Globally, the banking industry has experienced significant bank failures and crises over the years (Ayagre, Appiah-Gyamerah, & Nartey, 2014). According to Basel (2004), bank failures are of great concerns to central banks and governments because of its systematic nature and often exacerbate recessions and act as catalyst for financial crises. Internal control problems are common in the banking industry, and that allowed rogue traders to cause huge financial losses to these banks. The BBC (2012) reported that Hongkong and Shanghai Banking Corporation (HSBC), the largest financial institution in Europe admitted having poor money laundering controls and was consequently fined $1.9b after the U.S Senate’s investigation in 2012.
The Ghanaian banking industry is not without its share of bank failures. In late 90s two banks, Ghana Co-operative Bank and Bank for Housing and Construction failed, which cost the government of Ghana about Ghc1.25 billion in liquidation (Addo, 2000). Again, the creating of Consolidated Bank Ghana Ltd. in August, 2018 to take over five struggling banks (Sovereign Bank, Royal Bank, The Beige Bank, Construction Bank and Unibank) in the country is another problem on the government. Government had to make GH₵450 million available for the Consolidated Bank as starting capital. An effective internal control system is the nerve centre of every organisation, the breakdown of which leads to the failure of organisations. Internal control is a crucial aspect of an organisation’s governance system and ability to manage risk.
According to Kwayie (2015), the growth and development of financial institutions are dependent on the effectiveness and efficiency of its internal controls. Meanwhile, control systems that are not effective can result in ineffective operations and can finally lead to losses (Amissah, 2017). For example, Kwayie (2015) reported that a private security man who worked with Ghana Commercial Bank (GCB) stole more than GH¢3 million belonging to the Market Circle Branch of GCB in Takoradi. Also arrested was another employee of GCB, the official responsible for operating the ATM system. It was realised that the closed-circuit camera did not cover that part of the banking hall. Andani (2008 as cited in Kwayie, 2015) claimed that, there is an increasing fraud in the Ghanaian business circles; therefore, vigilance is needed to prevent it through good internal controls.
Internal Control Systems (ICS) play a very crucial role in enhancing the performance of institutions (Ahiabor & Mensah, 2013). Hence, many studies have strived to evaluate the consequence of ICS on the performance of organisations (Ejoh & Ejom, 2014; Muraleetharan, 2011; Noel, 2010; Oyoo, 2014; Simangunsong, 2014). Even so, some of these studies were limited in scope in terms of choice of ICS dimensions or dimensions used. For example, Noel (2010) and Ayagre et al. (2014) used two components, while Mawanda and Oyoo employed three out of the five main dimensions proposed by Committee of Sponsoring Organisation (COSO) framework of internal control systems. For decision making purposes, their findings were not comprehensive as they had weaker R-square. COSO posited that for ICS to be effective, all five the elements must work together in an inter-related and coordinated manner.
Additionally, some of the existing studies (example include Dineshkumar & Kogulacumar, 2013; Chebungwen & Kwasira, 2014; and Ejoh & Ejom, 2014) on internal controls suffer methodological weaknesses. These studies focused on examining how internal controls influence performance but used only correlation method which makes their results and findings inconclusive. This is because, according to Fink (2013), correlation analysis is appropriate to estimate associations or relationships between variables and not the extent of one variable causing or predicting the outcome of the other.
Correspondingly, there are few known researches that have been conducted in Ghana regarding internal control systems. These works which include Amissah (2017), Gyebi and Quain (2013), Nkuah et al. (2013), Oscar-Akotey et al. (2013) and Boadi et al. (2013) were geared toward companies other than those in the Ghanaian banking sector. Again, the very few works geared towards the banking industry in Ghana, including Kwayie (2015); Amoateng (2017); Essuman (2016); Owusu-Boateng et al. (2017); and Ayagre et al. (2014) focused on the effectiveness of internal controls.
