This study examine the effects of internal control system on risk management. The researcher consider employee of Nigerian television authority, Lagos centre as the population of the study. The study employed survey and descriptive research design. 100 questionnaire were randomly administered to the staff of NTA, Lagos center out of which 97 were completed and return. The data retrieved were analyzed with aid of SPSS version 23. Descriptive statistics of simple percentage and mean were used to provide answers to the research questions and the inferential statistics of regression were used to test the effect of internal control system on risk management. Among the findings reveals by the study include; Management risk awareness has positive significant effect on internal control system of NTA Lagos center. And it was recommended that management of NTA, Lagos center should consider general risk-mitigation approaches to the circumstances of their organizations through constant monitoring of control environments and tailoring internal risk control systems. It was concluded that components of internal risk control can be designed to mitigate risks and may ensure the reliability of performance reports and compliance with laws, policies and regulations. Risk management activities protect the organization, its people, assets, and profits, against the physical and adverse consequences, by planning, coordinating and directing the internal risk control activities.
1.1 BACKGROUND OF THE STUDY
Business organizations across the world are confronted with risks. Some of these risks, both internal and external, involve huge losses that could deprive an organization from its continuity if the proper management is not put in place. These days, managing risk has become a matter of necessity. Hence, this research will examine the relationship between internal control system and risk management. Risk has been defined as uncertain future events that could influence the achievement of the organization’s strategic, operational and financial objectives (International Federation of Accountants IFA, 1999). Risk can be defined as the combination of the probability of an even and its consequences (The Institute of Risk Management IRM, 2002).
The intention of every profit-making organization is to earn profit, stay in business for a long time, meet customers’ demand and expectations, pay their debts when they fall due and satisfy the aims of stakeholders. These objectives are easily achieved if the owner and manager of the company is the same person. However, as the business grows and expands, the need for additional employees arises and the owner employs more and more people to help manage the company. This gradually results in what is called separation of ownership and control (Smith, 1776). At this point, the owner realizes that precautions must be taken to protect the company as well as the interest of the owner. The issue of ownership and control becomes more complicated if a company is big and listed on a recognized stock exchange. That is, a company with much more capital investment both in cash, assets and personnel. Thus, the owners need an assurance that the intended objectives of the company would be achieved, assets of the company would be protected from theft and mismanagement, the accounting information would be received on time and that they would be accurate and reliable.
The weaknesses of many companies internal control systems have been highlighted due to the big financial scandals of recent years and as a result increased attention on risk management, internal controls, internal audit and their role in modern organizations. Following these high profile corporate fraud and accounting scandals, greater demands have been created on companies to account for in their corporate governance statements, what risk factors they are exposed to and the internal control systems put in place to alleviate them.
Risk management is a process of understanding and managing the risks that the entity is inevitably subject to in attempting to achieve its corporate objectives. For management purposes, risks are usually divided into categories such as operational, financial, legal compliance, information and personnel. One example of an integrated solution to risk management is enterprise risk management (Chartered Institute of Management Accountants CIMA, 2005). Effective risk management involves risk assessment, risk evaluation, risk treatment and risk reporting. The focus of good risk management is the identification and treatment of these risks in accordance with the organization’s risk appetite. These risks need to be managed and controlled in order to prevent vibrant organizations from catastrophic losses and help them achieve their goals and objectives. An organization needs to understand its mission and articulate it clearly. This makes it easier to recognize the risks associated with the mission. Once an organization identifies its mission, it can begin its risk assessment by listing the possible risks that threaten the business with the aim of identifying high priority risks and focusing on those first.
Internal control system on the other hand, is the whole system of controls, financial and otherwise, established in order to provide reasonable assurance of effective and efficient operation, internal financial control and compliance with laws and regulations (CIMA, 2006). The formality, structure and nature of a company’s system of internal control will generally vary with the type of sector or industry, size of the company and the level of public interest in it. Since profits are in essence the reward for successful risk-taking, the purpose of an internal control system is to help manage and control risk appropriately rather than to eliminate it as indicated in the Turnbull Report (Institute of Chartered Accountants in England &Wales ICAEW, 1999). Thus, control mechanisms should be incorporated into the business plan and embedded in the day-to-day activities of the company.
