TITLE PAGE                                                                                               i

APPROVAL PAGE                                                                                               ii

CERTIFICATION                                                                                              iii

DEDICATION                                                                                                         iv

ACKNOWLEDGEMENTS                                                                              v

TABLE OF CONTENT                                                                                  vi

LIST OF TABLES                                                                                                 ix

LIST OF FIGURES                                                                                                x

ABSTRACT                                                                                                      xi

CHAPTER ONE: INTRODUCTION                                                                                1

Background of the Study                                                                                           1

Statement of the Problem                                                                         11

Purpose of the Study                                                                               12

Significance of the Study                                                                          12

Research Questions                                                                                   13

Hypotheses                                                                                                                 14

Scope of the Study                                                                                                     14


Conceptual Framework                                                                                                       15

  • Small and medium enterprises                                             15
  • Internal control strategies                                                                    16
  • Control environment                                                                                 17
  • Risk management control                                                                              18
  • Internal control activities                                                               19
  • Internal control monitoring and evaluation activities                   20
  • Information and Communication System                                         21

Theoretical Framework                                                                         25

  • Principal-Agent theory                                                                          25
  • System theory                                                                                           26
  • Contingency theory                                                                              27

Related Empirical Studies                                                                   28

Summary of Literature Reviewed                                                                  38

CHAPTER THREE: METHODOLOGY                                         41

Design of the Study                                                                                          41

Area of the Study                                                                                 41

Population for the Study                                                                                   42

Sample and Sampling Techniques                                                            42

Instrument for Data Collection                                                                        42

Validation of the Instrument                                                                43

Reliability of the Instrument                                                                    43

Method of Data Collection                                                                        44

Method of Data Analysis                                                                      44


Presentation of Data                                                                             45

Findings of the Study                                                                               53

Discussion of the Findings                                                                         55


Re-statement of the Problem                                                                     60

Summary of Procedures Used                                                                        61

Major Findings of the Study                                                                       63

Implications of the Findings                                                                          63

Conclusion                                                                                                                  64

Recommendations                                                                              65

Suggestions for Further Study                                                                 65

REFERENCES                                                                                            67

APPENDICES                                                                                                    72

A: Population Distribution of Registered Small and Medium Enterprises in

 Major Towns in Enugu State                                                              72

B: Request for Validation of Research Instrument                  73

C: Letter to Respondents                                                                     74

D: Questionnaire                                                                               75

E: Reliability of the Instrument                                                              78

F: Output of Data Analysis                                                                         84

G: Validated Copy of the Instrument                                                                       

H: List of Sample of Small and Medium Enterprises in Enugu                                


Table 1: Mean Ratings and Standard Deviation of Respondents on Internal Control Environments Strategies Adopted by SME                         45

Table 2: Mean Ratings and Standard Deviation of Respondents on Internal Control Risk Management Strategies Adopted by SMEs                                                       46

Table 3: Mean Ratings and Standard Deviation of Respondents on Information and Communication System Strategies Adopted by SMEs                                              47

Table 4: Mean and Standard Deviation of Internal Control Activities Strategies Adopted by SMEs                                48

Table 5: Mean of Respondents on Internal Control Monitoring Activities Strategies Adopted by SMEs                                              49

Table 6: ANOVA Analysis of the Mean Responses of Respondents on Internal Control Environment Strategies Adopted by SMEs based on Educational Qualification      50

Table 7: ANOVA Analysis of the Mean Responses of Respondents on Internal Control

Risk Management Strategies Adopted by SMEs based on Experience                     50

Table 8: ANOVA Analysis of the Mean Responses of Respondents on Information and Communication System Strategies Adopted by SMEs Based on Number of Employees                                                      51

Table 9: ANOVA Analysis of the Mean Responses of Respondents on Internal Control Activities Strategies Adopted by SMEs Based on Experience                                  52

Table 10: ANOVA Analysis of the Mean Responses of Respondents on Internal Control Monitoring Strategies Adopted by SMEs Based on Experience                  53


Figure 2.1: Schematic representation o the conceptual framework                                        23


