ST.

MARY’S UNIVERSITY
SCHOOL OF GRADUATE STUDIES

ASSESSMENT OF INTERNAL CONTROL EFFECTIVENESS:

IN CASE OF CARE ETHIOPIA

BY

ABERASH DENDIR

ID NO SGS/0267/2009A

JUNE, 2018
ADDIS ABABA, ETHIOPIA
 ASSESSMENT OF INTERNAL CONTROL EFFECTIVENESS:
IN CASE OF CARE ETHIOPIA

RESEARCH REPORT SUBMITTED TO ST. MARY’S UNIVERSITY,

SCHOOL OF GRADUATE STUDIES IN PARTIAL FULFILLMENT
OF THE REQUIREMENTS FOR THE AWARD OF THE DEGREE
OF MASTERS OF BUSINESS ADMINISTRATION (MBA) IN
ACCOUNTING AND FINANCE

BY: ABERASH DENDIR

ID NO SGS/0267/2009A

ADVISOR: ASMAMAW GETIE (ASST. PROFESSOR)

JUNE, 2018

ADDIS ABABA, ETHIOPA

ii
 ST. MARY’S UNIVERSITY

DEPARTMENT OF IN ACCOUNTING AND FINANCE

ASSESSMENT OF INTERNAL CONTROL EFFECTIVENESS:

IN CASE OF CARE ETHIOPIA

BY

ABERASH DENDIR

APPROVED BY BOARD OF EXAMINERS

_____________________________ ____________________

Dean, Graduate Studies Signature

______________________________ _____________________

Advisor Signature

______________________________ _____________________

External Examiner Signature

______________________________ _____________________

Internal Examiner Signature

iii
 DECLARATION

I, the undersigned, declare that this thesis is my original work, prepared under the
guidance of Asmamaw Getie (Asst. Professor).All sources of materials used for the thesis
have been duly acknowledged. I further confirm that the thesis has not been submitted
either in part or in full to any other higher learning institution for the purpose of earning
any degree.

Aberash Dendir ______________________

Name Signature

St. Mary’s University, Addis Ababa June, 2018

iv
 ENDORSEMENT

This thesis has been submitted to St. Mary’s University for examination with my
approval as a university advisor.

Asmamaw Getie (Asst. Professor) ______________________

Advisor Signature

St. Mary’s University, Addis Ababa June, 2018

v
 AKNOLOGMENTS
The Almighty God, I do not know how I can state for all; I am heartily grateful to him for
his bright gifts throughout my life from the beginning wherever I go.

My gratitude goes to my advisor, Mr.Asmamaw Getie (Ass.Prof.), for his incredible

help, guidance, patience and understanding during the course of this thesis. In addition, I
am thankful to CARE Ethiopia, for giving the opportunity to conduct this thesis. My
thanks also go out to other lecturers and my group members, especially Asefash Worku
during my course and for making this study a memorable experience for me.

Lastly not least, I am pleased to express my sincere thanks to my family members and
take this opportunity to thank all people who made a contribution in my academic life so
far.

vi
 TABLE OF CONTENT

AKNOLOGMENTS ....................................................................................................................... vi
TABLE OF CONTENT.................................................................................................. vii
List of Tablesix
LIST of ACRONYMS .................................................................................................................... xi
CHAPTER ONE .............................................................................................................................. 1
1 INTRODUCTION .............................................................................................................. 1
1.1 Background of the Study ................................................................................................. 1
1.2 Background of the Organization ...................................................................................... 3
1.3 Statement of the Problem ................................................................................................. 4
1.4 Research Question ........................................................................................................... 6
1.5 Objectives of the Study .................................................................................................... 6
1.5.1 General Objective of the Study ................................................................................ 6
1.5.2 Specific Objectives of the Study .............................................................................. 6
1.6 Scope and limitation of the study..................................................................................... 7
1.7 Significance of the Study ................................................................................................. 7
1.8 Organization of the Study ................................................................................................ 8
CHAPTER TWO ............................................................................................................................. 9
2 REVIEW OF RELATED LITERATURE .......................................................................... 9
2.1 Definition of Internal Control System ............................................................................. 9
2.2 Types of Internal Control Techniques ........................................................................... 10
2.2.1 Plan of Organization .............................................................................................. 10
2.2.2 Segregation of Duties ............................................................................................. 11
2.2.3 Control of Documents ............................................................................................ 11
2.2.4 Physical Control ..................................................................................................... 11
2.2.5 Arithmetic and Accounting Controls ..................................................................... 12
2.2.6 Supervision ............................................................................................................ 12
2.2.7 Routine and Automatic Checks (snap checks) ....................................................... 13
2.3 Elements of Internal Control .......................................................................................... 13
2.3.1 Control Environment ............................................................................................. 14
2.3.2 Risk Assessment .................................................................................................... 15

vii
 2.3.3 Control Activity ..................................................................................................... 15
2.3.4 Information and Communication ........................................................................... 15
2.3.5 Monitoring and Evaluation .................................................................................... 16
2.4 Effective Internal Control System.................................................................................. 17
2.5 Empirical Review........................................................................................................... 18
2.6 Summary and Knowledge gap ....................................................................................... 21
CHAPTER THREE ....................................................................................................................... 23
3 METHODOLOGY ........................................................................................................... 23
3.1 Research Design............................................................................................................. 23
3.2 Research Approach ........................................................................................................ 23
3.3 Sources of Data .............................................................................................................. 24
3.4 Population of the Study Sampling Techniques and Procedures..................................... 24
3.5 Method of Data Analysis ............................................................................................... 24
3.6 Ethics in Research .......................................................................................................... 25
CHAPTER FOUR.......................................................................................................................... 26
4 DATA ANALYSIS AND INTERPRETATION .............................................................. 26
4.1 Introduction .................................................................................................................... 26
4.2 Background of Respondents .......................................................................................... 26
4.3 Descriptive Statistics Analysis ....................................................................................... 28
4.3.1 Control Environment ............................................................................................. 28
4.3.2 Effectiveness of Risk Assessment.......................................................................... 30
4.3.3 Effectiveness of Control Activities ........................................................................ 32
4.3.4 Effectiveness of Information and Communication ................................................ 34
4.3.5 Effectiveness of Monitoring and Evaluation.......................................................... 36
4.4 Interview Results ........................................................................................................... 38
CHAPTER FIVE ........................................................................................................................... 40
5 SUMMARY, CONCLUSIN AND RECOMMENDATION ............................................ 40
5.1 Summary of Findings ..................................................................................................... 40
5.2 Conclusion of the Study ................................................................................................. 41
5.3 Recommendation ........................................................................................................... 42
REFERENCES............................................................................................................................. 43
APPENDEX I ............................................................................................................................... 49
APENDEX II ................................................................................................................................ 54

viii
List of Tables
Table 3-1: Distribution of Organization Departments ...................................................... 24
Table 4-1: Characteristic of Respondents ......................................................................... 26
Table 4-2: Employee View Regarding the Organization Control Environment............... 29
Table 4-3: Employee View Regarding the Organization Risk Controlling Activities ..... 31
Table 4-4: Employee View Regarding Control Activities of Internal Control ................. 33
Table 4-5: Employee View Regarding the Organization Information System to Perform
Internal Control ................................................................................................................. 34
Table 4-6: Employee View Regarding the Organization Monitoring and Evaluation
System of Internal Control ................................................................................................ 36

ix
 Abstract
The objectives of this study was assessing the internal control effectiveness of
international NGOs in Ethiopia taking CARE Ethiopia as a case study. To achieve its
objective, the study was tried to assess about five control elements of internal control.
These are Control Environment, Control Activities, Risk Assessment Practice,
Information and Communication using system and Monitoring and Evaluation system of
internal control. Based on this, the study collected data from employee of the
organization using structured questionnaire and interview. Accordingly, 32 respondents
were participated. Both the questionnaire and interviews results were used to answer the
research questions. For the interview purposive sampling techniques was made. The data
gathered from questionnaire analyzed by descriptive statistics such as mean, standard
deviation, minimum and maximum through statistical tool SPSS version 23. The study
finds out that the control environment of the internal control system is inadequate to be
judged as effective, particularly, the organization didn’t continuously provide mentoring
and training opportunities needed to attract, develop, and retain appropriate and
competent personnel. The study further finds out organization has not sufficiently
designed appropriate strategy of identifying risk, no sufficient system designed to respond
to risk, lack of monitoring and evaluation system of internal control, The study
recommends that monitoring in an effective internal control system is required to
continuously evaluate whether the system is performing as per the designed system and
the management should establish good internal control environment to control activities
on an on-going basis.

Key Words: -Control Activities, Control Environment, Internal Control, Information

and communication, Monitoring and Evaluation

x
 LIST of ACRONYMS
AIS Accounting Information Systems

AAID Australian Agency for International Development

ADA Austrian Development Agency

AICPA American Institute of Certified Public Accountants

CARE Cooperative for Assistance and Relief Everywhere

CAI Community Associations Institute

CSA Charity and Society Agency

CIDA Canadian International Development Agency

COSO Committee of Sponsoring Organizations of the Trade Way Commission

DFID Department for International Development

EBS Egyptian Banking Sector

EC European Commission

ECHO European Commission Humanitarian Aid Office

FFP Food for Peace

FDRE Federal Democratic Republic of Ethiopia

GAAP Generally Accepted Accounting Principles

GAO General Accounting Office

IAS Internal Accounting Standards

MSH Management Sciences for Health

NGO Non-Governmental Organization

OCHA Office for the Coordination of Humanitarian Assistance

FDA Foreign Disaster Assistance

PIE Pathfinder International Ethiopia

xi
SOX Sarbanes Oxley Act

SPSS Statistical Package for Social Science

USAID U.S. Agency for International Development

xii
 CHAPTER ONE

1 INTRODUCTION
1.1 Background of the Study
Recently several enterprises suffered great losses and collapsed because of a poorly
designed internal control system or because of a failure to implement the designed
internal control systems. Subsequently, issues regarding internal control and corporate
governance have attracted considerable attention and responses from government,
industries, and academic world Bailey (2005). An internal control system is a vital
mechanism that enables an organization to achieve its operational goals, improves
operational efficiency and effectiveness, strengthens its corporate constitution and
enhances its competitiveness. Furthermore, the technological advancement and
hastilychanging business environment is putting substantial pressure on organizational
leaders to maintain sound and effective internal control system to meet its objectives
Oppong, Owiredu and Abedana (2016).

Mawanda (2008) argued that internal controls are processes designed and effected by
those charged with management, governance, and other personnel to provide reasonable
assurance about the achievement of objectives of an entity’s. As such internal control
plays a direct role in influencing management performance as they are charged to provide
a reasonable assurance of the reliability of financial reporting, the compliance with laws,
guidelines and regulations and to uphold good corporate governance. As IFAC (2012)
stated effective internal control system is one that exhibits certain characteristics that
facilitate the evaluation and improvement of existing internal control systems by
highlighting areas where the practical application of such guidelines often fails in many
organizations.

According to Hamed and Babak (2009) control procedures and policies has to be
established and executed to help ensure that actions necessary to achieve the
organization’s objectives are effectively carried out. They further argued that control
activities are the control procedures and policies that help to ensure that management

1
directives are carried out and also controlled activities includesauthorizations, approvals,
verifications, reconciliations, security of assets, reviews of operational performance and
segregation of duties and responsibilities.

