The Study on Effectiveness of Internal Audit on the Performance of the Public Sector in Sierra Leone: A Case Study of the National Social Security Insurance Trust ()
1. Introduction
According to the International Professional Practices Framework (IPPF), internal auditing is described as an independent and objective activity that provides assurance and consulting services to an organization (International Professional Practices Framework, 2017) [1] . In a similar vein Chartered Institute of Internal Auditors [2] , defined internal audit as: “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” The primary purpose of internal auditing is to enhance the organization’s operations by adding value and helping it achieve its objectives. This is achieved by employing a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Internal auditors are responsible for evaluating and assessing the organization’s processes, systems, and controls to identify potential risks, weaknesses, and areas for improvement. They provide objective and reliable information to management and stakeholders, enabling them to make informed decisions and take appropriate actions to address identified issues. Hence, internal auditing plays a vital role in promoting effective risk management, ensuring adequate internal controls, and enhancing overall governance within an organization.
Internal auditing is an important component of the public financial management system. It plays a crucial role in evaluating and improving internal control processes, providing independent assessments to senior management, and enhancing accountability and value for money in government operations. Internal audits can be conducted at various levels within the government, such as central agencies, ministries, departments, or even individual entities (OECD, 2014) [3] . The primary objective of an internal audit is to assess the effectiveness and efficiency of internal controls, risk management, and governance processes. By identifying weaknesses and suggesting improvements, internal auditors contribute to strengthening the overall control environment and ensuring that resources are utilized efficiently. While internal audit within the public sector focuses on evaluating the quality of budgeting, financial, and accounting information and assessing the extent to which organizations have met their established objectives, the external function of auditing is performed by Supreme Audit Institutions (SAIs); for the purpose of this research, SAIs is synonymous to the Office of the Audit Service Sierra Leone (ASSL)-Office of the Auditor General. SAIs are independent governmental bodies responsible for conducting external audits of public sector entities. Their role is to evaluate the effectiveness and efficiency of financial management, compliance with laws and regulations, and the overall stewardship of public resources.
Although internal auditors and SAIs have different roles and responsibilities, they work together to promote good governance, transparency, and accountability in the use of public resources. Internal audit provides the first line of defense by assessing internal controls and ensuring that financial information is reliable. SAIs, on the other hand, have the mandate to evaluate the effectiveness of the internal audit function itself, providing an external perspective on the quality and impact of internal auditing within government entities. It’s worth noting that while internal audit units are part of the organization they reside in, they maintain organizational and functional independence. This independence ensures that internal auditors can perform their duties objectively and without undue influence, thereby enhancing the credibility and effectiveness of their work.
The management of finances at the National Social Security Insurance Trust (NASSIT) in Sierra Leone is guided by the Public Financial Management Act (PFMA, 2016) [4] . Hence, the mandate of the Internal Audit functions of NASSIT is implied and described in the PFMA, 2016 Act as mentioned in Section 10 Subsection (1) There shall be an Internal Audit Department within the Ministry that shall be responsible for―a) performing the internal audit function of the Ministry; b) ensuring that an internal audit department, division, or unit or Audit Committee mentioned in Subsection (1) of Section 75 or Subsection (1) of section 76 performs its responsibilities in accordance with internationally accepted standards; and (c) performing any other functions delegated by the Minister. Subsection (2) The Director of the Internal Audit Department referred to in Subsection (1) may issue guidelines and instructions to prescribe composition, appointment, functions, powers, and any other matters relating to an internal audit department, division, or unit or an Audit Committee mentioned in Subsection (1) of section 75 or Subsection (1) of Section 76.
The roles and the mandate of the internal audit department of NASSIT are clearly articulated in the PFMA, 2016 Act however, the effectiveness and efficiency of the internal audit performance have been questioned not to be effective and efficient in enhancing the performance of NASSIT. This research assesses the effectiveness of the internal audit department on the performance of NASSIT. The aim of this research is to understand the effectiveness of the internal audit on the performance of NASIT and any challenges faced by the internal audit department that impede their effectiveness in executing their functions and its effect on NASSIT performance.
2. Research Aim, Objectives, and Questions
2.1. Research Aim
The aim of this research is to understand the effectiveness of the internal audit department’s roles and its impact on the performance of NASIT.
2.2. Objectives of the Study
The objective of this research is to understand the effectiveness of the Internal Audit Department at NASSIT and what impedes the effectiveness of the Internal Audit Department in executing its functions and its effect on the performance of NASSIT.
2.3. Research Questions
To gain an understanding of the effectiveness of the Internal Audit Department at NASSIT this research focused on the undermentioned research questions:
Question 1: Is the internal audit department sufficiently resourced with qualified staff and experienced to perform its duties effectively and efficiently?
Question 2: Does the internal audit department have guidelines to follow to guide their work at NASSIT?
Question 3: Is the internal audit department involved in the operational, financial, and managerial functions of NASSIT?
Question 4: Does NASSIT have a functional audit committee that works closely with the internal audit department?
Question 5: Does the internal audit department assist in the day-to-day activities of NASSIT?
Question 6: Does the audit department work closely with the audit committee to prepare the internal audit plan?
Question 7: Does the internal audit department have full access to all departments, processes, systems, and records to perform its functions?
3. Research Methodology
The mixed methods model was used for the purpose of this research. Data collection for the quantitative data and qualitative data was done through questionnaires and follow-up interviews with the participants that were selected for the research. In addition, data were collected from the internet, articles, the NASSIT Website, the Sierra Leone Auditor General’s Published Reports, and textbooks. Data were analyzed using the concurrent triangulation approach to inform the discussion and interpretation of data. The concurrent triangulation approach is a widely recognized mixed methods model, characterized by the collection of quantitative and qualitative data simultaneously) (Crewell, 2009) [5] . The purpose is to compare and analyze the two databases to identify convergence, differences, or a combination of both. Various terms are used to describe this comparison, including confirmation, disconfirmation, cross-validation, or corroboration, depending on the authors (Greene, Caracelli, Graham, 1989 [6] ; Morgan, 1998 [7] ; Steckler, McLeroy, Goodman, Bird, & McCormick, 1992 [8] ). This model aims to leverage the strengths of quantitative and qualitative methods while compensating for their individual weaknesses. The quantitative and qualitative data collection occurs concurrently within a single phase of the research study. Ideally, equal weight is given to both methods, but in practice, researchers may prioritize one over the other based on their specific research goals and context. The mixing of data in this approach typically takes place during the interpretation or discussion section of the study. The data can be merged, meaning one type of data is transformed into the other to facilitate easy comparison. Alternatively, the results of the two databases can be integrated or compared side by side in the discussion section. Published mixed methods studies often follow this approach, presenting quantitative statistical results first, followed by qualitative quotes that either support or disconfirm the quantitative findings) (Crewell) [5] . However, for the purpose of this research, the qualitative and quantitative data will be discussed and interpreted interchangeably.