Furthermore, most of these studies (example: Kwayie, 2015; Amoateng, 2017; Essuman, 2016) only concentrated on savings and loans institutions, and credit unions. The few (e.g., Owusu-Boateng et al., 2017; and Ayagre et al., 2014) that used universal banks were only interested in how ICS were and how they could help to prevent fraud. The implication of the above discussions is that a gap exists in the literature concerning the effect of ICS on the overall performance of banks in the Ghanaian banking industry. This is due to the fact that notwithstanding the crucial role of internal controls in the performance of organisations, there is no known study that has looked at the influence of ICS on the performance of universal banks. Thus, in a bid to fill these gaps and add to the existing body of knowledge, this study assessed the impact of the five elements of internal control systems on the performance of universal banks in the banking sector of Ghana.
2.1. Internal Control Systems
According to Hopkin (2012), internal control systems denote the combined methods, plans and procedures which safeguard the assets of a firm to improve financial and operational performance as well as foster observance of policies that are prescribed. It is a set of organisational procedures and policies that ensure that all transactions are processed in the proper way in order to avoid theft, waste and misuse of an organisation’s resources (Ndungu, 2013). Correspondingly, a number of authorities such as International Organisation of Supreme Audit Institutions (INTOSAI, 2004), Kaplan (2008) and COSO (2013) are of the view that internal control systems are processes put in place by the management, board of directors and other personnel of an entity, to offer reasonable assurance as regard the realisation of organisational objectives.
INTOSAI (2004), Kaplan (2008) and COSO (2013) description focused on a risk-based approach to internal controls by adopting controls covering the company’s entire range of activities or operations, and not just those directly related to financial reporting (Moeller, 2013). A critical evaluation of the above definitions and descriptions point out that the purposes of internal controls are to enhance better operational efficiency and financial reporting of organisations (COSO, 1992). It is also evident from these definitions that internal controls affect all facet of an organisation and is therefore thought of as the responsibility of management, board of directors and other personnel in an organisation (Adams, Grose, Leeson, & Hamilton, 2004).
The framework for internal control systems developed by COSO (1994) claims that every sound system of internal control must have five components namely: control environment, risk assessment, control activities, information and communication and monitoring of internal control. According to Pickett (2010), these components interact among each other, forming an integrated system that reacts dynamically to changing conditions. In essence, the internal control systems are intertwined with the entity’s operating activities and are fundamental to the successful operation of the enterprise (Steinberg, 2011). This framework has been an illustrious framework of internal control and has been adopted by several organisations, including the World Bank and World Health Organisation. Hence, in order to have a comprehensive finding all the five elements are considered in this study.
2.2. Organisational Performance
The term performance was sometimes misunderstood to be productivity. According to Ricardo and Wade (2001), there is a difference between performance and productivity; productivity is a ratio depicting the volume of work completed in a given amount of time while performance is a broader indicator that could include productivity as well as quality, consistency and other factors. In result-oriented evaluation, productivity measures were typically considered. Adenuga (2011); and Ricardo and Wade (2001) argued that performance measures could include result-oriented behaviour (criterion-based) and relative (normative) measures, education and training, concepts and instruments, including management development and leadership training, which were the necessary building skills and attitudes of performance management.
Previous research had used many variables to measure organisational performance. These variables include profitability, gross profit, Return-On-Asset (ROA), Return-On-Investment (ROI), Return-On-Equity (ROE), Return-On-Sale (ROS), revenue growth market share, stock price, sales growth, export growth, liquidity and operational efficiency (Gimenez, 2000). Although the importance of organisational performance is widely recognised, there has been considerable debate about both issues of terminology and conceptual bases for performance measurement. No single measure of performance may fully explicate all aspects of the term.
The definition of organisational performance has included both efficiency-related measures, which relate to the input/output relationship, and effectiveness related measures, which deal with issues like business growth and employees’ satisfaction (Quartey, 2012). Additionally, performance has also been conceptualised using financial and non-financial measures from both objective and perceptual sources (Adenuga, 2011). Hence, from this few literature reviewed, the term “performance” should be broader based which include effectiveness, efficiency, economy, quality, consistency behaviour and normative measures (Ricardo & Wade, 2001; Quartey, 2012).