The study was carried out to assess the internal control strategies adopted by small and medium enterprises in Enugu State. The population for the study was 1280 registered SMEs in the state. The sample size of the study is 128 managers, supervisors and accounting officers of SMEs. In line with the objectives of the study, a structured questionnaire was employed for the data collection and it was face validated by three experts. Data collected from the respondents were analysed using mean and standard deviation to answer the five research questions. Items with a mean of 2.50 and above was regarded as agreed while items with a mean rating from 2.49 and below was regarded as disagreed. Cronbach Alpha reliability coefficient formula was used to determine the internal consistency of the instrument. The results revealed reliability coefficients of 0.87, 0.93, 0.72, 0.78 and 0.87 for Clusters A to E respectively, and an overall reliability coefficient of 0.84. The Analysis of Variance (ANOVA) method was used to test the null hypotheses at 0.05 probability level of significance. Based on data analysed, it was found that knowledge of internal control system was not popular as it was poorly adopted by SME in Enugu State. Specifically, the result showed that internal control environment strategies, internal control risk management strategies and internal control information and communication strategies were not adopted by operating SMEs sampled in this study. Furthermore, it was also found that best practices in internal control activities strategies and internal control monitoring activities strategies were also not adopted by SME operators in Enugu State. Following the findings of the study, it was recommended that knowledge of internal control system should be taught in financial accounting courses of business education and more awareness on the need for risk management process should be created. In addition, effort should be made by promoters of business education study curriculum to address challenges associated with effective practice of internal control system of SMEs. Lastly, entrepreneurs should be encouraged by the government, education authorities and concern institutions to attend workshops, seminars and conferences on the internal control system.



Background of the Study    

The increasing importance and growth of Small and Medium Enterprises (SMEs) has been a welcome development in modern economies across the globe. The role of SMEs in job creation and its general contribution to economic welfare and growth in developing and developed countries cannot be overemphasized. Yet not many of them survive the test of time as most of such enterprises liquidate as soon as they were established. The reason goes beyond lack of fund to keep the business afloat. It includes but not limited to poorly conducted feasibility study report, poor management capacity, poor infrastructural facilities, lack of experience and requisite skills on the part of entrepreneurs and others (Aminu & Shariff, 2015). There are great potential benefits from robust and vibrant SMEs in every modern economy in the form of job creation, human capital development and economic growth. However, the process for assuring achievement of any business organization’s objectives according to Tang & Tang (2012) is through operational effectiveness and efficiency, reliable financial reporting, compliance with laws, regulations and policies. These have remained the critical issues that keep confronting SMEs especially in developing countries like Nigeria. It has been evidently displayed by the relatively poor performance of SMEs sub-sector in Enugu and other states of the federation despite huge business opportunities in the localities (Aruwa, 2004). As a result, people continued to believe federal and state civil service, oil sector, trading and politics remains the most fertile sources of livelihood in Nigeria.

According to the Organization for Economic Cooperation and Development (OECD) (2007), the distinctiveness of SMEs not only reflects the economic patterns of the country but also the social and cultural dimensions. These varying patterns are traceable within different definitions and criteria for classification of SMEs adopted by different countries. While some refer to the number of employees as their distinctive criteria for defining SMEs, others use invested capital, and some others use a combination of the number of employees, invested capital, sales and industry type (Eniola & Ektebang, 2014). Anga (2014) conceptualised SMEs as firms with relatively small share of their market place; one mostly managed by owners or part owners in a personalised way, and not through the medium of a formalised management structure; and one which maintains independent, in the sense of not forming part of a large enterprise. Similarly, Ebiringa (2011) defined SMEs to include firms with fixed assets (excluding land) less than US$ 250,000 in value. It also included firms with less than 50 employees and at least half the output is sold respectively. The National Council of Industries defined SMEs as businesses whose total costs excluding land is not more than two hundred million naira (N200, 000,000.00) only (Onugu, 2005). Although there is no clear distinction between what is a small or medium business, SMEs are defined in this study as business enterprises with a labour size of 11-300 workers and whose total cost including working capital is not more than 200 million naira, but excluding cost of land.