Purposive sampling was used for the selection of participants. Purposeful sampling is used so that individuals are selected because they have experienced the central phenomenon) (Crewell) [5] , hence the population sample was limited to 100 participants and questionnaires were distributed to 100 participants. The descriptive and inferential statistic was used for our data analysis. Quantitative data analysis involves the use of inferential statistics and descriptive statistics. These statistics include measures of central tendency (such as mean, median, and mode) to determine the average or typical response to the variables. The results of the quantitative analysis are typically presented in tabular and graphical forms. Tables provide a structured format to present the numerical results, while graphs (such as bar graphs, line graphs, or scatter plots) offer visual representations of the data. The interpretation of the quantitative findings is based on the representation and presentation of the data, allowing researchers to summarize, describe, and explain the data in relation to their research questions.
The factors influencing IA effectiveness have been a topic of debate in the literature, and there is currently no consensus on an optimal framework for IA effectiveness. Research in this field has focused on identifying and testing various factors that affect IA effectiveness, but there has been limited attention given to comprehensively examining these factors and their dimensions. As a result, scholars have studied different factors individually based on their own interests and the available literature. The factors studied include but are not limited to the following: IA independence; Size of the IA function; Competencies of IA staff; Quality of IA processes and methodologies; Relationship with the audit committee; Relationship with the external auditor; Senior management support; and Outsourcing of IA. These are just a few examples of the factors that have been examined in relation to IA effectiveness. However, further research is needed to develop a comprehensive conceptual model that encompasses all key factors and their interrelationships to better understand IA effectiveness; as there is no agreed optimal conceptual model in the literature to assess the effectiveness of IAor to study the relationship between the factors (Turetken, et al. 2019 [9] ; Abdelrahim & Al-Malkawi, 2022 [10] ).
The focus of this research is to test the effectiveness of the internal audit department at NASSIT. In order to test the effectiveness of the Internal Audit Department this research emphasizes was directed to the qualities of an effective internal audit function as a framework for the analysis. The internal audit qualities are categorized as follows: a) Sufficient Resources; b) Well-Organized; c) Independence and Objectivity; d) Appointment by the Audit Committee; e) No Operational Responsibilities; f) Plan of Work set by the Audit Committee and; g) No Limitation on the Scope of Work. These qualities of internal control contribute to an effective internal audit function that provides valuable insights, independent assurance, and recommendations for improving the organization’s governance, risk management, and control processes.
4. Literature Review
4.1. Introduction
Investors and stakeholders in public and private sector institutions are concerned about the safety of their assets (Joseph, et al., 2015) [11] . The separation of ownership from control, where shareholders and stakeholders delegate decision-making authority to managers, can lead to a loss of effective control by shareholders and taxpayers. This situation raises concerns about the safety of investments and the need for good governance and accountable policy practices to safeguard shareholders’ assets and maximize wealth. One crucial aspect of good governance and accountable policy practices is the implementation of control measures to detect and prevent fraud within an organization, whether it is a private or public entity. These measures are essential to protect the interests of shareholders and stakeholders. By effectively managing risks and implementing internal controls, organizations can reduce the likelihood of fraudulent activities and promote transparency and accountability.
International Public Sector Accounting Standards (IPSAS) are a set of accounting standards developed and issued by the International Public Sector Accounting Standards Board (IPSASB). These standards are designed for use by public sector entities, including national governments, regional governments, local governments, and related entities such as agencies, boards, and commissions. IPSAS is based on the International Financial Reporting Standards (IFRS) issued by the International Accounting Standards Board (IASB), which are widely used in the private sector. The objective of IPSAS is to enhance the quality of financial reporting by public sector entities, leading to better-informed decision-making, increased transparency, and accountability in the allocation of resources by governments. The primary focus of IPSAS is on accrual-based accounting, which recognizes and measures economic events and transactions as they occur, rather than when cash is received or paid. This basis of accounting provides a more comprehensive and accurate picture of an entity’s financial position, performance, and cash flows. IPSASB develops and maintains IPSAS, providing guidance and support to promote the adoption and implementation of accrual-based accounting in the public sector. However, it’s important to note that IPSAS does not apply to government business enterprises, which are typically subject to different accounting standards. The adoption of IPSAS by public sector entities helps to promote consistency and comparability in financial reporting across different countries and facilitates better understanding and analysis of government finances on a global scale (IPSASB Factsheet, 2023) [12] .
Supreme Audit Institutions (SAIs) are national authorities responsible for auditing government revenues and expenditures. They play a crucial role in ensuring transparency, accountability, and good governance in the public sector. SAIs act as independent external auditors of government entities, assessing the legality, regularity, and financial soundness of public sector operations (Ganga & Andaleeb, 2018) [13] .
The International Organization of Supreme Audit Institutions (INTOSAI) serves as an international organization that brings together SAIs from around the world. Established in 1953, INTOSAI provides a platform for its 194 member SAIs to exchange expertise, ideas, and best practices in the field of government auditing. INTOSAI acts as a global standard setter for government audit and supports its members in enhancing their audit practices and methodologies. The standard-setting structure of INTOSAI is based on the principles of equality among SAIs and voluntary participation. INTOSAI recognizes the diverse legal mandates and reporting relationships of SAIs, reflecting the variations in governance systems and government policies across countries. The organization fosters collaboration and mutual learning among its members, drawing upon their experiences and knowledge. INTOSAI operates through various subcommittees, working groups, task forces, and project groups. These bodies are composed of experts from member SAIs who voluntarily participate in developing auditing standards, and guidance, and sharing their best practices. By leveraging the collective wisdom and expertise of its members, INTOSAI aims to improve government auditing worldwide and contribute to the effectiveness and efficiency of public financial management. The motto of INTOSAI, “Experientia Mutua Omnibus Prodest”, emphasizes the importance of mutual experience and collective learning for the benefit of all member SAIs. This collaborative approach helps establish and promote internationally recognized standards and practices in government audit, contributing to stronger accountability and transparency in the public sector globally.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO, 2011) [14] is a widely recognized framework for internal control, risk management, and fraud prevention. The COSO framework provides guidance on the implementation of control measures to enhance the effectiveness and efficiency of an organization’s operations, reliability of financial reporting, and compliance with applicable laws and regulations. Some key control measures that organizations can adopt to detect and prevent fraud include: a) Segregation of duties: Separating responsibilities and duties among different individuals or departments to prevent a single person from having control over an entire process. This reduces the risk of fraudulent activities going undetected. b) Regular internal and external audits: Conduct periodic audits by both internal and external auditors to assess the effectiveness of internal controls, identify potential risks, and detect any fraudulent activities. c) Implementing whistleblower mechanisms: Establishing channels for employees, stakeholders, and other parties to report suspicions of fraud confidentially and without fear of retaliation. This encourages the early detection of fraudulent activities. d) Code of conduct and ethics policies: Developing and enforcing a code of conduct and ethics policies that clearly outline the expected behaviour and ethical standards for employees, managers, and stakeholders. This helps create a culture of integrity and ethical decision-making within the organization. e) Adequate training and awareness programs: Providing regular training and awareness programs to educate employees and stakeholders about fraud risks, preventive measures, and reporting procedures. This empowers individuals to identify and report potential fraudulent activities. f) Effective risk management: Implementing a robust risk management process to identify, assess, and mitigate risks associated with fraud. This involves conducting risk assessments, implementing appropriate controls, and continuously monitoring and evaluating the effectiveness of these measures.