Allthese business environment changes and practicesare mostly observable in the profit
making businesses organizations due to their main objective isprofit maximization. On
the other hand,NGOs had earlierdepend on traditional and informal practices to address
their social objective. The recent rampant of financial malfeasance reported among NGOs
shows that the internal control practices are not yielding the desired results.William
(2007) stated that fraud and corruption cases, involving organizations such as Red
Cross, Enron, Tyco, WorldCom and United Way have raised consciousness of and
demand for financial responsibility by stakeholders. William farther argue that internal
control integrities suggest one way to demonstrate responsibility is throughthe use of a
strong and effective internal control system. Thus, it is that the implementation of sound
and effective internal controls is mandatory to ensure that the strategic objectives of
NGOs are encountered.

This study focused on assessing internal control system of international NGOs in

Ethiopia, regard to this Freeman (1998)conceptualizes a Non-Governmental organization
(NGO) as an organization their activities are non – commercial and therefore not for
profit, not state financed and is not parts of a government. NGO’s areindependent of
governments and usually self-governing organizations. They provide services to society
through welfare works for community growth, sustainable system development and
assistance in national disasters.The primary goal of NGO is to insure that resources are
effectively and efficiently used to attaindesiredobjectives.

Regard to this Saleemi(2009)indicated that internal control must be designed to provide

reasonable assurance regarding prompt detection or prevention of disposition of an agency’s
assets use or unauthorized acquisition. SimilarlNGOs need to design, implement and
monitor effective internal control system in order to prevent the malpractices and
misuse of funds to address their intended objectives. Therefore, this study assesses
internal control effectiveness of International NGOs in Ethiopia, taking Care Ethiopia as
a case study.

2
1.2 Background of the Organization

CARE (Cooperativefor Assistance and Relief Everywhere), is formerly, cooperative for

American remittances to Europe is a major HumanitarianAgencydeliveringemergency
relief and long term internaldevelopment projects. CARE founded in 1945, it is one of the
largest and the oldest humanitarian aid organization focused fighting on global poverty.
In 2016 CARE reported working in 94 countries supporting 962 poverty fighting projects
and humanitarianprojects and reaching 80 million people 256 million people indirectly.
CARE started working in Ethiopia in 1984 in response to severe drought and famine that
devastated the population and claimed the lives of nearly one million people. Since then,
the organization’s activities have expanded to address the root causes of poverty and
vulnerability. CARE’s programss focus on the areas of livelihoods and food security,
sexual and reproductive health, education, governance, water and sanitation, and
emergency preparedness and response. As part of CARE Ethiopia’s development of a
focused and long-term programs approach to poverty, the office targets three groups of
people: pastoralist girls, chronically food-insecure rural women, and poor young girls
living in cities and on the outskirts of urban areas.

CARE Ethiopia Donated by, Several partners such as, U.S. Agency for International
Development (USAID), Food for Peace (FFP), the Embassy of Norway, Australian
Agency for International Development (AusAID), Proctor and Gamble, SouterCharitable
Trust, Canadian International Development Agency(CIDA), UK Department for
International Development (DFID),European Commission (EC), European Commission
Humanitarian Aid Office (ECHO), United Nations Office for the Coordination of
Humanitarian Assistance (OCHA), Austrian Development Agency (ADA), Conrad N.
Hilton Foundation, Michael and Susan DellFoundation, Bill and Melinda Gates
Foundation, Howard G. Buffett Foundation, Richard and Rhoda Goldman Fund, Nike
Foundation, Office of U.S. Foreign Disaster Assistance (OFDA), and private donors.

3
1.3 Statement of the Problem

Sound and effective internal controls is very important to Non-Governmental

Organizations reason being that NGOs are recipients of huge amounts of donor funding
and assets which require a sound internal control system for proper care and management
of these resources.Flores (2013) stated that Ethiopia is a focus of international attention in
the Horn of Africa due to both its consistently high rates of economic growth and for its
continuedproblems with widespread hunger and poverty. Floresfarther argue that the
nation is also significant for being among the most dependent on foreign aid. Topping the
worldwide list of countries receiving aid from the US, UK, and the World Bank, Ethiopia
has been receiving $3.5 billion on average from international donors in recent years,
which represents 50 to 60 percent of its national budget. In order to proper management
of these huge amount of funds, the management of the NGOs has to be establish
procedures to be followed in their day to day operations which among other things are
meant to safeguard NGOs’ assets and ensure reliable recording of the monetarily
transactions. In addition to this cases of fraud and other malpractices are rarely publicized
by media and other communication channels, it is probable that misuse of funds due to
lack of financial control systems is a reality among NGOs donated for poor countries.
Ayom (2013) observed that despite support from donors, most NGOs are not effective
asexpected. Thisindicated that NGOs has to be design, implement and monitor effective
internal control systems and practices.

There are several types of international NGOsin Ethiopia that have been existed and they
contribute a lot in solving several challenges of the society, however, due to the inherent
limitations of internal controls and pressure, opportunity and excuses by management and
perhaps the credibility of controls, discussing and benchmarking is still not high enough
within Ethiopia. In recent year there were a controversy between Ethiopian Government
and NGOs, after, the government revised regulatory of NGOs that operated in Ethiopia,
one of the government officials reason the interference of government on the activities of
NGOs was misuse of resources received in the name of poor peoples of Ethiopia. As a
results the government were enforced NGOs with a rule known as 70 – 30 (seventy –
thirty), which is 70 % of the donated money should spend for beneficiaries and 30% for

4
administrative activities. This implied that, the International NGOs internal controlling
system is not transparent FDRE, Charity, Association, (2003).

Despite the various measures put in place to enhance proper management of NGOs in
Ethiopia, there are significant policy risks and challenges that NGOs currently faceCSA
report (2013). Therefore, the need to keep implementing, monitoring and evaluation of
internal controls, should not be left to the public and private sectors, but should also be
instituted by NGOs as well. It isthis background therefore that the study sought to assess
internal control effectiveness of International NGOs in Ethiopia

In this study attempts tried assessing internal control effectiveness of International NGOs
in Ethiopia,in the case of CARE Ethiopia. As already explained CARE Ethiopia is one of
the largest international NGOs participated in several sectors of aid in Ethiopia and
Donated by several partners. Though, CARE Ethiopia has made progress with programs
implementation, resulting in diverse achievements and improvement in several area of
organizationstructuresusing several parameters, such as, capacity building of employee,
monitoring and delivery strategy of aid funds for beneficiary, however, the annualReport
of the organization (2016) implied the organization were not efficient in internal control
system. This was the base of practical problem of the study area that motivated the
researcher to assess further internal control practice of the organization, and identify
major challenges that affect the organization internal control system.

Theoretically, there are some studies conducted on internal control systems of

organization in Ethiopia including international NGOs, such as, a study conducted
byBelayneh (2016) on internal control of Save the Children. In this study all of the
organization employee were considered as participant of the study, this might diminish
retrieving deep knowledge from related area population, to solve this gap in this study
focused of population were concerned from related departments that
concernedinternalcontrol. Therewas also a study conducted by, Genet (2015) to assess the
functionality of internal control system of Non-Government, Organizations (NGOs) a
case study of Pathfinder International Ethiopia (PIE). The study was assessed very few
areas such as, organizational control of PIE, personnel controls of PIE, and assess
operating controls, however, it is difficult to reached on conclusion assessing those few

5
areas, to fill this gap the study include further elements of internalcontrol such as, risk
controlling activities, activitiescontorting system, information communication system,
monitoring and evaluation. There was also one more related area conducted by Getu
(2016) on internal control system of NOGs of Ethiopia. One of the major gaps of the
study were that,the study focused to give insight on International NGOs in Addis Ababa
working on health sector, internal control system, so that the finding was not discussed in
deep challenges of individual organization. Therefore, this study focused to investigate
some practicalchallenges observed in CARE Ethiopia as well as fill theoretical gaps of
previous studies.

1.4 Research Question

To assess internal control effectiveness of International NGOs in Ethiopia, the study

has focused to address the following basic research questions:

1. How organizational control environment ensuredinternal control system?

2. How controlling activitiesensured effective internal control system?
3. How risk controlling system applied in the organization?
4. How the information and communication application implemented in the
organization internal control system?
5. How monitoring and evaluation system has been executed in the organization?

1.5 Objectives of the Study

The study will have to achieve both the general and specific objectives

1.5.1 General Objective of the Study

The main objective of this study was to assess internal control effectiveness of
International NGOs in Ethiopia, in case of CARE Ethiopia

1.5.2 Specific Objectives of the Study

The specific objectives of the study:

1. To assess organizationalcontrol environment of internal control system.

2. To assess the ongoingcontrol activities of the organization.

6
3. To examine risk controlling system applied in the organization.

4. To examine information and communication application of internal control system.

5. To examine the implementation of monitoring and evaluation ofinternal control

system.

1.6 Scope and limitation of the study

The scope of the study was delimited to assess internal control effectiveness
ofinternational NGOs, in Ethiopia, both financial and non-financial controlling systems.
Though it has been important to include all of international NGOs existed in Ethiopia,
however,infeasibility from resource and time perspectives, the focus of this study has
beenonly on the assessmentof internal control in non-governmental organizations
selectively. Hence, this study has been delimited to as case study in Care Ethiopia, an
International NGO.

The limitation of the study was the researcher couldn’t get and used secondary data to
analyze the result. The other limitation was the belief that the research may not be read,
thus people may not be benefited from the study.Therefore, it is the aim of the researcher
to write papers out of the research and present them in the meetings.

1.7 Significance of the Study

The findings of this study may help identify gaps within the systems of internal control
and their effectiveness, focusing on financial and non – finical controls in international
NGOs. The findings may also benefit to the management and donors since they are
bound to enable them streamline the systems of internal controls. Ultimately, the findings
are likely to ensure improved financial management and also attainment of the sector
organizations’ objectives. The study also adds to the existing knowledge regarding
internal control. The study generates knowledge to internal control elements and may
guide policy makers in the planning for NGOs resources. The findings of the study also
helpful to all academicians in finance and accounting, management, and other pertinent
fields.

7
1.8 Organization of the Study

The study has beenorganized in to five chapters. The first chapter deals with introduction
of the study, background of the study area, statement of the problem, objective of the
study, significance of the study and delimitation of the study. The second chapter has
introduced review of related literature in the area. The third chapter deals with the
research design and methodology. The forth chapter presents the analysis and the fifth
chapter contained summary of the major findings, conclusion and recommendation of the
study. Finally list of references and appendix annexed at the end pages of the paper.

8
 CHAPTER TWO

2 REVIEW OF RELATED LITERATURE

2.1 Definition of Internal Control System
Internal controls are the processes designed and affected by those charged with
governance, management, and other personnel to provide reasonable assurance about the
achievement of an entity’s objectivesBatra(2002). Internal control plays a direct role in
influencing management performance as they are charged to provide a reasonable
assurance of the reliability of financial reporting, the compliance with laws and
regulations and to uphold good corporate governance.