1.2 STATEMENT OF THE PROBLEMS
Risk is inherent in every economic activity and every organization has to manage it according to its size and nature of operation because without risk management no organization can survive in the long run. This is because businesses today are faced with far greater challenges than before due to the fact that economical, technological and legal interdependence are becoming more prevalent and pronounced. It would be assumed that risk management and internal control systems will vary from organization to organization based on their size or industry sector. It is therefore logical to assume that every business organization has put in place a strong risk management structure and internal control systems to help achieve its goals. These are fundamental to the successful operation and day-to-day running of a business and assist a company in achieving its objectives.
Risk may affect many areas of activity, such as strategy, operation, finance, technology and environment. In terms of specifics, it may include, for example, loss of key staff, substantial reductions in financial and other resources, severe disruptions to the flow of information and communication, fires or other physical disasters, leading to interruptions of business and or loss of records. More generally, risk also encompasses issues such as fraud, waste, abuse and mismanagement. It is based on the foregoing that the current researcher is examining the relationship between internal control system and risk management in a selected organization.
1.3 OBJECTIVES OF THE STUDY
The following are the objectives of this study:
- To examine the internal control system put in place in an organization.
- To identify the risks and risk management strategy of an organization.
- To examine the relationship between internal control system and risk management in an organization.
1.4 RESEARCH QUESTIONS
- What is the internal control system put in place in an organization?
- What are the risks and risk management strategy of an organization?
- What is the relationship between internal control system and risk management in an organization?
1.5 RESEARCH HYPOTHESIS
HO: There is no significant relationship between internal control system and risk management in an organization
1.6 SIGNIFICANCE OF THE STUDY
The following are the significance of this study:
- The findings from this study will enlightens business managements, shareholders, corporate managers and the general public on different types of risks that organizations are exposed to and the various strategies/internal control system that can be used for risk management/mitigation.
- This research will be a contribution to the body of literature in the area of internal control system and risk management, thereby constituting the empirical literature for future research in the subject area.
1.7 SCOPE OF THE STUDY
This study is limited to the Nigeria Television Authority (NTA), Lagos center. It will also cover their internal control systems, risks that they are exposed to and the risk management strategies in place within the organization.
1.8 LIMITATION OF THE STUDY
Financial constraint- Insufficient fund tends to impede the efficiency of the researcher in sourcing for the relevant materials, literature or information and in the process of data collection (internet, questionnaire and interview).
Time constraint- The researcher will simultaneously engage in this study with other academic work. This consequently will cut down on the time devoted for the research work
1.9 OPERATIONALIZATION OF VARIABLES
Dependent variable: Internal control system
Independent variable: Risk management
Dependent variable: Internal control system which is measured by management attitude, management awareness, management actions
Independent variable: Risk management which is captured by policies, regulations, environmental factors
Y* ₌ f(Y1, Y2, Y3)
Y* ₌ Internal control system
Y1 ₌ management attitude
Y2 ₌ management awareness
Y3 ₌ management actions
X ₌ Risk management
X ₌ f(X1, X2, X3)
X1 ₌ policies
X2 ₌ regulations
X3 ₌ environmental factors
It can also be stated that the internal control system is a function of risk management.
Y* ₌ f (X1, X2, X3)
Converting this functional relationship into a regression model, it becomes:
Y* ₌ α0 ₊ α1X1 ₊ α2X2 ₊ α3X3 ₊ μ
Α0 ₌ constant term of the regression model
Α1-2 ₌ coefficients of parameter estimates of risk management
μ ₌ Stochastic variable
1.11 DEFINITION OF TERMS
Risk: a situation involving exposure to danger.
Fraud: wrongful or criminal deception intended to result in financial or personal gain.
Hazards: a danger or risk.