By implementing these control measures and adopting a comprehensive approach to governance and accountable policy practices, organizations can enhance their ability to detect and prevent fraud, safeguard shareholders’ assets, and work towards the goal of wealth maximization.
4.2. Internal Control
The role of internal audit has gained significant importance within organizations, especially in the aftermath of corporate collapses and financial scandals. These events have highlighted the need for effective internal controls and good corporate governance, with internal audits playing a crucial part in achieving these objectives (Schneider, 2003 [15] ; Arena and Azzone, 2006 [16] ). The effectiveness of internal audits is a subject of interest for various stakeholders, including internal auditors themselves, the board of directors, the audit committee, senior management, and external auditors (Brilliant, et al., 1997 [17] ; Mihret, et al., 2010 [18] ; Lenz and Hahn, 2015 [19] ). However, these stakeholders often have different perspectives and expectations regarding the internal audit’s role and responsibilities. External auditors and the audit committee primarily focus on obtaining assurance regarding the effectiveness of controls and risk management systems (Hermanson and Rittenberg, 2003) [20] . They rely on internal audits to provide independent assessments of the organization’s internal controls and their effectiveness. On the other hand, senior management sees value in internal audits beyond assurance alone. They expect internal auditors to offer consulting services and provide insights on improving operational efficiency, identifying process improvements, and enhancing risk management practices (Sarens and Beelde, 2006) [21] . These divergent perspectives have contributed to the lack of consensus among researchers on the factors that influence internal audit effectiveness and the appropriate measures to assess it (Arena and Azzone, 2009) [22] . The challenge lies in reconciling these different expectations and finding a balance between providing assurance and delivering value-added services. Despite these differences, there are several common factors that contribute to the effectiveness of internal audit. These include the following: a) Independence and objectivity: Internal auditors should maintain independence from the areas they audit and have the freedom to express their opinions objectively. b) Competence and skills: Internal auditors need to possess the necessary knowledge, expertise, and skills to effectively carry out their duties. c) Adequate resources: Internal audit functions should have sufficient resources, including budget, staff, and technology, to perform their tasks effectively. d) Risk-based approach: Internal auditors should prioritize their audit activities based on the organization’s risk profile and focus on areas of highest risk. e) Communication and reporting: Internal auditors should communicate their findings and recommendations clearly and effectively to the relevant stakeholders. While these factors provide a general framework, organizations may need to tailor their internal audit practices to meet the specific expectations of their stakeholders and align with their corporate governance objectives.
The importance of a robust control system in various aspects of governance, including internal control, risk management, and audit is critical as such a system is essential for better governance, ensuring the proper use of taxpayers’ money, and maintaining public trust. The responsibility for implementing and maintaining this control system lies with entities across all branches of government, including ministries, internal audit functions, supreme audit institutions, and the Centre of Government. In addition to these entities, citizens, the media, and non-governmental organizations also play a crucial role as partners in ensuring the effectiveness of the control system. A risk-based approach to integrity is a key aspect of this control system. By conducting systematic risk assessments, governments can identify potential areas of vulnerability and allocate resources accordingly to address those risks effectively. Implementing targeted controls based on these risk assessments allows governments to demonstrate to citizens that public funds are being utilized in a manner that aligns with principles of efficiency, effectiveness, and value for money. A robust control system that encompasses internal control, risk management, and audit is vital for good governance, safeguarding public funds, and maintaining public trust. By adopting a risk-based approach to integrity and implementing targeted controls, governments can assure citizens that public resources are being used efficiently and effectively. Collaboration with citizens, the media, and non-governmental organizations further strengthen the functioning of the control system.
A robust control system that integrates internal control, risk management, and audit is crucial for good governance and ensuring the proper management of public funds. Let’s explore some key points related to this topic and these points are encapsulated as follows:
1) Internal Control: Internal control refers to the policies, procedures, and practices implemented by an organization to achieve its objectives, minimize risks, and ensure compliance with laws and regulations. It involves processes for financial management, operational efficiency, and safeguarding of assets. Effective internal control helps prevent fraud, mismanagement, and errors, promoting transparency and accountability.
2) Risk Management: Risk management involves identifying, assessing, and mitigating risks that could affect an organization’s ability to achieve its objectives. By adopting a risk-based approach, governments can prioritize their control efforts by focusing on areas with the highest potential risks. This ensures that limited resources are used efficiently and effectively to address significant vulnerabilities.
3) Audit: Auditing is an independent evaluation of an organization’s financial statements, operations, or compliance with laws and regulations. It provides an objective assessment of the effectiveness of internal controls and risk management processes. Audits help identify weaknesses, gaps, or irregularities, allowing corrective actions to be taken. They also enhance transparency and instill confidence in the management of public funds.
4) Safeguarding Public Funds: A robust control system plays a vital role in safeguarding public funds. By implementing effective controls, governments can prevent misappropriation, fraud, and waste of public resources. This ensures that funds are used for their intended purposes and that the public’s trust in the government’s financial management is maintained.
5) Maintaining Public Trust: Trust is crucial for the functioning of any government. A well-designed control system that encompasses internal control, risk management, and audit demonstrates a commitment to transparency, accountability, and ethical conduct. It reassures citizens that their tax contributions are being used appropriately and that the government is actively managing risks. Collaboration with citizens, the media, and non-governmental organizations help foster transparency and provide additional oversight.
