AN APPRAISAL OF INTERNAL AUDITING AS BASIS FOR

PREVENTION OF ERRORS AND DETECTION OF FRAUDS IN

NIGERIAN BANKS: A CASE STUDY OF GUARANTY TRUST

BANK

BY

MACAULAY ONYEKA .J.

MATRIC NO: 10/0419

CHAPTER TWO

1
 CHAPTER TWO

LITERATURE REVIEW

2.0 INTRODUCTION

HISTORICAL BACKGROUND OF AUDITING

The role of the auditor goes back many hundreds of years. There are records from ancient

Egypt and Rome, showing that people were employed to review work done by tax collectors and

estate managers. In medieval Britain, an independent auditor was employed by the feudal

Barons to ensure that the returns from tenant farmers accurately reflected the revenues received

from the estates. The auditors read out their findings, hence the word ‘auditor’. The emphasis

was very much on the detection of fraud and other irregularities. Thus, although the emphasis

has changed and the role of the auditor become much more sophisticated, the concept of auditing

is by no means a modern one.

In the ancient times auditors listened ot oral report of responsible official (bankers) to

owners. Their having authority as verifiers of official reports evolved to include the verifying of

written records. By A.D 1500 double entry book keeping had evolved to the point of being

documented by Luca Pacioli of Italy In the first known book of accounting. Pacioli also

recommended that the accounting records be verified by the auditors.

By the early 19th century, auditors acting as independent outside experts were frequently called

upon to investigate and report on business.

Modern auditing began in 1844 when the British parliament passed the joint stock

companies act which for the first time required that corporate directors reports to the

shareholders via an audited financial statement, the statement of financial position. In 1844, the

2
auditor was required neither to be an accountant nor to be independent but required as

independent auditors.

The first public accountant organization was the society of accountant in Edinburgh

organized in 1854, and Scotland and England, it later became the institute of chartered

accountant it was organized in 1871 various in towns.

Following the British precedents, the first legislation in Canada was the Ontario

corporation act of 1907. This was followed by the federal corporation act of 1997 until 1930

Canada practice followed the British model focusing on the procedures of largely relieving

internal evidence.

After the 1929 stock market crashed and great depression of the1930’s, Canada practice

was greatly influenced by the development in the united states.

The United states securities acts of 1993 and 1934 created Securities Exchange Commission

(SEC), which regulated the major stock exchange, it required firms to issue audited income

statement as well as statement of financial position. In addition, because of the earlier problem

with misleading finance report of the 1920’s. The emphasis switched to fairness of presentation

of these financial statements and auditors role was to verify the fairness of presentation. The

increase in volume of trading operations has a material effect on the practices of auditing but the

audit of business accounts didn’t become common until the 19th century, Adeniji, (2004)

Audit practice today can be conveniently divided into two main areas which are

“statutory” and “private”. The former category arises under Successive Company’s Act, as a

result of which it has become a statutory obligation for every limited company, to have a duly

qualified auditor. Adeniji, (2004)

3
BRIEF HISTORY OF INTERNAL AUDITING

Understanding the evolution of internal audit is important because the old image still exists to

some extent for modern internal auditors. K. H. Spencer Pickett , a noted author in the field of

internal audit, has identified the following stages in the evolution of modern internal audit:

AS A SIBLING OF EXTERNAL AUDIT

In the initial stages, internal audit began as an extended arm of an external/statutory audit

of financial statements. The main, but rather restricted, function of the internal audit at this stage

was verifying the reliability of the financial information included in the financial statements. The

internal audit function in this stage of evolution could not understandably add much value to

functioning of the entity.

AS A CROSS CHECK

In this stage of its evolution, internal audit was also required to test nonfinancial

information and transactions in terms of their correctness and compliance with the laid down

policies and procedures.

AS A PROBITY POLICE

At this stage of its evolution, the internal audit came to be more concerned about the

probity aspects of the transactions especially those involving liquid and highly movable assets

such as cash, stocks, etc.

AS A NON FINANCIAL SYSTEMS POLICE

As the global economy surged forward full steam, the need for having a full fledged,

strategically directed internal audit emerged as an inevitable service that could assist

4
management in decision making, moving away from being merely a police on financial

transactions. Thus, emerged the modern internal audit where the latter was established as

a separate function, in house or outsourced, with clearly laid down missions and objectives

to be achieved. As of today, internal audit undeniably is the backbone of a sound corporate

Governance system.

2.1 CONCEPTUAL FRAMEWORK

2.1.1 AUDIT

Okoye (1994) revealed that the word “Audit” comes from the Latin word “audire”

meaning “He hears”. This is because in ancient times the account of a noble man in control of an

estate or domain was checked by having them read out to him by his steward. Today audit refers

to a different process embodied in an audit report, addressed to interested parties to whom the

auditors are responsible under the statute.

Accountants in recent times have reiterated the need for functional internal audit

department in organizations. Commenting on the objectives of internal audit, Mill Champ

suggested that it makes economic sense to reduce the work of the external auditor by relying on

the work of the internal auditors.

Holmes and Burns (1995) contended that the objectives of internal auditors are to assist all

members of management in the effective discharge of their responsibility by furnishing them

with analysis appraisals, recommendations and pertinent comments concerning the activities

reviewed. Again, commenting on the objectives of internal audit department, Holmes stated that

the department is concerned with the control of transactions and operations, and with the

improvement of accounting methods from the point of view of efficiency. In their own

attestation,

5
 Join Gray and Start Manson stated that the objectives of internal auditing are to assist

members of the organization in the effective discharge of their responsibilities. They went further

to say that to this end, internal auditing furnishes them with analysis, appraisals,

recommendations, counsel and information concerning the activities reviewed.

