CHAPTER TWO

LITERATURE REVIEW

2.1 Conceptual literature

2.1.1 The concept of Financial Performance

Performance in a broader sense refers to the degree to which financial objectives are Financial
being or has been accomplished and is an important aspect of financial risk management (Eshna,
2019). It is the process of measuring the results of a firm’s policies and operations in monetary
terms. It is used to measure the firms overall financial health over a given period of time and can
also be used to compare similar firms across the industry.

The term performance is frequently discussed but rarely defined. Organizational performance
to a great extent contains the real yield or aftereffects of an association as measured against its
proposed yields (or goals and objectives) (Dunjia, 1997). An effective organization is the one
that is performing admirably and that is accomplishing its objectives and is adequately
executing appropriate procedures.

Most internal audit specialists‟ points that successful internal audit practices relate with
enhanced organization performance. As indicated by Bejide (2009) an internal audit
administration can, particularly, decrease overhead, distinguish approaches to enhance
proficiency and increase presentation to conceivable misfortunes from minimal defended
organization resources all of which can significantly affect achievement of the organization
goal. Additionally, Venables and Impey (2010) expressed that internal audit is a significant
instrument of administration for enhancing organization performance. Fadzil (2005) likewise
noticed that internal auditors run an organization proficiently and viably to maximize
shareholders' expectations. Hermanson and Rittenberg (2008) pointed that the presence of a
viable internal audit capacity is connected with effective firm performance.

A study directed by KPMG (2011) established that internal audit review in a firm, contributes
impressively to execution change and help in distinguishing benefit prove in corporate
fiascos, especially monetary extortion reliably reports a relationship between powerless
administration (fewer independent boards or nonattendance of an internal audit system) and
 the incidence of problems (Beasley, 2000). As such internal audit works as a guard dog and
prevent an organization to have a misconduct and anomalies subsequently empowering the
association to accomplish its destinations of guaranteeing abnormal state of profitability and
benefit. Greenlay and Foxall (2012) pointed that despite the fact that studies have found a
relationship between bookkeeping control frameworks and performance hypothesis, predicts
that these organizations will be impacted by external environmental impacts.

Organizational performance can be measured by financial aims attainment or workers

satisfaction. In the same manner, Ho (2008) pointed out that performance can be evaluated by
efficiency and effectiveness of aim attainment. Furthermore, Venkatraman (2008), cited that
performance can be assessed by financial performance; return on investment, growth of sales,
profit, organization’s effectiveness and business performance. Delaney (2006) asserts that
performance can be evaluated by quality services and product, satisfying customers, market
performance, service innovations.

There is a general agreement that bank’s profitability is a function of internal and external
factors, Koch (1995), observed that the performance difference between banks indicates the
differences in management philosophy as well as the differences in markets served. Profitability
is a function of internal factors that are principally influenced by bank’s management decisions
and policy objectives such as level of liquidity, provisioning policy, capital adequacy and bank
size.

2.1.2 Control Environment

The control environment is the control consciousness of an organization; it is the atmosphere in

which people conduct their activities and carry out their control responsibilities. An effective

control environment is an environment where competent people understand their responsibilities,

the limits to their authority, and are knowledgeable, mindful, and committed to doing what is

right and doing it the right way. They are committed to following an organization's policies and

procedures and its ethical and behavioral standards. A governing board and management

enhance an organization's control environment when they establish and effectively communicate
written policies and procedures, a code of ethics, and standards of conduct. Management is

responsible for "setting the tone" for their organization. Management should foster a control

environment that encourages:

the highest levels of integrity and personal and professional standards

A leadership philosophy and operating style which promote internal control throughout the

organization

Assignment of authority and responsibility.

2.1.3 Risk Assessment

Determine Goals and Objectives

The central theme of internal control is (1) to identify risks to the achievement of an

organization's objectives and (2) to do what is necessary to manage those risks. Thus, setting

goals and objectives is a precondition to internal controls. Goals and objectives are classified in

the following categories

Operations objectives. These objectives pertain to the achievement of the basic

mission(s) of a department and the effectiveness and efficiency of its operations,

including performance standards and safeguarding resources against loss.

