Evaluation of Internal Control Structure: Evidence from Six Listed

Private Banks in Bangladesh

*1Rokeya Sultana
* 2Muhammad Enamul Haque

Abstract: A critical evaluation of internal control structures in organizations is necessary

to determine their capacity to ensure that the organizations activities are carried out in
accordance with established goals procedures. This study is on six listed private banks of
Bangladesh. The paper develops a conceptual model in evaluating the internal control
structure. The result is that almost all the banks in our sample achieved most of
components of control objectives in a greater extent and the deviation regarding
achievement of these is minimum. Only one or few banks have lacking regarding some of
the control components. This indicates that more or less the current internal control
structure is effective for all the sample banks used in the study. The study ends with some
recommendations about those components of control variable found ineffective in the
study.
Key Words: Private local bank, internal control, control objectives, evaluation etc.

1. Introduction:
Private banking sector is getting increasing attention due to its significant stands in the
financial system of Bangladesh. It plays a crucial role for the development and growth of
the economy. For achievement of proper operational goals and provides reliable and
relevant information, compliance with laws and regulations, Internal Control Structure is
highly important. Considering this importance, we have made an attempt to evaluate the
Internal Control Structure in the listed local private banks and the extent of achievement
of corporate goal by applying different Internal Control techniques. This study mainly
focuses on the evaluation of the internal control structure in local listed private banks. The
present study covers the extent of implementation of internal control structure techniques.
Committee of Sponsoring Organizations of the Tread way Commission (COSCO)s
landmark study titled Internal Control- Integrated Framework is widely used and accepted
by the major U.S Accounting Bodies as the authority on internal controls. The Study
defined internal control structure as a system, structure, or process, implemented by a
firms board of directors, management and other personnel, intended to provide reasonable
assurance about achieving control objectives in the following categories: 1. Effectiveness
and efficiency of operations, 2. Reliability of financial reporting, and 3. Compliance with
applicable laws and regulations.
At the organization level, internal control objectives relate to the reliability of financial
reporting, timely feedback on the achievement of operational or strategic goals and
compliance with laws and regulations. At the specific transactions level, internal control
refers to the actions taken to achieve a specific objective (e.g., how to ensure
organizations payments to third parties are for valid services rendered).
*1

*2

is Senior Lecturer, Department of Business Administration, Manarat International University

is Assistant Professor, Department of Business Administration Manarat International University

Internal control procedures reduce process variation, leading to more predictable

outcomes. ICS is important for all types of organization to achieve its objectives.
Because, if a proper ICS is implemented, all of the operations, physical resources, and
data will be monitored and under control, objectives will be achieved, risks will be
minimized, and information output will be trustworthy. On the other hand, if the ICS is
weak and unsound, the firms resources may be vulnerable to loss through theft,
negligence, carelessness, and other risks. As a result, the AIS will likely generate
information that is vulnerable, untimely, and perhaps unrelated to the firms objectives.
Especially in a banking sector it is the key element to sustain in a modern competitive
market. Incase of banks the degree of risk exposure is very high because it deals with the
most vulnerable assets particularly cash and the frequency of dealing with cash is greater
than any other organizations. In addition every transaction in banks is of higher amount.
So the magnitude of potential loss is greater. In fact banks are subject to all the three
factors that affect the degree of risk exposure. Whether a bank achieves operational and
strategic objectives may depend on factors outside the organization, such as competition
or technological innovation. Thus ICS is highly important for banks to achieve the
control objectives.
1.1 Problem Statement
Each company needs to have in place an appropriate and effective internal control
environment to ensure that the company is managed and controlled in a sound and
prudent manner. The problem statement is that whether or not the established internal
control systems in banking sector are effective. This raises the following inter-related
questions:
What internal control systems are currently in use? Do they include all the
expected elements of internal control systems?
Are internal control systems in the projects adequately documented and regularly
updated as changes occur?
Do the Banks that comply with recommended internal control systems realize
their goals more often than those that do not?
1.2 Objectives of the study
This study investigates to know about the practices of Internal Control systems by the
private banking sector in Bangladesh and the extent of how a particular Internal control
structure technique helps in achieving the control objectives in the sector.
2. Literature Review
A breakdown in the internal control system is identified as the main cause of the business.
The existence of smooth internal control is necessary for well achieving the business
objectives. According to O'Leary et al. (2006), an adequate system of internal control is
considered as critical to good corporate governance. The necessity of research on internal
control is due to the inherently complex nature of the internal control process and this
research spreads itself across a broad range of auditing, accounting and general business
areas (Kinney Jr., 2000). Among earlier empirical research, Gadh et al. (1993) developed
a prototype model for evaluating internal control systems. In reviewing this work,
Houghton (1993) argues the Gadh et al. (1993) model does not deal adequately with the
control environment element of the entity's internal control structure. Similarly, Chang et
al. (1993) developed what they termed an assumption-based truth maintenance system
(ATM) to model auditor decision-making on internal control environments. Again, this