2.3. Internal Control Systems and Organisational Performance
Empirically, the positive relationship between the COSO internal control systems variables and performance is not quite clear. Muraleetharan (2011) posits that internal control-performance relationship is influenced by some but not all of the internal control systems variables. According to Muraleetharan, risk assessment, control activities as well as monitoring of the COSO framework for internal control variables influence the positive link, while the relationship using control environment and information and communication fails to lend itself to prediction. On the contrary, results from Njeri (2014) have revealed that all elements except information and communication of the COSO framework of internal control systems predict the positive relationship.
To augment the findings of Muraleetharan (2011) and Njeri (2014), results from Europe on the study of enterprise risk management and performance have shown a negative relationship between high levels of enterprise risk management and performance (Eikenhout, 2015). Per these findings, the relationship between the elements of internal control and performance is not quite clear. To add to the foregoing discussion, the literature on ICS lacks studies on the conditions of ICS and performance as well as differences in the components of internal control systems.
2.4. Conceptual Framework
Based on the overall review of related literature, the following conceptual model in which this specific study is governed was advanced. As illustrated in the literature, ICS has significant influences on organisational performance. Organisational performance has been taken as dependent variable while ICS as independent variable. In the independent variable, ICS includes five dimensions based on COSO internal control framework namely; Control Environment, Risk Assessment, Information and Communications, Control Activities, and Monitoring.
Performance, the dependent variable, is centred on a multi-dimensional performance indicator known as the building block model developed by Fitzgerald and Moon (1996). These performance indicators consist of; return on asset, liquidity, customer base, quality of service, flexibility, resource utilisation and innovation. The relationship of the variable for this study is referred to as follows in Figure 1.
Figure 1. A conceptual framework for impact of internal control system on performance of universal banks. Source: Authors’ own construct (2021).
The approach of the study was a quantitative. Through the use of questionnaire, data was collected from 160 employees made up of branch managers, operations managers, head tellers and internal audit managers from 20 branches of universal banks in Ghana. The questionnaire was divided into two main sections representing internal control systems and organisational performance. It was made up of only closed-ended questions. The section on internal controls was adopted from the instrument developed by Bureau of Financial Monitoring and Accountability of Florida Department of Economic Opportunity (DEO, 2014). The DEO (2014) instrument was based on variables in COSO, 2013. The segment on performance was also adopted from Fitzgerald and Moon’s (1996) measures for measuring performance in the service industry.
The questionnaire comprised 32 items grouped under the two main sections (i.e., Section A-B). Section A comprised five-sub sections (AI-AV), which measured the internal control systems. Section BI measured the control environment and comprised nine items while section AII, AIII and AV measured the risk assessment, information and communication system and monitoring control systems respectively and they were made up of four items each. Section AIV consisted of five items measuring control activities. Section B gathered information on the performance of the various banks and it was made up of six items. All the variables were measured on an interval scale of 1 - 5, where 1 was the least and 5 being the highest.
3.1. Measuring Reliability of the Instrument
Reliability of an instrument indicates how free the instrument is from random error or the extent to which the scale produces consistent results if repeated measures are taken (Pallant, 2013). Cronbach Alpha which measures internal consistency was used and it measures the degree to which all items on a scale measure an underlying construct (Pallant, 2013). The rule is that individual consistency reliability should be 0.7 or higher. The Cronbach alpha output for the variables is displayed in Table 1.
Table 1. Reliability analysis of constructs.
From Table 1, as indicated by the results, the value of coefficient alpha of Controls for control environment was the highest (0.923) exceeding the original alpha value of 0.70 as proposed by Fraenkel, Wallen and Hyun (2011) and Pallant (2013). The coefficient alpha values for Risk Assessment, Control Activities, Monitoring and Financial Performance (0.851, 0.855, 0.846, and 0.824 respectively) were all high exceeding the 0.7 suggested by Pallant (2013). Information and Communications System had the least alpha value of 0.800 yet it was above the original value. Hence, the results of the Cronbach’s alpha in Table 1 signify that all the constructs were reliable and could be used in this study.
3.2. Data Analysis
Data was processed using software SPSS version 21 and the analytical tool used was multiple regression analysis. This is because regression analysis is used for testing effects/impacts among variables. The indicators for each of the five dimensions of internal control systems (Control Environment, Risk Assessment, Information and Communications System, Control Activities, Monitoring) were separately aggregated, and were used as the independent variables. The dependent variable, performance, included return on asset, liquidity, customer base, quality of service, flexibility, resource utilisation, and innovation as indicators. All these indicators were also aggregated into a single score and used as the dependent variable. Afterward, the independent variable was regressed on the dependent variable.
