The Effectiveness of Internal Audit and Internal Control Systems in Greek Bank Assignment Sample
CHAPTER 1 - Conceptual Framework of Internal Audit
Introduction
This chapter of Auditing assignment outlines the documented historical evolution of internal audit and provides a conceptual distinction between internal audit and internal control systems. A distinction between Internal and External Auditors will be offered in order to aid the reader in comprehending the concept's meaning.
Historical Development of Internal Control
Even though Audit Control originated in recent years, the need for it arose many decades before, and it has always been related to accounting processes. The audit control originally existed in prehistoric times with the trade of products, according to historical records. These interactions between the primitive societies demonstrated the need of accounting and auditing controls for trustworthy transactions.
In 3000 B.C., the ancient Babylonian inhabitants of Nineveh performed accounting reporting to assess the transparency of their daily financial operations, according to written evidence (Ramamoorti, 2003; Sawyer, 1996). In ancient Athens, approximately 300 B.C., the Congress established the "Accountants" as a financial organisation for the city-state. In addition, the "Responsible" and the Accountants managed the finances of prominent individuals who had been removed from public service. They also regulated the interest-free public loans provided by bankers to cities. Similarly, across the remainder of ancient Greece, the "Examiner" was responsible for numerous control tasks. Italy revived accounting in the late Middle Ages, and the city of Pisa has its own licenced auditor (Ramamoorti, 2003). In 1581, the first formal "Coliegio dei Raxonati (Union of Professional Auditors)" was established in Venice, Italy. It was a governmental institution that governed state regulatory obligations and rapidly impacted a large number of individuals (Filios, 1984).
Audit Controls were also identified at England's Ministry of Finance, where three individuals maintained three distinct ledgers: The Secretary of the Chancellery, the treasurer, and the representative of the Auditor General.
Kingdom, the consistency of the pages was a type of internal control. In 1525, the word "auditor" appears for the first time in England.
The financial crises of 1825 and 1836, the expansion of the crafts, and the strengthening of industry all led to the multiplication and systematization of audits in the United Kingdom, making it the birthplace of the contemporary Audit function.
Today, internal audit is an established and mature profession. Prior to ten years ago, a person involved in an internal audit service would have encountered an unfamiliar scenario in terms of the monitoring role, services, and methodology. If we trace the growth of internal control, we can see that before 1941, when the Institute of Internal Auditors was founded1, recordkeeping was done manually and auditors were only required to verify for problems in the accounting data after it had been completed. Internal auditors are connected with a feeling of security, yet their principal function is to discover fraud (Pickett, 2003).
The audit role originally arose as part of a stewardship process as a subsidiary and supplementary function. In 1941, emphasis was placed on the establishment of the Institute of Internal Auditors (IIA) and professional standards. Alongside these advancements, the Board of Directors, the Audit Committee, and the external auditors all contributed to the expansion of the Internal Auditor's responsibilities. In conclusion, the viewpoint of internal auditors was modified. On the one hand, they obtained a full form and were augmented with extra activities and duties, but on the other hand, they altered their relationships with auditees.
In Greece, the College of Auditors was established in 1931 by legislation 5076/1931, and "Chartered Accountants" were established in 1955 by law 3329/55. The introduction of Certified Auditors with the aid of IAASB (International Assurance and Auditing Norms Board) standards and the IFAC (International Federation of Accountants) Code of Professional Ethics strives to maintain the integrity of auditing the impartiality and openness of certified auditors as well as their professional independence.
Conceptual Delimitation
To facilitate comprehension of the notion of internal control, a comparison will be drawn between Internal and External Auditors. At this phase, the audit's primary purpose is to accurately evaluate the operations and business data by providing an impartial opinion on their efficacy. Moreover, the sooner the firm management is notified of the risks, the quicker and more successfully the internal audit will take steps to combat them, with the goal of enhancing the enterprise's productivity and competitiveness in the Greek Bank industry.
Internal Audit
Internal audit is an impartial and objective process that examines the effectiveness of an enterprise's or organization's System of Internal Controls and makes recommendations for achieving goals at the lowest cost. Simultaneously, it contributes to the enhancement of its operations and employs its controls to reduce the company's exposure to risk2. The Internal Audit is conducted on every aspect of an organization's activities, including management, financial statements, and, of course, the security of the organization's assets. Internal audit may execute any operation except those that do not provide an audit function interest. Thus, internal audit oversees all aspects of a company and assures that there are no weaknesses. However, it is very difficult to resolve all the problems a bank has, which is why we employ internal audit to drastically decrease them. The business should consider the security of its assets, as well as the dependability and precision of its financial records.
According to the Professional Association of Internal Auditors in the United States, the Internal Audit Service3 encompasses administrative planning, organisation, and direction. These acts give confidence that the following goals will be attained: a) economical and sufficient use of resources; b) protection of its assets; c) dependability and information integrity; and d) adherence to policies, processes, laws, and regulations.
In addition, the internal audit function is a component of corporate governance and a crucial aspect of the process of regulating a company while evaluating and enhancing certain assets:
1) It sets the aims and values process,
2) It monitors the accomplishment of goals,
3) It promotes responsibility and
4) It safeguards value.