model mentioned but did not evaluate the control environment and the accounting
information system elements and was deemed too narrow in focus.
Ouchi (1979) argues that design of organizational control mechanisms focuses on
achieving cooperation among individuals having divergent objectives. Goal congruity is a
central mechanism of control in an organization (Ouchi, 1980)
Research in informal controls targeted at the business process level of the organization
include informal responsibility and accountability expectations (Pierce et al, 2001;
Dhillon, 2001), power and politics issues in security decision making.
Anderson and Dekker(2005), Anderson et al. (2000); Chirst et al. (2005); Coletti et al.
(2005) attempted to provide initial evidence on the relationship between transaction
characteristics, the design of inter-organizational control practices and the performance
achieved under alternative control design choices. They found that all the components
have the impact on the pervasiveness and magnitude of the risk management and control
problems in a large cross section of firms.
2.1 Findings from Earlier Studies
Bangladesh is an emerging economy. Internal control and its impact on the corporate
governance systems here are arguably less evolved than those in developed countries such
as the Anglo-American countries, Germany, or Japan. Emerging markets as a whole differ
substantially from developed countries in their institutional, regulatory and legal
environments (Prowse,1999). In Bangladesh analysis on the performances of the banks
has pointed out that an effective internal control system could have contributed
significantly in improving the performance of the commercial banks if the control culture
is brought in through policy guidelines and structural changes at these banks.
Empirical work from Chinas banking systems found that commitment to competence,
organization structure, management behavior, information systems, and assignment of
authority and responsibility proved to be the most significant internal control variables.
(Cockburn and Lee, 1984).
A sample of 210 listed firm of Taiwan by Jung-Hua-Hung and Hui-Lin-Han(1997)
revealed that management attitudes, training and professional abilities of auditors are the
significant control variables in achieving the efficient internal control structure of the
firms. Very few studies of internal control were done related to the developing countries
and especially in context of Bangladesh. One study can be found from Ali, Khan, Fatima
and Masud (2008) that made attempt on the various aspects of internal control variables
on Bangladeshi firms. They analyzed the responses of 25 corporate firms and found that
only very few of them discloses and comply with the systematic control variables and the
corporate governance aspects on a voluntary basis and little efforts made by tem in order
to have an sound internal control systems.
Another study conducted by Fowzia,(2009) investigated into the sound effects of diverse
factors on co-operation between internal and external auditors of listed banks in
Bangladesh. Findings revealed that co-operation promoted through management and the
audit committee is the most important factor for assessing co-operation between internal
and external auditors followed by professional confidence, co-operation and consultation,
reliance on internal audit and communication. This results found consistent with our
study in the sense that external audit committee is the important control environment
variables of the banks.

