Internal Audit, Corporate Governance and Financial Control System in Kenema Government Hospital, Sierra Leone

Abstract

Internal audit plays a vital role in the corporate governance process. The perceived poor internal audit practices, mainly caused by a lack of independence, have resulted in sound corporate governance practices evading the company; thereby leading to the abysmal performance of the majority of companies. The study, therefore, seeks to ascertain the practices of internal audit and corporate governance at Kenema Government Hospital with a specific focus on ascertaining the existence of internal financial control systems, assessing the level of compliance with financial management regulations and identifying the consequences for non-compliance with such regulations. The study adopted the purposive sampling technique, a sample size of twenty-five (25) respondents comprising accounting, auditing, and health and administration staff. Interview guides were used as the main instrument for the collection of data. The findings of the study revealed that effective internal audit practices and a sound corporate governance framework enhanced the hospital’s systematic, comprehensive approach to internal control, which was consistently documented, understood at the management level and communicated at all levels of the hospital. Nevertheless, there still existed some inconsistencies concerning how internal controls were implemented and enforced and all responsibilities were not clearly defined. Again, the independence of internal auditors in the hospital was greatly compromised since, most of the time, they are considered employees of management. Hence, the views of internal auditors reporting to the board are merely a formality to satisfy corporate governance requirements.

Share and Cite:

Koroma, M. and Quee, S.P. (2025) Internal Audit, Corporate Governance and Financial Control System in Kenema Government Hospital, Sierra Leone. Open Access Library Journal, 12, 1-12. doi: 10.4236/oalib.1112221.

1. Introduction

Internal financial controls are systems within a company that design methods and procedures to produce effective operations, establish reliable financial reporting, avoid fraud and maintain compliance with regulations and laws. Internal financial controls evaluation is meant to help an institution review and assess the structure of accountability within the organization. An effective system of internal financial controls gives assurance regarding the integrity of financial reporting and the safeguarding of assets. Fraud can easily be detected through internal controls. Such controls also help accuracy in financial reporting [1]. Internal financial controls are used by organisations to make sure financial information is accurate and valid. The existence of internal financial controls is important because they protect the integrity of an organization’s financial information and allow stakeholders a measure of financial health. Strong internal controls can also increase the profitability of a company [2].

Public corporations have shareholders demanding accountability. However, in public hospitals accountability demands are not as strong. In the case of hospitals, the taxpayers and donors typically are late in taking action, but because of funding questions, the incentives for and number of effective internal financial controls in the public sector continue to increase [3]. U.S. Government Accountability Office (GAO) recommends the use of internal financial controls to improve financial reporting in the public sector [4].

Internal audit functions play a critical role in strengthening corporate governance and enhancing financial control systems within organizations. Effective corporate governance frameworks have been linked to improved accountability and transparency in public sector entities [5]. Several studies highlight challenges faced by government hospitals in developing countries, including limited internal audit capacity and weak financial controls [6]. However, research specific to Sierra Leone, particularly in the healthcare sector such as Kenema Government Hospital, remains limited, underscoring the need for this study. The entire paper outlines the primary aims of the research, research methodology and findings and recommendations of the study.

2. Survey of Literature

Evaluation of internal controls is an essential part of the structure and operations of any organization. The larger and more complex the organization and its activities, the more care must be given to the design of the internal control systems. But control systems are effective only if they are installed, maintained, and used by competent, dedicated managers. Systems can support such managers, but they cannot substitute for them.

3. Internal Controls Defined

Evaluating internal controls is one of internal auditing primary responsibilities. In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) [7] defined internal control as a process effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.

This organizational approach provides both profit and non-profit organizations with a common, accepted, and recommended reference point to assess the quality of their internal financial controls: Internal Control over Financial Reporting—Guidance for Small Public Companies (2006) [8]. A company’s objectives, its internal organization and the environment in which it operates are continually evolving and, as a result, the risks it faces are continually changing. A sound system of internal control therefore depends on a thorough and regular evaluation of the nature and extent of the risks to which the company is exposed.