A robust control system that incorporates internal control, risk management, and audit is essential for good governance, the proper management of public funds, and maintaining public trust. By adopting a risk-based approach and collaborating with relevant stakeholders, governments can ensure the efficient and effective use of public resources while promoting transparency and accountability.
Integrity risk management supports decision-making within governments by striking a balance between preventive measures and enforcement, aligning with government objectives, aiding managerial decision-making, and identifying the players involved in creating or perpetuating risks. By effectively managing risks, governments can enhance integrity, transparency, and accountability, and ensure the achievement of their objectives. Integrity risk management is crucial for decision-making and the achievement of integrity objectives within government organizations. Here are some key points to further elaborate on this topic: a) Balancing Preventive Measures and Enforcement: Integrity risk management helps governments strike a balance between preventive measures and enforcement actions. While preventive measures aim to minimize the occurrence of integrity risks, enforcement actions deal with addressing risks that have already materialized. By effectively managing risks, governments can identify areas where preventive measures are needed, and at the same time, determine the appropriate enforcement actions when risks become realities. b) Alignment with Government Objectives: Effective risk management aligns with the government’s objectives, strategies, and priorities. By considering the specific objectives of the government, risk management processes can be tailored to address the risks that are most relevant and critical to achieving those objectives. This alignment ensures that resources and efforts are focused on mitigating risks that are most impactful to the government’s mission and goals.
The Role of Internal Audit
The evaluation of Internal Audit (IA) performance typically involves comparing actual performance against predefined objectives, which includes measuring effectiveness and efficiency (Beckmerhagen, Berg, Karapetrovic, & Willborn, 2004 [23] ; Shu, Li, Wang, & Zhang, 2010 [24] ; Türetken, 2020 [25] ). Effectiveness is commonly defined as the capacity to achieve results consistent with the target objectives or the attainment of a desired condition. It can be measured in degrees, indicating the extent to which objectives are met (Arena & Azzone, 2009) [22] . Efficiency, on the other hand, relates to how well the organization utilizes its resources in producing measurable outputs (Dittenhofer, 2001) [26] . It assesses the ratio of inputs to outputs, indicating the extent to which resources are optimized and waste is minimized. Effectiveness is often associated with “doing the right thing”, while efficiency is associated with “doing it well” (Chambers, 1993) [27] . It is important to measure effectiveness and efficiency separately because it is possible for an audit to be effective but not efficient, and vice versa (Beckmerhagen, et al. 2004) [23] . An effective audit achieves its objectives and provides valuable outcomes, such as identifying risks, improving controls, and adding value to the organization. On the other hand, efficiency focuses on resource utilization and ensuring that the audit process is streamlined, timely, and cost-effective. While both effectiveness and efficiency are important, however, effectiveness holds greater significance (Bednarek, 2018) [28] . The argument is that even if an audit is efficient, meaning it is conducted with optimal resource utilization, it becomes worthless if it fails to be effective in achieving its objectives. Effectiveness is essential for IA to provide meaningful contributions to the auditee’s adherence to regulations or standards, thus contributing to the overall effectiveness of the organization.
An internal control system is the integration of various elements within an organization, including activities, plans, attitudes, policies, and efforts of people, to provide reasonable assurance that the organization will achieve its objectives and mission (Mahadeen, et al. 2016) [29] . By establishing a sound internal control system, organizations promote efficient and effective business processes, produce quality products or services aligned with their mission, and protect resources against loss due to waste. Additionally, internal control systems ensure compliance with laws, regulations, contracts, and management directives, while also facilitating the development and maintenance of reliable financial and management data through timely reporting (Hanim, et al., 2005) [30] . The internal control system consists of five key components, mentioned below:
1) Control environment: The control environment sets the tone of an organization influencing the control consciousness of its people (Leung, et al., 2011) [31] and encompasses the overall attitude, awareness, and actions of management and employees regarding internal control and ethical behavior. It includes factors such as management’s commitment to integrity and ethical values, the organization’s organizational structure, the assignment of authority and responsibility, and the process of attracting, developing, and retaining competent personnel. In addition, Control environment factors include the integrity, ethical values, and competence of the entity’s people; management’s philosophy and operating style; the way management assigns authority and responsibility and organizes and develops its people (Eldridge, et al., 2013 [32] ; Mahadeen, et al. 2016 [29] ). The management system refers to a collection of policies and practices that are implemented to establish and maintain internal controls within an organization. According to the (COSO, 2013) [33] , an effective control environment is crucial in setting the tone for the internal control process to operate effectively at all levels of the institution. Numerous reports and studies have explored the impact of the management system on financial performance (Mahadeen, 2016) [29] . Two examples of such studies are those conducted by Kinyua, et al. (2015) [34] and Muraleetharan (2013) [35] .
2) Communication: Lewis and Graham (1988) [36] define communication as the process of creating a common meaning with someone or a group. Communication can be simply defined as the process of transmitting information and common understanding from one person to another. However, Communication requires the participation of at least two people. It’s not merely about one person talking, but about both parties actively engaging and exchanging information to establish a shared understanding. When communication is ineffective or unclear, it can raise concerns about trust in the performance of internal auditors. To address this, effective communication becomes crucial. Hahn (2008) [37] recommends several approaches to overcome communication problems. These include focusing on and providing only necessary information, giving meaning to the information rather than merely relaying the message, keeping the information clear and simple, and actively seeking feedback from the recipients to ensure understanding. Effective communication ensures that relevant information is identified, captured, and shared across the organization. It involves the dissemination of internal control responsibilities and expectations to employees, as well as the provision of necessary information to external stakeholders. Communication also enables employees to report potential issues or deficiencies in internal control. When communication is inappropriate or complex, it can hinder effective understanding. Hahn (2008) [37] suggests that an excess of information can be as detrimental as a lack of information, as it may overwhelm recipients and prevent them from focusing on the most important messages. The importance of effective communication is seen in establishing shared meaning, preventing information overload, and building trust between parties involved in the communication process. The existence of effective communication between internal auditors themselves, internal auditors and auditees, and internal auditors and organization members, without any doubt, is needed to strengthen the internal audit effectiveness (Endaya & Hanefah, 2013) [38] .