3. Conceptual Framework and Methodology

The Figure shows the conceptual framework components of dependent and independent
variables. The effectiveness of internal control is the dependent variable. This is achieved
by the presence and proper functioning of all the predefined independent variables in
relation to each category of the organizations objectives. Proper functioning of
independent variables provides reasonable assurance of proper functioning of dependent
variable. Then the organization realizes preset objectives of efficient and effective
operations, generation of accurate, reliable and informative financial reports that comply
with relevant legal and regulatory requirements.

Control
Environment

Authority

Risk Assessment

1
Effectiveness
ointernal
control

Control
Activities

2
3

Objectives

Dependent Variables
Information &
Communication

Monitoring

Independent
Variables

Working
Relationships

Objectives of the organization

are
achieved
when
interferences on the variables
caused by the working
relationships are taken into
account

Figure 1: The Conceptual Framework of Internal Control

The study involves investigation of whether internal control systems are followed in the
private banking sector of Bangladesh. All the local private banks listed with Dhaka stock
exchange will fall under the population of the study. A total of 6(six) private banks whose

stocks are traded on the Dhaka stock exchange were selected as a sample. The following
banks were selected to investigate the internal control structure: Dhaka Bank Ltd., Islami
Bank Bangladesh Ltd., Standard Bank Ltd., IFIC Bank Ltd., ICB Islamic Bank Ltd., and
Dutch Bangla Bank Ltd. The study uses the details of variables of differtent components
of internal control techniques using the primary data collection method, particularly by
questionnaire, observations and face-to-face communication and document analysis.
We have used SUMMATED (Likert) Scale in the measurement of degree of achievement
of control objectives and implementation of several Internal Control Techniques. It is a
scale, usually of approval or agreement, used in questionnaires. As per Likerts Model we
have given highest score (5) for Always and least score (1) for Never except
management philosophy and operating style. In case of management philosophy and
operating style, as all questions imply negative attitude we have reversed the above scale.
4. Components of Internal Control:
Firms need five interrelated components of (ICS) to ensure strong control over their
activities. These are: control environment, risk assessment, control activities, Information
and communication, and monitoring components. The extent to which each component is
implemented is influenced by the size and complexity of the firm, type of industry,
management philosophy, and corporate culture.
4.1 Control Environment Component:
Every organization, regardless of size, should devise a strong internal control
environment. A weak control environment often indicates weakness in the other
components of the ICS. Management philosophy and operating style, the first sub
component of the control environment, require certain positive actions. These actions
include setting an example of ethical behavior by following a personal code of ethics
establishing a formal corporate code of conduct, stressing the importance of internal
controls and treating personnel fairly and with respect. Integrity and ethical values
represent a second subcomponent of the control environment. The ethical and unethical
behaviors of managers and employees can have a pervasive impact on the entire ICS,
creating an atmosphere that can significantly influence the validity of the financial
reporting process. Every public and non- public firm should prepare a written code of
corporate conduct that establishes the appropriate tone for management, subordinates and
employees.
Commitment to competence is the third subcomponent of the control environment. Firms
must recruit competent and trustworthy employees to encourage initiative and creativity
and to react quickly to changing conditions. The board of directors or audit committee is a
fourth sub component of the control environment. A properly functioning board of
directors should appoint an audit committee of outside directors.
Organizational Structure is the fifth subcomponent of the control environment. It
identifies the framework of formal relationships for achieving firm objectives. Another
subcomponent of the control environment is assignment of authority and responsibility.
Authority is the right to command subordinates. Responsibility is ones obligation to
perform assigned duties and to be held accountable for the results attained. Human
Resource policies and practice, the seventh and final subcomponent of the control
environment, involve a consideration of policies regarding the recruitment, orientation,

training and motivation, evaluation, promotion, compensation, counseling, discharge and