Holmes and Burns, in their own contribution, further contended that the responsibilities of

internal auditing encompass the following:

i. To inform and advise management promptly and adequately to discharge this responsibility in

a manner that is consistent with the code of ethics of the institute of internal auditors.

ii. To co-ordinate activities with others so as to achieve audit objectives of the organization.

Okoye (1998) in his book stated the role of internal auditors as:

i. To make credible, financial statements of the organization.

ii. To report on the property of actions by management and other persons in a position of

trust.

iii. To provide spin-off effects which included deference of fraud and error by the simple

existence of his role and the availability of his expert advice?

For the functions, roles and responsibilities to be successfully accomplished, the internal audit

department needs to operate within some frame work or guideline.

Stetter (1975) recognized that the accounting system that produces the financial and operating

information to be reported is the key factor of the account and reliability of the end results. As a

consequence, auditors are increasingly redirecting their accuracy of records.

6
For an independent audit to take place these must be well-planned internal control from which

information is gathered and recommendations based.

Stetter (1975) agreed that Internal control comprises the plan of organization and all of the co-

ordinate method and measures adopted within a business to safeguard its assets, check the

accuracy and reliability of its accounting data, promote efficiency and encourage coherence to

prescribed managerial policies.

The importance of internal control system in auditing is evidenced by the second standard of

auditing field work. Adikwu (1984) emphasized the importance of internal control and its role as

a preparatory ground for independent audit. Based on this he agreed that there is the need for a

proper study and evaluation of the existing internal control as a basis for reliance and for

determination of the extent to which auditing procedure are to be restricted.

2.1.2 Definition of Internal Auditing

The institute of internal Auditors (IIA), the organization that sets standards and governs the

internal audit profession, defines internal auditing as

“An independent, objective, assurance and consulting activity designed to add value and improve

an organization’s operations. It helps an organization accomplish its objectives by bringing a

systematic, disciplined approach to evaluate and improve effectiveness of risk management,

control and governance processes.”

Scope and Objective of Internal Auditing

According to Mayo BPP (1993: 211), the scope and objective depend upon the responsibilities

assigned to the internal auditor by the management, the size and structure of the enterprise and

the skills and experience of theinternal auditor.

7
Millichamp (2000), (Mainoma, 2007) and (Sani, 2009) identifies the common areas covered by

internal auditing which include among others; reviewing the internal control system with a view

to determining its adequacy and effectiveness, reviewing compliance with government

regulations and accounting rules and standards, checking compliance with policies and

procedures, safeguarding the asset of the organization so as to prevent and detect errors, frauds

and theft, appraising the effectiveness and efficiency in the use of resources, ensuring that the

goals and objectives of the organization are attained, making recommendations on improvement

in the operation of the organization and acting as in-house consultant on control matters.

Millichamp (2000) identifies the following as the essential elements of internal audit;

independence, staffing, training, relationship, due care, planning, controlling and recording,

system control, evidence, reporting. It can be seen that without such essential element, no way

the internal audit can perform their duties effectively.

Benefit of Internal Audit

The benefits that may be derived in establishing internal audit are numerous. Tijjani (2003)

observes that the setting up of an efficient and effective internal audit department involves huge

cost in form of salaries for personnel, stationery, travel allowances and other departmental

overhead cost. But if analyzed critically, the benefits of an internal audit unit to an organization,

be it private or public, outweighs the cost of its maintenance. Some of the benefits that may

accrue to organizations with good internal audit departments include among others; improved

efficiency shall accrue from investigations and reports of the internal audit department, the

existence of internal audit creates control, which acts as a deterrent to inefficiency, waste and

fraud, the internal audit department serves as a ‘pool’ from which high calibre staff can be

seconded to other units within the organization to fill management positions, the work of the

8
external auditors is made easier, training and experience acquired by internal auditors on the job

combine to provide a secure foundation for career advancement. From the above contribution it

can be seen that the benefit of internal audit outweigh the cost of maintenance, if utilized

properly.

ATTRIBUTES OF INTERNAL AUDIT

Some basic attributes that are required of internal audit to be able to perform effectively on

decision making processes and policy formulation of an organization includes:

1. Independence- The internal audit functions must be independent of day to day operations.

The head of the internal audit department should report directly to the chief executive

officer, who should oversee the internal audit function.

2. Staffing – The internal audit must have adequate staffing interms of the number,

qualification and experience. An effective internal audit requires the services of the

professional who are versatile in the field of accounting, finance, economics, financial

environment in the modern world is very complex, computer skill is therefore part of the

required knowledge of auditors.

3. Due care- Millichamp (2000) an auditor should behave as his external counterpart in

terms of skills, care and judgement. He should be up to date technically and have

personal standards of knowledge, honesty, probity and integrity much as external auditor.

4. An appraisal activity- the job of an internal auditor is to appraise the activities of others

and not to perform a specific part of data processing.

5. Training – it is quite essential that all internal audit staff are well trained so that they can

be current in morden methods and technique required of the profession.

9
2.1.3 DUTIES OF AN AUDITOR

COMPANIES & ALLIED MATTERS ACT 1990 ( SEC 361)

The companies and allied matters act 1990 as amended in 2004 stipulates that the duties of the

auditor include the following:

1. It shall be the duties of the companies auditor in preparing their report to carry out such

investigations as may enable them to form an opinion as to the following matter whether;

 Proper accounts are kept and adequate returns made from branches not visited by them

 The company’s statement of financial position and its income statement, if not

consolidated are in arrangement with accounting records and returns.