3) Risk assessment: Risk assessment involves the identification, analysis, and evaluation of risks that could impact the achievement of an organization’s objectives. By understanding and assessing risks, organizations can prioritize and allocate resources to mitigate them effectively. Risk assessment helps in identifying areas where control activities need to be implemented or enhanced. In 2004, the COSO (Committee of Sponsoring Organizations of the Treadway Commission) introduced Enterprise Risk Management (ERM) as a framework to address risks within an organization. This framework builds upon the elements of the internal control framework but also includes elements related to objective setting, incident detection, and threat response. According to Rittenberg and Schwieger (2005) [39] , ERM incorporates the key components of the internal control system and provides a structure for setting objectives, detecting incidents, and responding to threats. COSO (2011) [14] emphasizes the importance of the organization’s target environment as a precondition for evaluating risks. It is crucial to define the internal control system within the organization to provide reasonable assurance and achieve the identified objectives, risk recognition, and evaluation. The effectiveness of internal control operations should be assessed in relation to the organization’s objectives and associated risks. Internal control should encompass the evaluation of both internal and external indicators of threats faced by the company. One of the primary goals of financial reporting and entity performance is to generate accurate, complete, relevant, timely, and reliable financial information. This information serves to demonstrate and maintain accountability, comply with statutory reporting requirements, and provide stakeholders with an understanding of the organization’s financial performance. Schroeck (2002) [40] highlights the importance of implementing good processes, as they can contribute to an increase in an organization’s financial performance. The introduction of ERM by COSO in 2004 aimed to address organizational risks. The framework incorporates elements of internal control, focuses on objective setting, incident detection, and threat response, and emphasizes the importance of evaluating internal and external indicators of risks. Financial reporting and entity performance rely on generating accurate and reliable financial information, while implementing good processes can positively impact an organization’s financial performance.
4) Control activities: Control activities are the policies, procedures, and practices implemented by an organization to ensure that directives are carried out effectively. These activities help mitigate risks and ensure that the organization’s objectives are achieved (Elahi, 2013) [41] . Examples of control activities include the segregation of duties, authorization and approval processes, physical controls, reconciliations, and documentation of transactions and events. Organizational management tasks include performance reviews, storage of data, physical control, and separation of duties (Mahadeen, et al. 2016) [29] . The various aspects of organizational management tasks and their impact on performance and risk management are summarized as follows: a) Performance Reviews: Performance reviews involve comparing actual performance with plans and evaluating the output of the previous period. This helps identify any deviations from expectations and provides a basis for improvement and goal-setting. b) Data Storage: Proper storage of data is important to ensure its reliability, completeness, and authorization for payment. By maintaining accurate and secure records, organizations can mitigate the risk of errors, theft, and market exploitation. c) Physical Control: Physical control refers to protecting documents and other assets through measures such as restricted access, surveillance, and security systems. This safeguards valuable resources from unauthorized access and reduces the risk of theft or damage. d) Separation of Duties: The separation of duties involves distributing tasks and responsibilities among different individuals to prevent any single person from having excessive control or authority. This helps minimize the risk of fraud, errors, and abuse of power by creating a system of checks and balances. The effectiveness and costs associated with these management practices were articulated in the following research: Manasseh (2007) [42] suggests that implementing management practices, including performance reviews, data storage, physical control, and separation of duties, can lower the risk of theft, mistakes, and market exploitation. This, in turn, improves operational efficiency and performance. Barra (2010) [43] argues that while monitoring operations and separation of tasks can reduce fraud, they also incur additional costs. The benefits of preventing fraud must outweigh the costs associated with implementing measures such as segregated duties. Nocco and Stulz (2006) [44] propose that effective enterprise risk management (ERM) provides long-term competitive advantages to companies, including banks. By integrating risk management practices, organizations can better manage and monitor risks, which ultimately benefits investors and stakeholders. Akkizidis & Khandelwal (2008) [45] and Al Tamimi & Al-Mazrooei (2007) [46] emphasize the relevance of good risk control and management practices in enhancing investor confidence and improving overall performance. Overall, the studies suggest that implementing appropriate management practices and risk control measures can positively impact organizational efficiency, performance, and risk management, although the costs and benefits need to be carefully considered.
5) Monitoring: Monitoring involves ongoing assessments of the internal control system’s performance to ensure its effectiveness over time. It includes regular evaluations and reviews of internal controls, internal and external audits, and the reporting of any identified weaknesses or deficiencies. Monitoring provides feedback on the performance of the internal control system and enables necessary adjustments and improvements to be made. Monitoring is the process of assessing and evaluating the effectiveness of the internal control system over time. It involves measuring the consistency and reliability of internal control processes to provide reasonable assurance that the organizational goals are being achieved. According to Coffin (2003) [47] , a review mechanism should be established to regularly access and analyze the internal control system to ensure that processes are continuously enforced over an extended period. This ongoing monitoring effort is essential, particularly in complex and dynamic business environments. Monitoring activities can take the form of ongoing surveillance or independent assessments. Ongoing monitoring involves regular checks and evaluations conducted throughout the year, while independent assessments may be conducted periodically by an internal or external audit function. The objective of monitoring is to ensure that internal control processes are functioning as intended and to identify any deficiencies or areas for improvement. By conducting continuous surveillance operations, annual reviews, or a combination of both, organizations can evaluate the quality of their performance over time. Monitoring plays a vital role in providing assurance that the internal control system is effective, reliable, and capable of supporting the achievement of organizational goals. It helps identify potential weaknesses or gaps in the system and enables timely corrective actions to be taken.
By incorporating these five components into their internal control systems, organizations can enhance their ability to achieve objectives, minimize risks, and maintain reliable financial and management data. It is important to note that internal control systems should be continuously evaluated and adapted to changes in the organization’s operations, risks, and external environment to remain effective and relevant.
Internal auditors play a vital role in holding public sector officials accountable and ensuring effective management of public resources. Their independent and objective assessments contribute to improving operations, promoting ethical behaviour, and increasing public trust and these are further encapsulated as follows: a) Independent Assessments: Internal auditors provide independent and objective assessments of the management of public resources. They evaluate the effectiveness and efficiency of programs, policies, and operations to determine whether they are achieving the intended results. These assessments offer decision-makers an unbiased perspective on performance, enabling them to make informed decisions for improvement. b) Transparency and Ethical Behaviour: Internal auditors focus on the transparency and accuracy of reporting, which encourages ethical behaviour among public sector officials. By ensuring that financial and operational information is reliable and transparent, internal auditors promote accountability and discourage fraudulent or unethical practices. This helps build public trust and confidence in the reported outcomes and the integrity of the public sector. c) Safeguarding Taxpayers’ Money: Internal audit, coupled with a robust internal control system and effective risk management, is fundamental for safeguarding taxpayers’ money. Internal auditors assess the adequacy and effectiveness of internal controls to prevent fraud, mismanagement, or wastage of public resources. Their work contributes to ensuring that public funds are used efficiently, effectively, and in compliance with laws and regulations. d) Accountable Governance and Public Trust: Internal audit plays a critical role in ensuring accountable governance and preserving public trust. By providing independent assurance and recommendations for improvement, internal auditors contribute to the overall governance framework. Their work enhances transparency, accountability, and integrity in the management of public resources, thereby maintaining and strengthening public trust. In summary, internal auditors play a vital role in holding public sector officials accountable and improving the management of public resources. Their independent assessments focus on transparency and ethical behaviour, and their contribution to safeguarding taxpayers’ money is essential for accountable governance, integrity, and preserving public trust. Internal audit, in conjunction with robust internal controls, effective risk management, and external audit, forms a comprehensive control framework for the public sector.