protection of employees.
4.2 Risk Assessment Component:
All firms regardless of size, structure, or industry, face significant external and internal
risks. The Risk assessment component of the ICS consists of the identification and
analysis of relevant risks that may prevent the attainment of company wide objectives and
objectives of organizational units and the formation of a plan to determine how to manage
the risks.
4.3 Control Activities Component:
A firm should develop specific control activities-policies; practices and procedures-to
help ensure that employees properly carryout management directives. To fulfill
objectives, control activities are implemented to address specific risks identified during
risk assessment. One subcomponent of control activities relates to the achievement of
financial reporting objectives. Another category of control activities relevant to achieving
financial reporting objectives is performance reviews, which includes: comparing budget
to actual vales, relating different sets of data operating or financial to one another,
together with analysis of the relationships and investigative and corrective actions, and
reviewing functional performance. A third subcomponent of control activities consists of
General and application controls, helps ensure the reliability and integrity of information
systems that process financial and non- financial information.
4.4 Information and Communication Component:
Information must be identified, processes, and communicated so that appropriate
personnel may carry out their responsibilities. The following sub objectives ensure those
AISs methods and records result in reliable financial reporting- all transactions entered
for processing are valid and authorized, all valid transactions are captured and entered for
processing on a timely basis and in sufficient detail to permit the proper classification of
transaction, the input data of all entered transactions are accurate and complete, with the
transactions being expressed in proper monetary terms, all entered transactions are
processed properly to update all affected records of master files or other types of data
sets, all required outputs are prepared according to appropriate roles to provide accurate
and reliable information, and all transactions are recorded in the proper accounting
period.
4.5 Monitoring component:
The purpose of monitoring, the final component of the ICS is to assess the quality of the
ICS over time by conducting ongoing activities and separate evaluations. Ongoing
monitoring activities, such as supervision of employees, are conducted daily. Separate
monitoring activities, such as audits of the internal control structure and accounting
records, are performed periodically.
5. Interpretation of Survey Results for Each of the Components of Control Structure
The survey results regarding the effectiveness and efficiency of operations, reliability of
financial statements, compliance with applicable laws and regulations is given in the
appendices.

As in Table 1, out of 6 banks, IBBL, IFIC, and IIB highly achieved effectiveness and
efficiency of operation 19.99% better than average performance of local listed
private banks. DBL and DBBL are ineffective and inefficient relative to average
performance, 4.00% worse than average performer. Within our sample SBL is
the most ineffective and inefficient which deviates from average performance by
52.00%. IBBL, SBL, IIB, and DBBL provide highly reliable financial
statements, 7.14% higher than the average. DBL and IFIC provide less reliable
financial statements, 14.29% lower than average reliability.
Almost all the banks highly comply with applicable laws and regulation, 3.45% more
than average compliance. Only ICB Islamic Bank Ltd.. moderately complies, 17.24% less
than the average compliance.
Control Environment Component: The estimated results of different variables of
control environment component are presented in table 2 of appendices. The results
indicate that IBBL, SBL, and IFIC banks highly emphasizes on long-term profit and
operating goals, whereas DBL and DBBL moderately emphasize, Management group is
not dominated by one or few individual in case of IBBL, IFIC and DBBL but for DBL,
SBL, and IIB management group is moderately dominated by one or few individual. The
results suggests that IBBL, SBL, and IFIC management takes less business risk to achieve
their objectives but DBL and DBBL management take a little bit business risk in their
decision making.. Only THE ICB Islamic Bank Ltd.s management takes moderate
business risk to achieve their objectives. Out of 6 banks, IBBL, IFIC & IIB management
is conservative toward selecting accounting policies, SBL & DBBL banks management
is less aggressive, and the remaining one bank DBLs, management is highly aggressive
toward selecting accounting policies.
Management behavior is mostly restricted by corporate code of conduct in case of IBBL
& IFIC but for SBL, IIB & DBBL management behavior is less restricted by corporate
code of conduct. Only the DBLs management behavior is least restricted by corporate
code of conduct. Out of 6 banks, DBL, IBBL, and SBL recruit competent and trustworthy
employees, DBBL recruits less competent and trustworthy employees, IFIC and IIB
recruit least competent and trustworthy employees. Through appointment of audit
committee composed entirely of outside directors is not practiced in Bangladesh. We have
found some positive responses. It is found that DBL&IBBL always appoint audit
committee, DBBL very frequently appoints audit committee, whereas SBL, IFIC &IIB
banks do not appoint audit committee. Out of six banks, IBBL, SBL & DBBL banks audit
committee always work closely with BOD, external and internal auditors, one bank i.e.
DBL whose audit committee frequently works closely with BOD, external and internal
auditors, and in case of IFIC &IIB they have no audit committee. So there is no question
of working closely with BOD, external and internal auditors. The results shows that DBL,
IBBL & DBBL banks audit committee always review the actions of the managers
independently but in case of SBL audit committee very frequently reviews the actions of
the managers independently. Most of the banks management always implement the
recommendation provided in the audit report, the rest of 2 banks have no audit committee
for providing recommendation. As shown in Table 5.2, except DBL all banks always
prepared an up-to-date organization chart. Information system function is totally
separated from incompatible function in case of DBL, IBBL & DBBL but for IIB
information system function is frequently separated; SBLs information system function is
seldom separated. Information system function is not separated in case of IFIC.