According to Paula (2000) control policies and procedures must be established and
executed to help ensure that actions necessary to achieve the institution’s objectives are
effectively carried out. It is further argued that control activities are the policies and
procedures that help ensure that management directives are carried out and also
controlled activities occur as diverse as approvals, authorizations, verifications,
reconciliations, reviews of operating performance, security of assets and segregation of
duties. Similarly, reviews should be made of actual performance versus budgets, forecasts
and performance in prior periods and performance reviews should be made of specific
functions or activities.

Woolf (2007) proposes that a variety of control activities should be achieved to check
the accurateness and completeness of information along with the authorization of
transactions. Development of new systems and changes to existing ones should be
controlled. Additionally, access to programs and data base should be restricted. Physical
controls include control of inventories,equipment’s, cash and other assets which should
be secured physically and sporadically counted and matched with amounts shown on
control records. Performance indicators may be through anticipating certain operating
results by investigating unexpected results that expose the achievement of the
organizations objectives. Duties are segregated among different people to reduce the risk
of error or inappropriate actions. For instance,responsibilities for authorizing transactions,
recording them and handling the related assets should be segregated.

9
2.2 Types of Internal Control Techniques

Hamed (2009) stated that internal controls can be mostly classified asdetective or
preventive. Preventive controls are designed to discourage errors or irregularities and
they include such things as: reading and understanding business Human Resource
policies, a computer application which checks validity prevents the entry of an invalid
account number, such as Work Hours helps prevent violations of the Fair Labor
Standards, and a manager's review of purchases for propriety and validity prior to
approval prevents inappropriate expenditures.

Detective controls are designed to identify an error or irregularity after it has occurred. It
includes things like: an exception report detects and lists incorrect or invalid entries or
transactions, a comparison of validated Cash Receipt Vouchers to monthly financial
statements will detect deposits posted to erroneous accounts, and the manager's review of
long distance telephone charges will detect improper or personal calls that should not
have been charged to the account among others.

Effective internal control system operates when some specific procedures are adopted by
the management. Internal Accounting Standards (IAS) categorizes internal control types
as plans of organization, segregation of duties, control of documents, safeguarding of
assets, competence of staff arithmetic and accounting controls recording and record
keeping supervision, authorization and approvals, vocation and rotation of duties, cost
feasibility and routine automatic checks (snap checks).

2.2.1 Plan of Organization

Plan of organization is an organization chart which shows the organization
structureSaleemi(2009). Drawing an organizational plan is used to show how it has been
divided into departments and departments into sections.This is important to show what
responsibility and duties are assigned to each officer. Authority and responsibility are
clearly drawn. Employees easilyperform their duties according to organizational plan.
This plan allocates and defines responsibilities and identifies lines of reporting for all
aspects of business operations. There for, the plan of organization is needed for effective
internalcontrol lover the organizationsactivities.

10
2.2.2 Segregation of Duties
The term segregation of duties is used these days for internal responsibilitiesMillchamp
(2009). One of the main means of control is the separation of duties which would enable
open individual to record and process complete transaction. Segregation of duties reduces
risks of internal manipulation of finances and increase the element of checking.Division
of duties thus makes frauds more difficult to be committed because one transaction is
completed by even more than two different employees. Manasseh(2009) indicated that
any internal control system will only be strong if duties and responsibilities are
segregated. The segregation of duties reduces the risk of frauds and errors and
manipulation in the business accounting system. It also increases efficiency in company's
operations due to specialization and facilitates supervision. The duties which must be
segregated are recording, authorization, execution of duties, custody of company’s assets
and systems development for computer operations.

2.2.3 Control of Documents

Batra, (2002) states that control of documents involves the control of the company’s
sensitive documents e.g. receipts, cheques, local purchase order, debit and credit notes.
These documents must be handled by a responsible officer and should be pre-numbered
to ensure control and minimize misuse. They must be kept under key and lock and must
be controlled from a central point for example the headquarters or any other convenient
control point.

2.2.4 Physical Control

De Paula (2000) noted that internal control also requires that asset of the business
enterprise like plant and machinery equipment, motor vehicle, stock and cash to be kept
safely. The access to these should be limited only to authorized personnel. The procedure
designed and security measures taken for safeguarding assets should be adequate and
comprehensive. Cash and stock should be under the custody of some reliable persons.
Safeguarding of assets is also known as physical controls. The types of physical controls
common to all organizations are employment of watchmen, alarm system, strong
electrified gates, strong rooms and safer strong fences, security lights and use of dogs.

11
This means a process by which an asset is utilized for its intended purpose only and thus
ensuring that it contributes a lot to the company before it can be disposed or written off. It
also involves securing assets against misuse and physical attack. The objectives of
physical controls are to ensure proper authorization of company assets, their
maintenance, used only in the business, ensure that assets are properly accounted for and
recorded properly and finally to ensure proper disposal of fixed assets.

2.2.5 Arithmetic and Accounting Controls

Woolf (2007) noted that these controls are aimed at ensuring the accuracy of transactions
and also ensures proper recording of company transactions according to the Generally
Accepted Accounting Principles (GAAP). He further noted that controls are usually
boosted by the use of calculators and computers. He later suggested that while examining
the systems of internal control, the auditor should consider the possibilities of collisions
between close relatives working in related party or business, the possibility of collusion
as well as combination of duties which would enable one to conceal irregularities, the
extent to which employees in positions of trust especially those handling cash fail to take
regular holidays and the possible conflict of interest in the case of responsible official
having other business interest. Saleemi (2009) suggests that the recording of business
transactions should be accurate and arithmetically correct. For this purpose, some
controls are introduced for example checking of totals, reconciliations, control accounts
and trial balances. An effective internal control requires proper implementations of
arithmetical and accounting controls. He concluded that the auditor has to examine the
adequacy of the internal control system differently for different organizations. He said
it’s worth nothing here that no set of rules for internal control can be or may be framed so
as to be equally applicable to every concerned, as it would depend upon the nature, size
and scope of each organization”.

2.2.6 Supervision
Manasseh (2009) suggested that any system of control should include the supervision of
day to day transactions by responsible officials and recording of these transactions for
example working hours of employees recorded on clock cards should be checked or
inspected by the supervisors. Mill champ (2009) noted that supervisors must be

12
watchfulin their duties and ensure that people under their supervision perform their duties
as per the laid down organization or company policies and this supervision must be done
in a humane way so as to promote morale among the employees and avoid frustration
among those under supervision. He further noted that the management should check the
interim statements, budgetary control, and standard costing statements and also review
departmental procedures and functions, thus the management therefore must be able to
supervise the entire organization to ensure operational efficiency. Such type of
supervision is done by higher authorities for example managing directors and internal
auditors. Supervision basically means ensuring that employees work for hours expected
and as per the laid down policies and procedures of the organization. The organization
should therefore employ qualified and competent supervisors to ensure its success.

Barta(2002) noted that the system to be installed must be within the limits affordable by
the organization and its cost must not outweigh the benefits to be derived from such a
system of internal control. Regarding cost feasibility, the cost benefit analysis should be
used to weigh the advantages and disadvantages of the undertaking.

2.2.7 Routine and Automatic Checks (snap checks)

Spencer and Pegler (2008) explains that internal check is an arrangement of staff duties
whereby no one person is allowed to carry through a process and to record every aspect
of a transaction to avoid collision between two or more persons thus preventing fraud and
reducing errors to the minimum. Barta (2002) suggests that internal check refers to
checks on the day to day transactions continuously as a part of the routine system
whereby the work of one person is independently counter checked by another person with
a view to detecting and correcting errors as early as possible and avoiding fraud. It
includes matters such as the delegation and allocation of authority and the division of
work, the method of recording transactions and the use of independently ascertained
totals against which a large number of individual items can be proved.

2.3 Elements of Internal Control

The components of internal control are no different in many sources. Some sources refer
them the elements or frameworks while some other refer it standards of internal control.
The Committee of Sponsoring Organizations Batra(2002), Act of Sarbanes Oxley,
13
American Institute of Certified Public Accountants (AICPA) and General Accounting
Office (GAO) claim effective internal control should primarily have five elements
namely; control environment, control activities, risk assessment, information and
communication, and monitoring. Each of the elements will be discussed as follows.

2.3.1 Control Environment

The control environment is considered as the tone at the top of an organization,
influencing the control consciousness of its employees. Beneish et al. (2008), defines the
control environment as the tone of an organization and the way it operates. He further
says that it concerns the establishment of an atmosphere in which people can conduct
their activities and carry out their control responsibilities effectively. The control
environment is the foundational context within which the other aspects of internal control
operate Konrath (1999). The philosophy and management style, organizational structure,
methods of imposing control, assignment of authority and responsibility are all key
aspects of the control environment Jones (2007). Likewise, COSO (2004) looks at the
ethical environment of an organization to encompass aspects of upper management’s tone
in achieving organizational objectives, their value judgments and management styles.
COSO argue this component is the foundation for all other components of internal
control, providing both discipline and structure to the organization. Ethical business
practices, management philosophy and a sense of business integrity all play key parts in
the control environment component.

The control environment represents the control atmosphere for the entity and is the
foundation for the other components Nicolaisen(2004). Bates (2001) considers the factors
relating to the control environment to include the integrity, ethical values, and
competence of employees and management, management’s philosophy and operating
style, the manner in which authority and responsibility are assigned, the organization and
development of employees, and the attention and direction of the board of directors
towards organizational success. Lou (2008) concurs that higher level administrators of an
organization are responsible for establishing the appropriate control environment. Guy et
al (1999) states that good control environment should provide guidelines related to: ethic
and integrity values that should be owned by the member of entity; commitment to

14
competence; participation or the board of director and audit committee; philosophy and
management style; job description of each personnel; and lastly policy and procedure of
human resources.

2.3.2 Risk Assessment

Community Associations Institute CAI (2003) described risk assessment as identification of
potential misstatements and designing controls to prevent or promptly detect of
misstatements. Risk assessment is the process used by an organization (management) to
decide how it will deal with the risks that pose a threat to achieving its objectives
Furrugia(2002). According to Meisser (2003) risk assessment is the component related to the
identification of risk, analysis of risk and management of risk. According to Meisser, Risks
are assessed through management’s awareness of the environment in which it operates and its
direct involvement with the day to day operations of the client community association. Risk
assessment entails to identification and prioritization of objectives, the identification of risks
and assessment of their likelihood and impact Jones (2007).

2.3.3 Control Activity

Under Act of Sarbanes Oxley act SOX(2002) Control activities are the policies and
procedures that assist in ensuring that management directives are successfully implemented.
They provide the means to address the various risks that may hinder the achievement of the
organization’s objectives. In essence, control activities are established in response to
perceived risks. The COSO framework (2013) defines control activities as the policies and
procedures that help ensure management directives are carried out.

2.3.4 Information and Communication

Effective communications should occur in a broad sense with information flowing
between the departments of the organization. Information flow is important to effecting
control, information about an organization’s plan, control environment, risks, control
activities and performance must be communicated up, and access an organization.

This aspect of the internal control elements requires that all pertinent information must be
identified, captured and communicated in a form and timeframe that enable people to
carry out their responsibilities. Information systems produce reports, containing
operational, financial and compliance-related information, that make itpossible to run and

15
control the business (COSO, 2013). They deal not only with internally generated data, but
also information about external events, activities and conditions necessary to informed
business decision-making and external reporting. Effective communication also must
occur in a broader sense, flowing down, across and up the organization.