Since profits are, in part, the reward for successful risk-taking in business, the purpose of internal control is to help manage and control risk appropriately rather than to eliminate it [7].

4. Regulatory Frameworks and Guidelines for Internal Financial Controls Systems

As the severity of high-profile corporate accounting failures has increased steadily over the last decade, there has been a corresponding increase in the development of new legislation, standards, codes and guidelines to assist organizations in improving their internal controls.

The recognition of the critical importance of internal controls is evident in the key frameworks and guidelines on the subject. In the 1990s internal control frameworks such as the COSO (USA), Turnbull (UK) and CoCo (Canada) emerged, some of which have recently been reviewed and updated or supplemented. The COSO’s Internal Control Integrated Framework (1992) and Turnbull’s Guidance on Internal Control (1999) [9] [10] both took a much broader approach to internal control than Sarbanes-Oxley, in terms of scope, objectives and approach. They focused on all controls covering the company’s entire range of activities and operations, not just those directly related to financial reporting and adopted a risk-based approach to internal control. In addition, there are many other publications on the theory and benefits of internal control. Internal controls became a highly pertinent and topical business issue at the beginning of the 21st century following a series of large corporate scandals and failures. These failures led to calls for enhanced internal control. Governments and legislators, regulators, and standard setting groups came under increasing pressure to take measures to assist in preventing similar shareholder losses from occurring in the future by Professional Accountants.

5. Elements of Internal Control

Internal financial control systems comprise five interrelated components. These components are used to develop an internal control system and are also the means for evaluating it. These components work together to form a strong set of methods and procedures that organisations follow in their operations. COSO Internal Control—Integrated Framework (1992) [10].

5.1. Control Environment

The control environment is a component of internal controls. It includes factors such as integrity, ethical values, competence of the workers and the management’s philosophy in the organization. It is the component that provides the foundation needed for the other components to build on in internal financial control systems.

5.2. Risk Assessment

Risk assessment is the component which is used for identifying risks in the system. For risk assessment to be effective, preventative measures are put into place by establishing clear objectives. This component identifies and analyzes possible risks internally and externally. This component manages risk by developing precise procedures to achieve consistent objectives within the organization. Risk assessment always takes change into consideration within the objectives set forth by Enterprise Risk Management—Integrated Framework (2004).

5.3. Control Activities

Organizations develop control activities to assist in monitoring. Control activities include policies, procedures and practices developed to increase risk management strategies. Specific control activities include separation of duties, verifications, reconciliations and physical security of assets. These policies are designed to ensure that management directives are fulfilled. COSO Internal Control—Integrated Framework, (1992) [10] Due to the wide range of control activities and the volume and nature of the evaluation procedures, evaluation of the third component of internal control system, namely control activities, is limited only to the qualitative evaluation.

5.4. Information and Communications

Information must be identified, captured and communicated timely and effectively and is achieved through this internal control component. This component is designed to allow employees the ability to carry out their responsibilities in the best manner possible. Information must be communicated externally as well to all parties involved in the company. Information that is communicated in this fashion allows control activities and employee responsibilities to be more effectively. COSO Internal Control—Integrated Framework (1992) [10].

5.5. Monitoring

Monitoring includes assessing the performance of internal control components, ensuring they are operating effectively. This component includes allowing managers clear responsibility guidelines so that they are able to effectively do their jobs. It also includes performing evaluations through audits and other independent parties, ensuring that the company is handling the operations of the business correctly by COSO Internal Control—Integrated Framework (1992) [10].