We have found that banks team members are always empowered to make decisions by
not seeking multiple layers of approval in IBBL, team members are very frequently in
DBLs, banks team members are frequently in SBL, IIB & DBBL.IFIC team members
are seldom to empowered to do. Most of the banks always prepare written employee job
description, only IIB very frequently prepare. We have found that most of the banks
always properly delegate authority to employees and departments, only SBL frequently
properly delegates. As shown by Table 2, DBL, IBBL & SBL have written recruitment
policy and they always comply with it, the rest 3 banks have written recruitment policy
and they frequently comply with it. Most of the banks always provide training program to
new employees, only IIB frequently perform this function. We have found that most of
the banks always provide instructions to new employees with respect to internal control
ethics and corporate code of conduct, SBL very frequently provides and IIB frequently
provides that instructions. Table 2 shows that IBBL always conducts periodic rotation of
duties among key employees, SBL & DBBL conduct very frequently and DBL, IFIC &
IIB conduct frequently.
Risk Assessment Component : The result of component of risk assessment variables as
presented in table 3 of appendices found that most of the banks always conduct risk
assessment to identify, analyze and prevent credit risk, only DBBL frequently conducts.
Control Activities Component: This table 4 demonstrates the different variables to
assess the control activities of internal control structure. The outcome is that all the banks
in our sample except DBBL, properly segregated authorized their authorization function.
We have found that most of the banks always kept the formats and contents of all
documents in simple, only DBL & DBBL kept very frequently. The result shows that
IBBL, IFIC & IIB always use pre numbered documents, but DBL, SBL, & DBBL very
frequently use those documents. Most of the banks always restrict access to computer
rooms, computer files and information by authorized users, But in case of DBL, their
access very frequently and DBBLs access frequently.
Monitoring Component: It can be observed from table 5 of appendices that out of 6
banks, most of the banks always have ongoing monitoring activities, but DBL very
frequently has and IIB frequently has ongoing monitoring activities. In case of IBBL,
IFIC & DBBL have always separate monitoring activities, but in DBL & IIB frequently
have and SBL seldom has separate monitoring activities.
6.1 Conclusion
The study tries to analyze the components of different control variables used for assessing
the internal control systems of banks considered here. The study found that all the banks
considered for the paper achieved the control objectives in a greater extent and the
deviation regarding achievement of control objectives is minimum. Based on average the
local listed private banking sector frequently emphasis on short - term profits and
operating goals and they differ among themselves in a greater extent regarding the extent
of emphasis. One or few individuals seldom dominate management group. The deviation
among them is negligible. It implies that the risk aversive ness of managements grouping
local listed private banking sector. Management is seldom aggressive toward selecting
alternative accounting principles.
Out of 6 banks, all the banks have written corporate code of conduct. Management
behavior is frequently restricted by written corporate code of conduct. All the banks
frequently recruit competent and trustworthy employees to encourage initiative and
8

