Review of Related Literature

2.1Internal Control integrated Framework

2.1.1 the COCO Framework
The Canadian Institute of Charted Accountants established the COCO framework in 1995.
COCO was created, according to the Department of National Treasury, to improve internal
controls and governance in organizations, as well as to offer a foundation on which to make
judgements about the effectiveness of an existing internal control system. COCO, according to
QFinance (2011), builds on COSO's internal control structure and is seen as much more solid
and user pleasant by many. However, there is no evidence that SMMEs use COCO as an internal
control framework to evaluate their existing internal controls, according to study. Internal
control, according to COCO, is a collaboration of components, including resources, systems,
procedures, culture, structure, and tasks, that help management achieve company objectives.
COCO suggested a set of qualitative criteria to evaluate internal controls, according to the
International Federation of Accountants, including purpose, commitment, capability, monitoring,
and learning criteria (Siwangaza et al., 2014)
2.1.2 COSO Framework
According to (COSO, 2012), Internal control is a process, effected by an entity’s board of
directors, management, and other personnel, designed to provide reasonable assurance regarding
the achievement of objectives relating to operations, reporting, and compliance. A system of
internal control enables the management to remain focused on the organization's operations and
financial performance goals while staying within the bounds of applicable laws and avoiding
surprises. Internal control enables a company to better deal with changing economic and
competitive conditions, leadership, priorities, and business models. For two reasons, this notion
of internal control is purposefully broad. First, it first captures key ideas that provide a
foundation for application across many types of companies, industries, and geographic locations
in how they design, implement, and conduct internal control and assess the success of their
system of internal control. Second, the term includes internal control subsets.
The Framework identifies five internal control components as well as seventeen principles that
represent the core notions linked with each component. Internal control components and
principles are applicable to all entities. Each objective category, as well as its objectives and sub-
objectives, must adhere to all seventeen principles. For example, a business could use the
Framework to comply with a specific legislation governing commercial relationships with
foreign entities, which is a subsection of the compliance category of goals (COSO, 2012).
Control Environment
Control environment is a set of rules, processes, and structures that serve as the foundation for
implementing internal control throughout a company. The board of directors and senior
management set the tone for the importance of internal control and expected norms of behaviour
at the top. The control environment influences the control consciousness of the organization's
people, which sets the tone for internal control. All additional internal control components are
built on top of the control environment. Integrity and ethical values of personnel tasked with
developing, administering, and monitoring controls, commitment and competence of those
performing assigned duties, board of directors or audit committees, management philosophy and
operating style, and organizational structure are all factors to consider. Many elements influence
the control environment, but the effectiveness of the board of directors, management, and the
audit division of the business have a significant impact. Internal auditors are critical to a
successful control environment since the effectiveness of these elements is mainly dependent on
how well they interact with internal auditors (Ndungu, 2013).
Risk Assessment
Risk assessment is the process of evaluating factors that influence the likelihood of the
organization's objectives not being met. It is the process of identifying and analyzing important
risks that are related with the organization's goals. They go on to say that risk assessment is the
process of identifying and analyzing management-relevant risks in order to prepare financial
statements that are fairly presented in accordance with generally accepted accounting principles.
Management in companies must carefully assess the level of risk that may be tolerated and
endeavor to keep it within acceptable limits. Internal controls must consequently be designed by
management to ensure efficiency and effectiveness, as well as the accuracy of financial reporting
and compliance with laws and regulations (Turedi & Celayir, 2018)(Cotter, 2022)(Oseifuah &
Gyekye, 2013). The risk assessment is used to determine how risks will be handled. A risk is
defined as the probability that an event may occur that will have a negative impact on the
organization's goals. Risk assessment necessitates management taking into account the impact of
anticipated changes in the internal and external environment, as well as taking measures to
mitigate the impact (COSO, 2019).
Control Activities
According to (Frazer, 2012), the rules and processes that ensure how management directions are
carried out are known as control activities. Approvals, authorizations, verifications,
reconciliations, reviews of operating performance, asset safeguarding, and separation of roles are
all examples of control operations. These efforts deter fraud and theft, which could result in
financial losses.
Monitoring
Monitoring activities are periodic or continuous checks to ensure that each of the five
components of internal control, as well as the controls that affect the principles inside each
component, are present and working around their products (COSO, 2019). Because internal
controls are processes, it is generally understood that they must be properly monitored in order to
assess the system's quality and efficacy over time. Monitoring gives the organization the
certainty that audit and other review results will be determined quickly. Internal controls are
monitored to ensure that they are working properly. An organization examines whether its
policies and procedures, which were created and implemented by management, are being carried
out efficiently by employees through monitoring (Ndungu, 2013).
Information and Communication
(Frazer, 2012) believed that relevant data must be identified, gathered, and delivered in formats
and timelines that allow employees to fulfill their obligations. Information systems generate
reports of operational, financial, and compliance-related data that help businesses run and
oversee their operations. Information systems deal not just with data generated internally, but
also with data regarding external events, actions, and conditions that are needed for informed
business decisions and external reporting. Communication must also flow down, across, and up
the levels of the company in order to be effective. Top management must provide a strong
message to all employees that control duties must be handled seriously. Employees at a company
must be aware of their own function in the internal control system, as well as how their actions
affect the work of others. Employees must be able to communicate important information to
upper management. External parties, including as consumers, suppliers, regulators, and
shareholders, require effective communication as well.