 All information and explanations needed have been received from directors, management

and staff

 The auditors have unrestricted access to all records and books

2. Where proper accounting records have not been received from branches not visited or

statement of financial position and income statement not in agreement should be stated in

the auditors report.

3. Auditors should have access at all times to the company’s books, accounts and vouchers

and require from the company’s office such information and explanation as he deems

necessary.

4. Auditors should consider whether the information given in the directors report for the

year for which the account and if they are of the opinion it is not, then state the fact in

their report.

10
2.1.4 FRAUD

Fraud, according to Adeniji (2004:354) and ICAN (2006:206), is an intentional act by one

or more individuals among management, employees or third parties, which results in a

misrepresentation of financial statements. Fraud can also be seen as the intentional

misrepresentation, concealment, or omission of the truth for the purpose of

deception/manipulation to the financial detriment of an individual or an organization which also

includes embezzlement, theft or any attempt to steal or unlawfully obtain, misuse or harm the

asset of the organization (Adeduro, 1998 and, Bostley and Drover 1972). Fraud has increased

considerably over the recent years and professionals believe this trend is likely to continue.

According to Brink and Witt (1982), fraud is an ever present threat to the effective utilization of

resources and it will always be an important concern of management.

ISA 240 ‘The Auditor’s Responsibilities to Consider Fraud in an Audit of Financial

Statement (Revised)’ refers to fraud as “an intentional act by one or more individuals among

management, those charged with governance, employees or third parties, involving the use of

deception to obtain an unjust or illegal advantage”.

Aderibigbe and Dada (2007) define fraud as a deliberate deceit planned and executed

with the intent to deprive another person of his property or rights directly or indirectly, regardless

of whether the perpetrator benefits from his/her actions.

Weirich and Reinstein (2000 cited in Allyne& Howard 2005), define fraud as

“intentional deception, cheating and stealing”. Some common types of fraud include creating

fictitious creditors, “ghosts” on the payroll, falsifying cash sales, undeclared stock, making

unauthorized “write-offs”, and claiming excessive or never-incurred expenses.

11
 Pollick (2006) regards fraud as a “deliberate misrepresentation, which causes one to

suffer damages, usually monetary losses”.

Albrecht et al (1995 cited in Allyne& Howard, 2005:287)classified fraud into employee

embezzlement, management fraud, investment scams, vendor fraud, customer fraud, and

miscellaneous fraud. Fraud also involves complicated financial transactions conducted by white

collar criminals, business professionals with specialized knowledge and criminal intent (Pollick

2006).

DIFFERENT TYPES OF FRAUDS

The 2008 Fraud Examiners Manual enunciated on the different types of fraud as:

 Financial statement fraud – Embezzlement, loan fraud and money transfer (wire)

 Assets Misappropriation – fraudulent disbursement.

 Bribery and corruption.

 Intellectual property – e.g. espionage.

 Cheque & Credit Card fraud – cheque cloning, cheque fraud ring (kite flying),

 Credit card fraud.

 Health care fraud – Employee claims fraud, Provider fraud, fraud by the Medical Staff,

inflated billings, collusion

 Securities fraud – Sales of shares of other people by fraudsters or Stock

 Broker, Securities swindles.

 Money laundering fraud

 Consumer fraud

 Computer fraud – Computer hacking, Electronic mail, Computer virus, Internet fraud,

Insider threats.

12
  Public sector fraud – False claims and Statements.

 Contract & Procurement fraud.

 Remote banking frauds e.g. on-line, telephone, call centre etc.

 Electronic payments fraud e.g. SWIFT, Wire, Internal transfer, Bill payment and Other

Electronic Funds Transfers (EFTS).

 Kiting – process of illegally benefiting from float e.g. by depositing and

 Drawing cheques between accounts at two or more banks.

- Debit Card fraud – compromise of ATM or Debit Card Pin, stolen

cards,Skimming and ATM trapping.

WHY FRAUD IS ON THE INCREASE IN THE FINANCIAL SECTOR

Poor adherence to internal control measures such as:

 Non-call over of transactions

 Poor record keeping

 Non-identification of payees of instruments

 Absence of dual control

 Wrong Staff placement/non rotation of duty

 Compromise of passwords or PIN

EFFECTS OF FRAUDS

 Mistrust among staff/low staff morale.

 Emotional trauma for innocent staff and fear in the hearts of the guilty.

 Customer service delivery will be adversely affected.

13
  Set back in the business of the customer whose account was defrauded until the

bank management approves restitution.

 Loss of man-hours during investigations.

 Erosion of public confidence which has made more cash to remain outside the

industry.

 Loss of hardworking, innocent staff involved by implication.

 Depletion of profit/reduction in shareholders’ funds.

 Distress, Distraction of management from their strategic roles.

CAUSES OF FRAUD

Several theories on fraud causation exist. Few ones have been summarized

Here under:

(1) Human Behavior – that crime is committed as a response to a person’s

circumstance/stimulus. Given free will to operate, one could be tempted to commit

fraud.

(2) For instance, an employee once used her employer’s credit card for personal purchases in

an emergency. When no one detected her action, the employee charged another N5, 000

in personal items to an uncle.

(3) Social Learning Theory – Believe that all people have the potential to commit crime if

they are exposed to certain circumstances.

(4) Routine Activity Theory – Certain people are motivated by greed, lust and other forces

inclining toward lawbreaking.

(5) Biological Theory – that criminal behavior is as a result of genetical traits – some are

‘born’ criminals.

14
 (6) Physiological Theory – is based on the view that criminal behavior is the product of

mental processes; an unconscious motivation to commit crime.