creativity and to react quickly to changing condition. Appointment of audit committee is

not practiced in our country. But the respondents interchangeably use the internal audit
committee with the outside audit committee. Thus the data presented in the report is not
reflecting the underlying reality.
All the banks very frequently prepared an up to date organization chart. Information
systems function frequently separated from incompatible functions but they deviate in a
great extent regarding the magnitude of separation. Team members are very frequently
empowered to make decision by not seeking multiple layers of approval. But they deviate
in a greater extent. Internal audit function is always separate from accounting.
All the banks very frequently prepared written employee job description, required written
approval for changes made to information systems and properly delegate authority to
employees. All the banks very frequently have written recruitment policy and complied
with it, have training program, have given instructions to new employees and have
periodic rotation of duties. Based on average it is found that all the banks very frequently
conduct credit risk assessment. Banks differ among them in a minimum extent regarding
credit risk assessment.
All the banks always properly authorized all the transaction and activities and there is no
deviation among them regarding authorization. All the banks very frequently segregate
authorization functions but they always segregate recording and custodian function. All
the banks very frequently design simple and pre numbered documents.
All the banks always maintain accurate records of assets including information restrict
physical access to assets by unauthorized users and protect records and documents. All
the banks always make reconciliation between two independently maintained records. All
the banks very frequently have on going and separate monitoring activities and the
deviation regarding these points is minimum. The conclusion can be made that more or
less existing internal control structure is effective for all the private banks considered in
the study.
6.2 Recommendations
The most vital components of internal control environment is audit committee composed
entirely of external directors but this component is not practiced in local listed private
banking sector of our country. We think that the implementation of the above technique
will improve the extent of achievement of control objectives. In case of some banks due
to implementation of automated AIS, there is no reconciliation between subsidiary and
general ledger. The automated information system should be redesigned in such a way
that reconciliation should be redesigned in such a way that reconciliation should be
performed. Because we think it will improve the reliability of their financial statements.
In some banks computer resources are not restricted for unauthorized users. As a result,
employees sometimes may use the computer resources for personal purposes. As it
increases the cost of operation, it should be prohibited. We think it will increase the
profitability of those particular banks.
Information system function should be totally separated from incompatible functions for
those banks that information system functions not totally separated from incompatible
functions. Authorization function should be segregated as much as possible. All source
documents should pre numbered. All banks should implement ongoing and separate
monitoring activities.

References
a. Chang, A., Bailey Jr., A.D., and Whinston, A.B. (1993), Multi-Auditor Decision
Making on Internal Control System Reliability: A Default Reasoning Approach,
Auditing: A Journal of Practice and Theory, Vol 12 No. 2. (p. 1-21).
b. Gadh V.M., Krishnan, R., and Peters, J. M (1993), Modeling Internal Controls
and Their Evaluation, Auditing: A Journal of Practice and Theory, Vol 12
Supplement. (p.113-129).
c. Ghosh B. N. (1997), Scientific methods and Social Research, New Delhi: Sterling
publishers private Limited.
d. Gupta P.S and Gupta, M.P. (1997), Business Statistics, New Delhi: Sultan Chand
& Sons.
e. Houghton C. W. (1993), Discussion of Modeling Internal Controls and Their
Evaluation, Auditing: A Journal of Practice and Theory. Vol 12. (p. 135-136).
f. Kinney W.R.Jr. (2000), Research Opportunities in Internal Control, Quality and
Quality Assurance, Auditing: A Journal of Practice and Theory, Vol. 19.
Supplement. (p.83-90).
g. Levin, I.R. and Rubin, D.S (1999), Statistics for Management, New Delhi:
Prentice- Hall of India private Limited.
h. O'Leary, C., Iselin, E., & Sharma, D. (2006), The Relative Effects of Elements of
Internal Control on Auditors' Evaluations of Internal Control, Pacific Accounting
Review, Palmerston North: Dec 2006. Vol. 18, Iss. 2; pg. 69, 28 pgs.
i. Romney, B. M and Stein Bart, P.J. (1997), Accounting Information Systems, New
Jersey: Prentice Hall International, Inc.