2.3.5 Monitoring and Evaluation

According to Spencer (2008) to ensure the reasonable assurance regarding achievement of
the organizations objectives, the monitoring process should be performed to evaluate and
assess the systems of internal control to ensure that the procedures are consistently applied
over an extended period of time.

Spencer believes internal audit is part of monitoring internal control system. Managers
should promptly evaluate findings from audits and other reviews, including those
showing deficiencies and recommendations reported by auditors and others who evaluate
agencies’ operations, to determine proper actions in response to findings and
recommendations from audits and reviews.

Jones (2008) refers monitoring as the process of assessing the quality of a systems
performance over time. On an on-going basis, staff should evaluate the various systems
of internal control and updates/modifies/enhances where needed. Any discovered
deficiencies are addressed immediately and added to the overall systems of internal
control. Monitoring of internal control should include policies and procedures for
ensuring that the findings of audits and other reviews are promptly resolved. According
to Coffin (2003) monitoring entails the activities and procedures designed to assess the
effectiveness of the internal control system in achieving the entity’s financial reporting
objectives.

Monitoring activities may be ongoing or may be separate evaluations and it is important

given the complex and dynamic environments faced by most organizations Henle (2005).
It seeks to ensure that systems are performing as intended. However, this is accomplished
through ongoing monitoring activities, periodic evaluations or a combination of the two
COSO (2004). Henle(2005) further contends that these activities permeate the entire
organization, at all levels and in all functions.

16
2.4 Effective Internal Control System

IFAC (2012) stated effective internal control system is one that exhibits certain
characteristics that facilitate the evaluation and improvement of existing internal control
systems by highlighting areas where the practical application of such guidelines often
fails in many organizations.

While internal control is a process, its effectiveness is a state or condition of the process
at a point of time. Accordingly, the effective functioning of components of internal
control provides a reasonable assurance regarding achievement of one or more of the
stated categories of objectives to ensure high levels of organizational performance. Thus
the company's criteria for effective internal control and success of the entire organization.

Apart from different measurements of internal control some argue internal control
effectiveness is more dependent on one or more of the elements.

For example, Spencer (2008) argue that to judge internal control effective depends on the
criteria’s established by management to evaluate the effectiveness. However internal
control effectiveness is much dependent on control environment. Spencer (2008)
confirms that if an organization gets the control environment right the rest will tend to
follow.

17
2.5 Empirical Review

Despite rare studies on internal control in Ethiopia, several investigations were made in
world to evaluate internal control of businesses and governmental institutions.
Accordingly, Ronald (2011) evaluated internal Control Weaknesses in Local
Government. Towns and villages account for more than 1,400 municipal government
entities in New York State constituted in the study. The study focused on the internal
control issues identified in an extensive, ongoing series of audits of towns and villages
undertaken by the New York State Comptroller's Office. All towns and villages audit
reports issued by the office were examined. These general internal control audits were
used to identify towns and villages with internal control weaknesses. The budgets of the
towns reviewed were limited to an examination of the annual budget for the following
year, reviewing the reasonableness of projected revenues and expenditures, the proper
use of accumulated fund balance, and general financial condition of the municipality
(especially deficit issues).

Petrovits, Shakespeare and Shih (2009) on their study examine the Causes and
Consequences of Internal Control Problems in Non-profit Organizations using a sample
of 6,572 public charities from1999 to 2003. They first document that the likelihood of
reporting an internal control problemincreases for non-profit organizations which are
smaller and in poor financial health. They thenpresent evidence that weak internal
controls over financial reporting have a significant negativeeffect on the amount of
subsequent public support received after controlling for the current level ofpublic support
and other factors influencing donations. There results suggest that first, the IRS andother
regulators are reformulating laws in an attempt to increase public confidence in the
integrity ofexempt organizations second, donors want to make more informed charitable
decisions third,watchdog groups, such as Wise Giving Alliance, and promulgate
standards on charitableaccountability including the establishment of appropriate
accounting procedures.Mahdi, Mahmoud, Shiri and Fatemeh (2011) investigated the
effectiveness of internal control in the Iranian banking sector with special reference to
Bank Mellat. The study used questions that needed to be answered in the study are: (1)
Does an internal control system in Bank Mellat has proper power in preventing fraud and

18
error? (2) Is there a significant relationship between the weakness of internal control
system components (control environment, risk assessment, information and
communication, control activities and monitoring) and the occurrence of error and fraud?
To test the validity of the questions, hypotheses are postulated relating frequency of fraud
reported as failure of internal control with the questionnaire answered on the relationship
between the fraud and components of internal control. The paper evaluated the effect of
control environment, control activities, risk assessment, information and communication
and continuous monitoring on failure of internal control quantified as reported errors and
fraud. The empirical evaluation found out that all the elements of the internal control
have significant effect on occurrence of errors and fraud, though the magnitudes are
different. Accordingly, Weakness of control environment, control activities, risk
assessment, information and communication and monitoring as a component of internal
control system in an incident of error and fraud is effective.

A study by Roth and Espersen (2003) on the situation of internal control in companies
introduced the components of an internal control (control environment, evaluating risks,
control activities, information and communication and supervising) as an advocator for a
company to achieve its goals as well as its own progressive procedures. The results
suggest (a) Recognizing an internal control system and the role of corporate relationship;
(b) Propagating self-control systems, (c) Identifying risk factors; and (d) Preventing
incidents of fraud and financial mistakes.

Abu-Musa (2004) examined the existence and adequacy of implemented security controls
in the Egyptian Banking Sector (EBS). The results revealed that the computer
departments paid relatively more attention to technical security controls, while internal
audit departments emphasized more on the behavioral and organizational security
controls. The study also provided valuable empirical results regarding inadequacies of
implemented Accounting Information Systems (AIS) security controls, and introduced
some suggestions to strengthen and improve the security controls in the EBS.

A study by Roth and Espersen (2003) on the situation of internal control in companies
introduced the components of an internal control (control environment, evaluating risks,
control activities, information and communication and supervising) as an advocator for a

19
company to achieve its goals as well as its own progressive procedures. The results
suggest (a) Recognizing an internal control system and the role of corporate relationship;
(b) Propagating self-control systems, (c) Identifying risk factors; and (d) Preventing
incidents of fraud and financial mistakes.

Alaudin et al. (2006) focused on management control systems, justice and trust in the
Malaysian Islamic banks with the help of a questionnaire and interview and examined the
documents relating to the concepts of justice and trust. Due to the inherently complex
nature of the internal control process, a study by O‟ Leary et al. (2006) spread itself
across a broad range of auditing, accounting and general business areas, and stated that an
adequate system of internal control is considered critical for good corporate governance.

Tekalign (2011) investigated if the existing internal control in public enterprises in

Ethiopia contributing to accounting fraud. The survey instruments on 11major public
enterprises in Addis Ababa were conducted using self-administered questionnaires to
auditors and accountants. Frauds were represented as any violation of principles,
manipulation of sales, expenses or inventories. The result indicated that the respondents
believe the existed internal controls were sufficient to keep possibility of accounting
fraud to reasonably low level. Even though the internal control would detect accounting
fraud, respondents require codes of conduct and employees training as additional tool to
detect fraud events.

Therewas a study done by Belayneh (2016) regarding internal control of Save the
Children the study examine internal control systems and practices focused on logistic,
accounting and financial activities. Internal controls were looked at from the perspective
ofControl Environment, Internal Audit and Control Activities whereas payment
procedures,financial records, procurement policies, budgetary control Accountability and
Reporting as themeasures of effectiveness of internal control. The Researcher set out to
establish the causes ofpersistent poor internal control policy, procedure and practices
from the perspective of internalcontrol.in this study one of the limitation and the gap
were the study more depend in indicating internal control system of logistic. Rather it
was not considered overall internal control emplanes.

20
There was a study done by Genet Kore (2015). This paper sought to assess the
functionality of internal control system of Non-Government Organizations (NGOs) a case
study of Pathfinder International Ethiopia (PIE). The study was guided by the following
objectives: to assess organization organizational control of PIE, to assess personnel
controls of PIE, to assess operating controls of PIE, to assess periodic review of PIE. The
researcher used descriptive quantitative design. A simple random sampling technique was
used. The major findings of the study were that PIE has a sound internal control system
overall in terms of the control operation, controls procedures and monitoring controls,
human resource controls.One of the gap in this study was, the study collected the data
using random sampling technique, this sampling technique may include population that
are not more concerned on internal control system and/therefore the conclusion may
reach on unreliable data.

The study by Getu(2016) were assessed NGO’S internal control effectiveness. The Study
focused on internal control system considering 30 Non – Governmental NGOs working
in health sector using multistage sampling methodology through questionnaires. Data was
collected usingquestionnaires distributed to those individuals. The findings revealed that
there is insignificant internalcontrol effectiveness. Particularly, there is negative
insignificant relationship between themanagement support and internal control, though
there is insignificant positive relationshipbetween adequate and competent internal
control staff and internal control.However, one of the gap sought in this study were the
study consider large sample size NGOs however, all NGOs problem of internal control
might be the same.

2.6 Summary and Knowledge gap

The study had sought several empirical studies that were done both in Ethiopia and
outside of Ethiopia. In general, the literature indicates that organizations should invest
heavily on the internal control and used to improve the quality of their internal control
systems. The devotion of resources, knowledge, time and human power is needed for a
number of reasons, notably: good internal control is good business by itself. It helps
organizations ensure that operating, financial and compliance objectives are met.

21
Literatures also indicate that there are different types of internal control. While most of
the classifications are based on purposes of the controls, some other classifies them based
on the control methods applied in the system. However, the objectives of every internal
control system were to achieve organizational efficiency and effectiveness, meet
corporate objective and ensure adherence to rules and regulations. Specifically, when the
study come to Ethiopia, there were few stress conducted on the area, such as, there were a
study done by Belayneh (2016) regarding internal control of Save the Children, but he
was more focused on logistic of internal control, Genet(2015) this paper assess internal
control system of Non-Government Organizations (NGOs) a case study of Pathfinder
International Ethiopia. In this study, one of the gap observed were the population were
included using simple random sampling technique this may include more unconcerned
departments. The study by Getu(2016) were assessed NGO’S internal control
effectiveness. One of the study gap were it was focused on large size organization (30
Non – Governmental NGOs) which may lack of deep study. Therefore, one of the
research gaps that observed on the previous study may filled under this study, such as, the
study considered only departments related to internal control. In addition, assess the
whole internal controlling system that may affect internal control effectiveness, such as,
including departments from Finance, Procurement as well as Administration.

22
 CHAPTER THREE

3 METHODOLOGY
This chapter presented a detailed description of the research methodology that used in
this study. It contains the research design, research approach, data source, population of
the study, sampling techniqueused and procedures and method of data analysis.

3.1 Research Design

The objectives of this study was to assess internal control effectiveness of International
NGOs in case of CARE Ethiopia. The study followed case descriptive research design.
There are three types of case studies. Exploratory case study, explanatory case study and
descriptive case studyYin(2003). The major aim of descriptive case study is recording
analyzing and presenting things that exist at present. This is because the study more
focused on describing the assessed variables of internal control system of the studied
organization. According to Richad(2003) the descriptive design used to investigate the
status and phenomena of internal control system of the study organization. This design
used as the researcher proposed to describe and make observations of what the real results
were for purposes of making judgments based on the realities to improve the situation.