In order to absolve them of duty, the Internal Audit must advise all departments and individuals of an organisation that control methods are consistent with administrative decisions. Also, as stated by the Corporate Governance principles, Internal Audit safeguards the interests of shareholders and workers while evaluating4:
- The Internal Control System and its subsidiary systems,
- Risk evaluation and effective management
- The organization's existence and the efficiency of its internal procedures
- The education and compliance contracts associated with employee management choices,
- Comparing operational expenses,
- The accuracy of financial accounts
- The assessment of employee collaboration and communication, the use of production resources, o The avoidance of fraud, damage, and loss.
The goal of the audit is an accurate assessment of the enterprise's accounting books and financial statements. During the auditing process, the report is verified based on the accounting system's organisational unit, enabling the first measurement and reporting of any company-related issues.
The audit done by an auditor who adheres to specified norms - professional behaviour standards. These regulations are referred to as audit work standards (Standards of Fieldwork), and their goal is to accomplish the audit processes. In addition, the auditing standards are categorised into four groups:
- The fundamental criteria address the objective of audits and the prerequisites for becoming an auditor.
- The execution of labour norms including technological control principles.
- The reporting criteria, which the auditor alluded to in a draught report, and
- Professional qualification criteria, referring to the controller's professional behavior.
Financial Control, verifies the accuracy and effectiveness of the enterprise's accounting system, as well as measuring and presenting the financial statistics of the enterprise's results, which are performed by auditors.
Operational Control, often undertaken by internal auditors, checks and monitors whether a business operates in line with the operational and administrative regulations of its industry.
Internal Auditors, who are interested in the business's operations and processes and who contribute to the company's smooth operation are involved in efficiency control.
Compliance Audit, the aim is to determine compliance with previously agreed upon conditions, such as an invoice payment check.
Special Control, is a control that does not fall under the aforementioned categories, but can be done if the controller can handle judicial review of the instance.
Internal Audit - Code of Ethics
The primary objective of the Code of Ethics is to establish an ethical culture within the Internal Auditing profession. Internal auditors must implement and defend the following principles5 to comply with Article 48, Paragraph 2, Subparagraph 2 of the Law on Internal Audit in the Public Sector:
• Integrity: instills confidence in the judgment of the internal auditor. Internal Auditors should execute their duties with integrity, vigour, and professionalism. In addition, they should check and submit the mandatory notices. They should not participate in actions and relationships with third parties that denigrate their profession.
• Objectivity: Internal auditors must exercise unbiased, objective judgement in all pertinent situations, unaffected by their personal or other interests. In addition, they will not "welcome" anything that undermines their professional evaluation.
• Confidentiality: The Internal Auditor is deemed to employ confidentiality since they do not divulge any material without sufficient authorisation, unless required by law. Additionally, they must exercise caution while using the gathered knowledge, since they cannot utilise it for their own gain.
• Sufficiency: Internal Auditors conduct Internal Audit Services by using their discretion and expertise. According to IAS for the Professional Implementation of Internal Control, they should supply it.
Internal Control Mechanisms
The internal control systems balance the interests of shareholders and management. The following are the primary factors that influence how well a company's management reflects the interests of its shareholders:
- The Directors' Board
- Compensation for the Board
- Institutional Ownership of Stock
- The market for takeovers.
Internal Controls Systems
An integrated control system's ordered pattern of functions and processes is shown by the internal control system, which also emphasises how well the organisation is managed (Cheung, T. Chi. and Qiang, Chen. 1997).
The risk assessment is a crucial component in the design of an internal control system (ICS). Internal audit is a tool for approaching and evaluating risk factors. The internal control system operates all procedures that are used by management to ensure the best possible collaboration with the company's board of directors, to ensure capital, to detect fraud and identify errors, to ensure the accuracy and completion of accounting records, and to promptly prepare all pertinent economic data6. The term "internal control system" refers to a well-organized and structured system that is closely related to the regulations that control corporate management and strives to protect the many interests that a corporation may have. The following subsystems are part of an internal audit system:
- The business's organisational structure,
- Written guides
- The evaluation of both long- and short-term planning,
- The company's personnel, procurement, and market policies;
- The management of the assets and portfolio
- Generating goods and services via cycles.
In conclusion, the internal control system is essential to guarantee the success of the company. The internal control systems, however, differ based on the business's size, operations, and organisational structure, which is notable. The organisation plan, adequate training of human resources, and accounting management in the company all play crucial roles in the development of an internal control system.
Therefore, it would seem that the development of a reliable internal control system should adhere to the following guidelines:
- Adequate accounting practices,
- To protect books from untrustworthy people,
- Divide up the work,
- Edit numbered and verified data, and divide up the duties.
- Regular asset verification of the business, coverage of all business operations.
- Operation standardisation (quicker and easier control of work).
- Management of inventory.
- Current electronic communication and information systems.
- Sufficient systems for identifying, analysing, and managing risks early on.
Every internal control system includes control mechanisms and safety valves that are intended to guarantee an entity's correct operation and quickly handle hazards. The study of internal operating procedures for things like personnel rules or quality assurance is a key component of organisational safety valves, which are connected to the fundamental organisational operations. The goal of preventive safety valves is to draw attention to mistakes that are impairing the smooth running of the entity's activities. restrictive security when barriers to the correct operation of the entity's activities are found, valves are operating to take action to remedy the inconsistencies.