4. Results and Discussion
As indicated, the model encompassed ICS (which was made up of Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring) as the independent variable, and Organisational Performance as the dependent variable. Assessment was based on the beta (β) values, partial correlation values (R), coefficient of determination (R2) and the corresponding significant levels (p-values). The conventional alpha level of 0.05 was adopted. The findings from the regression analysis are presented in Table 2.
Table 2. Internal control systems predicting performance of universal banks.
aDependent Variable: Organisational (Universal Banks) Performance. **Sig < 0.01, ***Sig < 0.001.
The model correlation coefficient value of 0.792 indicates that there is a strong positive relationship between the dependent variable and the independent variable. The R-Square indicates the amount of variance in the dependent variable that is explained by the independent variable of the study. Thus, the R-Square
value of 0.628 implies that the specified model of the study explains 62.8 percent of the variance in the performance of universal banks. The R-Square according to Gray (2013), is also a signal of goodness of fit of the data. Generally, the higher the R-Square value, the better the fit. So, the R-Square of 0.628 implies that the model specified better fits the data.
The result from the Durbin-Watson of 1.845 also indicates that there is no autocorrelation among the residuals in the regression model. This is because the Durbin-Watson statistics is greater than 1.5 and less than 2.5 which is the accepted benchmark of the test tool (Gray, 2013). The F-statistic tests the joint significance of the independent variable in explaining the dependent variable. In this analysis, the p-value of the F-statistic is well below 0.05 (p < 0.000). Therefore, it can be concluded that the R and the R2 between the internal control systems and the performance of universal is statistically significant.
The implication as submitted by Tabachnick and Fidell (2019) is that the independent variables (control environment, risk assessment, control activities, information and communication, and monitoring) collectively, significantly predict or explain the dependent variable, performance of universal banks. This result affirms the findings of Muraleetharan (2011). Muraleetharan explored the impact of internal controls on financial performance of organisations in Jaffina district, Sri Lanka. The study found that internal control is statistically significant in predicting performance.
From Table 2, the statistics of the standardised betas for the internal control variables are as follows: control environment (0.132), risk assessment (0.280), information and communications systems (0.323), control activities (−0.084), and monitoring (0.266). The statistics shows that information and communication systems had the largest standardised beta while control activities had the smallest standardised beta. It implies that information and communication systems make the strongest unique contribution to predicting performance, when the variance described by all other variables in the model is controlled. Also, control activities make the lowest exclusive contribution to explaining performance, when the variance explained by all other variables in the model is controlled.
Regarding the partial correlation (R) values in Table 2, information and communication systems was the dimension most associated with performance (R = 0.327), although moderate/average. The implication is that, universal banks that maintained effective information and communication systems procedures were on the average, likely to perform. Risk assessment (R = 0.285) and monitoring (R = 0.247) were also weakly associated with performance. The association with performance were very weak for control environment (R = 0.115) and control activities (R = −0.071), albeit very weak and negative for control activities. However, in general, there was a positive association (R = 0.792) between internal control systems (ICS) and performance of universal banks. The finding is consistent to the result of Mawanda (2008) who found that ICS positively influence performance in an institution of higher learning.
Again, Table 2 depicts that although some of the internal control system dimensions contribute to the prediction of the performance of universal banks, control environment and control activities showed otherwise. Concerning risk assessment, the variable had a positive unstandardized beta coefficient of 0.286 and it was statistically significant at 0.1% level of significance. The reason is that the p-value of risk assessment (0.000) is lesser than the alpha value (0.001). Therefore, the study found that risk assessment is one of the internal control variables that significantly influence the performance of universal banks in Ghana. This confirmed the model in the conceptual framework and the results of Njeri (2014) that risk assessment explains variations in the performance of manufacturing firms in Kenya. In a similar study involving Jaffna district organisations of Sri Lanka, Muraleetharan (2011) also found positive effect of risk assessment on financial performance.
