University of Ghana http://ugspace.ug.edu.gh UNIVERSITY OF GHANA BUSINESS SCHOOL DEPARTMENT OF ACCOUNTING THE ROLE OF INTERNAL AUDITORS IN ENSURING EFFECTIVE RISK MANAGEMENT IN COMMERCIAL BANKS IN GHANA A THESIS SUBMITTED TO THE DEPARTMENT OF ACCOUNTING IN PARTIAL FULFILMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE IN ACCOUNTING AND FINANCE BY ADELAIDE AMENLA NDEDE AUGUST, 2019 University of Ghana http://ugspace.ug.edu.gh DECLARATION I hereby declare that this submission is my own work towards the Master of Science in Accounting and Finance. To the best of my knowledge, it contains no material previously published by another person or material which has been accepted for the award of any other degree of the University, except where due acknowledgement has been made in the text. ADELAIDE AMENLA NDEDE ….………………… ……………….. (STUDENT NO. 10300233) Signature Date Certified by: PROFESSOR K. A. OSEI ….……………………. ….……………… (SUPERVISOR) Signature Date i University of Ghana http://ugspace.ug.edu.gh ACKNOWLEDGEMENT I would like to thank the Almighty God for making my dream a reality. I would like to express my special thanks and gratitude to my supervisor (Prof K A OSEI) for directing me on how to put this study together. I acknowledge the efforts of my family in supporting this dream. ii University of Ghana http://ugspace.ug.edu.gh DEDICATION I dedicate this work to my first daughter, Ann-Michelle Maame Dokua Otchere Darko, who had to share my time with school work as she was only two months old when I started the program. iii University of Ghana http://ugspace.ug.edu.gh TABLE OF CONTENTS Page DECLARATION ........................................................................................................................ i ACKNOWLEDGEMENT .......................................................................................................... ii DEDICATION .......................................................................................................................... iii TABLE OF CONTENTS .......................................................................................................... iv ABSTRACT ............................................................................................................................. vi LIST OF TABLES ................................................................................................................... vii LIST OF FIGURES ................................................................................................................ viii CHAPTER ONE .........................................................................................................................1 INTRODUCTION ......................................................................................................................1 1.1 Background of the Study ....................................................................................................1 1.2 Problem Statement .............................................................................................................3 1.3 Research Objectives ...........................................................................................................4 1.4 Research Questions ............................................................................................................4 1.5 Significance of the Study ...................................................................................................5 1.6 Scope of the Study .............................................................................................................5 1.7 Limitation of the Study ......................................................................................................5 1.8 Organisation of the Study...................................................................................................6 CHAPTER TWO ........................................................................................................................7 LITERATURE REVIEW ............................................................................................................7 2.0 Introduction .......................................................................................................................7 2.1 Theoretical Review ............................................................................................................7 2.1.1 Institutional Theory .....................................................................................................7 2.1.2 The Policeman Theory ................................................................................................8 2.2 Conceptual Review ............................................................................................................9 2.2.1 Definition and Concept of Internal Auditing ................................................................9 2.2.2 Definition and Concept of Risk Management in Banking .......................................... 11 2.2.3 Major Risk Faced by the Banking Industry ................................................................ 13 2.3 Empirical Review ............................................................................................................ 19 2.3.1 Role of Internal Auditing in Banking ......................................................................... 19 2.3.2 Relationship between Internal Auditing and Risk Management in Banking ............... 20 iv University of Ghana http://ugspace.ug.edu.gh 2.3.3 Challenges Confronting Internal Auditors on Risk Management in Banking .............. 21 2.4 Conceptual Framework .................................................................................................... 23 CHAPTER THREE ................................................................................................................... 25 RESEARCH METHODOLOGY AND ORGANISATIONAL PROFILE.................................. 25 3.0 Introduction ..................................................................................................................... 25 3.1 Research Design .............................................................................................................. 25 3.2 Population of the Study .................................................................................................... 26 3.3 Sample and Sampling Technique ..................................................................................... 26 3.4 Sources of Data ................................................................................................................ 27 3.5 Data Collection Instrument .............................................................................................. 27 3.6 Ethical Consideration ....................................................................................................... 28 3.7 Data Analysis .................................................................................................................. 28 3.8 Industry Profile ................................................................................................................ 29 CHAPTER FOUR ..................................................................................................................... 30 DATA PRESENTATION AND DISCUSSIONS ...................................................................... 30 4.0 Introduction ..................................................................................................................... 30 4.1 Socio-demographic Characteristics of Respondents ......................................................... 30 4.2 Influence of Internal Auditors’ Reports on Management Decisions .................................. 34 4.3 Functions of Internal Auditors ......................................................................................... 35 4.4 Risk Management ............................................................................................................ 37 4.5 Challenges of Internal Auditors........................................................................................ 38 4.6 Impact of Internal Auditors on Bank’s Compliance .......................................................... 40 CHAPTER FIVE ...................................................................................................................... 42 SUMMARY OF FINDINGS, CONCLUSION, AND RECOMMENDATIONS ........................ 42 5.1 Introduction ..................................................................................................................... 42 5.2 Summary of Findings ....................................................................................................... 42 5.3 Conclusion ....................................................................................................................... 43 5.4 Recommendations............................................................................................................ 44 REFERENCES ......................................................................................................................... 45 APPENDIX .............................................................................................................................. 52 v University of Ghana http://ugspace.ug.edu.gh ABSTRACT Internal auditors are indispensable professionals for the effective risk management within every organisation. Therefore, the purpose of this study was to evaluate the functions of internal audit and its ultimate impact in ensuring effective risk management in Commercial banks in Ghana. Descriptive research was carried out using both qualitative and quantitative methods of research through the administration of questionnaire. A sample size of 45 internal auditors was used for the study and data was analysed using the Statistical Package for the Social Sciences (SPSS). It was identified that although most of the internal auditors within the commercial banks in Ghana are not registered members of the Institute of Internal Auditing, they are allowed to work independently without any hindrance from management of the banks. Moreover, it was identified that the functions of internal auditors are to review all internal controls, review processes and procedures, and make recommendations for management with regards to best practices in ensuring optimum productivity and performance of the bank. Additionally, the internal auditors of the commercial banks are involved in the risk management, risk mitigation, and risk monitoring. This has made the reports of internal auditors have much influence on management’s decisions in making and amending policies, business strategies, and guidelines, the introduction of new controls within the management of our products and services. Conclusively, a strong and positive relationship was established between functions of internal auditors and risk management and functions of internal auditors and impact of bank’s compliance to regulations within the banking industry. Therefore, it is highly recommended that the management of the bank should put in place a quarterly internal audit overhaul to strategically review all its risk management practices against expectations of the regulator. vi University of Ghana http://ugspace.ug.edu.gh LIST OF TABLES Page Table 4.1 Demographic Characteristics of Respondents………………………………………..31 Table 4.2 Descriptive statistics of the functions of internal auditors……………………………36 Table 4.3 Descriptive statistics on the risk management of the banks…………………………..38 Table 4.4 Descriptive statistics on the challenges of internal auditors…………………………..39 vii University of Ghana http://ugspace.ug.edu.gh LIST OF FIGURES Page Figure 2.1 Conceptual Framework……………………………………………………………...24 Figure 4.1 Respondents registration with IIA…………………………………………………...32 Figure 4.2 Internal auditors working independently…………………………………………….32 Figure 4.3 Line of report for internal auditors…………………………………………………..33 Figure 4.4 Performance of roles stipulated in the contract………………………………………34 Figure 4.5 Involved in daily management of the bank…………………………………………..35 Figure 4.6 Impact of internal auditors role on bank’s compliance to Bank of Ghana regulations..41 viii University of Ghana http://ugspace.ug.edu.gh CHAPTER ONE INTRODUCTION 1.1 Background of the Study Risk is unavoidably present in every human living situations, hence, its management is essential. Risk management has become a significant issue in the practice of contemporary business due to the incessant decreasing availability of the already scarce resources (Agyei, 2016). According to the Institute of Internal Auditors (2012), risk management is the processes to identify, assess, manage and control prospective issues to deliver judicious assurance concerning the accomplishment of the objectives of an organization. Risk management has been categorized into four stages including identifying the risk, assessing the risk, prioritizing and planning suitable response