3.2 Research Approach

Descriptive case study research design involves both quantitative and qualitative
data.Qualitative approach required qualitative data and quantitative approach required
quantitative data.Research approach can be qualitative approach, quantitative approach or
mixed approach. Quantitative approach involves numerical data subjected quantitative
analysis whereas qualitative approach involves data in textual form that concerned with
subjective valuation of attitudes, thoughts and behavior (Kothari, 2004). This study
employed mixed approach. This is because the study focused on the data that collected
from the respondents using questionnaires and interviewas well. Mixed approach is
appropriate for this study because in analyzing case study descriptive research, both
qualitative and quantitative research approach is needed.

23
3.3 Sources of Data

The study used primarydata sources. The primary sources of data questionnaire and
interview were focus on employee respondents. Questionnaires distributed to Managers,
Finance director and several departments related with internal control. Accordingly, the
questionnaires were distributed for all finance staffs, the supervisory level and above of
Procurement, Programs Support and Administration and Food aid programs departments.
The interview also done with each department heads.

3.4 Population of the Study Sampling Techniques and Procedures

The study use non–probability sampling technique. From the given non – probability
sampling frame purposive sampling technique were applied for conducting interviews.
The choice of respondent’s employees from the given organization were only focused on
the employee working in the departments related to the internal control and the
organization management body. Hence, all finance staff from finance department and the
supervisory and above level from procurement, programs support and administration, as
well as food aid programs departments of CEAR Ethiopia Addis Ababa office.
Accordingly, 34 employees worked on the related departments.

Table 3-1: Distribution of Organization Departments

Organization hierarchy Total Employee Sample Employee

Procurement 5 5
Finance 19 19
Programs support and administration 4 4
Food aid programs 6 6
Total 34 34
3.5 Method of Data Analysis

The data collected from different sources, quantitative and qualitative. The qualitative
data analysis was done using content analysis. Quantitative data processed and analyzed
with descriptive statistic. Descriptive statistics employed for the data analysis process by
using computer software called Statistical Package for Social Science (SPSS) version
23.The descriptive statistics were including max, min, means and standard deviation.

24
3.6 Ethics in Research

During the course of administering the questionnaires, names and any identifying
remarks were not use. The confidentiality of the respondents kept and any data received
for the study kept at the hands of the researcher and the advisor. The datawas analyses
based on the questionnaires and interview of respondents rather than using the researcher
opinion and input. The researcher was stay truth full to responses of the respondents and
free from any personal assessment. This is why the researcher spend his time to clarify
for the respondents the significance of the study and therefore request the respondents to
participate in the study by giving information appropriate for the study. Results depicted
were only from out puts of truth full inputs.

25
 CHAPTER FOUR

4 DATA ANALYSIS AND INTERPRETATION

4.1 Introduction
This core chapter deals with the discussion and analysis of data collected from employee
of CAR Ethiopia. As indicated in the methodology part the study conducted basically
using questionnaires filled by respondents. The study totally distributes 34 questionnaires
however, the analysis was done based on 32 correctly filled questionnaires, and the rest 2
sample questionnaires were not returned back. Accordingly, the response rate of the study
is 97%. Based on this, the study analyzed background of respondents and the main
questionnaires of internal control.

4.2 Background of Respondents

It is necessary to analyze the demographic profile of the respondents to validate
reliability of data collected. Accordingly, the respondents were asked to respond to their
gender category, age, educational qualification, years stayed at the organization, and
department/work unit and their respective profile indicated below in the table

Table 4-1: Characteristic of respondents

Item Category Frequency Percentage
(%)

Male 15 47
Sex Female 17 53
Total 32 100
Age 20-30 Years Old 5 12.5
31-40 Years Old 17 53.0
Over 40 Years Old 11 34.5
Total 32 100
College
Education
Diploma/Certificate 1 3.2
First Degree (BSc, BA) 19 59.3
Second Degree (MSc, 12 37.5
MA) 32 100
Total

26
Item Category Frequency Percentage
(%)

Department Procurement 5 15.6

Finance 19 59.4
Programs Administration 4 12.5
Food Aid Program 4 12.5
Total 32 100
Years stayed at the Under 2 Years 6 18.8
organization 2-5 Years 9 28.0
6 - 10 years 10 31.4
Above 10 years 7 21.8
Total 32 100
Source questionnaire, 2018

As indicated in table 4.1 the gender proportion of female respondents is 53 % while the
male respondents were 47%. Though the ratio of the respondents not proportional and
varied both category of gender was participated in the survey.

The study also considers respondents age, accordingly, 12.5% belongs (20-30 Years
Old), 53 % belongs between the age category of (31-40 Years Old) and the rest 34.5%
belongs (Over 40 Years Old), therefore, employee in terms of their age distribution it can
be said balanced age of adults and youngest.

Another commitment of employees to competence that contributes to effectiveness of

internal control is the level of education the employees possesses. The control
environment component of internal control system reveals that a good education level has
a positive impact on effectiveness of internal control. As summarized in the above table,
3.2% have diploma/certificate, 59.3% first degree and 37.5% second degree. Majority of
respondents are qualified of first and second degree. However, respondents accounted for
3.2% who still have diploma and this employee need to advance their education as their
position need advanced educational qualification.

Internal control is primarily the responsibility of management. The broader category of

internal control is operational and accounting control. Obviously the respondents with
knowledge of management and accounting understand the concept of internal control
system than others. Thus the investigation made to assess the areas of qualification or

27
their department. Accordingly, the respondents indicated that 59.4% of the respondents
were belongs finance department, 15.6% were procurement, 12.5% programs support and
administration, and 12.5% food and aid programs. This means the respondents at least
had the theoretical education on the concept of internal control.

Experience is one of the competences to understand internal control in a company.

Knowledge also referred to as professional competence. In the literature it is indicated
that commitment to this competence by employees is one part of effective control
environment in internal control system. Out of the survey, 18.8% belongs less than two
years of experience, while 28% belongs between 2 – 5 years of work experience, 31.4
belongs between 5 – 10 years of work experience and the rest 21.9% of the respondents
have more than 10 years’ work experience. This indicates that the employees working in
the key areas of internal control system are well experienced both to respond to the
questionnaire, and to understand or implement the control system.

In general, the respondents profile indicates that most respondents are in the medium
range in their knowledge and experiences to understand and perform internal control
system in their organization.In this regard,Kotur and Anbazhagan(2014) argued
thatworkers in the medium range on educational qualificationand work experience
perform better compared those in the extremes.

4.3 Descriptive Statistics Analysis

In line with the objectives articulated under chapter one, here effort was made to describe
employee view regarding the internal control effectiveness of the organization. To
achieve the overall objective of the study were tried to assess related areas using
questionnaires. Accordingly, the study assesses the overall internal control working
environment such as rules, regulation, management system and so forth, risk assessment
practice of the organization, activities controlling system, information and
communication effect on internal control as well as monitoring and evaluation system.

4.3.1 Control Environment

Control environment indicates the general atmosphere of internal control which includes
the policies and procedures of internal control, proper code of conduct and ethics, proper

28
financial administration manual, proper reporting and evaluating structure, competence of
employees and discharging responsibility and others. In this regard the study provided
related questions to assess organizational facilities and activities to create effective
internal control environment.

To examine the benefit of control environment on internal control, interviews were

conducted with the management. In addition to these the respondents asked five-point
Likert Scale types of questions. To interpret thequestionnaires, mean responses were
determined on a five-point Likert scale representing 1 strongly disagree to 5 representing
strongly agree. Mean result tells us the extent of respondents’ agreement and the standard
deviation shows the responses variability. To analyze the data distractive statics such as
mean and standard deviation employed.

Table 4-2: Employee view regarding the organization Control environment

Std.
Control Environment N Minimum Maximum Mean Deviation

The Management establish attitude of

internal control significances at the top. 32 2.0 4.0 2.625 .6091

There is code of conduct and ethical

32 2.00 4.00 2.8437 .76662
policy.
The organization have proper financial
32 2.00 5.00 3.4688 .67127
and administrative manuals.
The compliance/ harmonization of Code
of Ethics and Organizational regulations 32 2.00 4.00 3.0000 .91581
have assessed regularly
There is procedure for reporting the
violation of rules on the ethics and thus, 32 1.00 4.00 3.0625 .84003
undertaking measures as a result of this.
There is established structures, reporting
lines, authorities and responsibilities in 32 3.00 5.00 3.9375 .61892
the career of objectives.
Mentoring and training opportunities
are provided to attract and develop 32 1.00 3.00 2.0313 .64680
competent personnel continuously.
Grand Mean 32 3.0045 0.724079

Sources Questioner (2018)

29
As indicated in Table 4.2 the overall mean of the control environment can be
approximated to 3.0045 which indicate that respondents both agreement and
disagreement on assessed several questions. Accordingly, the highest mean 3.9375
implied that majority of respondents agreed there is established structures, reporting
lines, authorities and responsibilities in the career of objectives. Similarly, respondents
were assuring their agreement on the mean value of 3.4688 that the organization has a
proper financial and administrative manual that has been communicated to all staff and
external parties. However, as implied by a mean of 3.0000, even though the organization
is effective in providing manuals on inter internal control, there is a gap in managing
harmonization of rules and regulation.

There are also two areas where the control environment of the organization is not
effective. Accordingly, the least mean value of 2.0313 indicates that majority of
respondents disagreed that, the organization continuously provides mentoring and
training opportunities needed to attract, develop, and retain appropriate and competent
personnel. Similarly, respondents at mean value 2.6250 indicates that majority of the
respondents disagreed that the organization establish the attitude at the top regarding the
significance of internal control.This result is agreed with a recent study byR. Hermanson,
L. Smith, and M. Stephens(2012), who identify several areas for potential improvement
of internal controls, especially related to assessing the ‘‘tone at the top,’’ as well as
following up on deviations from policy and management override of controls

From the table 4.2 above, there isalso areas indicated that a doubt by the respondent’s
whether there is clear andproper code of conduct and/or ethics policy that has been
communicated to all staff and external parties which is mean value of 2.8437 and whether
this procedure for reporting the violation of rules on the ethics and thus undertaking
measures to reduce the challenges which shows the mean value of 3.0625.

4.3.2 Effectiveness of Risk Assessment

Risk assessments become an integral part of internal control system. The management is
responsible to identify and assess control risk caused by failure of internal control. There
should be strategies of identifying Risk, system to respond to risk and reduce the risk.

30
The study assesses some of basic related areas such as, empathies of management in risk
identification process, whether the organization designed internal controls that mitigate
the identified risks or not, risk assessment broadness, periodic risk assessment practice,
safety and security procedure of the organization, theassessment result and analysis on
this issue therefore; is presented as follows.