FRAUD PREVENTION

Fraud prevention and detection are related, but are not the same concept. Prevention

encompasses policies, procedures, training, and communication that stop fraud from

occurring, whereas, detection focuses on activities and techniques that promptly /timely

recognize whether fraud has occurred or is occurring. While prevention techniques do not

ensure fraud will not be committed, they are the first line of defense in minimizing fraud risk.

Meanwhile, one of the strongest fraud deterrents is the awareness that effective

detective controls are in place. Combined with preventive controls, detective controls

enhance the effectiveness of a fraud risk management program by demonstrating that

preventive controls are working as intended and by identifying fraud if it does occur.

Although detective controls may provide evidence that fraud has occurred or is occurring,

they are not intended to prevent fraud.

FRAUD DETECTIONAND FRAUD DETECTIVE CONTROLS

Having effective detective controls in place and visible is one of the strongest deterrents to

fraudulent behavior. Used in tandem with preventive controls, detective controls enhance a fraud

risk management program’s effectiveness by providing evidence that preventive controls are

working as intended and identifying fraud that occurs. Although detective controls may provide

evidence that fraud is occurring or has occurred, they are not intended to prevent fraud. It is

important that the organization assess and continuously monitor its fraud detection techniques to

help detect fraud that is occurring or has occurred.

15
 Organizations can never eliminate the risk of fraud entirely. There are always people who

are motivated to commit fraud, and an opportunity can arise for someone in any organization to

override a control or collude with others to do so.

Therefore, detection techniques should be flexible, adaptable, and continuously changing

to meet the various changes in risk. While preventive measures are apparent and readily

identifiable by employees, third parties, and others, detective controls are clandestine in nature.

This means they operate in a background that is not evident in the everyday business

environment.

Such techniques will usually:

 Occur in the ordinary course of business.

 Draw on external information to corroborate internally generated information.

 Formally and automatically communicate identified deficiencies and exceptions to

appropriate leadership.

 Use results to enhance and modify other controls.

Although every organization is susceptible to fraud, it is not cost-effective to try to

eliminate all fraud risk. An organization may choose to design its controls to detect, rather than

prevent, certain fraud risks, as approved by the board. If the estimated costs of designing,

implementing, and monitoring the controls against fraud – such as tools, personnel, or training –

exceeds the estimated impact of the risk, they may not be cost-effective to implement. For

example, a property and casualty insurance company may set threshold limits on the total of

losses paid plus those reserved on large policies to identify that fraud may be occurring, rather

than relying solely on the identification of fraudulent individual claims.

16
 Important detection methods include an anonymous reporting mechanism, (whistleblower

hotline), process controls, and proactive fraud detection procedures specifically designed to

identify fraudulent activity.

2.1.5 THE DIFFERENCES BETWEEN FRAUD AND ERROR

The main factor to distinguish between fraud and error is whether the basic actions that result in

a misstatement of the financial statements are intentional and unintentional. The term “fraud” is a

broad legal concept, but the auditors relating to fraud that causes a misstatement in the financial

statements.

Hence, ISA 240 (Redrafted-paragraph 11) identifies fraud as: ‘An intentional act by one or

more individuals in management which charged with governance, employees, or third parties. It

includes the use of deception to obtain an unfair or illegal advantage. According to ISA 240

(Redrafted), there are two types of fraud relating to the auditors, frauds was misstatements

arising from fraud in financial reporting, and misstatements arising from the appropriate

property. Differences from the fraud, “error” refers to an unintentional misstatement in financial

statements that including the omission of an amount or disclosure. ISA 240 (Redrafted),

paragraph 2 said: The different between fraud and error is whether the basic actions that result in

the misstatement of the financial statements are intentional or unintentional.The responsibilities

of fraud are more controversial than the error. Fraud may be related to the sophisticated and

carefully organized, designed to conceal fraudulent activities, for example forgery, intentionally

not record transactions, or the deliberate misrepresentations of the audit members. Conversely, to

more understand about error, it is necessary consider the effectiveness of internal control.

17
2.1.6 THE CONCEPT OF INTERNAL CONTROL SYSTEM

Oshisami (1993:50) defines internal control system as “the managerial functions of

defining and allocating responsibilities and identifying line of reporting that encompass all

aspects of operations for the attainment of corporate objectives of an organization”. The

objective of internal control system can be deduced from the definition of internal control system

The operational Auditing Guideline on internal control as cited in Shah (2004) and (Jenfa, 2002)

identifies some classification of internal control system which include among others;

organizational Control, segregation of duties, physical control, authorization and approval

Control, arithmetical and accounting controls, personnel controls, supervision control. This

shows that every internal control system most has the above component in order to ensure its

effectiveness.

INTERNAL CONTROL SYSTEM VIEWED AS AN AID TO EFFECTIVE AUDIT

Management has recognized internal control as a valuable tool in effectively carrying out

its responsibility and auditors have pressed for improvement in internal control in their effort to

be of assistance to their clients, as well as to permit reduction in audit work made possible by the

accounting records. The effect of auditing therefore is to reduce the need for routine mechanical

verification of book-keeping accuracy. It permits substitution of a less time consuming approach

that involves seasoned judgment and stresses such activities as reviews, analysis, evaluation and

statistical samplings. Most of the information needed by management about finances and the

progress of operations come from the accounting records. For the information to be of value, it

must be reliable, complete and available as quickly as possible and at the same time adhering to

policies and directives. Management is far removed from the scene of operation in a typical large

business organization and so personal supervision of employees is an impossible task. As a

18
substitute, management must rely on various control techniques to implement its decision and

goals, and to regulate the activities for which management has ultimate responsibility.