SMEs represent a veritable medium for the achievement of national economic objectives of employment generation and poverty reduction at low investment cost which embodies the development of entrepreneurial capabilities and indigenous technology. Other intrinsic benefits of SMEs include access to the infrastructural facilities brought about by the existence of such SMEs in their surroundings, reduction in rural-urban migration, the stimulation of economic activities like supply of various items and distributive trades for items produced and or needed by the SMEs, improvement of employees’ standard of living as well as those who are directly or indirectly related to them (Ekpenyong, 2007). Yet, it remains a source of worry that despite the policies, programmes, incentives and support aimed at sustaining SMEs in Nigeria such as fiscal incentives and protective fiscal policies, establishment of export processing zones, specialized financial institutions and funding schemes for the SMEs among others, they have performed rather below expectation (Onugu, 2005). Various people, entities, and operators have several reasons why SMEs have not been able to meet the societal expectation. For instance, an average operator would likely associate his failure to lack of access to finance; some others will blame poor infrastructure, inappropriate management skills, difficulty in accessing global market, lack of entrepreneurial skills and specialize knowledge.

An articulated response to above reoccurring reasons for SMEs failure however came from the International Federation of Accountants (IFAC) (2012) who pointed out that one of the best defences against business failure, as well as an important driver of business performance, is having an effective internal control system, which involves managing risk and also enables the creation and preservation of value. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) (2013) defined internal control as a process effected by an entity’s board of directors, management and other personnel, and designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations, reliability of financial reporting and compliance with applicable laws and regulations. In the context of this study, internal control can be defined to encompass a set of rules, policies, and procedures an organization implements to provide reasonable assurance for reliable financial reports, effective and efficient operations, and ensure its activities comply with applicable laws and regulations.

No matter how well internal controls are designed, its ability to achieve set objectives of the business is limited due to imperfections inherent in human judgement and decisions. Again, even well designed internal controls can break down in the face of uncertainties such as natural disasters and death or sudden disengagement of skilled employee. These and some other factors such as government policies and overall business outlook can limit the effectiveness of internal control system in achievement of its set objectives and goal. Danescu, Prozan and Danescu (2011) listed these objectives to include identification of possible risk, devising means to avoid or mitigate such risk and formulation of policies that guarantee effective transformation of resources to financial benefits.

Based on its objective, internal control system can be classified into three types, namely; detective, corrective and preventive (Harrer, 2008). While the first seeks to detect errors or irregularities that may have occurred, the second aims at correction of errors or irregularities that have been detected, and the third will keep errors or irregularities from occurring in the first place. Prosperous organizations know how to benefit from opportunities and counter threats, in many occasions through effective application of controls, and hence improve their performance. Internal control is a fundamental part of an organization’s governance system which is understood, effected, and actively monitored by the governing body, management, and other personnel to benefit from the opportunities and to counter the threats to achieving the organization’s objectives (IFAC, 2012). Components of internal control system include control environment, risk management, control activities, information and communication system and control monitoring activities.

Control environment is the foundation for the other components of internal control, as it provides discipline and structure (Hong Kong Institute of Certified Public Accountants (HKICPA), 2005). The control environment, according to Harrer (2008), is expected to include a strong commitment to integrity and high ethical values. In this regard senior management must explicitly communicate the entity’s values and behavioural standards to employees through a formal code of conduct, and encourage compliance by their actions and examples. There are seven factors that set the tone of the organization, influence the control and consciousness of its people. They include integrity and ethical values, commitment to competence, human resource policies and practices, assignment of authority and responsibility, management’s philosophy and operating style, board of Director’s or Audit Committee participation, and organizational structure (International Accounting Standards Board, 2010). Control environment is conceptualised in this study as the foundation on which an effective system of internal control is built and operated in an organization that strives to achieve its strategic objectives, provide reliable financial reporting to internal and external stakeholders, operate its business efficiently and effectively, comply with all applicable laws and regulations, and safeguard its assets. For instance, the strict adherence of GSK Pharmaceutical Ltd in production of high quality drugs and their customer-oriented welfare policies remains an effective control environment that guides their operation.