The expansion of the internal audit (IA) function’s role and value-adding potential in recent years is a response to the evolving business landscape and the need for effective risk management and governance. Traditionally, IA focused on compliance assurance, financial control, and safeguarding assets (Allegrini, et al. 2006 [48] ; Dellai, et al. 2016 [49] ). However, as organizations face new challenges and risks, IA has adapted to provide a broader range of services and insights. One significant change is the shift from a purely assurance-focused approach to a more consultative and advisory role. IA professionals now work closely with management to identify and mitigate risks, improve operational efficiency, and enhance the overall effectiveness of the organization. By providing proactive recommendations and strategic insights, IA helps management make informed decisions and achieve business objectives. In addition, IA has expanded its scope beyond financial and compliance areas to encompass various aspects of organizational performance. This includes evaluating and improving internal controls, risk management processes, corporate governance practices, and ethical standards. IA may also assess the effectiveness of information technology systems, cyber-security measures, and data analytics capabilities to address the growing importance of digitalization and technology-driven risks. Furthermore, IA has become increasingly involved in assessing and monitoring emerging risks, such as regulatory changes, sustainability and environmental factors, social responsibility, and emerging technologies. By staying informed about industry trends and best practices, IA professionals can provide valuable insights and recommendations to navigate these complex and rapidly changing landscapes. IA has experienced changes that have resulted in the extension of the area of involvement and the increase of its value-adding potential (Türetken, 2020) [26] . The value-adding potential of IA lies in its ability to provide independent and objective assurance, insights, and recommendations to management and stakeholders. By leveraging their expertise, IA professionals contribute to the improvement of internal processes, risk management practices, and overall governance. Their work helps organizations enhance efficiency, effectiveness, and compliance while minimizing the likelihood and impact of potential risks and vulnerabilities. In summary, IA has evolved from a focus on compliance assurance and financial control to a more comprehensive and value-adding function. The expanded role of IA involves proactive risk management, strategic advisory services, evaluation of emerging risks, and broader assessments of organizational performance. This transformation enables IA to contribute significantly to the governance and operation of organizations in today’s dynamic and complex business environment.
The increasing regulatory requirements and the emphasis on governance and risk management have indeed heightened the attention given to the added value of the internal audit (IA) function; as a result, the expectations and demands placed on IA by both internal and external stakeholders continue to evolve (Cohen & Sayag, 2010) [50] . The focus has shifted from simply understanding the roles, responsibilities, and contributions of IA to a deeper exploration of how IA can generate value for the organization. Previously, IA’s main goals were centered around fulfilling its duties, meeting compliance requirements, and providing assurance to stakeholders. While these aspects remain important, there is now a greater emphasis on how IA can contribute to the organization’s success, improve operations, and identify opportunities for value creation (Allegrini, et al., 2006 [48] ; Erasmus & Coetzee, 2018 [51] ). IA is expected to provide insights, recommendations, and advisory services that go beyond the traditional scope of compliance and financial control. Recognizing the value of IA requires effective management (Dittenhofer, 2001 [27] ; Mihret & Yismaw, 2007 [52] ) and integration within the organization. This entails having a well-defined IA strategy that aligns with the organization’s objectives, ensuring the independence and objectivity of the IA function, and establishing clear communication channels with key stakeholders. When IA is effectively managed, it can act as a trusted advisor to management, providing valuable insights, risk assessments, and recommendations that help improve decision-making and drive organizational performance. However, it is important to note that the extent of value added by IA is contingent on various factors. These include the competence and expertise of the IA team, the support and cooperation received from management and other departments, the resources allocated to IA, and the organizational culture that encourages collaboration and openness to IA’s findings and recommendations. Effectively managed IA functions have the potential to enhance the organization’s governance, risk management, and control processes. They can help identify and mitigate risks, improve operational efficiency, safeguard assets, ensure compliance with regulations, and support the achievement of strategic objectives. By continuously adapting to the changing needs and expectations of stakeholders, IA can maximize its value and make significant contributions to the organization’s success.
4.3. The Role of Supreme Audit Institutions
Supreme Audit Institutions (SAIs) play a crucial role in a country’s accountability framework; in Sierra Leone, the role of the SAIs is likened to the role of the Audit Service Sierra Leone―Office of the Auditor General. While their traditional role involves conducting financial audits and compliance audits, SAIs are evolving to take on a broader and more comprehensive approach to assessing the reliability, effectiveness, efficiency, and economy of policies and programs. While SAIs traditionally focus on financial audits and compliance audits, they are expanding their role to assess the reliability, effectiveness, efficiency, and economy of policies and programs. This evolution enables SAIs to contribute evidence for more informed policy-making. By fulfilling their oversight role effectively, SAIs enhance transparency, accountability, and good governance in the public sector.
They have the potential to contribute valuable evidence for informed policy-making and this can be done through: a) Financial Audits: SAIs perform financial audits to assess the reliability and accuracy of public entities’ financial reporting. This involves examining financial statements, transactions, and records to ensure compliance with accounting principles and standards. Financial audits provide assurance that public funds are managed in a transparent and accountable manner. b) Compliance Audits: SAIs conduct compliance audits to assess whether public entities are complying with applicable laws, regulations, and governing authorities. These audits help identify instances of non-compliance and provide recommendations for corrective actions. Compliance audits ensure that public entities adhere to legal and regulatory requirements, promoting transparency and accountability. c) Broadening the Scope: SAIs are expanding their role beyond financial and compliance audits. They are increasingly focusing on evaluating the effectiveness, efficiency, and economy of policies and programs. This broader perspective allows SAIs to assess the outcomes and impact of government initiatives, contributing to evidence-based decision-making. e) Informed Policy-Making: SAIs have untapped potential to contribute to more informed policy-making. By conducting audits and evaluations on the outcomes and impact of policies and programs, SAIs provide valuable insights and evidence to policymakers. This helps in identifying areas of improvement, assessing the effectiveness of existing policies, and informing the development of future policies. f) Enhancing Transparency and Accountability: SAIs play a critical role in enhancing transparency and accountability in the public sector. Their independent and professional audits provide assurance to the public and stakeholders that public funds are used efficiently, effectively, and in accordance with laws and regulations. SAIs’ findings and recommendations promote transparency and contribute to strengthening the governance and management of public resources.