for the risk, and monitoring the risk (Institute of Risk Management, 2002; International Standards, 2009; Merna and Al-Thani, 2010). Interestingly, the monitoring phase is highly significant for the progress of the organisation and this mainly relies on internal auditing. Hence, in achieving an independent and objective function of monitoring the risk management activities, the role of internal auditing cannot be less emphasized within the organisation (Hopkin, 2012; Merna and Al-Thani, 2010). In every organisation, it is imperious on management to be accountable for the usage and application of organisational resources through effective, efficient, economical and equitable (4E’s) means. Therefore, many organisations have adopted and implemented numerous internal measures to prudently examine the control and usage of scarce resources available within the organisation via accounting principles (Aziz et al., 2015). Internal audit is a mechanism for controlling and curtailing the incidence of misappropriation of funds and fraud in institutions 1 University of Ghana http://ugspace.ug.edu.gh (Egbunike and Egbunike, 2017). According to the International Standards on Auditing (ISA) 2000, the purpose of audit is focused on enabling the auditor to express a view on the financial statements of the organisation with recourse to its preparation conforming to the framework for financial reporting (Pathak, 2005). The primary role of internal auditors is to be helpers of managers to ensure that approved principles and processes are effectively adhered to by the various sections of the organisation (Sawyer et al., 2003). The operations of internal audit incorporates some level of risk management activity (Institute of Internal Auditors, 2012). According to Hopkin (2012), effective risk management should be highly linked to internal auditing so as to ensure optimal performance by the organisation. However, internal auditors continually fail to perform their respective roles in effective risk management due to poor level of awareness, understanding, and implementation of the risk management approach instituted by management (Fraser and Simkins 2010). In Ghana, risk management has become an uncompromising issue within organisations with no exception to those within the banking industry. However, the banking industry continue to face challenges associated to risk management although the institutions in the industry have well established departments and experienced professionals, in charge of internal auditing. Therefore, this study is focused on examining the role of internal auditors in ensuring effective risk management in the banking industry of Ghana. 2 University of Ghana http://ugspace.ug.edu.gh 1.2 Problem Statement In determining the success or failure of institutions, risk management is essential. The function of internal auditors towards effective risk management has been problematic within the banking industry in Ghana. Recently, there has been recorded cases of some banks being closed due to ineffective risk management. However, these banks have designated departments and well experienced auditors in charge of the internal auditing activities within the institutions. The ineffective management of risks within these banks have created a destabilized system and poor credibility within the banking industry of the country. Therefore, it can be deduced that the ineffective risk management within the banking industry can be attributed to poor attention and commitment on the part of management, poor establishment of standard procedures for risk management, and poor level of awareness, understanding, and implementation of the risk management by internal auditors and risk managers (Fraser and Simkins 2010). Interestingly, studies on a global scale which have looked into the role of internal auditors in risk management have not considered a case within the banking industry. In Ghana, banks lose about 20% of their asset quality and financial performance each year due to ineffective risk management (Bank of Ghana, 2018). However, to the best of my knowledge, no work on the role of internal auditors in risk management in the banking industry in Ghana has been ascertained. Conclusively, studies conducted in related field used a qualitative approach which makes it difficult to make generalisations on the conclusions established (Mash’al, 2012; Fraser and Henry, 2007; Leung and Isaacs, 2008). Therefore, this study is focused on ascertaining the role of internal auditors on effective risk management within the banking industry using a different approach. 3 University of Ghana http://ugspace.ug.edu.gh 1.3 Research Objectives The main aim of this study is to evaluate the functions of internal audit and its ultimate impact in ensuring effective risk management in Commercial banks in Ghana. The specific objectives are: i. To assess the functions of internal auditors in commercial banks as against internal audit regulatory standards. ii. To establish the relationship between internal audit, risk management and its impact on the commercial banks’ compliance to the Bank of Ghana’s regulations. iii. To identify the challenges confronting internal auditors in risk management in Commercial banks. iv. To investigate the influence of internal auditors’ reports on management decisions. 1.4 Research Questions To help achieve the specific objectives of this research work, the following questions guided the researcher: i. What are the reporting lines and coverage of internal auditors’ functions as stipulated in their contracts? ii. How are these stipulated roles different from guided regulatory documents for internal auditors? iii. What role does the report and findings as well as recommendations of internal auditors’ play in risk management in the commercial banking operations? iv. What are the challenges confronting internal auditors on their role of ensuring effective risk management in commercial banks in Ghana? 4 University of Ghana http://ugspace.ug.edu.gh v. How does the role of internal auditors impact the compliance of commercial banks with regulations from the Bank of Ghana? 1.5 Significance of the Study The study is focused on providing information on the scope of internal audit in the commercial banking sector and how the internal audit function can contribute to decision making at the top level of management or the board level and finally, its impact on the risk management of the banking sector in the country. This will give a competitive advantage to the banks with its bottom- line effect on survival, sustenance and growth which are likely to be emulated by other institutions within the industry. Moreover, to a greater extent the findings of the study is intended to increase the performance of the institution and also create a strong banking industry in the country. 1.6 Scope of the Study The study is focused on evaluating the function of internal auditors in guaranteeing effective risk management in commercial banks in Ghana. In achieving the objectives of the study, a robust methodology was used which included only internal auditors who have worked with selected commercial banks in the country for one year and beyond. However, employees who are not part of the management of the internal audit unit in the bank were excluded from the study. 1.7 Limitation of the Study The researcher faced the challenge of reluctance from respondents in responding to the questionnaires administered hence delay in the entire study period. 5 University of Ghana http://ugspace.ug.edu.gh 1.8 Organisation of the Study This research is divided into five major chapters. The first chapter seeks to introduce and give a formal representation of the background, statement of the problem under study, stating and justifying the problem, elaborating on the purpose and objectives of the study, assessing the study with various research questions, significance of the study, stating the limitations of the study and organization of the study. The second chapter reviews findings from related research studies. It also gives an account of the work that has been done on the topic by accredited scholars and researchers. The third chapter involves the systematic, theoretical analysis of the methods applied, research designs; population and sampling selection to the field of study. It also comprises the theoretical analysis of the body of methods and principles associated with the research study. The fourth chapter describes the outcome and findings of the research project, interpret and also describe the significance of the findings in light of what was already known about the research problem being investigated, and to explain any new understanding or fresh insights about the problem after taking the findings into consideration. The fifth chapter seeks to bring to light the summary, conclusions, and recommendations to help make further researches in this field to perfectly solve the problem at hand. 6 University of Ghana http://ugspace.ug.edu.gh CHAPTER TWO LITERATURE REVIEW 2.0 Introduction This chapter encompasses a review of related studies and findings which have been published on the topic by recognized scholars and researchers. The primary focus of this section was to assist readers and researchers to identify the variances, conformities, and connections associated with this current study and past finding. This section was addressed under the following sub-headings: 2.1 Theoretical Review This part presents a review of relevant theories including institutional theory and policeman theory. All these theories have a recourse to the achievement of the objectives of the study. 2.1.1 Institutional Theory According to Hoffman (1999), institutions are regarded as beliefs, norms, and rules which describes the existence of an organisation, explaining the dos and don’ts of the organisation. Institutions operate within three different dimensions of behavior, the regulative, the normative, and the cognitive (Scott, 1995). The regulative dimension adopts a form of coercion and threat of sanction to guide the actions of individuals within the organisation whereas the normative dimension uses norms of ethics, acceptability, and morality to guide stakeholder actions, and the cognitive dimension guides actions via scopes known to them. Several studies have outlined the essence of institutions in establishing stability and continuity within organizational practices and processes (Berger and Luckmann, 1967; David, 1985; Arthur, 1988). Institutional theory as propounded by Fogarty (1996) describes an organisation as one designed to function to achieve 7 University of Ghana http://ugspace.ug.edu.gh the social expectations as long as the organisation’s activities are noticeable to the public. Fogarty, (1996) developed this, emphasizing that the influence of institutional theory is in the view of the fact that the definite endeavors of an organisation and what its structure suggests should achieve are mostly dissimilar. Institutional theory places much emphasis on the influence of institutional arrangements on the legitimate and appropriate ways of doing things within an organisation (Suchman, 1995). However, several external factors can influence a new paradigm for the organisation to adopt to specific procedures, practices, and structures which later then becomes legitimate (DiMaggio and Powell, 1983). These external factors are very common among politically vulnerable institutions which the public sector is a major example. Hence, in applying this theory to the study, it is imperative to know that the internal audit structures and its effectiveness within the banking industry in Ghana are likely to be jeopardized since the industry is highly influenced by management’s decisions. This coercive approach from the management arenas can put pressure on auditors to compromise with the legitimate ways of doing appropriate audit, all in the name of covering fraud and corruption. 2.1.2 The Policeman Theory This theory of auditing is fundamentally focused on the arithmetical precision and detection and prevention of fraud within organisations (Egbunike and Egbunike, 2017). This theory is solely focused on empowering the auditors to detect and prevent frauds or errors without any ills or favors. However, the effective function of auditors have been curtailed by several external factors which has led to fraud and corruption to be sky rocketing within recent times. In applying this theory to the study, within the banking industry in Ghana, internal auditors may be seen as policeman in books but as accomplice in reality since their functions are continuously dwindling 8 University of Ghana http://ugspace.ug.edu.gh and fraud and corruption is continually rising. The ineffectiveness of the auditors can lead to a serious challenge to confront effective internal audit within the banking industry of the country. 