10

j. Wilkinson, W. J. and Cerullo, M.J, (1997), Accounting Information Systems, New

York: John Wiley and Sons. Inc
Appendices
Table:1

Effectiveness and Efficiency

Control
DBL
IBBL
SBL
IFIC
IIB
DBBL
Objectiv Deviation Percentage Deviation PercentageDeviation Percentage
Deviation Percentage Deviation Percentage Deviation Percentage
es
1*
-0.1667 -4.0008 0.8333
19.999
-2.1667 52.0004 0.8333
19.9990
0.8333
19.9990 -0.1667 -4.0008
0
2*
0.4714
-14.286 0.4714
7.1421
0.4714
7.1421
0.4714
-14.286
0.4714
7.1421
0.4714
7.1421
3*
0.3727
3.4490
0.3727
3.4490
0.3727
3.4490
0.3727
3.4490
0.3727
-17.241 0.3727
3.4490

1* Effectiveness and efficiency of Operations

2* Reliability of Financial Statements
3* Compliance with Applicable Laws and Regulations

Table 2 : Control Environment Component

Control
DBL
IBBL
SBL
IFIC
IIB
ObjectivesDeviation Percentage Deviation Percentage Deviation PercentageDeviation Percentage Deviation Percentag
e
1*
1.5723
41.1781 1.5723
67.4727 1.5723
64.7055 1.5723
64.7055 1.5723
-29.410
2*
0.7454
-18.183 0.7454
36.3624 0.7454
-18.183 0.7454
9.0899
0.7454
-18.183
3*
0.1000
9.0899
0.1000
36.3624 0.1000
36.3624 0.1000
36.3624 0.1000
-18.186
4*
0.7454
-30.768 0.7454
15.3855 0.7454
-7.6916 0.7454
15.3855 0.7454
15.385
5*
.6872
-28.0006 .6872
19.9990 .6872
-4.0008 .6872
19.9990 .6872
-4.0008
6*
7*
8*
9*
10*
11*
12*
13*
14*
15*
16*
17*
18*
19*

0.8975
1.8634
1.7951
1.7951
1.8856
0.3727
1.6073
0.9428
0.3727
0.7454
0.5000
0.7455
0.7638
0.7455

19.9990
76.4727
-10.000
50.0015
36.3624
-17.240
42.8571
20.0012
3.4490
7.1421
11.1111
7.1421
11.1111
-18.182

0.8975
1.8634
1.7951
1.7951
1.8856
0.3727
1.6073
0.9428
0.3727
0.7454
0.5000
0.7455
0.7638
0.7455

19.9990
76.4727
50.0015
50.0015
36.3624
3.4490
42.8571
50.0015
3.4490
7.1421
11.1111
7.1421
11.1111
36.3624

0.8975
1.8634
1.7951
1.7951
1.8856
0.3727
1.6073
0.9428
0.3727
0.7454
0.5000
0.7455
0.7638
0.7455

19.9990
-64.705
50.0015
-10.000
36.3624
3.4490
-42.857
-9.9991
3.4490
-35.714
11.1111
7.1421
-11.111
9.0899

0.8975
1.8634
1.7951
1.7951
1.8856
0.3727
1.6073
0.9428
0.3727
0.7454
0.5000
0.7455
0.7638
0.7455

-28.000
-64.705
-69.999
-69.999
-72.727
3.4490
-71.428
-39.999
3.4490
7.1421
-11.111
7.1421
11.1111
-18.182