Clear and detailed descriptions that are simple for all personnel to understand and accept are a need for the safety valves of internal control systems to function as intended. Specialized Safety Valves work to safeguard assets in an efficient manner while obtaining the required authorisation for access. General Safety Valves concentrate on the configuration, enactment of policies, and adherence to all the members that make up the organisational structure of a corporation. Related to other concerns as well, including hiring practises and the division of tasks and responsibilities.
The Purpose Of The Internal Control System
The following might be listed as an internal control system's goal7:
i. It ought to serve as an administrative instrument for putting chosen strategic objectives into practice and for facilitating evaluation by assessing the outcome and contrasting it with the initial goals.
ii. In order to fulfill essential demands, it should move and behave in an organised and businesslike manner. Additionally, it must be adaptable, versatile, and effective. It must ensure the unit's survival in a cutthroat environment.
iii. It should make it possible to use and manage resources effectively, utilise production, use human resources, and protect assets. It also attempts to provide better service to the operators.
iv. It should be governed by operational and business conduct guidelines that offer the assurances and conditions necessary for the organisation to take the risks necessary to achieve its highest objectives by ensuring the strength and viability of the institution.
v. It should include internal control structures for assessing the system's operational effectiveness.
vi. It should meticulously distribute duties and tasks across the many corporate divisions and staff members. Additionally, for them to properly participate, there has to be control in their relationships.
vii. It should be aware of whether any decisions or authorizations are understood by all strains and can be applied across the hierarchy pyramid when done so in accordance with the carrier's rules.
viii. It should not impose any limitations on the carrier's development and should offer free development initiatives for creative work.
ix. In order to support the coordination and peaceful coexistence of its functions, it should aim to establish specific safeguards.
Best Principle of Internal Control System
The internal control systems must adhere to specific guidelines in order to be effective and provide the auditors with a comprehensive overview of all material factors.
a. Adequate staffing:
Adequate staffing should be carefully considered in a modern enterprise, especially in light of the current internationalised market trends. The proper assessment and utilisation of the labour potential of all groups of workers, from highly skilled ones to simple unskilled ones, requires the same level of attention. As a result, one of the crucial success factors for any state or private institution is the evaluation and exploitation of the workforce. The company should be made up of qualified and productive individuals. The entire pyramid of workers needs to be properly organised in terms of both quality and quantity.
b. Decentralization Of Management:
To guarantee the division of duties. To clearly and appropriately define each employee's duties, the distinction should be made. The administration and any area of the business should, in accordance with the level of organisation and relevant staff, make sure that they assign as many competent people to all hierarchical levels and that they are solely accountable for the outcome of the activities. Finally, in accordance with the steps that have been taken, it is important to ensure that the operations of administrative bodies and the pertinent departments are evaluated and their effects are measured.
c. Separation of duties and responsibilities
Each level of the hierarchy pyramid should have a distinct separation of duties and responsibilities. Tasks and responsibilities must be clearly defined, especially in situations involving the enterprise's vitality, such as those involving assets, cash, portfolios, and production departments of paramount importance.
d. Provision of Authorization
This step is used to carry out transactions and represent the Company before third parties. The board must give its approval. The transactions assume proper authorizations from those who are subject to the operational policies and practises in the situation.
e. Ensuring the transactions
Each transaction should be conducted in accordance with the business's current policies, procedures, and guidelines, which are as follows:
- To precisely specify who is responsible for approvals.
- To spell out precisely how each transaction's screening will be done.
- To provide instructions on how to accurately record and account for each accounting event.
- To display all transactions in a proper and organised manner so that the necessary information can be provided whenever needed.
- To make any activity less likely to make a mistake
- To give the management the information it needs to make decisions.
f. Monitoring And Inspection Work:
A systematic monitoring and inspection of the employees should be conducted in order to ensure compliance and to guarantee the quality of services and products. The surveillance work is used to deliver more effective services, which in turn ensures the smooth operation of the company.
g. Timely and regular updating Documentation:
Regular and timely updating Reports submitted to the administration serve as documentation for the information. These reports need to be handled.
At all tiers of the pyramidal structure, the information must be delivered accurately, timely, and organizedly in order for corrective action to be taken. These reports must be timely submitted and, to the greatest extent possible, feature a simplified design and comparison.
h. Control Area Depending On the Risk:
Depending on the risk, the control area is: The control area should be organised according to the risk that it faces in each division of the business, and its design should take into account the size and nature of the entity.
i. Establishment of Internal Audit:
Because it monitors and assesses the effectiveness of the internal control system as a whole, the entity must have an internal audit department. Internal audit offers the opportunity for more unbiased and independent evaluation functions, which are necessary so that administration could have this information and use it as a tool to manage business risk more effectively.
Internal And External Auditors
When we use the term "internal auditors," we refer to people who are employed by an organisation or a business and who only disclose significant information to the audit committee and board of directors of the business. Additionally, internal auditors serve as advisors by ensuring that the company's organizational structures and risk management guidelines are being followed correctly. In addition, internal auditors are professionals who have received training in the discipline and are not independent because they are employed by the organisation.
On the other hand, when we refer to "external auditors," we mean the impartial people who audit a business or an organisation, but who only divulge pertinent information to the business's shareholders. External Auditors are licenced accountants who provide yearly reports. The results of the external audit reveal whether the accounts reflect true and fair value. The accounts, balance sheet, and annual financial reports are the focus of their work.
