Project Abstract

                Abstract
 

This study explores the Impact of Information and Communication Technology (ICT) on internal control effectiveness in preventing and detecting fraud within the financial sector of a developing economy – Nigeria. Using a triangulation of questionnaire and interview techniques to investigate the internal control activities of Nigerian Internal Auditors in relation to their use of ICT in fraud prevention and detection, the study made use of cross-tabulations, correlation coefficients and one-way ANOVAs for the analysis of quantitative data, while thematic analysis was adopted for the qualitative aspects. The Technology Acceptance Model (TAM) and Omoteso et al.’s Three-Layered Model (TLM) were used to underpin the study in order to provide theoretical considerations of the issues involved. The study’s findings show that Nigerian Internal Auditors are increasingly adopting IT-based tools and techniques in their internal control activities. Secondly, the use of ICT-based tools and techniques in internal control positively impacts on Internal Auditors’ independence and objectivity. Also, the study’s findings indicate that Internal Auditors’ use of ICT-based tools and techniques has the potential of preventing electronic fraud, and such ICT-based tools and techniques are effective in detecting electronic fraud. However, continuous online auditing was found to be effective in preventing fraud, but not suited for fraud detection in financial businesses. This exploratory study sheds light on the impact of ICT usage on internal control’s effectiveness and on internal auditors’ independence. The study contributes to the debate on the significance of ICT adoption in accounting disciplines by identifying perceived benefits, organisational readiness, trust and external pressure as variables that could affect Internal Auditors’ use of ICT. Above all, this research was able to produce a new model the Technology Effectiveness Planning and Evaluation Model (TEPEM), for the study of ICT adoption in internal control effectiveness for prevention and detection of fraud. As a result of its planning capability for external contingencies, the model is useful for the explanation of studies involving ICT in a unique macro environment of developing economies such as Nigeria, where electricity generation is in short supply and regulatory activities unpredictable. The model proposes that technology effectiveness (in the prevention and the detection of fraud) is a function of TAM variables (such as perceived benefits, organisational readiness, trust, external pressures), contingent factors (size of organisation, set-up and maintenance cost, staff training and infrastructural readiness), and an optimal mix of human and technological capabilities.

Project Overview

INTRODUCTION 

1.0: Introduction to the Study 

There is a dearth of research effort in developing countries, including Nigeria, especially in the area of internal control/auditing and electronic fraud, which is the primary focus of this study. The focus on electronic fraud is important, in the words of Sieber (1986:15): “........The problems caused by computer crime are bound to intensify in the future. Increasing computerisation, particularly in the administration of deposit money, in the balancing of accounts and stock-keeping, in the field of electronic funds transfer systems, and in the private sector, as well as new computer applications such as electronic home banking, electronic mail systems, and other interactive videotext systems will lead to increase in the number of offences and losses.....” The observation made by Sieber (1986) has been proven quite accurate in more than two decades since it was made. For instance, Rusch (2001) discussed the growing rate of internet fraud in electronic business enterprises. The upward increase in the level of electronic fraud appears to be proportional with the increased expansion of legitimate internet use, which points to the fact that electronic fraud is becoming worldwide in scope and impact as it is now visible for fraudsters to plan and execute fraudulent schemes from anywhere in the world irrespective of their physical residence. The evolution of the digital economy at a global level has changed in no small measure how business enterprises operate, generate, and display financial data; and much more importantly, how they are audited (Razaee et al. 2002, p.1). Most financial reports are now generated online and in real time, and the overwhelmingly rapid adoption and implementation of e-business technology has led to new challenges for Internal Auditors, specifically in the area of internal control effectiveness. It is important to explain the concept of internal control in order to develop an understanding of the impact of Information and Communication Technology (ICT)  tools and techniques on internal control effectiveness in the prevention and detection of electronic fraud. The internal control system of an organisation is a structure laid down by executive managers for effective control of the entity’s activities. It is closely linked with corporate governance. The Public Company Accounting Reform and Investor Protection Act (2002), otherwise generally referred to as the SarbanesOxley Act, (2002), introduced in the United States, made it mandatory for management to initiate good internal control and provide assessment of its effectiveness. Most regulatory authorities worldwide are adopting the Sarbanes-Oxley Act control concept to prevent a repeat of the scandals which reverberated across the world as experienced with the likes of WorldCom or Enron (Weiddenmier and Ramamoorti, 2006) The concept of internal control (IC) is very important for proper management of an organisations’ risk, which may constitute barriers to the attainment of its set objectives if neglected. Budgeted profitability and achievement of set objectives may be impossible without a properly laid down control. 

1.1.0: Problem Definition and the Aim of the Study 

The expansion in business activities and the limitless opportunities provided by the internet usage have direct implication on the internal control function. This is more visible in the financial sector, as there is a noticeable transformation in traditional banking services (Awad, 1988). The Nigerian stock trading market is the second largest in sub-Saharan Africa with only South Africa larger in terms of volume. The financial sector accounts for more than 65 per cent of the stock on the Lagos exchange market (Security and Exchange Commission, 2010). There are mixed results from prior studies on levels of fraud and the apparent corporate governance problems in the financial sector of the Nigerian economy. For instance, Adewumi (1986) suggested poor internal control as the main reason for increased level of fraud. Oghojafor et al, (2010) identified a mismatch between supervisory skills of employees and the explosion in the numbers of banks and acquisitions of information technology. In order to have effective fraud prevention and detection, ensure accountability and good corporate governance practices, the instrument of internal control must be effective to identify and isolate illegal and fraudulent transactions. Developments in ICT have made business transactions and marketing much more accessible than envisaged throughout the world. Nonetheless, it has also brought with it problems of control associated with the use of the internet. A number of studies have so far been carried out on the impact of ICT on auditing or accounting in developed countries but research work on the impact of ICT on the effectiveness of internal control systems in prevention and detection of electronic fraud in developing countries is scarce. One of such developing countries is Nigeria, where the financial sector appears to have a compelling need to examine the impact of ICT on internal control systems. This is necessary in view of recent government desires to attract more foreign direct investments to invigorate the economy through improved financial operations, which in turn necessitated benchmarking the effectiveness (COSO, 1994) of internal control against best practices. The development of ICT and its adoption by internet-based businesses is growing rapidly in developing countries such as Nigeria. Equally, internet-based fraudulent activities are growing across all business segments in Nigeria but much more in the financial sector (CBN, 2009).    

It is therefore pertinent to examine the efficacy of the use of ICT in IC for prevention and detection of electronic fraud. ICT tools and procedures are becoming increasingly inseparable in daily running and control of business enterprises’ activities worldwide. For instance, in a survey conducted by PricewaterhouseCoopers, (2007), it was found that Internal Auditors are increasingly using ICT tools and techniques for control of their functions. This is as a result of increasing use of ICT for conducting and recording transactions in the financial sector, while at the same time opening up opportunities for fraud. Hence it is imperative to examine the effectiveness of ICT-based tools and techniques as being used by Internal Auditors in internal control. The functions of key stakeholders in internal control are now known to be affected by ICT tools and techniques usage as shown in Figure 1.1 on page 7. ICT tools and techniques usage in internal control has some level of direct impact on Internal Auditors (in terms of performance of their function and role), top management (in terms of reports and decision making), audit committee (in terms of reports and decision making), regulatory authorities (in terms of monitoring and ensuring public trust), accountants (in terms of their job functions and performance), and External Auditors (in terms of scope, quality and audit fees).