5. Results and Discussions
The aim of this research is to understand the effectiveness of the internal audit department’s roles and its impact on the performance of NASIT. In order to understand the effectiveness of the Internal Audit Department and its impact on performance, this research emphasizes was directed to the qualities of an effective internal audit function as a framework for the analysis for this research; as these Internal Audit qualities contribute to an effective internal audit function that provides valuable insights, independent assurance, and recommendations for improving the organization’s governance, risk management, and control processes. These qualities of internal control contribute to an effective internal audit function that provides valuable insights, independent assurance, and recommendations for improving the organization’s governance, risk management, and control processes. In addition, the literature for this research guided our analysis and recommendation. The data collected is used to answer research questions and also formed the basis of the analysis.
5.1. Research Question 1: Is the Internal Audit Department Sufficiently Resourced with Qualified Staff and Experienced to Perform Its Duties Effectively and Efficiently?
Sufficient Resources: The internal audit function should be adequately funded and have access to qualified and experienced staff. Sufficient resources enable the internal audit team to perform their duties effectively and efficiently. Data collected indicates that 90% of the research participants revealed that the Internal Audit Department is adequately funded and resourced with experienced and qualified staff, however, 5% of the research participants are of the opinion that the Internal Audit Department is not adequately resourced with experienced and qualified staff members. Figure 1 below reflects the participants’ views on the experience and the qualified staff members in the Internal Audit Department.
The above analysis indicated that the IA department is adequately funded and has access to qualified and experienced staff. This has improved the performance of NASSIT through IA risk assessment which involves the identification, analysis, and evaluation of risks that could impact the achievement of an organization’s objectives, In addition, control activities that ensure the policies, procedures, and practices are effectively implemented by NASSIT are adequately advised on by IA to ensure that directives are carried out effectively. The mind blowing positive response of 95% received from the participants indicates that
![]()
Figure 1. Qualified and experienced staff.
the AI department has been instrumental in advising on risk management and ensuring effective internal controls are in place through the internal audit undertaken by the internal audit department. For any weaknesses identified during the internal audit process, the internal audit department provides advice on how to strengthen the weaknesses and do a follow-up to ensure the recommendations are implemented adequately. In addition, this research reveals that the IA department provides adequate assurance on risks identified in financial management, operational activities, and managerial processes on an accurate, credible, and timely basis as guided by the Audit Service Act. The Audit Service Act (2014) [53] articulated the role of internal auditing in enterprise-wide risk management. The roles mentioned in the Audit Service Act are as follows; review of management key risks; evaluating the reporting of key risks; evaluating risk management process; and giving assurance that the risks are adequately identified and correctly evaluated.
5.2. Research Question 2: Does the Internal Audit Department Have Guidelines to Follow to Guide Their Work at NASSIT?
Well-organized: An effective internal audit function has well-developed work practices and procedures. This includes having clear guidelines, methodologies, and documentation processes to ensure consistency and quality in the audit work. The research reveals that the IA department is been guided by the following key documents to provide consultancy and assurance to NASSIT: National Social Security and Insurance Trust Act. No. 5 of 20th July 2001; National Public Procurement Authority Act; the Public Financial Management Act (PFMA, 2016) [4] , the Sierra Leone Finance Act 2021, and in general by the International Public Sector Accounting Standards.
As shown in Figure 2, the participants’ responses were resounding Yes at 100% which indicates that the IA department is been guided by well-developed work practices and procedures. This includes having clear guidelines, methodologies, and documentation processes to ensure consistency and quality in the audit work done by the IA department.
![]()
Figure 2. Internal audit department guiding documents.
5.3. Research Question 3: Is the Internal Audit Department Involved in the Operational, Financial, and Managerial Functions of NASSIT?
Independence and objectivity: The internal audit function should be independent of the areas it audits. Independence allows the internal auditors to provide an unbiased and objective assessment of the organization’s operations, controls, and risks. Figure 3 reflects the responses provided by respondents. 10% of the participants strongly agreed that the IA department do not involve in the routine activities of NASSIT in areas such as operational activities, financial management and operational activities and 87% agree that the IA is independent of the work they provide assurances services on. The cumulative percent of 97% for “Strongly Agree and Agree” clearly indicates that the IA department does not provide assurance services on their work which would indicate a self-review threat thus the services provided would not be relied upon by independent users. However, 1% disagreed that the IA department does not involve in the routine activities of NASSIT in areas such as operational activities, and financial management, whilst 1% were not sure as to whether the IA is involved or not involved in the routine activities the provided assurance services on. In general, there was a general consensus among the participant that the IA department is engaged in a special assignment when the need arises, as such assignments include requesting the IA to provide clarification on critical legislative and regulatory issues affecting the department and its application. Such services may include but are not limited to providing guidance on single sourcing for the procurement of urgently needed goods or services, and tax exemption policies.
5.4. Research Question 4: Does NASSIT Have a Functional Audit Committee That Works Closely with the Internal Audit Department?
Appointment by the audit committee: To reduce management bias, it is recommended that the chief internal auditor be appointed by the audit committee rather than by management. This helps ensure the independence and objectivity of the internal audit function. Figure 4 below indicates the responses to a functional
![]()
Figure 3. Internal audit role in operations, managerial and financial management.
audit committee that works closely with the IA department. A significant proportion of the participants’ responses indicate that 93% of the respondents agree that there is a functional audit committee that controls and provides direction for the IA department and that the IA department reports its findings directly to the audit committee, whilst the remaining 7% disagree with NASSIT having a functional audit committee that controls and provide direction for the IA department. The finding revealed that the IA department is independent of management and reports and works closely with the audit committee thus management does not have the leverage to influence the work and reports of the IA department.
5.5. Research Question 5: Does the Internal Audit Department Assist in the Day-to-Day Activities of NASSIT?
No operational responsibilities: The internal audit department should have no operational responsibilities or involvement in the day-to-day activities of the organization. This separation of roles reduces the threat of self-review and enhances objectivity in evaluating controls and processes. The responses for Question 5 were the same as the responses in Research Question 3. The responses of the research participants are reflected in Figure 5 below. The response to this research question authenticated the validity of the response provided in Research Question 3.