From the results, the part correlation coefficient of risk assessment is 0.181. A square of 0.181 is 0.0328 indicating that risk assessment uniquely explains about 3.28 percent of the variance in performance. The positive coefficient of risk assessment means that the more a universal bank undertakes risk assessment activities, the more it is likely for that bank to improve its performance. The result obtained is consistent with the findings of Siayor (2010). In Siayor’s attempt to discover how the internal control system and risk management affects the financial performance of DnB NOR ASA, a Norwegian financial services group, they found that a strong internal control and risk management systems enhanced DnB NOR ASA’s profitability and performance as a whole.
Another covariate that was included in the regression model to predict employee performance was information and communication system. From Table 2, the respective t-value is bigger than 1.96 indicating the coefficient is significant. That is, the selected banks have at least an averagely good information and communication system mechanism (B = 0.373): this value tells that for every unit effective information and communication system mechanism that the banks put in place, organisational performance will increase by 0.373 units implying that, information and communication system affect universal banks’ performance positively. Hence, the study found that information and communication have significant effect on the performance of universal banks of Ghana. Information and communication had a part correlation coefficient of 0.327. When the part correlation coefficient is squared, it would imply that information and communication will uniquely explain 10.69 percent of the variance in performance.
The result obtained for information and communication is inconsistent with the findings of Muraleetharan (2011). Muraleetharan found that information and communication have no significant effect on performance of organisations. However, it was consistent with studies by Oppong, Owiredu, Abedana and Asante (2016) and Amissah (2017). For example, in examining the effect of ICS on performance of firms in the Ghanaian insurance industry, Amissah (2017) found positive effect of information and communication and firm performance.
Monitoring had a positive unstandardized coefficient and it was statistically significant at 1% level of significance. This is because the p-value of monitoring (0.002) is lesser than the alpha value (0.01). Therefore, the study found that monitoring significantly influences the performance of universal banks. Monitoring obtained a part correlation coefficient 0.156 indicating that, monitoring uniquely explains about 2.43 percent of the variance in performance.
The positive coefficient of monitoring means that an increase in monitoring activities as represented by on-going monitoring, separate evaluation or periodic monitoring and reporting deficiencies in a company in the banking industry improves the performance of that particular company in the industry. The result obtained for monitoring corroborates with the findings of Noel (2010) who found monitoring as an internal control variable that has significant positive impact on liquidity, a proxy for performance. The result is also consistent with studies by Amissah (2017) and Widyaningsih (2015).
5. Conclusion and Recommendation
From the findings, it is concluded that the performance of universal banks in terms of; return on asset, liquidity, customer base, quality of service, flexibility, resource utilisation and innovation will increase if management of such banks have defined appropriate objectives for the organisation; identify risks that affect achievement of the objectives; management has criteria for ascertainment of which fraud-related risks to the organisation are most critical; and management has put in place mechanisms for mitigation of critical risks that may result from fraud.
Again, based on the findings on the effect of information and communications system on performance of universal banks, it is concluded that if management of universal banks identifies individuals who are responsible for coordinating the various activities within the entity; all employees understand the concept and importance of internal controls, including the division of responsibility; communication within those banks helps to evaluate how well guidelines and policies of the organisation are working and being implemented; and the reporting system on organisational structures spells out all the responsibilities of each section/unit in the organisation, performance of such banks will increase.
Pertaining to the finding on the effect of monitoring on performance of universal banks, the study concludes that universal banks that have independent process checks and evaluations of controls activities on on-going basis; have internal reviews of implementation of internal controls in units conducted periodically; where management has assigned responsibilities for the timely review of audit reports and resolution of any non-compliance items noted in those audit reports, performance of such universal banks in terms of; return on asset, liquidity, customer base, quality of service, flexibility, resource utilisation and innovation will increase.
Based on the key findings, we recommend that universal banks adopt different risk assessment procedures through the use of risk identification measures that fit their contingency characteristics. This will help improve the effectiveness of their risk assessment procedures and boost performance levels. They should strengthen their information and communication systems by generating quality information to support the other components of internal control. This will render the other components of internal controls effective and improve performance. Finally, the universal banks should pay attention to monitoring through providing independent process checks and evaluation of control activities on on-going basis and ensuring internal reviews of implementation of internal controls in units are conducted periodically.