The Effectiveness Of Internal Audit
The Efficiency of Internal Audit Every company has a unique management style and size. The implementation of a successful internal control system is extremely difficult because each needs of business are unique. However, there are a few characteristics that must exist for an internal control system to be effective.
An internal control system's effectiveness requires independence because it enables auditors to act impartially and without hindrance.
The reports must be delivered to the Board of Directors by the Director of Internal Control. The work of the internal auditors is elevated by this close connection. Additionally, each company needs an organisational strategy in order to accomplish its own goals. This strategy will guarantee the Internal Auditors' smooth operation by dividing up their duties among them. Internal Audit fills in this gap with its advisory and repressive role because the current management of an organisation lacks its own direct and reliable information to establish the safeguards for managing the business risks.
Similar to this, internal audit aims to put corporate governance principles into practise as a transparency calibration method, giving it value while protecting the interests of employees, customers, and shareholders within the company. Disclosure and control are crucial company-related information that are fundamental to ensuring transparency, investor protection, and ultimately the efficient operation of the capital.
Additionally, the firm's transactions should be guaranteed by the design of an effective internal control system. In order to control the registration of transactions, which must be preceded by authorization of principles and rules of accounting, it is especially important that the procedure of transactions be examined and carried out in accordance with the administration's principles and policies. The necessary documents must be used in order to gain access to the company's financial information. There are four steps to be taken for better transaction control:
- Authorization
- Approval
- Implementation
- Inventory
The labour inspection is also a significant element that increases the effectiveness of internal audit. In order to improve and guarantee quality, it is essential to control all the procedures and methods and to offer suggestions when appropriate.
In order to improve the efficiency of the financial unit's operation, all information from reports, councils, and conferences should be collected and distributed throughout the administration. Each internal control system should also be appropriate for the needs and size of the respective enterprise.
Audit Committee
Senior executives make up the Audit Committee, an independent advisory board with increased responsibilities that follows the Board's directives. Similar to internal controls, the audit committee is a division of management. In order to interpret the potential impact on the financial statements, the audit committee reviews important accounting issues and reports them to management. At least four times a year, the Audit Committee convenes at the President of the Audit Committee's invitation. The audit committee reviews the audit report's findings along with management and external auditors. Additionally, the Audit Committee reviews the effectiveness of internal controls and provides management with some observations and other significant findings. The following are some of the duties held by the Audit Committee:
• To examine the processes followed in preparing the financial statements and the information presented in the company shareholders.
• To monitor and periodically assess the sufficiency of the organizational structure of the company and the internal control system.
• It is a factor in the appointment of auditors and in determining the amount of their compensation.
• It supports the work of the external auditors by making it easier for them to access the information they need to finish their work.
• It is in charge of establishing the organization's Rules of Operation and Procedures and carrying out the decision-making process.
• Oversees the Internal Audit Unit and helps it do its work.
• Works together with it to set up the annual control program.
• It bears ultimate responsibility for internal control outcomes.
Additionally, the committee oversees and controls the auditors who work for the company or organization and is in charge of their compensation. Additionally, they designate pertinent protocols for issues relating to internal control and financial reporting. The procedures, also known as a "whistle-blower policy," enable people to raise concerns without worrying about repercussions10. In order to discuss pertinent issues that the committee or auditors believe should be discussed privately, the audit committee meets separately with the external auditors
CHAPTER 2 - Literature Review on Internal Audit
Introduction
Here, some internal control-related surveys that can help export some conclusions should be succinctly presented. The subject matter of each survey, the methodology that was used, the principal researcher for each survey, and the conclusions drawn by each survey are all covered in the paragraphs that follow.
Literature Review
Literature Review 1
First off, Willie Hackett and Sybil C. Mobley's 1976 paper summarizes the conclusions of accounting historians who have examined the historical evolution of internal management. The early businesspeople devised new strategies to regulate and preserve earnings as quickly as they improvised a strategy for generating them. The fact that they realized total trust was the crucial component and the most lucrative strategy by introducing new kinds of control was also stated in their survey. The following are some other contributing reasons to the ongoing expansion of internal control that are highlighted by the authors:
A) the impossibility of developing an audit owing to the huge number of transactions;.
B) The need to lower the cost of the external audit.
C) The use of advanced control mechanisms to maintain internal administrative controls and to offer timely feedback on mistakes and fraud.
D) The necessity to validate transactions and profit reports, as well as the consistency of the applications and the accounting processes, E) Since the external audit technique has changed from a review of previous operations to a review of the system of internal control, the reliance on it has grown.
From a viewpoint that highlights the pluralistic aspect of life's organizational structure, Gareth examined the function of the internal auditor and the disputes between the auditor and the audited in his M.A. thesis from 1980. He employed internal auditor surveys from several sectors, including police stations (40 replies), educational institutions (172 responses), and social services, for his study (138 responses). His survey's findings revealed that the audit function initially emerged as a stewardship process when the Institute of Internal Auditors and professional standards were established, with a focus on this as an Administration Management service. This study came to the conclusion that internal auditors simply conduct audit tasks and provide advice services, but the author claims that many issues come from the natural tensions between internal auditors and auditees and that their relationships need to be reshaped.
Additionally, Celal M.'s research from 1989 evaluated the internal audit role in Turkish banks. He employed 25 questionnaires addressed to internal auditors in various banks around Turkey as part of his approach. 14 of the surveys received responses. Additionally, he submitted 90 queries to the auditors, of which 50 received responses. According to the responses to the Celal surveys, the use of technology (computers) and the globalization of banking institutions have both increased the importance of internal audit in the banking industry.