Another component of internal control is risk management. This process involves the identification and analysis of risks underlying the achievement of objectives, including risks relating to the changing regulatory and operating environment and business strategy, as a basis for determining how such risks should be mitigated and managed (HKICPA, 2005). The fundamental reason for risk assessment is due to its impact on achievement of an organization’s goals and objectives. Such impact could be high, medium or low with different degrees of thwarting the likelihood of achieving predetermined goal and objectives of the business. According to Wee (2009), Risk affects an entity’s ability to survive and successfully compete. The board and management will decide how much risk can be cautiously permitted and strive to maintain risk within that level. Setting objectives is a pre-condition to risk assessment and management. It is important, therefore, that clear business objectives be set. These should be expressed around the future rather than the past or present and should be focused on achievable goals. For example, the decision of a business manager in a poultry farm to rear less number of birds during non-festive periods and to rear more during festive periods is a risk management strategy targeted at avoiding excessive supply during non-festive periods so as to regulate the price of his birds over time.

There are various techniques used to identify risks, according to Harrer (2008), they include those developed by external and internal auditors to define the scope of their activities, periodic reviews of economic and industry factors affecting the business, senior management conferences and meetings with industry analysts. Whatever method is adopted, the management needs to consider carefully the factors that increase risk, including issues such as past experience of failure to meet objectives; quality of personnel; significant changes, such as increased competition; legislative, regulatory and personnel changes; market developments, and the significance of particular activities to the entity and their complexity. Risk should also be identified at the activity level, which can help to focus risk assessment on major business units or functions and also contribute to maintaining acceptable levels at the entity-wide level.

Similarly, the set of control activities adopted by an organization is a major aspect for the achievement of its goals. It has to do with a diverse range of policies and procedures that help to ensure management directives are carried out and any actions that may be needed to address risks to achieving company objectives are taken. Examples of internal control activities include approvals and verifications, reviews, safeguarding of assets and segregation of duties within the organisation. IFAC (2012) maintains that control activities can also be divided into operations, financial reporting and compliance, although there may be occasions of overlap between them. Among the common control activities performed by personnel to address risks affecting the achievement of entity’s objectives includes performance reviews (review of actual against budgets, forecasts), information processing (checks for accuracy, completeness, authorization), physical controls (physical security) and segregation of duties.

Furthermore, an organization’s information system helps to set the tone of the organization. Information and communication system involve effective processes and systems that identify, capture and report operational, financial and compliance-related information in a form and time frame that enables people to carry out their responsibilities. It includes communication from the top about the importance of control-related matters and the role of individuals, channels for communicating significant information upstream, and also effective communication with external stakeholders (Nyakundi, Nyamita & Tinega, 2014). A common example of internal control information and communication include circular for meetings, employee’s guide, training and workshops. Relevant information has to be identified, captured and communicated in a form and time frame to enable people to make decisions and act on it. In likewise manner, effective communication is expected to flow in all directions throughout the organisation. Employees should be given a clear message from the senior management and make them understand their own role in the internal control system and how individual activities relate to the work of others. They must also have the means of communicating significant information upstream. The information system should include the chain of command and unity of command among others.

The monitoring and evaluation of control activities relate to assessment of the quality and effectiveness of firm’s internal controls over time. It is sometimes refer to as internal audit function. Internal controls can become ineffective or irrelevant as processes change or may no longer be performed in a way they were originally intended to be performed. Accordingly, management needs to determine whether internal controls will continue to be effective, are still relevant for current processes, and are able to address new risks. According to Kamau (2014), the Committee of Sponsoring Organizations (COSO) entity-wide controls identified two principles related to monitoring which include on-going and separate evaluations, and reporting deficiencies. While the former enables management to determine whether the other components of internal control over financial reporting continue to function over time; the latter enables identification and communication of internal control deficiencies in a timely manner to those parties responsible for taking corrective action. Annual financial audit of a company is a typical example of internal control monitoring and evaluation