5.6. Research Question 6: Does the Audit Department Work Closely with the Audit Committee to Prepare the Internal Audit Plan?
Plan of work set by the audit committee: The audit committee, composed of independent board members, should set the internal audit plan of work. This ensures that the audit function aligns with the organization’s strategic objectives and covers critical areas of risk and control. Figure 6 below indicates a graphical representation of responses received from research participants on audit committee collaboration with the IA department for the preparation of the audit plan.
The research finds indicate that 15% of the research participants “Strongly Agree” believe that the audit committee works closely with the IA audit department on the preparation of the audit plan and 73% “Agree” believe that the audit committee works closely with the IA on the preparation of the audit plan. On the hand, 4% “Disagree” and 1% “Strongly Disagree” that the audit committee works closely with the IA department on the development of the internal audit plan but rather the IA prepares the audit plan and is approved by the audit committee without closely working on it. Furthermore, 7% were not sure whether there is a collaboration or no collaboration between the audit committee and the IA department on the preparation of the audit plan. However, the members of the audit committee are independent of management and do involve in the routine operational, financial, and managerial functions of NASSIT.
5.7. Research Question 7: Does the Internal Audit Department Have Full Access to all Departments, Processes, Systems, and Records to Perform Its Functions?
No limitation on the scope of work: The internal audit function should have unrestricted access and be able to examine every part of the organization. This includes all departments, processes, systems, and records. Having a broad scope ensures comprehensive coverage and allows the internal auditors to identify risks and control deficiencies across the organization. Figure 7 below indicates the responses on the IA department’s access to all departments, processes, systems, and records to perform its functions. The participants’ responses indicate that 25% “Strongly Agree” believe that the IA department members of staff have full access to all departments, processes, systems, and records to perform their functions, and 75% “Agree” believe that the IA department members of staff have full access to all departments, processes, systems, and records to perform their functions. It was unanimous and resounding responses from the research participants that the IA department suffered from no limitation to full access to
![]()
Figure 5. Internal audit department engaged in routine activities.
![]()
Figure 6. Audit committee involvement in audit plan preparation.
all departments, processes, systems, and records to perform their functions. Further details revealed that the management provides unflinching support to the IA department to have unhindered access to all departments, processes, systems, and records to perform their functions.
6. Summary, Limitation, Conclusion, and Recommendation
The evolution of internal audit (IA) has led to its recognition as a value-adding service within organizations. Various studies and industry experts have acknowledged the value-adding potential of IA, highlighting its ability to contribute to an organization’s operations and overall effectiveness (Al-Twaijry, et al.,
![]()
Figure 7. Internal audit access to information.
2003 [54] ; Arena and Azzone, 2009 [23] ; Bou-Raad, 2000 [55] ; Enyue, 1997 [56] ; Goodwin, 2004 [57] ; Moeller, 2005 [58] ; Roth, 2003 [59] ). The definition provided by the Global Institute of Internal Auditors (IIA) emphasizes the value-adding nature of IA. It describes IA as an independent and objective assurance and consulting activity that is designed to add value and improve an organization’s operations. IA achieves this by bringing a systematic and disciplined approach to evaluating and enhancing the effectiveness of risk management, control, and governance processes. The value that IA adds to an organization can be seen in several ways. Firstly, IA provides independent assurance to management and stakeholders that risks are being identified, assessed, and managed effectively. By conducting audits and evaluations, IA helps identify gaps in controls, processes, and compliance, allowing management to take proactive measures to mitigate risks and improve overall performance. Secondly, IA offers consulting services, providing valuable insights, recommendations, and guidance to management. IA professionals, with their expertise and knowledge of best practices, can assist in developing and implementing more efficient and effective processes, enhancing controls, and optimizing resource utilization. Thirdly, IA plays a crucial role in evaluating the organization’s governance processes. By assessing the effectiveness of governance structures and practices, IA helps ensure that the organization operates ethically, in compliance with laws and regulations, and in alignment with its stated objectives. Overall, the value-adding aspect of IA lies in its ability to bring an independent and objective perspective, systematic methodologies, and expertise to the organization’s risk management, control, and governance processes. By doing so, IA helps organizations achieve their objectives, enhance operational efficiency, minimize risks, and improve overall performance.
It is worth noting that the value-adding potential of IA is further enhanced when the IA function is effectively integrated into the organization’s governance structure, receives support from top management, and is empowered with appropriate resources and independence. When these factors are in place, IA can truly fulfill its role as a valuable asset to the organization. Furthermore, a robust control system that encompasses internal control, risk management, and audit is vital for good governance, safeguarding public funds, and maintaining public trust. By adopting a risk-based approach to integrity and implementing targeted controls, governments can assure citizens that public resources are being used efficiently and effectively. Collaboration with citizens, the media, and non-governmental organizations further strengthen the functioning of the control system.
The analysis indicated that the IA department is adequately funded and has access to qualified and experienced staff. This has improved the performance of NASSIT through IA risk assessment which involves the identification, analysis, and evaluation of risks that could impact the achievement of an organization’s objectives, In addition, control activities that ensure the policies, procedures, and practices are effectively implemented by NASSIT are adequately advised on by IA department to ensure that directives are carried out effectively. In addition, the IA department is guided by well-developed work practices and procedures and the IA department does not provide assurance services on their work which would indicate a self-review threat thus the services provided would not be relied upon by independent users. Furthermore, the finding revealed that the IA department is independent of management and reports and works closely with the audit committee thus management does not have the leverage to influence the work and reports of the IA department. In addition, IA does not involve the routine work of NASSIT hence the issue of self-review threat does not exist with respect to the consulting and advisory work done by the IA department. In conclusion, overall the factors that facilitate the effectiveness of the IA department are effectively implemented at NASSIT with the IA department receiving unwavering support from management and the audit committee to provide their assurance and consulting services unhindered. Achieving full implementation of the guiding principles of an effective IA department portrays a roadmap to enhanced performance of NASSIT.
Although this research contributes to the existent literature on the effectiveness of the internal audit on the performance of the public sector, however, the research findings are not generalizable but limited to NASSIT although good practices can be adopted from this research. In addition, it was not difficult to obtain the required information from the research participants, however, the researcher was required to guarantee the participant anonymity thus enabling the researcher to obtain the required information for this research.
A detailed study on the trend in the NASSIT financial management, operational management, and managerial processes would have provided a clearer picture of the impact of the effectiveness achieved by the IA department thus the limitation of this research. Future research is therefore recommended on the Study of the Impact of the Internal Audit Department on the financial management, operational management, and managerial processes.