2.2 Conceptual Review 2.2.1 Definition and Concept of Internal Auditing According to the Institute of Internal Auditing (2012), internal auditing is defined as “an independent, objective assurance and consulting activity designed to add value and improve an organization's operations”. On the other hand, internal auditing is considered as “an autonomous evaluation function established within an organisation to scrutinize and appraise its activities as a service to the organisation” (Dunn, 1996). Millichap (2002) also defines internal auditing as an autonomous function instituted by management within an organisation for the purpose of reviewing internal control systems within the organisation. In an objective manner, the function scrutinizes, assesses, and reports on the adequacy of internal control for the effective and efficient use of organizational resources. The audit activities within an organisation is deduced out of the perception and management of the risks within the organisation (Pickett, 2006). In view of the risk management aspect, services such as consulting and assurance services are involved in the improvement of the control systems in managing the risks (De Zwaan et al., 2011). Risk-based audit is noted of aiding institutions in producing a better accountability system (Pickett, 2006). Therefore, institutions strategically plan and prioritize auditing in other to conform with organizational goals and risk attitude (Selim and McNamee, 1999). Therefore, reviewing of control risk is an important component in an audit programme which aids in determining the designs of the audit process, so a high risk necessitates a stricter audit system for the control of organizational activities (Sawyer et al., 2003). However, the complexities associated with internal auditing are 9 University of Ghana http://ugspace.ug.edu.gh capable of impeding the functions of internal auditing within organisations (Kalbers, 1995). Internal auditing is noted for aiding organizations to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance process. Traditionally, internal auditing is noted for helping organisations to control their internal systems but the advent of corporate governance has necessitated a wide array of prospective internal control systems for organisations (Cattrysse, 2005). According to the International Standards on Auditing (ISA) 200, the purpose for an audit within organisations is to enable auditors express their views and perceptions on the documented financial statements in accordance with the approved financial reporting framework (Hayes et al., 2009). Hence, the essence of internal audit departments within organsiations is to ensure the smooth functioning of internal controls via revision of practices and policies so as to eliminate non- compliance or loss of financial resources (Baharud-din et al., 2014). Moreover, internal auditing is focused on improving the effectiveness and efficiency of the organisation via constructive criticism (Enofe et al., 2013). An effective internal auditing is capable of providing assurances to all stakeholders of the organisation (Institute of Internal Auditing Research Foundation, 2004). With this, the strengthening and fostering of stakeholder relationship enhances reliability and confidence in internal audit’s work (IIA, 2016). Reliability is regarded as the degree at which accounting information indicates what it intends to represent (Okodo et al., 2019). According to Suleiman and Dandago (2014), an internal auditor’s work is regarded as reliable due to factors such as preparation of the audit based on the Generally Accepted Accounting Principles (GAAP), the financial statements been audited by an independent auditor, and having the financial statements been ratified by the directors of the organisation. 10 University of Ghana http://ugspace.ug.edu.gh 2.2.2 Definition and Concept of Risk Management in Banking Risk is considered as the influence that an uncertainty has on stipulated objectives (ISO, 2009). The influence can be regarded as having either or both, positive and negative consequences. According to Power (2009), risk is an entity which is related to the vital principle of an organisation and it value creation. In other words, Atkins et al. (2006) defined risk as “the actualized insecurity concerning the incidence of an undesired happening”. Therefore, Ewald (1991) posits that “Nothing is a risk in itself; there is no risk in reality. But on the other hand anything can be a risk; it all depends on how one analyses the danger, consider the event”. With these definitions, it is evidently clear that risk is an undeniable fact within the operations of every organisation, however, the incidence and effect of risk on organisations may differ due to management of the risk by the organisation. Different sources of risk exist, thus, financial and operational risks (Fatemi and Glaum, 2000). Operational risks are undesired uncertainties associated with the investment opportunities of the organisation which is mostly influenced by the product markets in which the organisation operates. For instance, within the banking industry, operational risks are associated with exchange rates and interest rates on the world business market. On the other hand, financial risk is connected to a much wider market risk that affects financial performance of institutions. Interestingly, the combining effect of the two forms of risk on the institution is very tremendous in jeopardizing the fortunes of the institution. For several years, risk management has become a major concern to most organisations, either financial or non-financial institutions. According to Smith et al. (1990), risk management is regarded as the institutionalization and operationalization of designed activities to curtail the negative influences (cost) of uncertainty (risk) concerning probable losses. In other words, Redja (1998) considered risk management as a process of systematic intent to identify and evaluate the loss exposure encountered by 11 University of Ghana http://ugspace.ug.edu.gh organisations and mounting appropriate and suitable techniques for handling such exposures. Risk management involves the use of tools and models in measuring and controlling risk through a three stage process: identification of the risk, measurement of the risk, and managing of the risk (Bessis, 2010). The impact of risk management is to increase profitability and assurance of survival of the firm, reduce volatility of cash flows, minimize foreign exchange losses, and protect earnings fluctuations (Fatemi and Glaum, 2000). In ensuring an effective risk management within the banking industry, management of the respective financial institutions play a very critical role (Pyle, 1997). This involves them identifying and understanding the risks associated with their business operations and establishing and implementing effective business strategies and policies to handle the risk profiles. However, management of financial institutions usually rely on sequential steps in implementing a risk management system, including standards and reports, position restrictions, investment strategies, and motivational contracts and reward. These steps and tools are usually institutionalized to measure exposure, define procedures to manage these exposures, limit individual positions to satisfactory levels, and inspire decision makers to manage risk in a consistent manner towards achieving the objectives of the banking institution. Risk management is a major concern to management of banking institutions since it is an essential component of the management process in protecting the assets and investments of the institution (Froot et al., 1994; Oldfield and Santomero, 1995; Smith et al., 1990; Stulz, 1984). Moreover, management pursue risk management with the notion to avoid low profits which have the possibility of forcing them to search for prospective external investment. However, not all forms of risk are handled by management, depending on the nature and intensity of the risk, they can also be managed by appropriate strategies established by various departments within the institution 12 University of Ghana http://ugspace.ug.edu.gh (Oldfield and Santomero, 1995). With this, risk managements can be categorized as ones actively managed at the institutional level, eliminated via simple business practices, and ones with the possibility of been transferred to other risk managers. In all these situations, after the absorption of risk, the activity for risk management necessitates the monitoring of business activity risk and returns and it is regarded as a composite factor in the engagement of business. In conclusion, financial institutions should give recognition to risks that are exclusively a composite factor of the bank‘s range of distinctive value-added amenities (Allen & Santomero, 1996, Oldfield & Santomero, 1995). This then substantiate the fact that the banking industry is faced with several forms of risk which might be peculiar to the industry. 2.2.3 Major Risk Faced by the Banking Industry In the banking industry, risks are inevitable therefore, financial institutions consider varying forms of risks which are either of financial or non-financial orientations. However, these risks differ from one product or service to the other and among institutions. The risks associated with the banking industry are enormous but for the purpose of this study, focus was given to risks including market risk, operational risk, credit risk, and reputational risk. Market Risk Market risk is known to be consequences associated with changes in inherent economic factors including equity or commodity prices, interest rates, fluctuations in bond, and exchange rates (Atkins, 2006). However, the major risk factors for market risk are foreign exchange rates, liquidity, and interest rates. Liquidity risk is associated with the situation where a financial 13 University of Ghana http://ugspace.ug.edu.gh institution is incapable of effectively accommodating the recovery of deposits and other liabilities and to cover funding upsurges in the investment and loan portfolio (Greuning and Bratanovic, 2009). Moreover, they assert that the price of liquidity is conversely a function of market conditions and the market’s perception of the inherent riskiness of the borrowing institution. However, Bessis (2010) views liquidity risk from three separate perspectives. The first perspective is associated with the difficulties banks go through in ensuring that funds are raised at a fair cost with reference to the volumes of transaction, fluctuations within the interest rates and complications in financing a counterparty. With respect to the second perspective, liquidity risk is considered as eminent within situations where there is inadequate short-term asset values to correspond with its liabilities and unanticipated outflows. In terms of the third perspective, liquidity risk is associated with the influx of comprehensive losses to the bank which can lead to future problems such as bankruptcy and bank collapse. For effective management of liquidity risk, banks should exhibit their potentials and capacity of meeting the cash flow obligations of the institution (Santomero, 1995). Interest rate risk is the inherent risk potential in interest rates that has the capability of reducing the value or earnings of banks (Bessis, 2010). Management of interest rate risks has become problematic within the banking industry due to the amalgamation of issues concerning deregulation, volatile interest rate environment, and increasing range of on-and-off balance sheet products (Greuning and Bratanovic, 2009). Within the banking industry, interest rate risk are possible from four main sources namely basis risk, yield curve risk, repricing risk, and optionality risk (Greuning and Bratanovic, 2009). In conditions where interest rates changes, these alterations can give rise to unexpected changes in the cash flows and earnings spread among assets, liabilities, 14 University of Ghana http://ugspace.ug.edu.gh and off-balance-sheet instruments of similar maturities or repricing frequencies (Wright and Houpt, 1996). Foreign exchange rate risk is possible when unforeseen change in exchange rate alters the amount needed in home currency for a transaction denominated in a foreign currency (Bessis, 2010). Such losses are possible through mismatching of value of assets and liabilities and capital denominated in foreign currencies. This risk is speculative and can lead to a loss or gain with recourse to the route of the exchange rate modifications (Greuning and Bratanovic, 2009). The sources of this risk include transaction, revaluation, and economic risk. Market risk is evident among financial institutions in both their trading activities and balance sheets. Hence, a decrease in market risk has the capacity of enhancing the investment and trading portfolio of the banks. Risk management of market risk renders a comprehensive, strategic, and systematic approach in identifying, measuring, monitoring, and