Internal control system is therefore a key factor in the effective management of public

sector setup. For achieving a good and effective internal control, the following must apply-

segregation of functional responsibilities, system of authorization, sound practice in the

performance of duties and functions of each of the organizational departments. Any breakdown

or weakness in internal control noted by the independent auditor in the course of examination

will be of considerable interest to management for remedying the conditions observed.

RELATIONSHIP BETWEEN INTERNAL AUDIT AND INTERNAL CONTROL

SYSTEM

The responsibility for ensuring that internal control is established in the organization lies

with management. The internal audit is supposed to be the custodian of internal control by

providing assurance to the management that the organization has put in place adequate and

effective internal control system, and must not hesitate to draw management’s attention to lapses

observed in the control. A good and viable internal control system increases operational

efficiency, thereby making it more difficult for the preparation of fraud (Mayo, 1993). The

International Auditing Guideline (IAG) 6, as cited in Dandago (2000:107) and (Daniel, 1999:33)

defines internal control system as “the whole system of control, financial and otherwise,

established by the management in order to carry on the business of the enterprise in an orderly

and efficient manner, ensure adherence to management policies, safeguard the assets and secure

as far as possible the completeness and accuracy of the records”. This definition reveals that the

internal control is established in order to enhance prudent management of resources and

transparency in the accounting process. Also effective internal control requires; appropriate

19
accounting procedure and system, division of duties i.e. separation of responsibilities, especially

those of authorization, regular verification of supervision of each person’s work by their

superior officers.

Oshisami (1993:50) defines internal control system as “the managerial functions of

defining and allocating responsibilities and identifying line of reporting that encompass all

aspects of operations for the attainment of corporate objectives of an organization”.

The System of Auditing Procedure (SAP) 33 of the American Institute of Certified

Accountants, as cited in Daniel (1999:43) defines internal control system as “the plan of

organization and all of the coordinate methods and measures adopted within a business to

safeguard its assets, check the accuracy and reliability of its accounting data, promote

operational efficiency, and encourage adherence to prescribed managerial policies”. The

adherence to prescribed managerial policies in order to promote operational efficiency

The above definition of internal control brings out, in clear terms that the internal

control extends beyond financial and accounting matters, on the custody of the organization’s

assets. In its broad sense, it includes all the controls operated by an organization to facilitate its

activities and improve its efficiency and productivity. It also includes all administrative controls

designed to effect, supervise and check management policies and strategies within an

organization such as organization and method, work study, production control, marketing, selling

and distribution, financial and accounting control.

The main objective of internal auditing is to provide assurance to the management that

the internal control system in the organization is sound in design and effective in operation. It

also helps to achieve value for money (Momoh, 2005).

20
 Okwoli (2004) also shares the view that the present requirement of internal audit is not

the detection and prevention of fraud and errors, but reviewing the system of internal control.

Normanton, as cited in Daniel (1999), emphasizes the importance of internal audit by

saying that “without audit, no accountability; without accountability, no control; without audit,

no efficiency; without efficiency, no development.

INTERNAL CONTROL MEASURES /STRUCTURE IN DETECTING AND

PREVENTING FRAUDLENT ACTIVITIES.

When the results of risk assessment indicate the likelihood of financial statement fraud, auditors

should ensure that the internal control system is adequate and effective in preventing, detecting

and correcting such fraud. When the internal control risk is considered to be high, indicating the

failure of internal controls to prevent and detect risk, auditors should rely on their own test

procedures to detect financial statement fraud. The degree of internal control risk would

determine the extent, timing, and nature of audit procedures performed to discover financial

statement fraud.

Management is responsible for establishing, maintaining, monitoring the internal control

structure, and reporting on the effectiveness of ICFR. The COSO report defines internal control

as:

“A process, affected by an entity’s board of directors, management, and other personnel,

designed to provide reasonable assurance regarding the achievement of objectives in the

following three categories:

 Effectiveness and efficiency of operations

 Reliability of financial reporting

21
  Compliance with applicable laws and regulations

Internal control structure that help preventing, detecting and correcting financial statement fraud

include:

 Commitment from the top management team

 A control environment reflected in the structure, functions, and risks of the company

 Control activities designed to achieve the control objectives of enhancing reliability of

financial reporting, improving effectiveness and efficiency of operations and promoting

compliance with applicable laws and regulations

 Continuous and periodic monitoring to ensure the adequacy and effectiveness of the

internal control structure

 Proper implementation of control activities and enforcement of control policies and

procedures.

2.1.7 WHAT DOES INTERNAL AUDIT DO AND NOT DO?

Internal audit is a department, independent of line management, whose prime

responsibility is to review the quality and effectiveness of the controls within the banks to

manage and mitigate risk and protect the assets of the bank. In performing this work Internal

Audit provides recommendations and advice to management onmatters requiring attention.

Internal audit will normally produce an annual plan of work to be performed, concentrating on

areas of higher risk. Structured timetables and work programmes (e.g. audit programmes) will

22
then be designed for each assignment. At the end of each review, an audit report will normally be

prepared for senior management attention and action. Ad hoc assignments may also be

performed at the request of senior management where problems or irregularities require further

investigation.

Further, there are real advantages in ongoing Internal Audit involvement in major projects,

including systems developments. In this way audit concerns can be addressed up-front and action

taken before the problem becomes too entrenched.

To maintain complete independence, Internal Audit is not responsible for performing or

authorizing any of the day-to-day tasks which enable the bank to operate. Nor is it directly

responsible for the implementation of any new initiatives, even where these arise as a result of

audit recommendations. Internal Audit should, however, be prepared to offer advice, cooperation

and practical assistance to line management whenever possible.