Table 4-3: Employee view regarding the organization Risk controlling activities
Std.
Risk Assessment N Minimum Maximum Mean Deviation

Risk identification considers both

32 1.00 3.00 2.1250 .65991
internal and external factors.
Risks to the organization effectively
managed and has designed internal 32 1.00 4.00 2.2188 .83219
controls that mitigate the identified
risks.
Physical assets are reconciled with the
32 2.00 4.00 2.5625 .75935
accounting records periodically
There is mechanisms in place to detect
and respond to risks presented by 32 1.00 4.00 2.6250 1.18458
changes in government regulation and
economic operation.
The Internal Audit staff involved during
32 1.00 5.00 2.4375 1.04534
implementation of programs activities

Grand Mean 32 2.39376 0.89674

Sources Questioner (2018)

As indicated in table 4.3 the mean value of the response computed based on Likert scale
indicated the average disagreement of respondents on existence and practice of each
element of risk assessment and controlling system. The overall mean of the risk
controlling activities indicated at average mean value of 2.39376 implied overall
respondents’ disagreement on the risk controlling effectiveness of the organization.

Accordingly, respondents implied the least mean value 2.1250 and .65991 standard
deviation imply that, the management is not effective in risk identification by considering
both internal and external factors and their impact on the achievement of objectives.

31
Similarly, respondents at a mean value 2.2188 also implied the organization didn’t design
internal controls that mitigate the identified risks.

The mean value 2.5625 also implied there was lack follow up on reputable policies,
procedures, and processes to periodically reconcile physical assets with the accounting
records producers. The study also indicated in mean value of 2.6250 that there is a doubt
standard deviation by the respondent’s whether there is a mechanism in place to detect
and respond to risks presented by changes in government regulatory, economic operation
or other circumstances that could affect the accomplishment of its goals and objectives.
This activity also has high standard deviation of 1.18458 which implied the respondent
have different understanding in some area.

Furthermore, the study assured at a mean value 2.4375 and standard deviation of 1,04534
the internal audit staff were not involved during implementation of programsactivities
which deemed reduces the occurrence of risk and the high standard deviation shows the
variation of the understanding of the respondents in the area.

Generally, from the response of risk assessment the study implied that, there were few
employees implied their agreement on some of the risk controlling assessment questions
and thisimplied there were no appropriate strategies exists to identifying risks. The
organization has not sufficiently designed appropriate strategy of identifying risk and no
sufficient system designed to respond to risk which have adverse effect on effectiveness
of internal control. In this regard Oppong, Owiredu and Abedana (2016)argued that,
management should institute a rigorous risk management framework which will be able
to detect all risk inherent in the internal control system to improve effectiveness of
internal control.

4.3.3 Effectiveness of Control Activities

Control activities include methods such as; preparation of reliable reports, update
documentation, authorization of transactions, independent review and others. The result
of the survey indicated in the table 4.4 shows that the degree of agreement ranged from 1
to 5 by respondents in all criteria of control activities. Below the table implied
respondents view regarding the provided assessment questions of control activities.

32
Table 4-4: Employee view regarding Control activities of internal control
Std.
Control Activities N Minimum Maximum Mean Deviation

The organization functions are clearly

32 2.00 5.00 4.0313 .78224
segregated.
Guidelines and processes are periodically
reviewed to determine their constant 32 1.00 4.00 2.6250 .87067
applicability and refreshes them as
needed.
System privileges and access controls are
32 1.00 4.00 2.8125 .89578
regularly reviewed for their applicability.
Management selects and expands control
activities over the procurement, 32 2.00 4.00 2.9375 .91361
development, and repairs of technology
and its structure.
The management supports guidelines and
processes to simplify the processing of 32 2.00 4.00 3.5000 .76200
accounting transactions in compliance
with requirements of grant agreements.
Invoices or requests for disbursements
are backed by appropriate supporting 32 1.00 5.00 3.6875 1.11984
documents.
Grand Mean 32 3.2656 0.89069

Sources Questioner (2018)

The lowest mean 2.6250 implied respondents of that, Management didn’t accomplish
periodic review of guidelines and processes to determine their constant applicability and
refreshes them as needed. Another lowest means is 2.9375 and 2.8125 respectively
implied that, the management didn’t select and expand control activities over the
procurement, development and repair of technologies and its structure to achieve
management objectives procedure under the organization programs and system privileges
and access controls are not regularly reviewed for their applicability.

On the other hand, the highest mean value of 4.0313 implied respondent’s agreement
over the organization activities of authorization process, cheque signing and accounting
functions are clearly segregated under the organization programs. In addition,
respondents in mean value of 3.5000 also agreed that the organization supports guidelines

33
and processes to simplify the processing, recording and accounting of transactions in
compliance with laws, regulations, and requirements of contracts and grant agreements.
Finally, respondents were assuring their agreement on the mean value of 3.6875 that, the
organization invoices or requests for disbursements are backed by appropriate supporting
documents. On the other hand, this activity has shown the highest standard deviation of
1.11984 indicated that there is knowledge gap between employees about this control
activity.

The Overall the grand mean value of 3.2656 implied the organization control activities in
some area are effective while infective in some activities as shown in each of the six
estimated questions. All control activities could be effectively implemented by
establishing effective internal control system. The past studies by Genet (2016) has
shown thatcontrol activities are the basis of assurance and are only possible with the
establishment of effective internal control system. Genet farther arguedthat executing
preventive controls which are proactive in nature and seek toavoid undesirable events
from occurring as well as prevent losses and includes; separation of duties, proper
authorization, adequate documentation, and physical control over assets.

4.3.4 Effectiveness of Information and Communication

Information and communication is necessary for the entity to carry out internal control
responsibilities to support the achievement of its objectives. Management obtain or
generates and use relevant and quality of information to support the achievement of its
objectives. Management obtained and use relevant information both internal and external
sources to support the function of internal control. Internal communication is the means
by which information is disseminated throughout the organization, flowing up, down, and
across the entity. Based on frameworks of an effective information and communication in
an internal control system, the survey result and interpretation as presented below.

Table 4-5: Employee view regarding the organization information system to perform
internal control
Std.
Information and Communication N Minimum Maximum Mean Deviation

34
 Std.
Information and Communication N Minimum Maximum Mean Deviation

Management has a communication

process emphasizing to all employees 32 2.00 4.00 3.1562 .67725
their parts in ensuring that internal
control responsibilities.

Transactions are promptly recorded

and classified to provide reliable and 32 2.00 5.00 3.7500 .87988
up-to-date information

Regular backups performed for

organization data to protect from 32 2.00 5.00 3.9375 .91361
unexpected loss.

There are techniques which identifies

and assign the accountability for 32 1.00 5.00 3.8438 1.01947
gathering and reporting necessary
information.

There is channel of communication the

outcomes of reports provided by: 32 2.00 5.00 3.6875 .69270
Independent, Internal and Donor
Auditors to the Board of Directors

The rules and regulations of the

organization are accessible for 32 1.00 5.00 2.2813 1.22433
employee and external parties

The organization has written policy

guidance which is provided to staff 32 1.00 5.00 3.7188 .85135
and/or concerned parties the proper use
of funds approved and received.

Grand Mean 32 3.4822 0.894084

Sources Questioner (2018)

The highest mean value 3.9375 implied the respondents’ agreement of organization
perform regular back up and the mean value of 3.7500 also implied the organization is
effective in recording reliable and up-to-date information of transaction promptly.
Similarly, respondents also revealed on various activities and effectiveness of
information and commutation system and its application for the effectiveness of internal

35
control. Hence, the mean values of 3.8438 and 3.6875 indicated that there are also
techniques which identifies and assign the accountability for gathering and reporting
necessary information and there are well established procedures to communicate the
outcomes of reports provided by: Independent Auditor, Internal Auditor and Donor
Auditor to the Board of Directors respectively. There is also employee’s agreement that
the organization has written policy guidance which is provided to staff and concerned
parties the proper use of funds approved and received which showed in mean value of
3.7188.

However, the lowest mean values implied the organization also have some gaps in
providing effective information and communication regarding internal control system
such as, the lowest mean value 2.2831 and its standard deviation of 1.2243 implied that,
the rules and regulations of the organization are not accessible for employees and
external parties.

Generally, the grand mean value 3.4822 implied respondents’ agreement on several
expected questions, therefore the organization in general is good in using information and
communicating across departmental level for the effective internal control.In contrast to
this study, Kalkidan (2016) argue that there is inadequate flow of information and
communication in Ethiopia Resident Charity Organization in Addis Ababa.

4.3.5 Effectiveness of Monitoring and Evaluation

An ongoing monitoring of internal control is vital to ensure whether internal control is
achieving desired objectives. Monitoring entails the activities and procedures designed to
assess the effectiveness of the internal control system in achieving the entity’s financial
reporting objectives. The result and interpretation of the survey is presented as follows.

Table 4-6: Employee view regarding the organization monitoring and evaluation system
of internal control
Std.
Monitoring and evaluation N Minimum Maximum Mean Deviation

36
 Std.
Monitoring and evaluation N Minimum Maximum Mean Deviation

The organization has the procedure to

monitor procurement, contracting and out 32 1.00 3.00 2.2188 .75067
sourcing activities on a regular basis.

The results of the monitoring recorded,

32 1.00 5.00 2.9688 1.57571
reported and any gaps are addressed

Monitoring conducted based on accurate

32 2.00 5.00 3.4062 .91084
and complete project data

The management and Senor fiancé

officers periodically visits the field office
32 2.00 5.00 2.9375 .91361
to determine whether guidelines and
processes are being followed as required.

Monitoring covers the evaluation of the

effectiveness of internal control in 32 2.00 5.00 3.0000 .95038
achieving set of objectives

The organization periodically properly

32 2.00 5.00 3.8125 .85901
evaluate budget administration

The organization used an effective tools

of controlling mechanism regarding 32 2.00 5.00 3.0000 .87988
resource allocation for the beneficiaries

Grand Mean 32 3.04911 0.977157

Sources Questioner (2018)

Accordingly, the maximum mean value 3.8125 implied the organization periodically
properly evaluate budget administration. However, the rest highest mean value of 3.4062

37
implied neutrality of respondents that, they doubted, whether monitoring conducted based
on accurate and complete project data or not. On the other hand, majority of respondents
implied their disagreement on many of expected assessment question regarding
monitoring and evaluation system of internal control. The respondents that lowest mean
value of 2.9375 implied that the management and Senor fiancé officers didn’t
periodically visits the field office to determine whether guidelines and processes are
being followed as required and also respondents implied at a mean value of 2.2188 the
organization has not effectively monitoring procurement, contracting and out sourcing
activities on a regular basis. Similarly, respondents at a mean value of 2.9688 implied
their doubt whether the results of the monitoring recorded, reported and any gaps are
addressed. The standard deviation of 1.57571 indicated that that the variation of
understand of this activities. In addition, respondents implied inmean of3.000 whether
monitoring covers the evaluation of the effectiveness of internal control in achieving set
objectives, or not and respondents also assure their disagreement at mean value of
2.60867 that the organization didn’t used an effective tools of controlling mechanism
regarding the resource allocation for the beneficiaries.

As the result of monitoring and evaluation component of the internal control of the
organization shown in table 4.6 revealed that an estimated overall mean 3.04911 of
monitoring and evaluation components indicate that there are areas of improvements in
themonitoring and evaluation activities of the studied organization.