It is important to note that implementation of the discussed internal control strategies cannot be easily achieved without the roles of managers, supervisors and accounting officers. According to Harrer (2008), business managers provide leadership that the organization needs to achieve its goal and objectives. They can control departments in companies, or guide the people who work for them. Often, managers take decision that is binding on their place of work. In carrying out this primary assignment, they must be able to engage in planning, organizing, leading, coordinating and controlling (Simons, 2005). In relation to the subject of this study which embodies on internal control strategies, business managers employ the techniques to help their organizations achieve stated objectives and goals of the business. Hence, internal control system cannot thrive without active roles of managers. Next to the managers are supervisors. The title of supervisor is typically applied to the first-line or low-level managerial roles. They are responsible for the day-to-day performance of a small group within an institution. This set of staff are experience in what the group does and have earned the position based on management’s belief that they are capable of guiding the team (Jiang, 2010). Among the duties of supervisors are helping the team understand performance targets and goals, ensure that team members are properly trained, ensure that they carry out their duties as specified etc. For the accounting officers, they are the financial custodian of a business enterprise. Their knowledge of accounting principles, budgeting, auditing and business administration equip accounting officers to carry out their responsibilities, which vary from one organization to another (International Federation of Accountants, 2012). Accounting officers review a business’s financial reports and other documents to ensure they are accurate. Documents that undergo their scrutiny include invoices, receipts, ledgers and purchase orders. Accounting officers review the books of account and confirm that records of expenditures and profits of a business are correct. Tongren (2005) maintains that in the event of any misappropriation of funds, evidenced by financial records, they report the matter to management for redress.

Despite the above promises of an internal control system in achieving the objectives and goals of an institution, it can only yield restricted result due to some inherent limitations. According to Klynveld Peat Marwick Goerdeler (KPMG) (1999), the success of any internal control system can be influenced by judgment, breakdowns, management override and collusion. The efficacy of controls will be limited by decisions made with human judgment under pressures to conduct business based on the information at hand. Again, internal controls can suffer breakdowns.  For instance, employees sometimes misconstrue instructions or make mistakes.  Errors may also result from new technology and the complexity of computerized information systems. On another note, high level personnel may be able to override prescribed policies and procedures for personal gains.  Such action is different from management intervention which implies departure from prescribed policies and procedures for legitimate purposes (Ndembu, 2015). Similarly, internal control systems can be sidelined by employee collusion.  As such, individuals can collectively agree to alter financial data or other management information in a way that cannot be identified by control systems. These will undermine effectiveness of such system at any point in time.

Having acknowledged that the system of internal control is designed to manage the risk of failure, National Audit Office (NAO) (2012) maintained that it cannot eliminate all risk and therefore only provides a reasonable and not absolute assurance of effectiveness. Based on current developments in the system of internal control across the globe, business managers, supervisors and accounting officers are to a large extent, responsible for the success and failure of their organizations. Best practice in the system of internal control was adequately clarified by the HKICPA (2005), NAO (2010) and IFAC (2012). For HKICPA (2005), internal control should be used to support the organization in achieving its objectives by managing its risks, while complying with rules, regulations, and organizational policies. The organization should therefore make internal control part of risk management and integrate both in its overall governance system.

Furthermore, organizations should determine the various roles and responsibilities with respect to internal control, including the governing body, management at all levels, employees, and internal and external assurance providers, as well as coordinate the collaboration among participants. It implies that the governing body and management should foster an organizational culture that motivate members of the organization to act in line with risk management strategy and policies on internal control set by the governing body to achieve the organization’s objectives. The tone and action at the top are critical in this respect (IFAC, 2012). Similarly, it is expected that managers and other carder of leadership should link achievement of the organization’s internal control objectives to individual performance objectives. Each person within the organization should be held accountable for the achievement of assigned internal control objectives. According to NAO (2010), all the participants in the organization’s governance system should be sufficiently competent to fulfil the internal control responsibilities associated with their roles.

From a preventive perspective, controls should always be designed, implemented, and applied as a response to specific risks, their causes and consequences. Management should ensure that regular communication regarding the internal control system, as well as the outcomes, takes place at all levels within the organization to make sure that the internal control principles are fully understood and correctly applied by all. In this regard, IFAC (2012) argues that both individual controls as well as the internal control system as a whole should be regularly monitored and evaluated. The governing body, together with management, should periodically report to stakeholders the organization’s risk profile as well as the structure and factual performance of the organization’s internal control system (Harrer, 2008).