Review of Related Studies

(Turedi & Celayir, 2018), firmly believes internal control is a critical component in ensuring
efficiency, profitability, and long-term viability in enterprises. The cornerstone to a business's
desired/targeted success is an effective control structure. It should be remembered that
establishing an internal control system by itself will not guarantee success. First and foremost, an
internal control structure should adopt a comprehensive and collaborative strategy that targets all
levels of personnel, beginning with executives and progressing to lower levels. Measures should
be done to ensure the system's effectiveness and efficiency.
Internal control has been shown to play an important influence in operations of SMEs (Kamau,
2016). An organization's internal control system is created to provide a reasonable assurance tool
for SMEs to achieve their goals including operational efficacy and efficiency, reporting
reliability, and compliance with rules and regulations.
(Siwangaza et al., 2014) conducted a study that was empirical in nature and adhered to the
positivistic research paradigm. Questionnaires were administered and given to 110 owners and/or
managers of SMMEs in the Cape Peninsula that participate in the fast-moving consumer
products industry. According to the findings, most SMMEs have a variety of internal controls as
specified by formal internal control frameworks, but their support in terms of SMME
sustainability was limited.
In the study of (Wang & Wang, 2019), they investigated whether internal control plays a role in
a firm's long-term growth, particularly when varied institutional settings are considered. They
found out that effective internal control positively contributes to a firm's sustainable growth, and
that this effect is reflected in well-developed institutional environments, using a large sample of
Chinese listed companies. These findings withstand a range of sensitivity testing, including
endogeneity control and alternative proxies for long-term growth, internal control, and
institutional context. This study adds to the body of knowledge by giving empirical evidence on
the function of internal control in a firm's long-term growth.
Internal control has a major impact on performance in tertiary institutions, according to the study
of (Akinleye & Kolawole, 2020). (Eniola, 2020) also found that internal control has a beneficial
impact on organizational success. The authors validated the link between internal control and
organizational performance, but they added more information to their research model. A study
conducted by (Perception & Banks, 2019) on the impact of internal control systems on
profitability, showed that internal controls have a statistically significant impact on profitability,
according to the study's findings. Furthermore, the result of the study demonstrated that internal
control system elements such as control environment, control activities, and monitoring have a
significant and favorable impact on profitability in Sri Lanka's licensed commercial banks.
however, in the study of (Adegboyegun et al., 2020), they found out that when there is a unit
measure of improvement in the control environment and control activities, the probability that a
SMEs will have high operating performance in terms of higher actual annual profit increases
insignificantly by 0.78 percent and 1.95 percent, respectively, and when there is a unit measure
of improvement in risk assessment, the probability declines insignificantly by 0.051 percent, 0.33
percent, and 4.53 percent, respectively. The study found that the components of an internal
control system have no substantial impact on the operating performance of SMEs in Ondo State,
but the control environment and control activities are the only ones that do have an effect on the
profitability of SME’s in Nigeria.