4.4 Interview Results

The interviews were conducted with the respondents purposely identified those vital to
the provision of explanations to the topic under study. The questions for the interview are
both closed and open-ended. Close questions asked for specific answers, while the open-
ended questions gave chance to more discussions. The interview method assisted to
collect further clarifications from respondents on the theme of the study. The interview is
conducted with Finance Director, Programs Support and Administration Director,
Internal Auditors and other senior management team members. The respondents are
interviewed at their offices and the questions are complete on the spot. This method
allowed for further investigation and clarification of questions that tended to be difficult

38
and not clear to the respondents. Also, questions which were viewed as complex were
preparedfor responses. During the interview the following question were asked:- Do you
think all areas of internal control elements (the control environment, control activities,
risk assessment, information and communication and monitoring and evaluation) well
designed and operating in the organization?; Do you believe the internal control met the
required goal of the organization?; what is your idea about the effectiveness of the
internal control and where is/are areas of the control you suggest an improvement?;
Doauditors assess project implementation of the organization?; Does management work
on staff development?
The study found that all most all interviewee believed that the organization have wide-
ranging internal control policy and procedures.Also the Senior management team
decisions making process are free from any bias. However, the management admitted the
following gaps.

 The management did not adequately established attitude of significances of

internal control at the top.
 Harmonization andof Code of Ethics and Organizational regulations have not
been assessed regularly as required.
 Because of the rules and the regulation are not harmonized according to the
organization existing trend, programs staffs have not given attention for the
compliance of rules and regulation during programs execution.
 Internal auditors focus only in financial audit but not on programs audit.
 The organization has not given much attention to its man power who are valuable
assets of the organization. No mentoring and training opportunities consistently
given to the employees to attract and develop them.

Finally, the researcher discussed with the management and they promised to address all
the gaps which are not revealed by this study. Additionally, the management promised to
review guidelines and processes periodically to determine their constant applicability and
refreshes them as needed, harmonize Code of Ethics and Organizational Regulations to
the staff and to establish attitude of internal control significances at the top.

39
 CHAPTER FIVE

5 SUMMARY, CONCLUSIN AND RECOMMENDATION

5.1 Summary of Findings
The purpose of this chapter is to pinpoint the major findings of the study and indicate
recommendations that can help in improvement of internal controlsystem in the in
international NGOs, specifically, the studied NGO of Care Ethiopia.

Both the surveys result and interviews were used to answer the research questions. The
data gathered through questionnaire were analyzed using descriptive statistics. The
descriptive statistics indicated a grand mean value of each components of internal control
less than 4 and that were indicate in all elements of internal control there were a gaps that
affect the effectiveness of the organization internal control system. However, the degree
of influence of elements on internal contro were varied. Accordingly, the major finding
implied;

 The overall mean of the control environment has been approximated to 3.0045
which indicated that respondents both agreement and disagreement on assessed
several question. The control environment of the internal control system is
inadequate to be judged as effective, particularly, the organization didn’t
continuously provide mentoring and training opportunities needed to attract,
develop, and retain appropriate and competent personnel. Lack clear code of
conduct and ethics policy that has been communicated to all staff and external
parties. In addition, the managements adequately didn’t establish the attitude at
the top regarding the significance of internal control

 Regarding the risk assessment, the study implied that there were few employees
revealed their agreement on some of the risk controlling assessment questions and
that implied there were no appropriate strategies exists to identifying risks. The
organization has no sufficient system designed to respond to risk. Generally,
grand mean value of risk controlling practice of the organization implied the
organization highly demanding effective risk controlling practice.

40
  Regarding the organization activities in controlling activities, the lowest mean
2.6250 implied respondents’ disagreement of thatmanagement didn’t accomplish
periodic review of guidelines and processes to determine their constant
applicability and refreshes them as needed. Another lowest means such as, 2.8125
and 2.9375 respectively implied that, there were no privileges and access controls
ongoing activities and the management didn’t strictly follow up procurement
assets procedure under the organization programs. The overall the grand mean
value of 3.2656 with the standard deviation 1.11984 implied the organization
control activities in some area are effective while infective in some activities.

 Regarding the effect of information and communication system of the

organization internal controlling system, the grand mean value 3.4822 implied the
respondents’ agreement on several expected questions. Therefore, the
organization in general is good in using information and communication system.

 The other challenges of the studied organization waslack of monitoring and

evaluation system of internal control. The monitoring was also not effective
because it lacked covering evaluation of the effectiveness of internal control and
didn’t considered Program audit. In addition, monitoring in the organization is not
well implemented on an ongoing basis.

5.2 Conclusion of the Study

The purpose of the study was to assess the extent to which the international NGOs
specificallythe studied NGO of Care Ethiopiaapply or implement internal controls in its
operationsspecificallyin the following areas; control environment, control activities, risk
assessment, information and communication and monitoring and evaluation activities so
as to ensure that to attain the set of goals and objectives. The elements of the study were
rated on a Likert scale of 1-5 with 5 being the highest score and the mean was used to
measure central tendency. The findings of this study revealed that Care Ethiopia
applyinternal control elements in its operations, notwithstanding the variation of degrees

41
attributed to each aspect of internal control elements that is,regarding the information and
communication element of the organization internal controlling system, the grand mean
value 3.4822 implied that the organization in general is good in using information and
communication system

However,the organization need some improvements in risk assessment &some activities

of control environment. In addition, monitoring in an effective internal control system is
required to continuously evaluate whether the system is performing as per the designed
system. The internal auditors alsofocused on in financial audit rather on programs audit to
improve quality of internal control and reduce control risks.

5.3 Recommendation

The findings revealedthat Care Ethiopia apply or implement internal control elements in
its operationsbut is not good enough to achieve the organization programs at high
standard. As stated by Spencer (2003) a control environment which is an entire
commitment of managements from design of internal control to its monitoring should be
strong enough to keep the other components of internal control in line. The study
therefore recommends the need to strengthen the internal control effectiveness by
implementinginternal control elements effectively specially control environment.
Additionally, the following are specific areas that need due emphasis to improve the
internal control effectiveness of the organization based on the finding.

The management should establisheffective internal control environment to control

activities on an on-going basis.The human power of the organization as a major
component of control environment of the system has to adequatelyunderstand the
policies, directives and procedure of its respective task. Monitoring in an effective
internal control system is required to continuously evaluate whether the system is
performing as per the designed system. The internal auditors should focus not only in
financial audit but also on programs audit to improve quality of internal control and
reduce control risks.Thus, the control system effectiveness should be evaluated against
clearly established criterionsand should be monitored continuously.

42
 REFERENCES
Abu-Musa, A. (2004). Investigating the Security Controls of CAIS in an Emerging
Economy. An empirical study on Egyptian Banking industry, the Journal of
Managerial Auditing (19) 2, pp.272-302.

Abu-Musa, A. (2010) Investigating adequacy of Security Controls in Saudi Banking

sector An empirical study, Journal of Accounting–Business and Management
(17)1,pp.1-41

Ahmadasri, A., Adler,R. and Paul. (2006). Management Control Systems, Fairness, and
Trust: Evidence from Malaysian Islamic Bank.

AICPA.(1988). Statement on auditing standards (SAS) No.53: The auditor„s

responsibility to detect and report errors and irregularities

AICPA (1988) standards of internal control (pdf). Available from

(http://www.aicpa.org/internal control.pdf

AICPA.(2002). SAS 55, Consideration of the Internal Control Structure in a Financial

Statement Audit.

Alam, M. (1995). A Theory of Limits on Corruption and Some Applications, vol 48: pp
419-435.

Alonzo, M. (2007). Internal Control and Governance in Non-Governmental

Organizations Designed To Provide Accountability and Deter, Prevent and Detect
Fraud and Corruption, http://aquila.usm.edu/dissertations/1323.

Antony and Young. (2001). Internal control and governance in non-governmental

organizations designed to provide accountability and deter, prevent and detect fraud
and corruption.

Anol, B. (2012). Social Science Research: Principles, Methods, and Practices (2nd ed.).
Florida, USA. University of South Florida Tampa.. Vol. 4, Issue 2, pp: (330-338),
Month: October 2016 - March 2017

AntoniusRachad (2003). Interpreting Quantitative Data with SPSS

43
DOI: http://dx.doi.org/10.4135/9781849209328

APB. (1995). Accounting and Internal Control Systems SAS 300, Auditing Practices
Board Statements of Auditing Standards, London.

Arens, A., Elder, R. and Beasley, M. (2007). Auditing and Assurance Services (12th
ed.). Upper Saddle River, NJ: Prentice Hall.

Ayom, A., (2013). Internal controls and performance in non-governmental organizations:

a case study of management sciences for health South Sudan.

Bailey, D.A. (2005). Analysis of Internal Controls,the Accounting Review, 1.

Batra, F. (2002). Auditing. New Delphi: Tata McGraw Hill Publishing Company.

Basle Committee on Banking Supervision (nd) guidelines of effective internal control

(http://www.bis.org/ guidelines of effective internal control.pdf).

Beneish, M., Billings, M. and Hodder, L. (2008). Internal control weaknesses and
information Uncertainty, The Accounting Review, (83)3, pp.665-703.

Bongani, N. (2013). Application of Internal Controls in NGOs: Evidence from

Zimbabwe, Journal of Finance and Accounting (1)2, 39-47.

CARE Ethiopia. MFS II country evaluations Capacity of Southern Partner Organizations

component, Endline report.

Central Statics Agency. (2013). Report on policy assessment over internal control
effectiveness of NGOs, NGOs, January, 20, 2013 Report forum.

Colby, J. (2008). “Internal Control for Small businesses.” Journal of Accounting, pg. 47

COSO (1992) elements of internal control (pdf). Available from (http:// www.coso.org/
internal control.pdf).

Douglas, A. (2011). Internal Control and Its Contributions to Organizational Efficiency

and Effectiveness: A Case Study OfEcobank Ghana Limited.

Dana, R. Hermanson, J. and Nathaniel M.( 2012). How effective are Organizations’
Internal Controls? Insights into Specific Internal Control Elements, Current Issues

44
 in Auditing American Accounting Association (6)1, DOI: 10.2308/ciia-50146,
Pages A31–A50.

FDRE, Charity Association, 2003, Annual Assessment report of International NGOs,

internal controlling system.

Freeman (1998) Management pretence Hall Publisher Newyork

Genet, K. (2015). Assessment of Internal Control Systems on Non-Government

Organizations (Ngo’s)

General Accounting Office (1999) standards for internal control for federal government
(pdf) Available from (http://www.gao.gov/ standards for internal control for federal
government.pdf)

Hamed, A., andBabak, J. (2009). Theory and concepts of internal controls. Islamic Azad
University, Kerman Shah. Iran.

IFAC. (2012). Evaluating and improving effectiveness of internal controls in

organizations, Available from http://www.ifac.org/effective internal control.pdf

IFAC. (2012). Evaluating and improving effectiveness of internal controls in

organizations, New York US, International Journal of Public Sector Management
(22)6, pp. 478-498.

INTOSAI. (2004). Guidelines for Internal Control Standards for the Public Sector.
Retrieved on http://www.intosai.org

Jones, M.J. (2008). Dialogus de Scaccario (c.1179): the first Western book on
accounting.

Joseph, A. (2006). Qualitative research approach‟ Applied Social Research Methods

Series Volume 41, sage publication.

Joseph M., Onumah, R., Victoria A. and Obeng. (2012). Effectiveness of Internal Control
Systems of Listed Firms in Ghana, Research in Accounting in Emerging
Economies, Volume 12, pp.31-49.