In a recent publication by Enugu State Ministry of Trade and Industry (2015), it was outlined that SMEs sector in Enugu State lacks the competitiveness required for meaningful job creation and significant contribution to the State’s internally generated revenue due to numerous constraints. Although both the federal and state government lunched a number of programmes to provide fund for SMEs, it remains a glaring fact that SMEs in Enugu state are choked by poor performance. Onyisi (2014) contended that although various institutions that are presumably supposed to provide credit to the SMEs sector in the state exist such as the bank, ministry of industries loan scheme, World Bank small business loan, Nigeria Bank of Commerce and Industry etc., their impact has remained largely minimal. Hence, starting up new SMEs or expansion of existing once by the largely unemployed youths in Enugu State usually end up as a dream.  Performance of SMEs in Enugu State is also hindered by poor infrastructural facilities. Apart from Enugu metropolis where most public infrastructure can be managed, other towns in the state cannot boast of supporting infrastructure for a thriving SMEs sector. While some SMEs may have access road, a good number are faced with poor power supply, bad road network, water supply which constrains their growth and development. Hence, most SMEs resort to private provisioning of these at great expense (Onyisi, 2014).

            The incidence of inadequate working capital, which constrains productive capacities of the SMEs as well as absence of succession plan in the event of the death of the proprietor, is another factor that leads to many cases to frequent early demise of SMEs in Enugu State. According to Ugwoke (2014), among the prime challenges faced by SMEs in Enugu State are financial indiscipline among entrepreneurs and lack of experience and training on chosen enterprise. They often rely on their skills and talent, completely ignoring the need for experience in accounting, personnel, advertising, budgeting, purchasing and other aspects of management. Similarly, SMEs in Enugu State suffer from poor location and marketing constraints. This entails a situation where small businesses experience difficulties finding the appropriate market for their products, even when the market is there. The most cited reason remains that some small business owners often do not see the need for advertising or sales promotion. Most of them hardly go beyond erecting a signboard which merely indicates their location. Hardly do they realize that effective advertising wakes prospective customers to develop strong opinions on their product in particular and the firm in general.

Also on the list of top challenges faced by SMEs in Enugu State in recent time is lack of planning and budgeting. Without proper planning and budgeting any SME is bound to fold up after a year or two of operation. In the case of Enugu State, most SMEs do not make proper planning and budgeting of their scarce resources. This poor planning often expose them to the uncertainties that surround the demand for and supply of both factors of production and product of the firm (Ugwu, 2015). In addition, it is a common trend among SMEs in Enugu to enter into competition with the big firms in the same product line. As such, they are often tempted to engage in inaccurate pricing in order to sell off their products in such competition. The consequence of this unwise decision has been unexpected liquidation of such SMEs due to their meager business capital.

Furthermore, the issue of inadequate funding of SMEs in Enugu State is an important factor militating against the sub-sector’s growth and development in recent times. Among the contributing factors is inability of existing and potential entrepreneurs to develop bankable business plan and poor registration of SMEs with appropriate local authorities. According to Ekpenyong (2007), this sometimes made it difficult for such SMEs to be traced by local authorities when funding opportunities are available. Again, banks’ perception of SMEs as high risk clients and poor financial record keepers also accounted for poor performance of SMEs sub-sector in Enugu State. The situation was deteriorated by weak capacity on the part of banks to down-scale their lending to SMEs as well as the high interest charges on loans. Above all, poor internal control system remains the prime challenge to the growth and development of SMEs in Enugu State.

Hence, this study was motivated to assess the internal control strategies adopted by SMEs in Enugu State for two important reasons. First, the current state of affairs in performance of SMEs in Enugu State remained unsatisfactory in the wake of high youth unemployment and fragile state of the economy in Nigeria. Second, there is overwhelming evidence to support the claim that the challenges faced by SMEs in their growth process is more of internal than external controls. This implies that effective internal control system is largely responsible for the success of business enterprises.

Statement of the Problem