0.8975
1.8634
1.7951
1.7951
1.8856
0.3727
1.6073
0.9428
0.3727
0.7454
0.5000
0.7455
0.7638
0.7455

-28.000
-64.705
-69.999
-69.999
-72.727
3.4490
-14.285
-9.9991
-17.240
7.1421
-11.111
-35.714
-33.333
-18.182

DBBL
Deviation Percentage
1.5723
0.7454
0.1000
0.7454
.6872

41.1781
9.0899
9.0899
-7.6916
-4.0008

0.8975
1.8634
1.7951
1.7951
1.8856
0.3727
1.6073
0.9428
0.3727
0.7454
0.5000
0.7455
0.7638
0.7455

-4.0008
41.1781
50.0015
50.0015
36.3624
3.4490
42.8571
-9.9991
3.4490
7.1421
-11.111
7.1421
11.1111
9.0899

1*Emphasis on Sort-term Profit and Operating goals, 2* Management group dominated by

few individuals 3* Management take undue business risk 4* Management aggressiveness
towards accounting principles, 5* Management behavior is restricted by code of conduct, 6*
Commitment to competence, 7* Appointment of audit committee composed of outside
directors, 8* Audit committee work closely with board of directors: external and internal, 9*
Audit committee provide an independent review, 10* Management take proper actions
recommended in the audit, 11* Preparation of an up to date organization chart, 12*
Information system is separated from incompatible functions, 13* Members empower to
decisions not seeking multiple layers, 14* Preparation of written employee job description,
15* Proper delegation of authority to employees and departments, 16* Written recruitment

11

policy and extent of compliance with it, 17* Training program for new employees, 18* New
personnel are given instructions with respect to internal control ethics and corporate code of
conduct, 19* Periodic rotation of duties among key employees

Table 3: Risk Assessment Component

Control
DBL
IBBL
SBL
IFIC
IIB
DBBL
ObjectivesDeviation Percentage Deviation PercentageDeviation PercentageDeviation percenta Deviation Percentage Deviation Percentage
1
0.7454
7.1421
0.7454
7.1421
0.7454
7.1421
0.7454
7.1421 0.7454
7.1421
0.7454
-35.714

Table 4: Control Activities Component

DBL
IBBL
SBL
IFIC
IIB
DBBL
Control
Deviation
Percentage
Deviation
Percentage
Deviation
Percentage
Deviation
Percentage
Deviation
Percentage
Deviation
Percentage
Objective
s

1
2
3
4

0.3727
0.4714
0.5000
0.7638

3.4490
-14.286
-11.111
-11.111

0.3727
0.4714
0.5000
0.7638

3.4490
7.1421
11.111
11.1111

0.3727
0.4714
0.5000
0.7638

3.4490
7.1421
-11.111
11.1111

0.3727
0.4714
0.5000
0.7638

3.4490
7.1421
11.1111
11.1111

0.3727
0.4714
0.5000
0.7638

3.4490
7.1421
11.1111
11.1111

0.3727
0.4714
0.5000
0.7638

-17.240
-14.286
-11.111
-33.333

1* Authorization functions are segregated, 2* Formats and contents of all documents are kept
simple, 3* Sources documents are pre-numbered, 4* Restriction on access to computer rooms,
computer files and information by unauthorized users

Table 5 Monitoring Component

Control
DBL
IBBL
SBL
IFIC
IIB
DBBL
Objectiv Deviation Percentage Deviation PercentageDeviation Percentage
Deviation PercentageDeviation Percentage Deviation Percentage
es
1
0.7638
-11.111 0.7638
11.1111 0.7638
11.1111 0.7638
11.1111 0.7638
-33.333 0.7638
11.1111
2
1.2134
-21.738 1.2134
30.4359 1.2134
-47.825 1.2134
30.4359 1.2134
-21.73
1.2134
30.4359

1*on going monitoring activities, 2* Separate monitoring activities

12