Additionally, the findings of his poll revealed a direct correlation between the internal auditors and the size of the bank institution.
In order to evaluate the role that professional associations, governmental organizations, and worldwide accounting and audit organizations play in promoting the requirements for the local and global election of independent auditors, R. V. Rocco devised a research in 1996. The American Institute of Certified Public Accountants, the Institute of Internal Auditors, the Commission Capital Markets, and the Treasury of the US government are the specific subjects of this research. Rocco did a historical analysis and literature study to corroborate the findings of his survey, which led to the discovery that independence is regarded as the cornerstone of the audit and accounting professions.
Additionally, Loukis, E. and Spinellis, D. performed another poll in 2001 that emphasised the significance of system security IT. They sent a sample of 90 surveys to Greek public institutions, and 59% of them received a response. They come to the conclusion that the public sector in Greece is at least somewhat cognizant of information system security. However, they were also worried about the privacy of digital data since so few companies have created integrated, systematic approaches for safety information systems that include internal control processes.
In a survey performed in 1994 by Ali, N. A., 262 responses—representing a response rate of more than 41%—were received from a sample of 638 internal auditors who were members of the Institute of Internal Auditors. The survey's findings showed that internal auditors were acting dysfunctionally while working with a limited budget and time, and he explained the reasons why as well as some potential solutions. Particularly, operational control was less susceptible to the dysfunctional conduct than compliance and financial control. The four primary factors that contribute to internal auditors acting inefficiently with regard to time are flat control measures, insufficient supervision, an excessive reliance on operational staff representation and presentations, and time budget restrictions.
Burnaby, P. and Hass, S. (2009) employed research questionnaires in their survey to attain their goals. They emphasized the use of efficient internal control, especially adherence to the Institute of Internal Auditors' Standards.
They accomplished this via surveys that were sent to 99,000 Institute of Internal Auditors members across 91 nations. 9.5% of the total 9,366 responses were considered which represents the rate. As far as their responsibilities, a lack of sufficient people, and personal time are concerned, the findings demonstrate the necessary conformity between internal auditors and the International Standards Interior. The internal auditors serve as the basis for external auditors, according to a 2004 research study by Haron H. (especially on the financial statements of the companies). A questionnaire created by Haron and sent to several South Malaysian auditing firms (most of them were managers and B.o.D members).
The survey's findings demonstrated that the functionality and technological competitiveness of the internal auditors were essential qualities that the external auditors need in order to depend on them.
The connection between the external and internal auditors should have been defined in a number of ways to be in compliance with the Statement on Auditing Standards (SAS-65) released in 1991. In an SAS 65-compliant survey Alan R. did in 1994, he documented the historical evolution of the elements and traits that make up the interaction between internal and external auditors. A survey was distributed by Alan to a sample of 130 businesses. His findings revealed that most organizations had internal and external auditors that worked together in a collaborative manner, and that SAS had minimal effect on these relationships.
CHAPTER 3 - Banking Sector
Introduction
Each Bank must be proportionate to the size, complexity, and dangers currently associated with its operations. Since markets were deregulated and capital flows were liberalised, there have been a significant number of new commercial banks. The Greek financial sector is now going through a time of transformation and has seen a marked rise in Greek bank development in the Balkans, as well as partnerships with other foreign banks and mergers and acquisitions.
Particularly in the US, where it was a significant area of policy at the turn of the century, banking supervision has a lengthy history. The Great Depression and the high number of bankruptcies in general were the major drivers of economic theory's interest in banking sector oversight. While not limited to the United States alone, the goal was to regain public trust in financial institutions.
After 1930, the bankruptcy issue significantly diminished. In the United States and continental Europe, the level of supervisory oversight declined. Therefore, one of the most recent developments in economic history is the supervision of international banking. 41 commercial banks were active in the Greek financial sector at the end of 1997. This chapter examines certain important Basel Accord Committee components using theoretical data. It also discusses the internal control organisational structure in Greek banks.
A significant portion of the Basel Committee's initiative has been accepted by the supervisory authorities of many nations, despite the fact that the regulations approved by the Basel Commission do not have a compulsory legal character.
Commercial Bank
The most significant financial institutions are commercial banks, which also dominate each nation's financial system. The function of commercial banks in the economy is crucial. Since they have the capacity to influence the general public's buying power, they belong at the core of the monetary systems. Commercial banks provide a broad variety of financial services, such as granting credit, issuing bank checks, and issuing money orders, government securities, and money orders.
Commercial banks regulate deposit accounts and provide loans to both people and businesses. Additionally, various government agencies, like the Federal Reserve and the Federal Deposit Insurance Corporation (FDIC), keep an eye on C. B's. Value creation is the primary goal of commercial banks. By raising the share capital, the value of the bank may be created. The bank's economic earnings improve as it extends more loans to both people and companies, increasing the interest rate in the process. Additionally, Commercial Banks maintain capital on their balance sheets that they borrow and lend.
Best Accord Committee
In the United States, where many banks failed at the turn of the century, the banking oversight has a long and distinguished history. That was the motivation for financial authorities' interest in banking supervision, which was not limited to the United States.