2.1.8 THE ROLE OF INTERNAL AUDIT IN BANK MANAGEMENT AND

ORGANISATIONAL CONTROL

Banks are generally known to be entrusted with public funds and resources with the

freedom to employ these resources in a judicious manner so that the funds placed at their

disposal are readily available upon demand. To ensure such resources are reliably employed, the

Banks and Other Financial Institutions Acts (BOFIA, 1991) mandates each bank to render

monthly returns to the Central Bank to ensure effective monitoring of their activities by the

regulatory authority.

With the rapid growth in the balance sheet size of banks and the setting up of numerous

branches, particularly as a result of the consolidation exercise, the need arises for administrative

and operative authority to be delegated downwards to ensure rapid and efficient services to the

23
public. Since such delegations by the Management are without abdication, the Executive

Management, therefore, rely largely on the Chief Inspector to ensure effective monitoring of day

to day activities of all units of the organization. From the regular information/data provided by

the Internal Audit, management will be in a better position to consider necessary review of

internal control measures and systems.

The control measures are in form of clearly set out rules designed to direct and monitor the

affairs of the organizational control, and these are:

 Planning,

 Monitoring and

 Corrective Policy

Planning is based on sound objectives for the organization as a corporate body.

Monitoring basically involves comparison of laid down rules and regulations to the finding

from the examination of operations be it in a Branch, Head Office, Department or Regional

Office.

Corrective Policy: The days of laborious ticking and vouching have gone and the fine-

tuned approach nowadays being enforced by the Internal Audit as a form of effective

organizational control is to reduce the volume of paper work arising from auditing to the barest

minimum. This is achieved through very constructive criticism and on-the-spot corrections of

purely routine errors and irregularities.

WHAT IS THE ROLE OF THE AUDIT COMMITTEE?

The Audit Committee is responsible for reviewing and approving the Internal Audit work plans

and for ensuring that appropriate action is taken by management on the audit matters raised. It

24
will also review there source requirements of internal audit and, at a high level, the quality of

work performed. Audit Committees will similarly act as a reporting point for external auditors.

Audit Committees typically comprise around 4 non-executive directors with a requirement for

senior executives to attend as required. The Committee would normally meet up to 4 times a

year, or as needed.

2.1.9 HOW INTERNAL AUDIT LINK WITH EXTERNAL AUDIT AND THE

FUNCTIONS OF THE INTERNAL AUDIT DEPARTMENT

The role of the external auditors is to express an opinion on the financial statements of

the bank. They are also, increasingly, required to express opinions to regulators on the quality of

critical areas of banks’ risk management processes and controls. In both of these areas of

responsibility, the external auditor will need to place reliance on the work being performed by

internal audit. It is therefore of paramount importance that internal and external audit maintain a

regular, constructive dialogue on all aspects of audit planning, coverage and areas of concern,

whilst seeking to avoid duplication of effort.

The internal audit department maintains internal operational surveillance on a daily basis

as the transactions are being carried out i.e. on-line, real-time surveillance, including call-over of

previous day’s transactions for authentication.

Internal audit department performs a number of functions in an organization. These

functions also prove to be equally valuable in non-profit oriented organization. An internal audit

function should exist separate and distinct from the work of the control group in the data

processing department since the internal auditors are interested in evaluating the overall

efficiency of data processing operations and the related internal control.

25
 The internal auditor should participate in the design of the data processing system to ensure

that the system (information technology) provides a proper audit trail and included adequate

controls. Among other things, the internal auditors will try to determine that no changes are

made in the system without proper authorization, ensure that programming personal are

functionally separate from computer operating personnel, ensure that adequate documentation is

maintained, input controls are functioning effectively, and that the control groups are performing

their assigned functions. The chief internal auditor has to lay down rules and procedures that will

guide the performance of their duties and also control the department. He has to provide an

outline for those under him to know how they should execute their assigned functions

accordingly. This outline is known as audit plan.

Audit plan may be described as a statement of objectives or targets to be attained by the

department of internal audit in future, together with an outline of the steps necessary to attain

each of them. Audit plan prepared in the planning stages of the engagement, usually include such

matters as the objectives of the engagement, nature of the work to be done, a time schedule for

major audit work and completion of the engagements and staff requirements.

2.2 THORETICAL FRAMEWORK

Oseni’s (1994) findings reveal that an effective internal audit function reduces overheads,

identify ways to improve efficiency and minimize exposure to possible losses.

According to Lav (2004), the internal audit provides an independent and objective appraisal

of activity for management.

26
 Katz (2002) summarizes the core activities of the internal audit as analysis of data,

recommendation, counsel and information activities. He argues that these activities operate to

accomplish the mission of banking, currency management, and customer service.

Young (2005) finds out that the internal audit functions assist management in achieving

bank’s financial and operating goals by evaluating controls, identifying weaknesses, and

providing recommendations through complete and unrestricted access to records, property and

personnel.

Katz (2002) maintains that internal auditors in the banking sub-sector, until recently, had

focused mostly on broad corporate controls and risk. He however argues in favor of having an

internal unit that has all the coordinated methods and measures intended to safeguard

organization’s assets, check the accuracy and reliability of accounting data with emphasis on

micro or individual controls at the level of transaction. To achieve this, it is argued, internal audit

function be placed under the supervision of a committee of the board to ensure independence,

promote effectiveness of the function rather than the control and direction of management.

This function, according to Qslerguard (2000), should be complemented by ensuring that the

audit staffs do not perform functions and responsibilities outside the traditional functions of the

audit staff. On the effective discharge of audit functions, Lav (2004) summarizes his findings

and suggests, along the line of his summary, those who could bring about an effective audit. This

includes those with requisite technical, specialist and financial reporting knowledge.