Kalkidan, M. (2016). An Assessment of Internal control and Organization Performance

on Ethiopia Resident Charity Organizationin Addis Ababa.

45
Kenya Law Reports. (2010).The Constitution of Kenya. National Council for Law
Reporting.

King Committee on Corporate Governance (2002) Executive Summary of the King

Report.

Kotur, R. and Anbazhagan, S. (2014). Education and Work-Experience - Influence

on the Performance, IOSR Journal of Business and Management (IOSR-JBM)(16)5,
ISSN: 2278-487X, p-ISSN: 2319-7668, PP 104-110 www.iosrjournals.org
www.iosrjournals.org 104.

Leary, S. (2006). Internal control and governance in non-governmental organizations

designed to provide accountability and deter, prevent and detect fraud and
corruption.

Likert, R. A. (1932). A technique for the measurement of attitudes‟ , Archives of

Psychology, Los Angeles: Sage Publications Inc.

Lu, H. and Salterio, S. (2011). Direct and indirect effects of internal control weaknesses
on accrual quality: Evidence from a unique Canadian regulatory setting,
Contemporary Accounting Research (28)2, 675-707.

Mahdi,S., Shiri,M. and Ehsanpour, F. (2013). Effectiveness of Internal Control in the

Banking Sector: Evidence from Bank Mellat, Iran.

Manasseh, A.H. (2000). Auditing simplified (7th ed.). Nairobi: mc more publishers.

Mawanda, S. P. (2008). Effects of Internal Control Systems on Financial performance In

an Institution ofHigher Learning in Uganda: A Case of Uganda MarytrsUnivers

Messier, W. F. (1997). Auditing. A Systematic Approach, McGraw-Hill editions.

Mill champ, A.H. (2009). Auditing (7th ed.). London: ELBS-AP Publishers

MOFED. (1997). Internal audit standards and code of ethics an audit manual Financial
Regulations (No. 17/1997), Addis Ababa Ethiopia.

MOFED (1997) „internal audit standards and code of ethics‟ an audit manual Financial
Regulations (No. 17/1997), Addis Ababa Ethiopia.

46
Moses, B. (2011).The Effectiveness of Internal Control Systems in Achieving Value for
Money Kamuli, Uganda.

Ministry of Finance and Economic Development (1997) internal audit standards and code
of ethics, http://www.mofed.gov.et/audit manual .pdf

Nicolaisen, D.T. (2004).AICPA National Conference on Current SEC a PCAOB

Developments, US Securities and Exchange Commission, Washington, DC 3rd ed.

Njanike, K., Mutengezanwa, M. and Gombarume F.B. (2011). Internal controls in

ensuring good corporate governance in financial institutions, Journal of Accounting
and Management (11) 1, pp.187-196.

OFAG (2005) „Audit report of government institutions‟ Addis Ababa, Ethiopia.

Oppong Moses. Owiredu, A., Abedana,V, and Asante, E. (2016). The Impact of Internal
Control on thePerformance of Faith-Based NGOs in Accra,
https://www.researchgate.net/publication/304674283

Palfi, C. and Muresan, M. (2009). Survey on weaknesses of banks internal control

systems, Journal of International Finance and Economics (9)1, pp. 106-116.

Paula, D. (2000). The Principles of Auditing. London: pitman publishing.

Petrivits, S. and Shih. (2009). The Causes and Consequences of Internal Control
Problems in Nonprofit Organizations, New York University Stern School of
Business, New York.

Robert, O.AndAmony,M. (2016). Internal Control System and Financial Performance in

Non-Governmental Organisations in Uganda: A Case Study of International Union
for Conservation of Nature, International Journal of Contemporary Applied
Sciences (3)2 ISSN: 2308-1365

Robertson, J. C., and Davis F. G. (1988). Auditing‟ . Business Publications, Inc.

Ronald J. Huefher (2011), Evaluation of internal control weaknesses in local government,

CPA Journal, New York State Society.

Roth, J. and Espersen, D. (2002) Internal Auditor ‟ s Role in Corporate Governance,

Institute of Internal Auditors Research Foundation, Altamonte Springs, Florida.

47
Richard, R. (2012). Financial Management: Internal Control and Audit: Participants’
Handbook for Higher Local Governments of Kenya.

Sale, J. E., Lohfeld, L. H., and Brazil, K. (2002).Revisiting the quantitative-qualitative

debate: Implications for mixed-methods research. Quality and Quantity, 36(1), 43-
53.

Sanderson Ian, (2001). Performance management, evaluation and learning in modern

Local Government. Vol. 79 No. 2, (297–313).

Sarbanes-Oxley Act of 2002 (SOX), Effective internal control, USA congernce, USA.

SartiniWardiwiyono,S. (2012). Internal control system for Islamic micro financing in

Indonesia.

Saleemi, N.A. (2009). Auditing Simplified (6th ed.). Nairobi: Nairobi: N.A
Saleemipulishers.

Spencer, P. (2008). The essential handbook of internal auditing, John Wiley and Sons
Ltd, England.

Ruttman.L and Mayne, J. (1994). Institutionalization of programs evaluation in Canada

federal government, New direction in Evaluation, san Francisco Jossey-Bass.

United Kingdom Auditing practices committee and Institute of Internal Auditors-UK

(1979).

Walter G. (1996). The purpose of internal control, England and south Wales William C.,
Modern auditing‟ 6th ed. New York: J. Wiley andSons Web Site References.

William,A. (2007). Internal control and governance in non-governmental organizations

designed to provide accountability and deter prevent and detect fraud and
corruption.

Woolf, E. (2007). Auditing Today (6thed) England: Pearson publication.

Yin, R. 2003. Case Study Research: Design and Methods, 3rded. Applied Social Research
Methods, Vol. 5.

48
 APPENDEX I

St. MARRY UNIVERSTY

SCHOOL OF GRADATE STUDY

QUESTIONNAIRE ON ASSESMENT OF INTERNAL CONTROLL PRACTICS

Dear respondents,

I’m a postgraduate student at St. Merry University. Currently,I am conducting a research

entitled ‘Assessment of Internal Control effectiveness: In Case of CARE Ethiopia’
as apartial fulfillment of the requirements for the award ofMasters of Business
Administration in Accounting and Finance.

The purpose of this questionnaire is to gather data for the proposed study, and hence you
are kindly requested to assist the successful completion of the study by providing the
necessary information. Your participation is entirely voluntary and the questionnaire is
completely anonymous. I confirm you that the information you share will stay
confidential and only used for the aforementioned academic purpose. So, your genuine,
frank and timely response is vital for the success of the study. I want to thank you in
advance for your kind cooperation and dedication of your time to fill this questionnaire.

Sincerely yours,

Please Note:
1. No need of writing your name.

2. Indicate your answer with a check mark (√) on the appropriate block/cell for all
questions.

49
Section I: General Information
This part of the questionnaire, tries to gather some general information about the
background of the respondent and the organization.

1.1 Sex
1) Female ☐

2) Male ☐
1.2 Age
1) Under 20 Years Old ☐ 3) 31-40 Years Old ☐
2) 20-30 Years Old ☐ 4) Over 40 Years Old ☐

1.3 Educational Qualification:

1) College Diploma/Certificate

5) Other (Specify)……………………………………………………………………

1.4 Years stayed at the organization:

1) Under 2 Years ☐ 3) 6-10 Years ☐
2) 2-5 Years ☐ 4) Over 10 Years ☐

1.5 Your department/work unit:

1) Procurement ☐ 2) Finance ☐
3) Programs Support and Administration☐ 4) Food Aid Program☐

1.6 How long have you been working in humanitarian sector/relief chain operation?

1) Under 2 Years ☐ 3) 6-10 Years ☐

2) 2-5 Years ☐ 4) Over 10 Years ☐

50
 II. The following are prepared on Likert-scale form with five (5) points of scales.

Please, tick in the appropriate box against the statements as defined below; 1 = strongly
Disagree, 2 = Disagree, 3 = Undecided, 4 = Agree and 5 = Strongly Agree.
Score Values

Disagree(1)

Disagree(2)

Neutral(3)
S.N. Statement

Agree (5)
Agree(4)
Strongly

Strongly
Control Environment 1 2 3 4 5

The Management establish attitude of internal control significances at

1 the top.
2 There is code of conduct and ethical policy.
3 The organization have proper financial and administrative manuals.
The compliance/harmonizationof Code of Ethics and Organizational
4 regulations have assessed regularly
There is procedure for reporting the violation of rules on the ethics and
5 thus,undertaking measures as a result of this.
There is established structures, reporting lines, authorities and
6 responsibilities in the career of objectives.
Mentoring and training opportunities are provided to attract and
7 develop competent personnel continuously.

Risk Assessment
Risk identification considers both internal and external factors.
1
Risks to the organization effectively managed and has designed internal
controls that mitigate the identified risks.
2

3 Physical assets are reconciled with the accounting records periodically

There is mechanisms in place to detect and respond to risks presented
by changes in government regulation and economic operation.
4
The Internal Audit staff involved during implementation of programs
5 activities

51
 Control Activities
The organization functions are clearly segregated.
1
Guidelines and processes are periodically reviewed to determine their
constant applicability and refreshes them as needed.
2
System privileges and access controls are regularly reviewed for their
applicability.
3
Management selects and expands control activities over the
procurement, development, and repairs of technology and its structure.
4
The management supports guidelines and processes to simplify the
processing of accounting transactions in compliance with requirements
of grant agreements.
5
Invoices or requests for disbursements are backed by appropriate
6 supporting documents.

Information and Communication

Management has a communication process emphasizing to all
employees their parts in ensuring that internal control responsibilities.
1
Transactions are promptly recorded and classified to provide reliable
2 and up-to-date information
Regular backups performed for organization data to protect from
3 unexpected loss.
There are techniques which identifies and assign the accountability for
4 gathering and reporting necessary information.

There is channel of communication the outcomes of reports provided

by: Independent, Internal and Donor Auditors to the Board of Directors
5
The rules and regulations of the organization are accessible for
employee and external parties
6
The organization has written policy guidance which is provided to staff
7 and/or concerned parties the proper use of funds approved and received.

Monitoring and evaluation

The organization has the procedure to monitor procurement, contracting
and out sourcing activities on a regular basis.
1
The results of the monitoring recorded, reported and any gaps are
2 addressed
3 Monitoring conducted based on accurate and complete project data

52
 The management and Senor fiancé officers periodically visits the field
office to determine whether guidelines and processes are being followed
as required.
4
Monitoring covers the evaluation of the effectiveness of internal control
5 in achieving set objectives
6 The organization periodically properly evaluate budget administration
The organization used an effective tools of controlling mechanism
7 regarding resource allocation for the beneficiaries

If you have additional comment or suggestion regarding your organization internal

control system and practices, please specify:
_______________________________________________________________________

________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
Thank You

53
 APENDEX II

Interview Guided Questions for Auditors and management

1. What are the criteria’s of evaluating internal control of the Organization?

2. Do you think all areas of internal control elements (the control
environment, control activities, risk assessment, information and
communication and monitoring andevaluation) well designed and operating
in the organization? (explain)
3. Do you believe the internal control met the required goal of the
organization? (explainhow)
4. What is your idea about the effectiveness of the internal control and where
is/are areas of the control you suggest an improvement?
5. Do internal auditors assess project implementation of theorganization?

54