controlling the risk factors associated with market risk confronting the banking institution. Credit Risk One major risk confronting financial institutions has got to do with credit, thus where customer or borrowers are not able to redeem their obligation of repaying their loans to the bank within the stipulated time (Atkins, 2006; Greuning and Bratanovic, 2009). Whether payment are delayed before paying or not paid at all, banks stand the chance of incurring credit risk. This form of risk is continually growing among the financial institutions since the banking industry is growing bigger and better due to increase in competition. In the financial market, a decline in the credit standing of a debtor does not necessarily emerge into a loss since it elicits an ascending move of 15 University of Ghana http://ugspace.ug.edu.gh the obligatory market yield to recompense the higher risk and initiates a decline in value (Bessis, 2010). In a banking setting, the financial state of the borrower together with the current value of any fundamental securities are of significant concern to the banks when assessing the credit risks of counterparties (Santomero, 1997). Hence, formal strategies and policies outlined implemented by management are very essential to the management of credit risk. These policies are poised toward the reduction of the risk, classifying assets via mandatory periodic evaluation of the collectability of the credit portfolio, and making of provision for losses attributed to credit. Strategic Risk Corporate strategies together with external events have contributed in a form of risk toward organisations. However, little attention has been given to this form of risk known as strategic risk (Miller, 1992). According to Slywotzky and Drzik (2005), strategic risk is defined as “the range of external happenings and drifts that can distress the growth and development of a company and its associated shareholder value. They therefore consider strategic risk as a function of the compatibility of an organisation’s strategic goals, the development of business strategies, deployed resources, and the quality of implementation to achieve the goals of the institution. In other sense, Emblemsvåg and Kjølstad (2002) defines strategic risk as a firm related one which arouses from the pursuance of the organizational goals via opportunity exploitation or business threats reduction. This type of risk is influenced by market stagnation, emergence of one-of-a-kind competitor, danger associated with technology shift, new project failure, erosion of brand, customer priority shift, and industry margin squeeze. Unfortunately, this risk type is highly unpredictable due to its diversified form, making management incapable of developing and implementing tools and techniques to address issues concerning them (Slywotzky and Drzik, 2005). Due to the 16 University of Ghana http://ugspace.ug.edu.gh complexities in managing this risk, it is not satisfactory to use a single quantitative measure (Gates, 2006). However, the management of strategic risk is possible through the identification of the strength and weakness characteristics of the financial institution (Beasley and Frigo, 2007). According to Herman and Head (2002), effective management approach of strategic risk must encompass both the downside and upside of the risk. Operational Risk Operational risk is related to the direct or indirect loss subsequent to the insufficient or futile internal systems, processes, people and external events (Bassel Accord, 2007). This form of risk is evident at varying levels, including errors from humans, technology, systems, and processes within the organisation. Due to the fact that operational risk is an event risk, without an efficient tracking and reporting of risks, some essential risks might be unnoticed which will result in no prompt for remedial action which can result in catastrophic consequences (Bessis, 2010). However, with the advent of factors such as technology, use of structured finance, outsourcing, and e-commerce, financial institutions are capable of reducing the inception and consequences associated with the risk (Greuning and Bratanovic, 2009). Therefore, it is not only prudent for management to only ensure compliance with the operational risk policies but also inculcate daily reporting of activities in the operations of the financial institution in order to monitor and manage the risk in a less complicated manner. 17 University of Ghana http://ugspace.ug.edu.gh Reputation Risk Reputation risk is continually becoming a prominent and prioritized form of risk in the banking industry playing an essential role even ahead of market and credit associated risks (Economist Intelligent Unit, 2005). According to Lerbinger (1997), the reputation of a company is ultimately its utmost significant asset since it is sturdily connected with the growth, profitability, and long- term survival of the company. Therefore, a partial or complete erosion of the reputation of a company is extensively detrimental to the company. The share price of various successful banking institutions are usually not made up of tangible assets including reserves and properties but from the goodwill component (Atkins et al., 2006). Therefore, the reputation of a company comprises of numerous immaterial assets including the value of the company’s brand and its prospective profit stream. These immaterial assets may be more than the value of tangible assets in institutions of good repute. On the other hand, an institution of bad repute can have negative reputation equity where the institution is treasured at less than the value of its tangible assets. The risk factors of reputation risk are non-compliance to rules and regulations, competitive environment or industry, and poor behavior on the part of the employees of the institution. Effective management of reputational risk involves effective communication and fostering of strong relationships among stakeholders of the company. For instance, effective communication via accurate and timely financial reporting, newsletter, and rapid customer service interventions between a financial institution and its stakeholders have the potential of building a strong reputation for the institution. 18 University of Ghana http://ugspace.ug.edu.gh 2.3 Empirical Review 2.3.1 Role of Internal Auditing in Banking Within the banking industry, internal auditing is essential. Hence, attempts have been made in developed countries in regulating internal audit and also paying more attention to it as a means for monitoring and controlling the accounting system to reduce illegalities pertaining to financial and administrative practices (Rahahleh, 2010). According to the Institute of Internal Auditors Research Foundation (2004), internal auditing is vital for assessment of ethics and values, financial and operational performance, and communication of risk. With this, it is imperative on internal auditors to offer suitable and appropriate recommendations for the improvement of areas of deficiencies within the organisation. A study conducted by Kibet (2008) revealed that internal auditing is effective in promoting good corporate governance within financial institutions. Moreover, a study carried out by Kibara (2007) in Kenya identified that internal auditing play a critical role in risk management. On the contrary, the work of Keitany (2000) revealed that internal audit in the banking industry is a control function but have negative implications on the function of external auditing. Therefore, he concluded that irrespective of the level of reliance, insensitivity, and implications of internal controls, organisations should not totally neglect such system within the organisation. A study conducted by Vousinas (2015) confirms the fact that internal audit plays a critical role in risk assurance and bank fraud management thus, ensuring banks’ normal and uninterrupted operation. Asare et al. (2008) examine internal auditors’ fraud risk decisions in response to variations in audit committee quality and management performance incentives in the Ghanaian banking industry. Using an experimental approach, they find that internal auditors acting in an 19 University of Ghana http://ugspace.ug.edu.gh either a self-assessment role or a due diligence role were sensitive to alterations in management performance incentives, linked them to fraud risk assessments and changed their audit plans accordingly. With respect to audit committee quality, internal auditors in both roles were sensitive to variations in quality and linked the variation in quality to fraud risk, but did not alter the scope of their planned audit effort. As a result, they neither linked the variations in quality to fraud risk nor to planned scope. 2.3.2 Relationship between Internal Auditing and Risk Management in Banking The role of internal auditing in risk management is focused on rendering assurance and information for the effective management of the risks in order to accomplish the goals of the organisation (IIA, 2011). According to guidelines stipulated by the IIA (2009), the core functions of internal auditors in risk management involves: providing assurance in risk management processes, evaluating risk management processes, providing assurance that risks are correctly evaluated, evaluating the reporting of risks, and legitimate internal auditing. Therefore, internal auditors are just regarded as helpers of management to accomplish their goals and not assume positions of a manager (Sawyer et al., 2003). However, it is difficult to achieve that internal auditors do not assume managerial roles within the organisation because it is detrimental to the organisation when they assume the role of employer (Brody et al., 2000). Ahlawat and Lowe (2004) substantiated empirically that the judgement of auditors is expressively influenced immediately they take up the role of employer/client advocate. Several studies have indicated that internal auditors become bias when allowed to perform consulting services for risk management within organisations (Coffee, 2002; Stewart and Subramaniam, 2010). In the psychological sense, individuals tend to be more bias and pass impartial judgments in an unconscious manner when there is conflict of interest (Bazerman 20 University of Ghana http://ugspace.ug.edu.gh et al., 1997). Pickett (2011) concluded in his study that the change in internal auditing should not focus on changing the role of internal auditors to that of risk managers, but rather be attained by a cohesive relationship among internal auditors and risk managers including all other risk management operations within the company. In a survey conducted by IFAC survey (2011), respondents described that no definite tools or guidance to implement and enhance an actual cohesive system among internal auditing and risk management. The study concluded that owing to the mutually dependent relationship existing within internal auditing and risk management, there is a clear demand for a partnership amongst all stakeholders including government regulatory bodies. A study carried out by Hopkin (2012) mentioned that the working relationship between risk management and internal audit should be close. Salameh et al. (2011) investigated the effectiveness of internal audit units in risk management in the Jordanian banking industry. The main findings indicate that internal audit units are perceived effective in risk management and that in-house internal audit units are proved more reliable than external audit functions. This is due to the fact that in-house internal audit units are characterized with more in-depth knowledge concerning the policies, culture, and procedures of the banks than external auditors. 