Lav (2004) believes that since different audits exist, general, broad-based and technical

training is required in the performance of jobs involving bank-related audits, including financial

27
audit, compliance audit, operational audit, information technology audit, management audit,

regularity audit and value-for-money audit.

According to Ion-Bogdan (2004), financial audit addresses questions regarding accounting

and the propriety of financial transactions; compliance audit determines the level of adherence to

legal constraints, policies and procedures.

Katz(2002) sees information technology audit as the evaluation of systems processing

controls, data security, physical security, systems development procedures, contingency planning

and systems requirements.

Howard (2002) and Lav (2004) define management audit as the review of an independent

and objective management’s capabilities, skills and potentials, especially during planned

change. While regularity audit verifies that expenditure has been approved in accordance with

statutory and other regulations and authorities governing them (Lav, 2004). Value for money

audit ensures an examination of the economy, efficiency and effectiveness in a given quantum

of expenditure. Oseni (1994) corroborates these components of value-for- money audit (Obazee,

1997); and audit in banks flowing from the integrated elements of economy, efficiency and

effectiveness, harps on accountability (Obazee, 1997).

Internal audit independently reviews and evaluates the adequacy of the system of internal

controls and makes recommendations to management to improve these controls.

Young (2005) categorizes these controls into administrative and accounting controls.

Administrative controls relate to controls designed to promote operational efficiency,

effectiveness and adherence to banks’ policies and procedures. Accounting controls are designed

to safeguard the bank’s assets and ensure the accuracy of financial records.

28
 Tracey (1994) is of the view that it is the Unegbu and Obi (2007) defined internal audit as

part responsibility of the internal auditor to review how Internal control system in put in place as

well as how the accounting system works and also evaluate management of an Organization to

ensure adherence the effectiveness and efficiency of many operations in to stipulated work

procedure and as aid to the organization. According to Unegbu& Obi (2007) Internal audit

“measures, analyses and evaluates the attributed to the fact that few people outside the efficiency

and effectiveness of other controls accounting profession realize the importance of the

established by management in other to ensure smooth internal auditor. Emphasis was laid on

discharging administration, control cost minimization, ensure accountability for the use of

owners fund through the capacity utilization and maximum benefit derivation.

2.3EMPIRICAL STUDIES ON FRAUD DETECTION

Extensive studies have been conducted in many countries into the perception of financial report

users of auditors’ responsibilities in fraud prevention and detection.

[For example, Beck(1973) and Monroe and Woodliff (1994) in Australia;

Arthur Anderson (1974), Baron et al (1977) and Epstein & Geiger (1994) in the US;

Humphrey et al (1993) in the UK; and Low (1980) inSingapore;

Leung and Chau, (2001) in Hong Kong; Dixon et al (2006) in Egypt;

Fadzly and Ahmad(2004) in Malaysia].

These studies found that many financial report users believe that the detection of

irregularity is a primary audit objective and that the auditors have a responsibility for detecting

all irregularities. This is a misconception and shows the existence of an “audit expectation gap”

between auditors and financial report users with respect to the actual duties of auditors.

29
 Although there are many extensive studies of fraud all over the world, but there is very

little research has been conducted on the issue of fraud in Nigeria. The findings of this large

international may not be applicable in Nigeria, but the methodology and results are influenced by

and often a reflection of economic, social or legal factors only for the countries in which the

research took place. I hope that the findings of this study will provide insight into the level of

awareness of fraud in Nigeria and perceptions of auditors' responsibility of the users of financial

statements and procedures in detecting fraud. As a result of this study in turn gives us insight to

the Auditing Standards Board on cognitive performance of people with auditing standards in

Nigeria.

30
REFERENCES:

Adeduro, A.A.(1998): An Investigation into frauds in banks". An unpublished thesis of

university of Lagos

Adeniji, A. (2004). Auditing & Investigation. Lagos: Value Analysis .

Aderibigbe, p. and Dada, S.O(2007): Micro Auditing Principles: Lagos ICAN students journal
vol 11 No 1,Jan/March

Adikwu, M.A (1984) "Internal Control the Hall mark of Bank Inspection Programme" Business
Times

Albrech et al (1995 cited in Allyne & Howard, 2005:287). ): An exploratory study of auditors
responsibility for fraud detection in Barbados, Managerial Auditing Journal 20(3)

Allyne, P. & Howard, M (2005): An exploratory study of auditors responsibility for fraud
detection in Barbados, Managerial Auditing Journal 20(3): 284-303

Arthur Anderson & Co. 1974.Public Accounting in Transition, Arthur Anderson & Co.

Audit committee- Wikipedia, the free encyclopedia, sourced from internet.

www.en.wipidedia.oprg/wiki/audit committee

Banks & other Financial Institutions Act (BOFIA) 1991

Baron, C., Johnson D.& Smith, S.H (1997). Uncovering corporate Irregularities: Are we closing
the Expectation gap? The Journal of Accountancy. October

Badara, M. S. (2012). The role of internal auditors in ensuring effective financial control at local
government level. Research journal of finance and accounting , 57.

The 2008 fraud examiners manual cited in “Bank Examination, Internal control and auditing” by
A.C Nwaozuzu

Beck, G. (1973). The role of the auditor in mordern society: An Exploratory Essay. Accounting
and business research spring 117-220

31
Bostley R .W.H. & Dover C.B. (1972): Sheldon's Practice and law of banking, 10 thed, london,
MacDonald and Evans

Brink, V.Z. &Witt, H.(1982), Internal Auditing. New York, John Wiley & Sons.