A set of rules for the banking sector are included in the Basel Accords. Members of the Group of Ten nations' central banks and regulatory agencies, plus Luxembourg and Spain11, make up the Basel Accord Committee. Additionally, the major goal of banking supervision is to ensure that banks run responsibly and safely12.
In 1992, the Group of 10 nations passed the Basel Accord I, which established minimum capital requirements for banks in an effort to reduce risk.
The Basel Committee's first paper was intended to establish an international minimum level of capital that banks should possess.
The banks' capital adequacy ratio is the main subject of Basel Accord I. The chance of an unanticipated loss is broken down into five categories: 0%, 10%, 20%, 50%, and 100%. It specifically specifies the elements and quality of the capital held by banks and groups them into significant inside- and outside-the-balance-sheet figures in accordance with the indicated risks connected to them. The Basel Accord mandated a single, 8% minimum capital adequacy ratio.
Basel Accord II
Basel Accord II, the second international financial regulation, was established in 200413. improved the supervisory and economic capital balance as well. Basel II disavowed the notion that all supervision regulations must be the same in order to proclaim that the evaluation and management of the undertaking constitute the most sophisticated and effective pillar, reducing the need for interstate capital in a given activity. The Basel Accord is centred on three pillars:
? Calculating the necessary minimum capital to cover credit risk (Pillar I)
? Enhancing market discipline by adopting rules that include qualitative and quantitative information (Pillar II) and
? Market supervisory review procedure and formulation of principles and criteria relevant to this supervisory review process(Pillar III).
Following an early response to the needs of the market and the financial system, the Basel Accord II quickly gained acceptance as a benchmark for banking regulation.
Basel Accord III
Basel Accord III is a regulatory norm on bank capital adequacy, stress testing, and market liquidity risk, according to the Basel Accord Committee. The Basel Committee on Banking Supervision approved it in 2010–2011, and it was supposed to be implemented between 2013 and 2015; but, revisions made on April 1, 2013, prolonged implementation until March 31, 201815. In response to the flaws in financial regulation exposed by the financial crisis of the late 2000s, the third iteration of the Basel Accords was created. By raising bank liquidity and reducing bank leverage, Basel III was intended to increase capital requirements for banks.
On December 16, 2010, the Basel Committee released two significant reports with the following titles:
1. Basel III: a worldwide regulatory framework for stronger banks and financial systems16, was implemented in 2016.
2. Basel III: An International Framework for the Measurement, Standardization, and Monitoring17 of Liquidity Risk.
Internal Controls in the Organizational Structure of Banks
Management uses the internal control system, which is made up of a number of procedures and safeguards, to accomplish its operational and strategic goals18. According to Bank of Greece decision 2438 / 08.06.1998, each institution must have a sufficient and effective Internal Control System (ICS), which shares responsibility for carrying out the goals set by the Bank's Board of Directors.
Depending on the size and scope of the bank, of course, the internal audit department plays a significant role in managing banks. Internal control systems also provide advisory services to the Bank's many divisions and services. Additionally, internal control is a separate, advisory role that reports to management or the audit committee and finds flaws and offers countermeasures to address them19. Internal control's authority is based on where it sits in the organizational structure. Internal Control Service should directly report to the CEO, who is in turn given permission by the Board of Directors, in order to act and accomplish the objectives of the firm.
According to Law 3371/2005, Internal Audit is appointed by the Board and is accountable to it. It is also under the control of a three-member "Audit Committee" that the Board elects. The Audit Committee is in charge of reviewing the department's final reports and findings. This in turn informs the Bank's Board of Directors via regular and special reports.
CHAPTER 4 - RESEARCH METHODOLOGY APPROACH
Introduction
This chapter specifies the population that serves as the study's "target group" and the sample from that population that is required to carry out the study's objectives and reach its results. It also details the sampling method that was selected.
Sample and Population
The efficiency of the internal audit and internal control systems in the Greek banking industry is investigated in this study. As a consequence, a survey was performed and sent to fifty bank workers (executives and non-executives) at four of Greece's biggest banks. Men and women of various ages with at least five years of experience in the banking industry were asked to complete a questionnaire that asked about their understanding of internal audit and internal control systems. The first idea was to send the questionnaire directly to the internal auditors of the banks since it was assumed that because this was the focus of their job, they would have a more accurate and detailed understanding of the processes and systems. However, the research's initial hypothesis was rejected since it was intended to demonstrate the efficiency of internal control and its mechanisms in the banking industry. The first hypothesis had a high likelihood that the conclusions would include an excessive amount of subjectivity since it is very acceptable for individuals to adore their line of work. For this reason, it was decided that the research would only include male and female bank workers who had at least five years of banking industry experience.
It is necessary to know the precise size of the population in order to choose the sample (Cohen et al, 2000). The banking industry in Greece employs 44.3 thousand people. In 2015, the number of workers in the Greek banking industry was much lower than it was in 2010, when there were 59,967 employees overall. 42 banks are active in Greece; 13 of them are Greek, 21 are foreign bank subsidiaries, 10 are cooperative banks, and one is a financial institution. Only four Greek banks—Alpha Bank, Eurobank Ergasias EFG Bank, National Bank of Greece S.A., and Piraeus Bank—were included in the survey's sample.