2.3.3 Challenges Confronting Internal Auditors on Risk Management in Banking A study conducted by the Institute of Internal Auditors Research Foundation (2011) revealed that there is a continuous failure among internal auditors in complying with their roles during risk management. Therefore, according to the study, 75% of the respondents agree that internal auditors require a better understanding into risk management within organisations. Moreover, it had already 21 University of Ghana http://ugspace.ug.edu.gh been established that the roles of risk managers and internal auditors are blurry in nature with regards to roles associated with risk assurance (IIARF, 2005; Gramling and Myers (2006). This can be attributed to the fact that a clear identification of the roles of internal auditors in an effective risk management is not clearly defined (Fraser and Simkins, 2010). According to Gramling and Myers (2006), roles and processes involved in effective risk management are not clearly defined and articulated by senior management to junior staff and management. A study carried out by Egbunike and Egbunike (2017) found out that while independence and the compliance with set out rules and regulations of public fund management pose a challenge to internal auditors of public sector entities, improper segregation of duties does not pose a challenge to internal auditors of public sector entities. A survey carried out by Chepkorir (2010), identified that realignment of skill to address new requirement and implementation of new international professional practices framework are the major challenges confronting internal auditor’s role within the banking industry in Kenya. A study carried out by Meggeneder (2015) identified that internal audit departments within organisations mostly do not have well-structured training for staff on internal auditing and its role in risk management. A study conducted by Farouk and Hassan (2014) on audit expectation gap in two southern states of Nigeria using ninety six (96) internal auditors in state ministries revealed in their study that issues of governance failures have rendered most internal auditors as incompetent on their responsibilities. The work of Baharud-din et al. (2014) evaluated competency with respect to academic level, skill, the size of internal audit staff, experience, their employers in continuing professional development, 22 University of Ghana http://ugspace.ug.edu.gh and the effort of the internal audit staffs. In many occasions, as noted by Akpomi and Amesi (2014), it is assumed that insufficient number of internal auditors renders the entire audit systems and processes as one of no or little significance. Therefore, insufficient staffing can result in human errors, mismanagement, and abuse of the system within an organisation (Egbunike and Egbunike, 2017). The study by Desai et al. (2006) also exposed that competence was a significant factor ahead of objectivity and work performance in identifying a reliable function of internal audit. Ege (2015) also find that the competence of internal auditors is negatively associated with the possibility of management delinquency, connoting that a well-trained high quality internal auditor generates extra benefits for the organization. In recent study, it has been deduced that the competence and professionalism level of internal auditors can be enhanced through periodic trainings organised for the staff (Eulerich and Ratzinger-Sakel, 2017). Akharayi (2013) posits that the level of independence of internal auditors in Nigeria is very low, and in most situations, they are not objective in their recommendations and conclusions due to the fear of been fired from the jobs or demoted from their positions. 2.4 Conceptual Framework Several concepts and theories exist within the relationship between the role of internal auditors and risk management within an organisation. A conceptual framework is the analytical tool to organize ideas, relate and compare the distinctions and relationships among existing theories. This type of framework is suitable for both qualitative and quantitative types of research. A strong conceptual framework is easy to interpret. In assessing the function of internal auditors in guaranteeing effective risk management within the banking industry, the study adopted a conceptual framework which is shown in Figure 2.1 below. 23 University of Ghana http://ugspace.ug.edu.gh Challenges Associated with Internal Auditing Role of Internal Risk Management Auditors Figure 2.1 Conceptual Framework (Author’s own Construct, 2019) It is obvious in Figure 2.1 that internal auditors play a critical role in risk management within an organisation. However, the role of internal auditors in ensuring risk management have the potential of being curtailed by some level of challenges that might be institutionally or individually oriented. Therefore, the independent variable for this study is role of internal auditors and the dependent variable is risk management and the intervening variable is challenges associated with internal auditing. This construct aided the researcher in understanding the concepts of the study for a smooth and appropriate analysis and interpretation of the findings of this study. 24 University of Ghana http://ugspace.ug.edu.gh CHAPTER THREE RESEARCH METHODOLOGY AND ORGANISATIONAL PROFILE 3.0 Introduction This Chapter seeks to address the procedures that were adopted for the collection, analyzing and interpretation of data from respondents from commercial banks in Ghana. The Chapter considers areas including the research design, population and sample selection, data collection approach, analysis of the data, ethical consideration and a brief profile of the organisations under study. 3.1 Research Design According to Saunders et al. (2012), research design is the fundamental plan that aids a researcher in collecting, handling, and analysing data. A research design can be considered as explanatory, exploratory, correlational and descriptive. In terms of how the research was streamlined and conducted, the study adopted a descriptive design in order to provide a holistic description of the situation in the study area. According to Neuman (2007), descriptive research enables the researcher to formulate and evaluate precise questions that can be very useful in the analysis of future researches. The researcher chose this design because it is easy, convenient and purposeful in achieving the objectives of the study (Holsti, 2006; Zikmund, 2003). However, Saunders et al. (2012) have noted that the success of descriptive research depends on a thorough search on related available literature, effective expert communication and focus group interviews. This type of research design is flexible, cost-effective and helps to provide better conclusions to the study. The research method used in achieving the objectives of the research design can be quantitative, qualitative, or mixed. According to Schmidt and Hollensen, (2006), the qualitative research 25 University of Ghana http://ugspace.ug.edu.gh method is concerned about words and observations because its main aim is to identify perceptions in the minds of people. Qualitative research methods can be done through interviews, focus group discussions, and observation (Piekkari & Welch, 2004). Conversely, Davis (2000) classified a quantitative research method as one which involves numerical and statistical analysis of a structured survey of large samples. This design enables one to measure different variables and establish a relationship between the different variables (Taylor, 2005). Mixed research design involves the use of both qualitative and quantitative designs. For the purpose of this study, the researcher employed a mixed method including both quantitative and qualitative research methods to evaluate the function of internal auditors in guaranteeing effective risk management in commercial banks in Ghana. 3.2 Population of the Study According to Agyedu et al. (1999), population of a study is considered as a complete set of individuals (subjects), objects or events having common observable characteristics of much interest to the researcher. The target population for this study is the internal audit units within the commercial banks in Ghana. This population comprise of three internal auditors from twenty-four (24) commercial banks which have a good standing with the Bank of Ghana (Bank of Ghana, 2019). This makes the target population 72. 3.3 Sample and Sampling Technique According to Easterby-Smith et al. (2008), a sample is regarded as a subset of the target population from which data is collected. With this, out of the total population, convenient sampling was used to sample the banks for the study. Out of twenty-four (24) commercial banks in Ghana, fifteen (15) 26 University of Ghana http://ugspace.ug.edu.gh banks were conveniently selected to become the sample size of the study. For the selected fifteen (15) commercial banks, three internal auditors were purposively sampled from each of the institution. This made the respondents for the study forty-five (45) internal auditors. Much fairness and credibility was ensured in selecting the respondents of the study. 3.4 Sources of Data Data is essential in any form of research. Therefore, its source authenticates the validity of the data. The two sources of data are primary and secondary; the researcher used only primary data for this study due to the fact that data was being collected on the subject matter for the first time by the researcher and has not been published yet; rendering it more reliable, authentic and objective. Moreover, primary data is original in character, highly illustrative and impartial. Therefore, in sourcing for data on the subject matter, questionnaires were used. 3.5 Data Collection Instrument The major data collection instrument used for the study was questionnaire. The questionnaire is categorized into four sections, which include socio-demographic characteristics of the institution, functions of internal auditors, risk management in the bank, and challenges associated with internal auditors in the bank which were prepared in accordance to the objectives of this study. Apart from the socio-demographic characteristics of institution, all other sections were measured using a five- point Likert scale; Strongly Disagree – 1, Disagree – 2, Neutral – 3, Agree – 4 and Strongly Agree – 5 (See Appendix A for sample of questionnaire). Conclusively, the questionnaire was manually administered to the respondents subsequent to a pilot testing of the questionnaire which was conducted to address various errors and concerns. 27 University of Ghana http://ugspace.ug.edu.gh 3.6 Ethical Consideration Ethics are the appropriate, acceptable, and standardized ways of doing something under given circumstances (Zikmund, 2003). They are very essential in the research study. The main aim of ethical consideration in research is to provide a norm or standard of not trampling on the rights, obligations, and privacy of an individual or organization involved in the research. The researcher sought for the consent of the heads of the internal audit units of the commercial banks before carrying out the study. In the questionnaire, names of respondents were not captured when answering them and the main objective of the study was made known to the respondents before responding to the questions. 3.7 Data Analysis According to Holsti (2006), data analysis can be described as the process of analytical and logical evaluation of data obtained from a study in order to draw appropriate conclusions. For easy analysis and relevant interpretation of data, descriptive statistics such as frequency and percentages were carried out on the socio-demographic characteristics of respondents. A one-sample T-test was conducted out to ascertain the mean and standard deviation of the level of response on the statements under the constructs; functions of internal auditors, risk management, and challenges associated with internal auditing. Data was analysed using the Statistical Package for Social Sciences (SPSS) version 20 and all statistical tests were done at 95% significance level. Results are presented in tables and figures. On the other hand, open ended questions were analysed using the thematic analysis approach and represented using a verbatim report. 28 University of Ghana http://ugspace.ug.edu.gh 3.8 Industry Profile Banks were first introduced in West Africa through the establishment of First Bank of Nigeria in Nigeria. The first commercial banks introduced in Ghana are the Bank of British West Africa (Now Standard Chartered Bank) and Barclays Bank D.C.O (now Barclays Bank of Ghana Limited) in 1874 and 1917 respectively. Surprisingly after this, the commercial banking system has been dominated by several banks providing over 70% of banking services in Ghana (Asemanyiwaa 2015). However, since the inception and massive influx of commercial banks within the industry, the institutions have been continually exposed to risk which has necessitated them to have competent professionals in monitoring and managing the risk confronting them. Recently, most commercial banks within the banking industry in Ghana have collapsed due to inadequate risk management. Therefore, making the existing commercial banks to be much more vigilant on monitoring and managing the risk confronting their daily operations as banks. 29 University of Ghana http://ugspace.ug.edu.gh CHAPTER FOUR DATA PRESENTATION AND DISCUSSIONS 4.0 Introduction This chapter outlines the data presentation, analysis, and discussion of data gathered from the survey. Data were analysed with respect to the objectives of this study. Moreover, data were discussed in conjunction with a comparison between surveyed data and relevant literature review. 