Companies and allied matter decree 1990.

Dandago, K.L. (1999), Auditing in Nigeria: A Comprehensive Text. 1st Edition, Kano:
AdamuJoji Publishers

Daniel, G.J.(1999),Public sector Accounting, Zaria: Abu Press Ltd

Dixon, R & Wood head, A.(2006). An Investigation of the Expectation Gap in Egypt.
Managerial Auditing Journal 21(3): 293-302

Epstein, M & Geiger, M.(1994). Investor views of audit Assurance: Recent Evidence of
Expectation gap. Journal of Accountancy. 177(1):60-66

Fazdly, M. & Ahmed, z. (2004). Audit Expectation gap. Managerial Auditing Journal. 19:897-
915

Holmes & Burns (1995) cited in “The Role Of Internal Audit In Financial Institutions. British
Journal of Science.Vol 5, No. 1

Howard, J., 2002.Principles of Auditing, USA: Donnelly and Son Co.

Humphrey, c, Moizer, P and Turley, W. (1993). The audit Expectation gap in Britain: an
emperical Investigation. Accounting and Business Research. 23: 395-411

ICAN (2006): Financial Reporting and Audit Practice, Lagos, I Publishing Ltd

Institute of internal auditors (IIA). (2003).

Jenfa, B.I. (2002), internal control and fraud prevention: The Accountants prospective, The
Accountancy News Vol 5 No.1

John, A. O. (2010). The role of Auditors in Fraud Detection, Prevention and Reporting. Journal
of Research in National developement .

32
Join Gray & Start Manson cited in “The Role Of Internal Audit In Financial Institutions”. British
Journal of Science.Vol 5, No. 1

Katz, Y., 2002:”Internal Audit Charter and Audit Policies" Retrieved August 10, 2007, from
http://www.edu/adminaff

Kingsley, A. (2012). Frauds in Nigerian Banks:Nature, Deep seated causes, Aftermaths and
Probable Remedies. Mediterranean Journal of social sciences, 3 (2).

Lav. O., 2004. Auditing, London:Longman Publisher

Leung,P.&Chan,G.(2001). The Problematic relationship between Audit reporting and Audit

Expectations; some evidence from Hong kong, Advances in International Accounting.
14:181-206

Low, A.M.(1980). The auditor’s detection responsibility: Is there an Expectation gap? Journal of
Accounting, Singapore October 65-70

Mainoma, M.A. (2007), Financial Control and management: A paper presented at ANAN
(MCPD)

Mayo, BPP (1993), ICAN study Text on Government Accounting

Millichamp, A.H.(2000), Auditing 7th Edition London: Continuum

Momoh, N.O. (2005), The Role of internal Auditors in Government Establishments (A case
study of Gwagwalada specialist Hospital). An Unpublished B.Sc. Accounting Degree
Project, University of Abuja, Nigeria

Monroe, G &Woodliff, D. (1994): An Empirical Investigation of the audit Expectation gap:

Australian Evidence. Australian Accounting Review. November, 42-53

Nwaozuzu, A.C .Bank Examination, Internal Control & Auditing- Basic Issues

Obazee, J.O., 1997. "Emerging role of Internal Auditing in Banking Organization", The New
Accountant, 1, (10): Pp. 10-12

33
Okoye (1994) &Stetter (1975) cited in “The role of Internal Audit in Financial Institutions.
British Journal of Science.Vol.5 , No 1

Okwoli, A.A. (2004), Towards probity, Accountability and Transparency in Revenue Generation
in Nigeria public sector. Nigerian Journal of Accounting Research, Vol 1, No.1 Abu
Zaria

Oseni, J.E(1994) "Hinderances to internal Audit Efficiency". the Nigerian Accounting

January/March

Oshisami, K.(1993), Government Accounting and Financial Control. Ibadan Spectrum Books
Ltd.

Paul Coram, C. F. (May 2006). The Value of Internal Audit Function.

Pollick, M.Y.(2006). What is Fraud: http// www.wisegeek.com/what-is-fraud-htm Accessed: 15

February 2010

Qsterguard, L., 2000. “Financial companies and conglomerate", Being a speech held at the 12 th
Annual conference of the Institute of internal Auditors, U.K.

Sani,A.M. (2009), "Evaluation of effective financial control in the public sector". A paper
presented at ANAN (mcp)

Sharma (1984) cited in “The Role of Internal Audit in Financial Institutions. British Journal of
Science.Vol 5, No.1

Simpson, B. (pg 15 & 16). An Introduction to Internal Auditing in Banking. Recruitment

Consultants.

Stetter (1975) “The Role Of Internal Audit In Financial Institutions”. British Journal of
Science.Vol 5, No. 1

The International Auditing Guideline

Thornton, G. Evaluating the Internal and External audit Function.

34
Tracey J. (1994): Fundamentals of financial Accounting John Curly & Sons Inc. New York Pp.
17

Unegbu A.O & Obi B.C. (2007): Auditing Hipuks Additional Press Uwani Enugu Pp. 7

University, O. (Issued Dec 2002-Revised Feb. 2005). Internal Audit department-Audit Manual.

Weirich & Reinstein (2000 cited in Allyne & Howard 2005): An exploratory study of auditors
responsibility for fraud detection in Barbados, Managerial Auditing Journal 20(3): 284-
303

K. H. Spencer Pickett cited in What is an INternal Audit.The Institue of Chartered Accountants

of India (Set up by an act of parliament) NEW DELHI

Young, A., 2005. "Internal Audit Report in Structure". Retrieved August 10th 2007, from
http:/www.sbp.org.pk

35