 Amissah, A. (2017). Effect of Internal Control Systems on Performance of Companies in the Insurance Industry in Ghana. Unpublished Master’s Dissertation, Department of Accounting and Finance of the School of Business, College of Humanities and Legal Studies, University of Cape Coast.
 Ayagre, P., Appiah-Gyamerah, I., & Nartey, J. (2014). The Effectiveness of Internal Control Systems of Banks. The Case of Ghanaian Banks. International Journal of Accounting and Financial Reporting, 4, 377-389.
 Chebungwen, N., & Kwasira, J. (2014). An Assessment of Internal Control System on Financial Performance in Tertiary Training Institutions in Kenya: A Case Study of African Institute of Research and Development Studies. International Journal of Science and Research, 3, 571-573.
 COSO (Committee of Sponsoring Organization) (1994). Internal Control, Integrated Framework: Executive Summary-Framework-Reporting to External Parties—Adden- dum to “Reporting to External Parties”.
 Dineshkumar, S., & Kogulacumar, P. (2013). Internal Control System and Its Impact on the Performance of the Sri Lanka Telecom Limited in Jaffna District. International Journal of Advanced Computer Technology, 2, 56-64.
 Essuman, F. E. (2016). Effects of Internal Control Systems on the Financial Performance of Credit Unions in the Sekondi-Takoradi Metropolis. Unpublished Master’s Dissertation, Department of Business Studies of the College of Distance Education, University of Cape Coast.
 Gimenez, F. A. (2000). The Benefits of a Coherent Strategy for Innovation and Corporate Change: A Study Applying Miles and Snow’s Model in the Context of Small Firms. Creativity and Innovation Management, 9, 235-244.
 Gyebi, F., & Quain, S. (2013). Internal Control on Cash Collection. A Case of Electricity Company of Ghana Ltd., Accra East Region. International Journal of Business and Social Science, 4, 217-233.
 Kwayie, A. A. (2015). Assessing the Effectiveness of Internal Controls in Non-Bank Financial Institutions: A Case Study of Beige Capital Savings and Loans Ltd. Unpublished Master’s Dissertation, School of Graduate Studies, Kwame Nkrumah University of Science and Technology.
 Mawanda, S. (2008). Effects of Internal Control Systems on Financial Performance in an Institution of Higher Learning in Uganda: A Case of Uganda Martyrs University. Master’s Dissertation, Uganda Martyrs University.
 Moeller, R. R. (2013). Executive’s Guide to COSO Internal Controls: Understanding and Implementing the New Framework (1st ed.). John Wiley & Sons Publishing.
 Ndungu, H. (2013). The Effect of Internal Controls on Revenue Generation: A Case Study of the University of Nairobi Enterprise and Services Limited. Master’s Dissertation, University of Nairobi.
 Nkuah, K. J., Tanyeh, P. J., & Asante, J. (2013). The Relationship between Financial Control Systems and Public Sector Efficiency in Ghana. International Journal of Advanced Research in Management and Social Sciences, 2, 209-235.
 Oscar-Akotey, J., Sackey, F. G., Amoah, L., & Frimpong-Manso, R. (2013). The Financial Performance of Life Insurance Companies in Ghana. The Journal of Risk Finance, 14, 286-302.
 Owusu-Boateng, W., Amofa, R., & Owusu, I. O. (2017). The Internal Control Systems of GN Bank-Ghana. British Journal of Economics, Management & Trade, 17, 1-17.
 Siayor, A. D. (2010). Risk Management and Internal Control Systems in the Financial Sector of the Norwegian Economy: A Case Study of DnB NOR ASA. Master’s Dissertation, University of Tromsø.
 Steinberg, R. M. (2011). Governance, Risk Management, and Compliance: It Can’t Happen to Us, Avoiding Corporate Disaster While Driving Success. John Wiley & Sons.
 Widyaningsih, A. (2015). The Influence of Internal Control System on the Financial Accountability of Elementary Schools in Bandung, Indonesia. Research Journal of Finance and Accounting, 6, 89-96.