4.1 Socio-demographic Characteristics of Respondents Table 4.1 below clearly shows that out of the entire respondents, 80% were males and 20% were females. With respect to age classification, 26.7% of the respondents were within 20 – 30 years, whereas 40% were within 31 – 40 years, 22.2% were within 41 – 50 years, and 11.1% were within 51 – 60 years. This clearly depicts that most of the respondents were adults. According to Erickson (1994), age are classified into young adulthood (20-30), middle adulthood (31-45), and late adulthood (46 and above). With these age classifications, the study sustains that most internal auditors are within their adulthood stages of life especially the middle adulthood category. This might authenticate the fact that before an individual becomes an internal auditor, it takes quite a number of years of work experience. Moreover, in terms of the level of education of respondents, 62.2% had postgraduate degrees whereas 33.3% had bachelor’s degree, and 4.4% had professional certificates as their highest level of education. 30 University of Ghana http://ugspace.ug.edu.gh Lastly, 51.1% had worked with their respective banks for 1-5 years while 22.2% for 6-10 years, 13.3% for 11-15 years, and 13.3% for above 15 years. Also showing that the internal auditors are highly educated and the turnover in the profession of internal auditors is high. Table 4.1 Demographic Characteristics of Respondents Characteristics Category Frequency Percentage (%) Gender Male 36 80 Female 9 20 Age (years) 20-30 12 26.7 31-40 18 40.0 41-50 10 22.2 51-60 5 11.1 Level of Education Bachelor’s Degree 15 33.3 Postgraduate Degree 28 62.2 Professional 2 4.4 Working Experience 1-5 years 23 51.1 6-10 years 10 22.2 11-15 years 6 13.3 Above 15 years 6 13.3 Survey data, 2019 In Figure 4.1 below, it is clear that 55.6% are not registered members of the Institute of Internal Auditors while 44.4% are registered members of the institute. 31 University of Ghana http://ugspace.ug.edu.gh 44.4% 55.6% Yes No Figure 4.1 Respondents registration with IIA From Figure 4.2 below, it is obvious that 93.3% of the respondents agreed that they are allowed to work independently within their respective firms whereas 6.7% agreed otherwise. 6.7% 93.3% Yes No Figure 4.2 Internal auditors working independently 32 University of Ghana http://ugspace.ug.edu.gh It is evidently clear in Figure 4.3 below that the major line of reporting for the respondents was the audit committee (57.8%) and 42.2% reports to the board. 42.2% 57.8% Audit committee Board Figure 4.3 Line of reporting for internal auditors From Figure 4.4 below, there is a clear indication that 93.3% of the entire respondents agreed that they perform their roles based on what are enshrined in their contract of employment whereas 6.7% agreed otherwise. 33 University of Ghana http://ugspace.ug.edu.gh 6.7% 93.3% Yes No Figure 4.4 Performance of roles stipulated in the contract 4.2 Influence of Internal Auditors’ Reports on Management Decisions It was overwhelmingly identified that all the respondents agreed to the fact that their reports as internal auditors have an influence on management decisions. With this the respondents explained that: The management of our banks rely on our reports to make and amend policies, business strategies, and guidelines. Moreover, our reports necessitates the introduction of new controls within the management of our products and services. Conclusively, management does not have any option than sticking to our recommendations due to the trust they have in our roles. Figure 4.5 below depicts that 73.3% of the respondents are not involved in the daily management of the bank while 26.7% are involved in the daily management of their respective banks. 34 University of Ghana http://ugspace.ug.edu.gh 26.7% 73.3% Yes No Figure 4.5 Involved in daily management of the bank 4.3 Functions of Internal Auditors The effective functioning of internal auditors within an institution is crucial to the growth and development of the institution. Therefore, the internal auditors and their functions are rendered to be effective when they meet their stipulated functions. In the study, the respondents recounted that: Our functions as internal auditors are to review all internal controls, review processes and procedures, and make recommendations for management with regards to best practices in ensuring optimum productivity and performance of the bank. The level of agreement of respondents for the items been measured under the functions of internal auditors construct was carried out using a one-sample T-test where the mean and standard deviation of each item was identified. According to Field (2005), in using a five-point Likert scale, 35 University of Ghana http://ugspace.ug.edu.gh the level of agreement of an item is important and agreed upon when the mean score is 3.5 and above. Results are presented in Table 4.2 below. Table 4.2 Descriptive statistics of the functions of internal auditors Statement N Mean Standard Deviation My bank involves internal auditors in preparing financial 45 1.82 1.134 statements My bank involves internal auditors in risk management 45 3.60 .986 My bank involves internal auditors in risk assessment 45 3.78 .951 My bank involves internal auditors in risk mitigation 45 3.82 .806 My bank involves internal auditors in risk monitoring 45 3.60 .915 My bank involves internal auditors in suggesting risk 45 3.69 .763 management strategies My bank involves internal auditors in the assessment of 45 3.07 .986 performance management My bank involves internal auditors in the communication of 45 3.69 .733 risk My bank involves internal auditors in the assessment of ethics 45 3.49 .787 and values in the organization Table 4.2 points out that the respondents agreed that internal auditors are involved in risk management, risk assessment, risk mitigation, risk monitoring, suggesting risk management strategies and communication of risk. Their level of agreement ranged between 3.60 ± .915 and 3.82 ± .806. However, the respondents disagreed that internal auditors are involved in preparing financial statements of the bank (1.82 ± 1.134). Additionally, respondents were uncertain about the involvement of internal auditors in the assessment of performance management (3.07 ± .986) and assessment of ethics and values of their respective banks (3.49 ± .787). Studies carried out by Kibet (2008) and Kibara (2007) in Nigeria and Kenya, respectively identified similar findings as this study where it was also realized that internal auditors are involved in risk management, risk assessment, risk mitigation, risk monitoring, suggesting risk management strategies and communication of risk. On the contrary, the work of Keitany (2000) revealed that 36 University of Ghana http://ugspace.ug.edu.gh internal audit in the banking industry is a control function and not necessarily a tool for risk management. Nevertheless, a study carried out by Vousinas (2015) confirms the fact that internal audit plays a critical role in risk assurance and bank fraud management thus, ensuring banks’ normal and uninterrupted operation. Internal auditing is focused on improving the effectiveness and efficiency of the organisation via constructive criticism (Enofe et al., 2013). An effective internal audit is capable of providing assurances to all stakeholders of the organisation (Institute of Internal Auditing Research Foundation, 2004). With this, the strengthening and fostering of stakeholder relationship enhances reliability and confidence in internal audit’s work (IIA, 2016). 4.4 Risk Management The level of agreement of respondents for the items been measured under the risk management as shown in table 4.3 below was carried out using a one-sample T-test where the mean and standard deviation of each item was identified. According to Field (2005), in using a five-point Likert scale, the level of agreement of an item is important and agreed upon when the mean score is 3.5 and above. Table 4.3 Descriptive statistics on the risk management of the banks. Statement N Mean Standard Deviation My bank documents strategies for risk management 45 4.09 .100 My bank monitors and manages risk on daily basis 45 3.89 .120 My bank records less loss due to operational risk on a yearly 45 3.73 .107 basis My bank records less loss due to strategic risk on a yearly 45 4.00 .119 basis My bank records less loss due to market-related risk on a 45 3.91 .105 yearly basis My banks sanctions personnel who flout on risk management 45 4.04 .114 practices 37 University of Ghana http://ugspace.ug.edu.gh Table 4.3 depicts that the respondents agreed with the various statements where their level of agreement ranged between 3.73 ± .107 and 4.09 ± .100. However, the statement with the highest level of agreement was “My bank documents strategies for risk management (4.09 ± .100)” and the statement with the least level of agreement was “My bank records less loss due to market- related risk on a yearly basis (3.73 ± .107)”. Risk management is a major concern to management of banking institutions since it is an essential component of the management process in protecting the assets and investments of the institution (Froot et al., 1994; Oldfield and Santomero, 1995; Smith et al., 1990; Stulz, 1984). Risk management involves the use of tools and models in measuring and controlling risk through a three stage process: identification of the risk, measurement of the risk, and management of the risk (Bessis, 2010). The impact of risk management is to increase profitability and assurance of survival of the firm, reduce volatility of cash flows, minimize foreign exchange losses, and protect earnings fluctuations (Fatemi and Glaum, 2000). In ensuring an effective risk management within the banking industry, management of the respective financial institutions play a very critical role (Pyle, 1997). This involves them identifying and understanding the risks associated with their business operations and establishing and implementing effective business strategies and policies to handle the risk profiles. 4.5 Challenges of Internal Auditors The level of agreement of respondents for the items been measured under the challenges of internal auditors construct was carried out using a one-sample T-test where the mean and standard deviation of each item was identified. According to Field (2005), in using a five-point Likert scale, 38 University of Ghana http://ugspace.ug.edu.gh the level of agreement of an item is important and agreed upon when the mean score is 3.5 and above. Results are presented in Table 4.4 below. Table 4.4 Descriptive statistics on the challenges of internal auditors Statement N Mean Standard Deviation Management of my bank does not allow internal auditors to 45 1.60 .688 work independently There is poor ethical culture in my bank 45 1.80 .757 There is poor internal controls in my bank 45 1.73 .986 There is high incidents of collusion between internal parties 45 1.69 .793 within my bank There is poor physical security in my bank 45 2.00 1.108 Internal auditors are most times not granted access to vital 45 1.67 1.066 accounting records in my bank Overlap of function has hindered the effectiveness and 45 2.11 .775 efficiency of internal auditors in my bank The nature of appointment and recruitment process is a factor 45 2.07 1.031 responsible for lack of independence of internal auditors in my bank The structure of the internal audit function has hampered the 45 1.93 .889 independence of internal auditors in my bank The nature of distribution of tasks and responsibilities has posed 45 1.89 .745 a serious problem to internal auditors in my bank Table 4.4 shows that respondents highly disagreed with all the statements where their level of disagreement ranged between 1.60 ± .688 and 2.11 ± .775. The statement with the highest level of disagreement was “Management of my bank do not allow internal auditors to work independently (1.60 ± .688)” and the statement with the least level of disagreement was “Overlap of function has hindered the effectiveness and efficiency of internal auditors in my bank (2.11 ± .775)”. It is identified in this study that internal auditors are allowed to work independently to some extent and also their functions overlap with other functions of the bank which are consistent with the findings identified by Egbunike and Egbunike (2017) and Chepkorir (2010) in some banks in 39 University of Ghana http://ugspace.ug.edu.gh Nigeria and Kenya, respectively. The roles of risk managers and internal auditors are blurry in nature with regards to roles associated with risk assurance (IIARF, 2005; Gramling and Myers (2006). This can be attributed to the fact that a clear identification of the roles of internal auditors in an effective risk management is not clearly defined (Fraser and Simkins, 2010). According to Gramling and Myers (2006), roles and processes involved in effective risk management are not clearly defined and articulated by senior management to junior staff and management. 4.6 Impact of Internal Auditors on Bank’s Compliance It is obvious in Figure 4.6 below that 82.2% of the respondents are of the view that their roles as internal auditors have an influence on their respective bank’s compliance toward the Bank of Ghana regulations and 17.8% believe otherwise. 