Financial reporting objectives. These objectives pertain to the preparation of reliable

financial reports, including the prevention of fraudulent public financial reporting.

Compliance objectives. These objectives pertain to adherence to applicable laws and

regulations.
 Identify Risks after Determining Goals

Risk assessment is the identification and analysis of risks associated with the achievement of

operations, financial reporting, and compliance goals and objectives. This, in turn, forms a basis

for determining how those risks should be managed. Risk assessment is one of management's

responsibilities and enables management to act proactively in reducing unwanted surprises. A

risk is anything that could jeopardize the achievement of an objective. For each of the

department's objectives, risks should be identified. It is important that risk identification be

comprehensive, at the department level and at the activity or process level, for operations,

financial reporting, and compliance objectives. Both external and internal risk factors need to be

considered.

Risk Analysis

After risks have been identified, a risk analysis should be performed to prioritize those risks:

Assess the likelihood (or frequency) of the risk occurring.

Estimate the potential impact if the risk were to occur; consider both quantitative and

qualitative costs.

Determine how the risk should be managed; decide what actions are necessary.

2.1.4 Monitoring

Monitoring is the assessment of internal control performance over time; it is accomplished by

ongoing monitoring activities and by separate evaluations of internal control such as self-
 assessments, peer reviews, and internal audits. The purpose of monitoring is to determine

whether internal control is adequately designed, properly executed, and effective.

Internal control is adequately designed and properly executed if all five internal control

components (Control Environment, Risk Assessment, Control Activities, Information and

Communication, and Monitoring) are present and functioning as designed.

Statement 1 2 3 4 5

Control environment
1. The respondent understands the term internal
control systems
2. The institution employs internal control systems

3.There is an established internal audit in the

organization
4.Internal audit is independent
5. Internal audit gives appropriate information to
external auditors
Risk assessment
6.Internal audit defines areas of risk within the
organization
7.There is risk supervision in all departments

Monitoring
14.Auditors monitor every activity of the organization

15.Internal audit has a comprehensive internal

monitoring plan
2.2.5 Internal Audit
Mautz (2013), defined auditing as a systematic and scientific examination of the books of
accounts and records of the business by a trained and qualified person called an auditor, so as
to enable the auditor to satisfy himself that the Balance Sheet and the Profit and Loss Account
are properly drawn up so as to exhibit a true and fair view of the financial state of affairs of
the business and profit or loss for the financial period.

Internal auditing is an independent, objective assurance and consulting activity designed to

add value to and improve an organization’s operations. It helps an organization accomplish its
objectives by bringing a systematic, disciplined approach to evaluate and improve the
organizational effectiveness and efficiency (Montgomery, 2009). Internal auditing achieves
this by providing insight and recommendations based on analyses and assessments of data and
business processes. With commitment to integrity and accountability, internal auditing
provides value to governing bodies and senior management as an objective source of
independent advice (Dicksee, 2011).

a) Professional Competency

Detecting fraud is a challenging task. Perpetrators actively engage in deception in an attempt to

conceal their behavior, auditors may have limited experience in fraud detection, and fraudulent
activities are inherently unpredictable and difficult to detect (Herz and Schultz, 1999; Kaplan et
al., 2010; Nieschwietz et al., 2000). Hence, the organization would be optimally served by
identifying and utilizing those individuals who, because they appear to share certain unique
personality traits or characteristics, may be best suited to the fraud detection task. For example,
Uecker et al. (1981) used perceptions of relative aggressiveness between internal and external
auditors to investigate the detection of corporate irregularities. Internal auditors play an
important role in fraud detection with most frauds identified by the internal audit function
(KPMG, 2003, Norman et al., 2010). Due to the importance of effective fraud detection, any
measures that can enhance the efficacy of auditors should be of value. While experience and
ability are undeniably important in the detection process, certain individual characteristics may