The word "Sample" refers to a representative sample of the population that is chosen for study in order to make generalizations about the population as a whole. The sample size should match the size of the population utilized in this study. The workers of the financial institutions were chosen at random for this study's sample, and as a consequence, 50 questionnaires were delivered to them; 68% of them received a response. However, it must be emphasized that the accuracy of the results increases with the size of the sample.
Sample Technique
The basic random approach is used in this investigation. Employees at the bank received the surveys both in paper form and electronically (through email). Because the questionnaires were delivered directly to the chosen banks, which also provided the greatest access because friends, family, and coworkers are employed there, the sample was practical as a result.
Research Questionnaire
Only "Closed-end" questions, where respondents must choose from predetermined responses, are included on this questionnaire. All of the questionnaire's questions were created using a five-point Likert scale that assesses whether respondents agree or disagree with the following statements:
1. Vehemently disagree
2. Disagree
3. I'm undecided on this one.
4. Agree
5. Totally concur
The Likert scale was employed so that respondents could rate how much they agreed or disagreed with the topic of internal auditing. There are equally as many positive and negative responses on the scale of the questions included in the questionnaire.
It was decided that it was not required to give explanations when filling out the questionnaire in order to gather the data. The inquiries were simple for participants will comprehend without needing any in-depth explanations for the answers. The questionnaires were gathered, and then their validity and completeness were examined. The questionnaires and the survey were properly filled out.
The goal of this study, which used a questionnaire to collect data, was to determine if each Internal Control component and its supporting systems was essential to the efficiency of internal audit in ensuring the survival and development of the banking industry.
The questionnaire has two sections since it was created in a manner that makes it easy to complete it quickly. The five COSO (Committee of Sponsoring Organizations of the Treadway Commission) framework mechanisms are discussed in the first section of the questionnaire. It assesses internal controls and measures the efficiency of internal control systems, and it is a widely used and acknowledged framework for internal audit functions (Candreva, 2006). The following are the five COSO framework elements that are examined in the questionnaire:
The internal control mechanisms are discussed in the second section of the questionnaire. It is worried with problems relating to the traits of an efficient internal control system. Each firm has unique requirements, structures, and sizes. Consequently, the following characteristics of a suitable internal control system are:
• Independence
• Organizational Strategy
• Reliable authority structures, authority delegation, and accountability
• Appropriate internal audit personnel
Independence refers to the auditors' unrestricted access to all the operations, records, and procedures of the economic unit as well as their ability to conduct their audits without being subject to any restrictions due to Management's support.
Every bank must have an organizational structure that details the duties and responsibilities of each department. Every time there are adjustments that make a review required, this organizational plan should be evaluated. Each internal control department should be made up of knowledgeable and skilled employees who have expertise and are acquainted with all transactions. The finest auditors are those who have spent a long time working in diverse industries as workers and executives since they have a wealth of experience and expertise, as is proved in practice. The auditor should be able to see mistakes and suspicious activity, as well as "read between the lines" and have the insight to spot mistakes and omissions that might significantly affect the results. Since the processes are always evolving and the auditors need to be updated on new control techniques, it necessitates ongoing training and involvement with each item.
CHAPTER 5 - Presentation of the Questionnaires’ Results
Introduction
A questionnaire was used to gather the data, as was described in the preceding chapter, from a sample of fifty bank workers from four Greek banks. Data was subjected to statistical analysis, and Microsoft Office Excel 2016 was used to create the graphs. The survey's results help us reach conclusions on how to strengthen internal control and boost its efficacy in Greek banks. Additionally, there are some suggestions made for additional study. The questionnaire's questions are based on a five-point Likert scale analysis that classifies statements based on whether respondents agree or disagree with them.
Likert Scale Rating 1
A frequency table, percent rate, and cumulative frequency are shown for each question that was subjected to statistical analysis of the variables. Additionally, each question has a related bar graph that shows the proportion of replies that support it for simpler understanding and perception. We will provide the findings of our inquiries after receiving all the survey replies. The Control Environment of a Bank is discussed in the first section of the questionnaire.
Analysis of the Questionnaire
As we can see, the majority of Bank workers (80% on the "Agree" scale and 100% on the "Strongly Agree" scale) agreed that internal control significantly protects the company's assets and employees. The descriptive statistical analysis findings, which are shown in the table below, lead us to the same conclusion.
According to the aforementioned graph, we can see that 80% of the workers think internal control helps the firm maximize its effectiveness since after each control, risks are recognized and dealt with to assist the bank maximize its effectiveness. The percentages on the "Agree" and "Strongly Agree" scales are the same, and the same outcomes were also shown in the statistical analysis that we utilised. However, 20% of respondents do not agree or agree with this, maybe because they do not have a comprehensive understanding of internal control.
The Internal Audit assists in comprehending and addressing any threat discovered during checking, according to the 76% of Bank personnel (38). However, 12% of the workforce expresses neither agreement nor disagreement, despite the fact that Internal Audit is responsible for monitoring and identifying potential hazards inside the Bank. The statistical analysis that led to these findings is shown in the table below.
The presence of organizational plans for each sector and Department, which are evaluated in light of recent developments and demands, is referenced in the fourth question. Figure 4 shows that there is an organizational plan for each sector and Department, with 62% of respondents agreeing with this statement (32% "Agree" and 40% "Strongly Agree"). However, 14 respondents were "Agree and Disagree," therefore we may infer that the organizational plan might need a little upgrade. The job description may be based on a plan, and each employee is aware of all of his or her duties inside the bank.