17.8% 82.2% Yes No Figure 4.6 Impact of internal auditors role on bank’s compliance to Bank of Ghana regulations In ensuring that the respective banks comply with the regulations stipulated by the Bank of Ghana, respondents reveal that: 40 University of Ghana http://ugspace.ug.edu.gh We check and ensure that all branches and departments in the bank comply with Act 930. Moreover, internal audit as a third line of defense, we ensure that all regulations and directives from the Bank of Ghana are effectively followed by educating the entire staff of the regulations and ensuring that they fully comply. Sometimes, we assign punitive measures on employees who do not comply with such regulations. The finding about the immense impact of internal auditor’s role on banks’ compliance to regulation is similar to that also identified by Hopkin (2012) in the United Kingdom where the working relationship between risk management and internal audit function should be closely and positively related. Therefore, the effectiveness of the functions of internal auditors have the tendency of improving the risk management of employees. There is a clear indication that internal audit units are perceived effective in risk management and that in-house internal audit units are proved more reliable than external audit functions (Salameh et al., 2011). This is due to the fact that in-house internal audit units are characterized with more in-depth knowledge concerning the policies, culture, and procedures of the banks than external auditors. 41 University of Ghana http://ugspace.ug.edu.gh CHAPTER FIVE SUMMARY OF FINDINGS, CONCLUSION, AND RECOMMENDATIONS 5.1 Introduction This chapter seeks to address the numerous findings of the study in a simplified manner. Out of this was carved out conclusion and recommendations. This will capacitate other researchers and readers to appreciate the study and understand the trend in the influence of functions of internal auditors on effective risk management in commercial banks. 5.2 Summary of Findings It was identified that most of the internal auditors within the commercial banks in Ghana are not registered members of the Institute of Internal Auditing. Interestingly, it was realized in the study that internal auditors of commercial banks are allowed to work independently without any hindrance from management of the banks hence the functions of the internal auditors are not challenged making them put in their best for optimum productivity. The functions of internal auditors are to review all internal controls, review processes and procedures, and make recommendations for management with regards to best practices in ensuring optimum productivity and performance of the bank. The internal auditors of the commercial banks are involved in the risk management, risk mitigation, and risk monitoring. Additionally, the banks documents strategies for risk management, sanctions employees who flout the risk management principles. This has resulted in the banks recording less loss due to the management of both operational and strategic risks. 42 University of Ghana http://ugspace.ug.edu.gh Moreover, it was revealed that the reports of internal auditors have much influence on management’s decisions in making and amending policies, business strategies, and guidelines, the introduction of new controls within the management of products and services. Internal auditors check and ensure that all branches and departments in the bank comply with Act 930 by educating the entire staff and proposing better ways of handling risks through their various examination of existing policies, standards and controls. Conclusively, a strong and positive relationship was established between functions of internal auditors and risk management and the functions of internal auditors and the impact of their work on the bank’s compliance to regulations within the banking industry. 5.3 Conclusion In this study, the focus was to evaluate the functions of internal audit and its ultimate impact in ensuring effective risk management in Commercial banks in Ghana. A cross-sectional study using a descriptive approach was used where three internal auditors each from fifteen commercial banks were used as the sample size for the entire study. Questionnaire was used to solicit for both quantitative and qualitative data from respondents. It was obvious in the study that internal auditors were allowed to function independently in risk management, risk assessment, risk mitigation, and risk monitoring for the banks. Moreover, their reports have much influence on the decisions of management of the respective banks. The effective discharge of the functions of internal auditors have the capacity of enhancing the risk management of the bank and the bank’s compliance to regulations within the industry. 43 University of Ghana http://ugspace.ug.edu.gh 5.4 Recommendations With recourse to the findings outlined in this study, the following recommendations are necessary to ensure effective impact of the function of internal auditors on risk management in commercial banks in Ghana. First, although the internal auditors are effectively discharging their functions, they should become registered members of the institute of internal auditors so as to ensure strict adherence and compliance to international standards in the practice of internal auditing. Secondly, management of the commercial banks should ensure strict independence of its internal auditors in order to avoid collusion if ever the opportunity arises. This will ensure strict compliance to regulations and encourage the bank to engage in best practices for optimum performance. Lastly, the management of the bank should put in place a quarterly internal audit overhaul to strategically review all its risk management practices against expectations of the regulator. This will help to identify lapses and loopholes in the risk management system in order to salvage any situation getting out of hand. 44 University of Ghana http://ugspace.ug.edu.gh REFERENCES Agyedu, G. O., Donkor, F. and Obeng, S. (1999), Teach Yourself Research Methods, University College of Education Winneba Press, Winneba, Ghana, pp. 37 – 66. Agyei, R. (2016). Risk management in the public sector: the role of internal auditing. Internal Audit Agency – 3rd Annual Internal Audit Forum. Ahlawat, S. S. and Lowe, D. J. (2004). An examination of internal auditor objectivity: in-house versus outsourcing. Auditing: A Journal of Practice & Theory, 23(2):147-158. Akharayi, C. (2013). Internal Audit and professional independence in government educational institutions in Nigeria. ICAN Students’ Journal, 17(1). Akpomi, M. E., and Amesi, J. (2014). Behavioural constraints on practices of auditing in Nigeria (BCPAN). Educational Research and Review, 4(10), 465-469. Allen, F. and Santomero, A. M. (1997). The theory of financial intermediation‖, Journal of Banking and Finance, 21:1461 - 1485. Asare, S. K., Davidson, R. A. and Gramling, A. A. (2008). Internal Auditors' Evaluation of Fraud Factors in Planning an Audit: The Importance of Audit Committee Quality and Management Incentives. International Journal of Auditing, 12:181–203. Arthur, B. (1988). Self-Reinforcing mechanisms in economics." In P. Anderson (ed.) The Economy as an Evolving Complex System. Reading Ma.: Addison-Wesley. Atkins, D., Drennan L. and Bates, I. (2006). Reputational Risk: A Question of Trust. Aziz, M. A. A., Rahman, Ab. H., Alam, Md. M. and Said, J. (2015). Enhancement of the Accountability of Public Sectors through Integrity System, Internal Control System and Leadership Practices: A Review Study. Procedia Economics and Finance 28:163 – 169. Baharud-din, Z., Shokiyah, A., and Ibrahim, M. S. (2014). Factors that contribute to the effectiveness of internal audit in public sector. Managerial Accounting Journal, 70(24): 126-132. Bank of Ghana (2018). Annual Reports. Available on http:www.bog.org [Accessed on 8th May 2019]. Bazerman, M. H., Morgan, K. P. and Loewenstein, G. F. (1997). The Impossibility of Auditor Independence, Sloan Management Review, 38(4)89-94. Beasley, M. S. and Frigo, M. (2007). Strategic Risk Management: Creating and Protecting Value‖, Strategic Finance, LXXXVII, 29. May 2007. Berger, P., and Luckmann, T. (1967). The Social Construction of Reality A Treatise in the Sociology of Knowledge. Garden City, NY Doubleday. 45 University of Ghana http://ugspace.ug.edu.gh Bessis, J. (2010), Risk Management in Banking, Wiley, Third edition. Brody, R. G. and Lowe, D. J. (2000). The New Role of the Internal Auditor: Implications for Internal Auditor Objectivity. International Journal of Auditing, 4(2):169–176. Cattryse J. (2005). Reflections on Corporate Governance and the Role of the Internal Auditor. Retrieved from SSRN: http://ssm.com/id485364 Chepkorir, L. (2010). The roles and challenges of internal auditing in the banking industry in Kenya. Master’s Thesis Submitted to the University of Nairobi. Coffee, J. (2002). Understanding Enron: It's About the Gatekeepers, Stupid, [internet] Columbia Law School; European Corporate Governance Institute (ECGI); American Academy of Arts & Sciences, Report number 207Available from :http://papers.ssrn.com/sol3/papers.cfm?abstract_id=325240&download=yes [Accessed on 19th March 2019]. Creswell, J. W. (2009). Research design: Qualitative, quantitative, and mixed methods approach. Sage Publications, Incorporated. Davis, D. (2000). Business Research for decision making. 5th ed. Pacific Groove: Thomson Learning. : 1-475. Desai, V., Roberts, R.W., & Srivastava, R. (2006). An analytical model for external auditor evaluation of the internal audit function using belief functions. The Accounting Review. 68(7):1-43. De Zwaan, L., Stewart, J. and Subramaniam, N. (2011). Internal audit involvement in enterprise risk management", Managerial Auditing Journal, [online], 26(7):586 – 604. DiMaggio, P. J., and Powell, W.W. (1983). The Iron Cage Revisited: Institutional Isomorphism and Collective Rationality in Organizational Fields. American Sociological Review, 48:147-160. Dunn, B. (1996). Family Enterprises in the UK: A Special Sector? Family Business Review Banner. Economic Intelligent Unit (2005). Risk facing banks. Available on https://www.economist.com/topics/economist-intelligence-unit [Accessed on 21st May 2019]. Egbunike, P. A. and Egbunike, F. C. (2017). An empirical examination of challenges faced by internal auditors in public sector audit in South-Eastern Nigeria. Asian Journal of Economics, Business and Accounting, 3(2):1-13. Ege, M. S. (2015). Does internal audit function quality deter management misconduct? The Accounting Review, 90(2):495-527. 46 University of Ghana http://ugspace.ug.edu.gh Enofe, A. O., Mgbame, C. J., Osa–Erhabor, V. E. and Ehioroba, A. J. (2013). The role of internal audit in effective management in public sector. Research Journal of Finance and Accounting, 4(6):162 – 168. Estherby-Smith, M., Li, S., and Bartunek, J. (2009). Research methods for organizational learning: the transatlantic gap. Management Learning, 40(4):439-447. Eulerich, M., and Ratzinger-Sakel, N. (2017). The effects of cultural dimension on the internal audit function: A worldwide comparison of internal audit characteristics. Contemporary Accounting Research, 29:1-25. Emblemsvåg, J. and Kjølstad, L. E. (2002). Strategic risk analysis – a field version. Management Decision, 40(9):842 – 852. Fatemi, A. and Glaum, M. (2000). Risk management practices in German firms. Managerial Finance, 26:1–17. Fogarty, T. J. (1996). The imagery and reality of peer review in the US: insights from institutional theory. Accounting Organizations and Society, 21:243-68. Fraser, I. and Henry, W. (2007). Embedding risk management: structures and approaches", Managerial Auditing Journal, 22(4):392-409. Fraser, J. and Simkins, B. J. (2010). Enterprise Risk Management, Today’s Leading Research and Best Practices for Tomorrow’s Executives, USA, John Wiley & Sons Ltd. Frigo, M. L. and Anderson, R. J. (2011). Embracing Enterprise Risk Management: Practical approach of getting started, Though leadership in ERM, COSO, Available on http://www.coso.org/documents/EmbracingERM- GettingStartedforWebPostingDec110_000.pdf [Accessed 8 May 2019] Froot, K. A., Scharfstein, D. S., and Stein, J. C. (1994). A Framework for Risk Management‖, Harvard Business Review, 76(6):91-102. Gates, S. (2006). Incorporating strategic risk into enterprise risk management: a survey of current corporate practice, Journal of Applied Corporate Finance, 18(4):81-90. Gramling, A. A., and Myers P. M. (2006). "Internal Auditing's Role in ERM." The Internal Auditor, [online] Vol.63, no.2, pp. 52-58 Greuning, H. V. and Bratanovic, S. B. (2009). Analyzing Banking Risk: A Framework for Assessing Corporate Governance and Risk Management, World Bank Publications. Hayes, R., Dassen, R., Schilder, A., and Wallage, P. (2005). Principles of auditing. An introduction to International Standards of Auditing, 2nd Edition, Ed. Pearson Education. Herman, M. L. & Head, G. L. (2002).Strategic Risk Management: Looking at Both Sides Now. Nonprofit Risk Management Center. 