Adegboyegun, A. E., Ben-Caleb, E., Ademola, A. O., Oladutire, E. O., &

Sodeinde, G. M. (2020). Internal control systems and operating performance:
Evidence from small and medium enterprises (SMEs) in Ondo state. Asian
Economic and Financial Review, 10(4), 469–479.
https://doi.org/10.18488/journal.aefr.2020.104.469.479
Akinleye, G. T., & Kolawole, A. D. (2020). Internal controls and performance of
selected tertiary institutions in Ekiti state: A committee of sponsoring
organisations (coso) framework approach. International Journal of Financial
Research, 11(1), 405–416. https://doi.org/10.5430/IJFR.V11N1P405
COSO. (2012). COSO – Internal Control Integrated Framework. The Committee of
Sponsoring Organization of the treadway Commission. Coso, 194.
www.ic.coso.org
COSO. (2019). COSO internal control - integrated framework: An implementation
guide for the healthcare industry. COSO - Committee of Sponsoring
Organizations of the Treadway Commission, January, 5.
https://www.coso.org/Documents/COSO-CROWE-COSO-Internal-Control-
Integrated-Framework.pdf
Cotter, T. S. (2022). Incremental Analysis. Topics in Safety, Risk, Reliability and
Quality, 39, 271–285. https://doi.org/10.1007/978-3-030-87767-5_10
Eniola, A. A. (2020). Internal control procedures and firm’s performance.
International Journal of Scientific and Technology Research, 9(2), 6407–6415.
Frazer, L. (2012). The Effect Of Internal Control On The Operating Activities Of
Small Restaurants. Journal of Business & Economics Research (JBER), 10(6),
361. https://doi.org/10.19030/jber.v10i6.7027
Kamau, J. (2016). Effects of Internal Control Practices on Financial Performance
of Small and Medium Enterprises in Nairobi County By Jacintah Kamau a
Research Project Submitted in Partial Fulfillment of the Requirements for the
Award of the Degree of Master of Science in. November, 67.
Ndungu, H. (2013). The Effect of Internal Controls on Revenue Generation: a
Case Study of the University of Nairobi Enterprise and Services Limited. 71.
Oseifuah, E. K., & Gyekye, A. B. (2013). Internal control in small and
microenterprises in the Vhembe District, Limpopo Province, South Africa.
European Scientific Journal, 9(4), 241–251.
Perception, E., & Banks, C. (2019). The Impact of Internal Control Systems on
Profitability : A Study Based on The Impact of Internal Control Systems on
Profitability : A Study Based on Employees ’ Perception of Licensed
Commercial Banks in Sri Lanka. December.
Siwangaza, L., Smit, Y., Bruwer, J. P., & Ukpere, W. I. (2014). The status of
internal controls in fast moving small medium and micro consumer goods
enterprises within the Cape Peninsula. Mediterranean Journal of Social
Sciences, 5(10 SPEC. ISSUE), 163–175.
https://doi.org/10.5901/mjss.2014.v5n10p163
Turedi, H., & Celayir, D. (2018). Role of Effective Internal Control Structure in
Achievement of Targeted Success in Businesses. European Scientific Journal,
ESJ, 14(1). https://doi.org/10.19044/esj.2018.v14n1p1
Wang, L., & Wang, S. (2019). The Role of Internal Control in Firm’s Sustainable
Growth: Evidence from China. Journal of Accounting and Finance, 19(7),
189–204. https://doi.org/10.33423/jaf.v19i7.2572