At least the second bigger scale seems to be the "strongly Agree" scale. We may infer that some workers may not have established the rule of integrity and the Code of Ethics from the tiny size of responses provided by 19 employees.
Does Internal Control occur in both regular and irregular circumstances? This is a question that is relevant to risk assessment. Because 28% of respondents may not be aware of the regularity or irregularity of internal controls, they chose "Neither Agree nor Disagree" as their response. On the other hand, the majority of the 50% of workers believe that internal control goals are updated periodically.
46% of respondents to the aforementioned question strongly agree that the management's aims are reasonable and doable. However, 44% of the workers who responded "Neither agree nor disagree" feel that not all objectives can be readily attained.
As we can see, in question 8, the bank personnel concur that the control system successfully thwarts and safeguards unlawful activities. None of the staff respond negatively. The similar thing occurs when we apply statistical analysis to identify the variables.
Since they feel that there are rules and procedures that govern how the different duties in the Bank are regulated, 76% of the workers respond "Agree" to question 9 of the questionnaire. 38 workers are in agreement, and 12 employees are neither in agreement nor disagreement, as shown by the statistical study.
The second section of the questionnaire, which examines the efficiency of internal control systems, starts with Question 10. As we can see, almost all of the employees—100%—agree that internal controls ensure that the computer system is operating properly and that the data belonging to the bank is fully protected. The statistical analysis that is shown in the table below also shows that this is the same.
The majority of workers agree that internal controls foresee improper behaviour and errors that might endanger not just the bank's reputation and interests but also those of the shareholders. Only 2% of people are split between agreeing and disagreeing with this assertion.
As noted in the graph above, 18 (36% of the total number of workers) feel that it is occasionally possible to determine if a transaction was conducted by the appropriate clerk. However, 64% of respondents said they thought internal audit "monitored" all of the transactions that relevant workers made.
The internal auditor, according to 100% of respondents, has complete access to all data and information required for internal control.
An overwhelming majority of the workers 94% (32 out of a total of 50) agree that internal control functions impartially and independently, indicating that it is a crucial component of the bank's operations. However, there is a negative percentage (3 workers) who are undecided.
In response to question 15, 84% of respondents agreed that the auditors for the bank's inspection should sometimes vary in order to raise the standard and openness of the banking system.
A lot of the employees believe that there is no intrapersonal relation between the auditors and the employees, and only a minus percent of 2% strongly agree. So, we can assume that there no changes to be done in order to improve this because its already improved.
Again, the majority of banking employees' responses are favorable, although 36% of them feel that not all of their tasks and obligations are clearly stated for them.
The majority of the 50 workers (100%) firmly feel that computers and informatics help to regulate or even enhance bank supervision. No changes are required at this time. The statistical analysis's table below has the same information.
The operations on the ATM and other bank equipment are closely supervised by a number of individuals, according to 72 of the workers, in order to prevent money misuse. Because of the size and the nature of the transactions, there is transparency and the intersection of control.
Finally, as we can observe the 90% of total employees believe that the results of the audit reports are shown to all the personnel, in order to improve the productivity and their competitive nature.
CHAPTER 6 - CONCLUSIONS AND RECOMMENDATIONS FOR FUTURE RESEARCH
Introduction
The results of the dissertation study are compiled in this chapter and come from both the literature research and the analysis of questionnaire answers. Additionally, it makes recommendations for additional research that may be conducted in the future to advance the internal control role in banking organizations.
Conclusions Of The Questionnaire
First, we utilised the model (framework) created by the COSO Committee, one of the greatest instruments for evaluating the efficacy of internal control systems, to capture the effectiveness of internal control. Five components make up internal control, which is based on the COSO Framework and estimates how successful internal audit is. Each component included two questions in the questionnaire.
In this study, our research technique included delivering questionnaires to four Greek commercial banks. Some conclusions were drawn from the questionnaire's statistical analysis findings and the replies' classification on the Likert Scale neither (“Strongly Disagree, ““Disagree,”“ Neither Agree nor Disagree, ““Agree,”“ Strongly Agree.
We may infer from the whole questionnaire that workers are subject to internal control since they are aware of their responsibilities and tasks, but they also need to better such responsibilities because they sometimes generate confusion while doing their job and during the audit.
Similar to how there is collaboration between the many Bank divisions and internal control, the transactions are regulated by audit processes, and the internal auditors are appropriately educated and seamlessly integrate the control.
In order to address various challenges that develop in their surroundings, the Banks should also consider the findings of the study questionnaire. Moreover, In order to have an efficient internal control system, banks should choose one that considers the risk that lurks in each bank department and should adjust it in accordance with Basel Committee criteria and IAS training. Additionally, internal auditors benefit from working independently since, on occasion, time constraints might hinder the gathering of relevant and adequate evidence. Finally, since complaints regarding defects are often genuine and not made up, internal auditors should consider them. Surprisingly, the contribution of the internal audit function is quite prevalent in all of the aforementioned areas.
In a word, a strong and successful economy depends on the banks' efficient operation and stability.
Recommendations Future Research
It is possible to do more research for each industry independently and draw comparable conclusions on the presence and effectiveness of internal control, but this would take a lot more time and the cooperation of the firms being surveyed.
To have a better understanding of their duties, study might also be done on the efficacy of internal auditors.