47 University of Ghana http://ugspace.ug.edu.gh Hoffman, A. J. (1999). Institutional evolution and change: Environmentalism and the US chemical industry. Academy of Management Journal 42: 351–371. Holsti, O. R. (2006). Content Analysis. In G.Lindzey & E.Aronson (Eds.), The Handbook of Social Psychology (2nd Ed.) New Delhi: Amerind Publishing Company, 2, 596. Hopkin, P. (2012). Fundamentals of Risk Management, Understanding, evaluating, and implementing effective risk management, 2nd edn, UK, Kogan Page Limited. International Standard (ISO) (2009). ISO/FDIS 31000: 2009(E) Risk Management – Principles and guidelines ISO 31000, France, ISO. International Federation of Account (IFAC). 2011, Global Survey on Risk Management and Internal Control, [internet] New York, Professional Accountants in Business Committee, IFAC [online] Available from: :http://www.ifac.org/sites/default/files/publications/files/global-survey-on-risk-manag.pdf [Accessed 19th May 2019]. Kalbers, L. P. (2005). Antecedents to internal auditor burnout. Journal of Managerial Issues 12(1):101-118. Keitany, J. L. (2000). The Internal Audit control function and its implication for risk assessment by the external auditor: A case of quoted companies. Unpublished MBA Project, University of Nairobi. Kibara, C. W. (2007). A survey of internal auditors’ risk management practices in the banking industry in Kenya. Unpublished MBA Project, University of Nairobi. Kibet, P. K. (2008). A survey on the role of internal audit in promoting good corporate governance in SOEs. Unpublished MBA Project, University of Nairobi. Lerbinger, C. (1997). The Crisis Manager: Facing Risk and Responsibility. Tourism Management, 17:51-55. Leung, F. and Isaacs, F. (2008). Risk Management in Public Sector Research: Approach and lessons learned at a National Research Organization”, Research and Development Management, 38(5):510–519. Mash’al, R. M. (2012). Internal Audit Roles in Risk Management from Risk Management Perspective: New Vision. Jordan Risk Management Center for Training. Meggeneder, G. (2015). Driving success in a changing world: 10 imperatives for internal audit. International Turkey Internal Audit Conference, 1-37. Merna, T., and Al-Thani, F. (2010). Corporate Risk Management, 2nd end, England, John Wiley & Sons Ltd. 48 University of Ghana http://ugspace.ug.edu.gh Miller, K. D. (1992). A Framework for Integrated Risk Management in International Business‖, Journal of International Business, 3:311-331. Millichap, A. H. (2002). Auditing. United Kingdom: BookPower. Neuman, W. L. (2007). Basics of social research: quantitative and qualitative approaches (2nd edition) Boston: Pearson/Allyn and Bacon. Oldfield, G, and Santomero, A. M. (1995). The Place of Risk Management in Financial Institutions, Wharton Financial Institutions Center, University of Pennsylvania, Working Paper 95-05-B. Okodo, B. D., Aliu, M. M., Yahaya, A. O. (2019). Assessing the reliability of the internal audit functions: The issues. Journal of Contemporary Research in Business, Economics and Finance, 1(1):46-55. Pathak, J. (2005). Risk management, internal controls and organizational vulnerabilities. Managerial Auditing Journal, 20(6):569–577. Pickett, S. K. H. (2006). Audit Planning: A Risk-Based Approach, U.S.A., John Wiley & Sons, Inc. Piekkari, R. M., and Welch, Ca. (2004). Handbook of qualitative research methods for international business. Edward Elgar Publishing Limited. Power, M. (2009). The risk management of nothing, Accounting”, Organizations and Society, 34(6–7):849-855. Pyle, D. H. (1997). Bank Risk Management: Theory," Institute of Business and Economic Research, University of California, Finance Working Paper No. RPF-272, July 1997. Rahahleh, M. (2010). Regulating the Profession of Internal Auditing in Jordan. European Journal of Economics, Finance, and Administrative science, 20:162-180. Rejda, G. E. (1998). Principles of risk management and insurance, USA: Addison Wesley, Sixth Edition, New York, NY. Salameh R., Weshah G., and Nsour M. (2011). Alternative Internal Audit Structures and Perceived Effectiveness of Internal Audit in Fraud Prevention: Evidence from Jordanian Banking Industry, Canadian Social Science, 7(3):40-50. Santomero, A. M. (1995). Financial Risk Management: The Whys and Hows, Financial Markets, Institutions and Instruments 4(5):1-14. Santomero, A. M. (1997). Commercial Bank Risk Management: An Analysis of the Process, Journal of Financial Services Research. Saunders, M., Lewis, P. and Thorn hill, A. (2012). Research Methods for Business Students, Pearson Education Limited. 49 University of Ghana http://ugspace.ug.edu.gh Sawyer, L. B., Dittenhofer, M. A., Scheiner, J. H., Graham, A. and Makosz, P. (2003). Sawyer’s Internal Auditing, 5th edn, USA, The Institute of Internal Auditors. Schmidt, M. J., & Hollensen, S. (2006). Marketing Research: An International Approach. England: Pearson Education: 89-150. Scott, R. W. (1995). Institutions and organizations. ideas, interests and identities. Sage, 2:13-18. Selim, G. and McNamee, D. (1999). The Risk Management and Internal Auditing Relationship: Developing and Validating a Model. International Journal of Auditing, 3(3):159–174. Slywotzky, A. J. and Drzik, J. (2005). Countering the Biggest Risk of All, Harvard Business Review, 82:78-88 Smith, C., Smithson C. and Wilford, D. (1990). Strategic Risk Management (Institutional Investor Series in Finance), Harper and Row, New York. Stewart, J. and Subramaniam, N. (2010). Internal audit independence and objectivity: emerging research opportunities. Managerial Auditing Journal, 25(4):328 – 360. Stulz, R. M. (1984). Optimal Hedging Policies‖, The Journal of Financial and Quantitative Analysis, 19(2):127-140. Suchman, M. C. (1995). Managing legitimacy – strategic and institutional approaches‟. Academy of Management Review 20: 571–610. Suleiman, D. M., and Dandago, K. I. (2014). The extent of internal audit functions outsourcing by Nigerian deposit money banks. Procedia - Social and Behavioral Sciences, 164(14):222 – 229. Taylor, G. R. (2005). Integrating quantitative and qualitative methods in research. University Press America Ltd. The Institute of Internal Auditors (IIA) (2012). Definition of Internal Auditing, The IIA. Available on https://na.theiia.org/standards-guidance/mandatory-guidance/Pages/Definition-of- Internal-Auditing.aspx [Accessed on 9th May 2019]. The Institute of Internal Auditors (the IIA). (2011). Practice Advisories under International Professional Practice Framework (IPPF), U.S.A, the IIA. The Institute of Internal Auditors (the IIA). (2009a). IIA Position Paper: The Role of Internal Auditing in Enterprise-Wide Risk Management, U.S.A, the IIA. The IIA Research Foundation (IIARF) (2011). Internal Auditing’s Role in Risk Management. The IIA Research Foundation (IIARF) (2004). The Professional Practices Framework, USA, The Institute of Internal Auditors Research Foundation. The Institute of Risk Management (2002). IRM-2002, A Risk Management Standard, U.K, Institute of Risk Management. 50 University of Ghana http://ugspace.ug.edu.gh Vousinas, G. L. (2015). The critical role of internal auditing in addressing bank fraud: a conceptual framework. Research in Accounting Regulation, 17:87-106. Wright, D. M. and Houpt, J. V. (1996). An analysis of commercial bank exposure to interest rate risk, Federal Reserve Bulletin, February Issue, 115–128. Zikmund, W. G. (2003). Business Research Methods, 7th Ed. Ohio. Thomson.: 1-650 51 University of Ghana http://ugspace.ug.edu.gh APPENDIX QUESTIONNAIRE UNIVERSITY OF GHANA BUSINESS SCHOOL DEPARTMENT OF ACCOUNTING AND FINANCE QUESTIONNAIRE ON “THE ROLE OF INTERNAL AUDITORS IN ENSURING EFFECTIVE RISK MANAGEMENT IN COMMERCIAL BANKS IN GHANA” This questionnaire has been developed to evaluate the function of internal auditors in guaranteeing effective risk management in commercial banks in Ghana. Please be informed that this study is purely academic and that all information obtained shall be kept with utmost confidentiality. The outcome of this research may be used for academic and general purposes such as research reports, conference papers or books. Please tick/state where appropriate. Thank you for your acceptance INSTRUCTION: Please fill the spaces provided. Mark (√) where applicable and specify where necessary. SECTION A. Socio-demographic Characteristics 1. Name of Bank: ………………………………………………………………….. 2. Gender: a. Male [ ] b. Female [ ] 3. Age: a. 20 – 30 years [ ] b. 31 – 40 years [ ] c. 41 – 50 years [ ] d. 51-60 years [ ] 4. What is your highest level of education? Please select the most appropriate. a. HND [ ] c. Bachelor’s Degree [ ] d. Post Graduate Degree [ ] e. Other (Please Specify) ……………………………………………… 5. How long have you been working as an internal auditor? a. 1-5years [ ] b. 6-10years [ ] c. 11-15years [ ] d. Above 15 years [ ] 6. Are you registered with the Institute of Internal Auditing? a. Yes [ ] b. No [ ] 7. Do you work independently devoid of management pressure in the course of your duties? a. Yes [ ] b. No [ ] 52 University of Ghana http://ugspace.ug.edu.gh 8. Who do you directly report to in your line of work? a. CEO [ ] b. Audit committee [ ] c. Board [ ] 9. Does your report as an internal auditor influence management decisions? a. Yes [ ] b. No [ ] Explain your answer………………………………………………………………………………. SECTION B. Functions of Internal Auditors 10. What is your function as an internal auditor in your bank? ……………………………………………………………………………………………………… ……………………………………………………………………………………………………… ……………………………………………………………………………………………………… 11. Are you involved in the daily management processes and activities of the bank? a. Yes [ ] b. No [ ] 12. Do you perform your roles as stipulated in your contract? a. Yes [ ] b. No [ ] Based on your personal experiences as an internal auditor of your bank, please indicate to what extent you agree or disagree with each statement below. Using the Likert Scale where Strongly Disagree – 1, Disagree – 2, Neutral – 3, Agree – 4, Strongly Agree – 5. 1 2 3 4 5 13. My bank involves internal auditors in preparing financial statements 14. My bank involves internal auditors in risk management 15. My bank involves internal auditors in risk assessment 16. My bank involves internal auditors in risk mitigation 17. My bank involves internal auditors in risk monitoring 18. My bank involves internal auditors in suggesting risk management strategies 19. My bank involves internal auditors in the assessment of performance management 20. My bank involves internal auditors in the communication of risk 21. My bank involves internal auditors in the assessment of ethics and values in the organization 53 University of Ghana http://ugspace.ug.edu.gh SECTION C. Risk Management Based on your personal experiences as an internal auditor of your bank, please indicate to what extent you agree or disagree with each statement below. Using the Likert Scale where Strongly Disagree – 1, Disagree – 2, Neutral – 3, Agree – 4, Strongly Agree – 5. 1 2 3 4 5 22. My bank documents strategies for risk management 23. My bank monitors and manages risk on daily basis 24. My bank records less loss due to operational risk on a yearly basis 25. My bank records less loss due to strategic risk on a yearly basis 26. My bank records less loss due to market-related risk on a yearly basis 27. My banks sanctions personnel who flout on risk management practices SECTION D. Challenges of Internal Auditors Based on your personal experiences as an internal auditor of your bank, please indicate to what extent you agree or disagree with each statement below. Using the Likert Scale where Strongly Disagree – 1, Disagree – 2, Neutral – 3, Agree – 4, Strongly Agree – 5. 1 2 3 4 5 28. Management of my bank do not allow internal auditors to work independently 29. There is poor ethical culture in my bank 30. There is poor internal controls in my bank 31. There are high incidents of collusion between internal parties within my bank 32. There is poor physical security in my bank 33. Internal auditors are most times not granted access to vital accounting records in my bank 34. Overlap of function has hindered the effectiveness and efficiency of internal auditors in my bank 35. The nature of appointment and recruitment process is a factor responsible for lack of independence of internal auditors in my bank 36. The structure of the internal audit function has hampered the independence of internal auditors in my bank 37. The nature of distribution of tasks and responsibilities has posed a serious problem to internal auditors in my bank (Source: Amaechi and Chinedu, 2017) 38. Does your role as an internal auditor impact your bank’s compliance to Bank of Ghana regulations? a. Yes [ ] b. No [ ] 54 University of Ghana http://ugspace.ug.edu.gh 39. If Yes, how? ……………………………………………………………………………………………………… ……………………………………………………………………………………………………… ……………………………………………………………………………………………………… Thank you for your cooperation 55