which this specific study is governed was advanced. As illustrated in the literature, ICS has significant influences on organisational performance. Organisational performance has been taken as dependent variable while ICS as independent variable. In the independent variable, ICS includes five dimensions based on COSO internal control framework namely; Control Environment, Risk Assessment, Information and Communications, Control Activities, and Monitoring.
Performance, the dependent variable, is centred on a multi-dimensional performance indicator known as the building block model developed by Fitzgerald and Moon (1996). These performance indicators consist of; return on asset, liquidity, customer base, quality of service, flexibility, resource utilisation and innovation. The relationship of the variable for this study is referred to as follows in Figure 1. Journal of Financial Risk Management

Methods
The approach of the study was a quantitative. Through the use of questionnaire, The DEO (2014) instrument was based on variables in COSO, 2013. The segment on performance was also adopted from Fitzgerald and Moon's (1996) measures for measuring performance in the service industry.
The questionnaire comprised 32 items grouped under the two main sections (i.e., Section A-B). Section A comprised five-sub sections (AI-AV), which measured the internal control systems. Section BI measured the control environment and comprised nine items while section AII, AIII and AV measured the risk assessment, information and communication system and monitoring control systems respectively and they were made up of four items each. Section AIV consisted of five items measuring control activities. Section B gathered information on the performance of the various banks and it was made up of six items. All the variables were measured on an interval scale of 1 -5, where 1 was the least and 5 being the highest.

Measuring Reliability of the Instrument
Reliability of an instrument indicates how free the instrument is from random error or the extent to which the scale produces consistent results if repeated measures are taken (Pallant, 2013). Cronbach Alpha which measures internal consistency was used and it measures the degree to which all items on a scale measure an underlying construct (Pallant, 2013). The rule is that individual consistency reliability should be 0.7 or higher. The Cronbach alpha output for the variables is displayed in Table 1.  Table 1 signify that all the constructs were reliable and could be used in this study.

Data Analysis
Data was processed using software SPSS version 21 and the analytical tool used was multiple regression analysis. This is because regression analysis is used for testing effects/impacts among variables. The indicators for each of the five dimensions of internal control systems (Control Environment, Risk Assessment, Information and Communications System, Control Activities, Monitoring) were separately aggregated, and were used as the independent variables. The dependent variable, performance, included return on asset, liquidity, customer base, quality of service, flexibility, resource utilisation, and innovation as indicators. All these indicators were also aggregated into a single score and used as the dependent variable. Afterward, the independent variable was regressed on the dependent variable.

Results and Discussion
As indicated, the model encompassed ICS (which was made up of Control En-Journal of Financial Risk Management vironment, Risk Assessment, Control Activities, Information and Communication, and Monitoring) as the independent variable, and Organisational Performance as the dependent variable. Assessment was based on the beta (β) values, partial correlation values (R), coefficient of determination (R 2 ) and the corresponding significant levels (p-values). The conventional alpha level of 0.05 was adopted. The findings from the regression analysis are presented in Table 2.  Gray (2013), is also a signal of goodness of fit of the data. Generally, the higher the R-Square value, the better the fit. So, the R-Square of 0.628 implies that the model specified better fits the data. The result from the Durbin-Watson of 1.845 also indicates that there is no autocorrelation among the residuals in the regression model. This is because the Durbin-Watson statistics is greater than 1.5 and less than 2.5 which is the accepted benchmark of the test tool (Gray, 2013). The F-statistic tests the joint significance of the independent variable in explaining the dependent variable. In this analysis, the p-value of the F-statistic is well below 0.05 (p < 0.000). Therefore, it can be concluded that the R and the R 2 between the internal control systems and the performance of universal is statistically significant. Journal of Financial Risk Management The implication as submitted by Tabachnick and Fidell (2019) is that the independent variables (control environment, risk assessment, control activities, information and communication, and monitoring) collectively, significantly predict or explain the dependent variable, performance of universal banks. This result affirms the findings of Muraleetharan (2011). Muraleetharan explored the impact of internal controls on financial performance of organisations in Jaffina district, Sri Lanka. The study found that internal control is statistically significant in predicting performance.
From Table 2, the statistics of the standardised betas for the internal control variables are as follows: control environment (0.132), risk assessment (0.280), information and communications systems (0.323), control activities (−0.084), and monitoring (0.266). The statistics shows that information and communication systems had the largest standardised beta while control activities had the smallest standardised beta. It implies that information and communication systems make the strongest unique contribution to predicting performance, when the variance described by all other variables in the model is controlled. Also, control activities make the lowest exclusive contribution to explaining performance, when the variance explained by all other variables in the model is controlled.
Regarding the partial correlation (R) values in Table 2, information and communication systems was the dimension most associated with performance (R = 0.327), although moderate/average. The implication is that, universal banks that maintained effective information and communication systems procedures were on the average, likely to perform. Risk assessment (R = 0.285) and monitoring (R = 0.247) were also weakly associated with performance. The association with performance were very weak for control environment (R = 0.115) and control activities (R = −0.071), albeit very weak and negative for control activities. However, in general, there was a positive association (R = 0.792) between internal control systems (ICS) and performance of universal banks. The finding is consistent to the result of Mawanda (2008) who found that ICS positively influence performance in an institution of higher learning.
Again, Table 2 depicts that although some of the internal control system dimensions contribute to the prediction of the performance of universal banks, control environment and control activities showed otherwise. Concerning risk assessment, the variable had a positive unstandardized beta coefficient of 0.286 and it was statistically significant at 0.1% level of significance. The reason is that the p-value of risk assessment (0.000) is lesser than the alpha value (0.001).
Therefore, the study found that risk assessment is one of the internal control variables that significantly influence the performance of universal banks in Ghana. This confirmed the model in the conceptual framework and the results of Njeri From the results, the part correlation coefficient of risk assessment is 0.181. A square of 0.181 is 0.0328 indicating that risk assessment uniquely explains about 3.28 percent of the variance in performance. The positive coefficient of risk assessment means that the more a universal bank undertakes risk assessment activities, the more it is likely for that bank to improve its performance. The result obtained is consistent with the findings of Siayor (2010). In Siayor's attempt to discover how the internal control system and risk management affects the financial performance of DnB NOR ASA, a Norwegian financial services group, they found that a strong internal control and risk management systems enhanced DnB NOR ASA's profitability and performance as a whole.
Another covariate that was included in the regression model to predict employee performance was information and communication system. From Table 2, the respective t-value is bigger than 1.96 indicating the coefficient is significant.
That is, the selected banks have at least an averagely good information and communication system mechanism (B = 0.373): this value tells that for every unit effective information and communication system mechanism that the banks put in place, organisational performance will increase by 0.373 units implying that, information and communication system affect universal banks' perfor- Monitoring had a positive unstandardized coefficient and it was statistically significant at 1% level of significance. This is because the p-value of monitoring (0.002) is lesser than the alpha value (0.01). Therefore, the study found that

Conclusion and Recommendation
From the findings, it is concluded that the performance of universal banks in terms of; return on asset, liquidity, customer base, quality of service, flexibility, resource utilisation and innovation will increase if management of such banks have defined appropriate objectives for the organisation; identify risks that affect achievement of the objectives; management has criteria for ascertainment of which fraud-related risks to the organisation are most critical; and management has put in place mechanisms for mitigation of critical risks that may result from fraud. Again, based on the findings on the effect of information and communications system on performance of universal banks, it is concluded that if management of universal banks identifies individuals who are responsible for coordinating the various activities within the entity; all employees understand the concept and importance of internal controls, including the division of responsibility; communication within those banks helps to evaluate how well guidelines and policies of the organisation are working and being implemented; and the reporting system on organisational structures spells out all the responsibilities of each section/unit in the organisation, performance of such banks will increase.
Pertaining to the finding on the effect of monitoring on performance of universal banks, the study concludes that universal banks that have independent process checks and evaluations of controls activities on on-going basis; have internal reviews of implementation of internal controls in units conducted periodically; where management has assigned responsibilities for the timely review of audit reports and resolution of any non-compliance items noted in those audit reports, performance of such universal banks in terms of; return on asset, liquidity, customer base, quality of service, flexibility, resource utilisation and innovation will increase.
Based on the key findings, we recommend that universal banks adopt different risk assessment procedures through the use of risk identification measures that fit their contingency characteristics. This will help improve the effectiveness of their risk assessment procedures and boost performance levels. They should strengthen their information and communication systems by generating quality information to support the other components of internal control. This will render the other components of internal controls effective and improve performance. Finally, the universal banks should pay attention to monitoring through providing independent process checks and evaluation of control activities on on-going basis and ensuring internal reviews of implementation of internal controls in units are conducted periodically.

Conflicts of Interest
The authors declare no conflicts of interest regarding the publication of this paper.