6. Internal Control: Guidance for Directors on the Combined Code (The Turnbull Guidance)

Internal Control: Guidance for Directors on the Combined Code, commonly referred to as Turnbull guidance, was issued by the Institute of Chartered Accountants of England and Wales (ICAEW) at the request of the London Stock Exchange to provide guidance to directors of listed companies in implementing the requirements in the Combined Code relating to internal control. Turnbull further states that―For the purposes of this guidance, internal controls considered by the board should include all types of controls including those of an operational and compliance nature, as well as internal controls. Internal Control: Guidance for Directors on the Combined Code (1999), Institute of Chartered Accountants in England and Wales, UK.

6.1. Control Objectives for Information and Related Technology (Cobit)

In recognition of the importance of IT internal controls, an IT internal controls framework, Control Objectives for Information and Related Technology (COBIT) was developed in 1996 as a reference framework for developing and managing internal controls and appropriate levels of security in IT. COBIT provides a set of generally accepted IT control objectives to assist entities in maximizing the benefits derived through the use of IT and developing the appropriate IT governance and control in a company. COBIT adapted its definition of internal control from COSO: the set of policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives are achieved and that undesirable events are prevented, detected and corrected. While COSO and Turnbull focus on the achievement of business objectives at the overall entity level, COBIT focuses specifically on information technology. Therefore, while the concept of internal control presented in COBIT complements the other two frameworks, it applies this concept to controls over IT, and not the business as a whole.

6.2. The Sarbanes-Oxley Act (2002) in the Us

In July 2002, the United States Congress passed the Sarbanes-Oxley Act (SOX) [11] in an effort to reduce public concern over a number of high-profile corporate failures in the US. It was hoped that SOX would assuage the concerns of investors and restore confidence in corporate reporting. The Sarbanes-Oxley Act concentrates on improving the accuracy and reliability of corporate disclosures. Its legislation requires companies to develop a system for continuous evaluation of both internal and external influences on business performance.

7. Objectives of the Study

The overall objective is to assess how internal audit and corporate governance aid the achievement of organizational goals.

Thus, the specific objectives are to;

  • establish the existence of internal financial control systems in Kenema Government hospital.

  • determine the level of compliance with internal controls and financial management regulations.

  • establish the consequences for non-compliance with such regulations

8. Research Questions

The research therefore seeks to answer the following questions;

  • Are there operational internal financial controls systems in public hospitals?

  • Are internal financial control systems complied with in public hospitals?

  • What are the consequences for non-compliance with financial management regulations in public hospitals?

9. Research Methodology

9.1. Method of Data Collection

The principal endeavor of this paper is to assess how internal audit and corporate governance aid the achievement of organizational goals. Questionnaires were the main instruments used to collect data. The use of questionnaire was employed to collect data from accountants, internal auditors, administrators and health Workers of the Hospitals, since this method is quicker in collecting information from a number of people at the same time. The instruments used were a structured close-ended questionnaire.

The questionnaire is a data collection instrument, which had a number of items. Questionnaires were administered to the respondents, and all completed forms were collected for subsequent analysis. The answers were arranged and coded using point numeric rating scales [12] as follows: numeric rating scale—Yes, No and Not Applicable. The questionnaires were used to give respondents time and independence to answer the questions.

9.2. Data Set & Sample Design

The full set of cases from which a sample is taken is called the population [12]. The total population for the study was forty-four (44) personnel of the hospital categorized as follows; four (4) accounting staff, three (3) workers of Auditing, thirty (30) health workers and seven (7) administration staff.

9.3. Sample Size

Forty (40) respondents were sampled purposively in order to elicit specific responses from them.

The sample size for the study is calculated using Yamanes formula for determining sample size:

The formula, n= N 1+N ( e ) 2

where:

  • n = sample size

  • N = population size = 44

  • e = margin of error (typically 0.05 for 95% confidence level)

n= 44 1+44 ( 0.05 ) 2

n= 44 1+44( 0.0025 )

n= 44 1+1

n= 44 1.1

n = 40

9.4. Data Analysis

The nature of the issues and processes under discussion necessitated the use of qualitative analyses for the data collected. The data collected was edited to check contradictions and ensure consistency. In analyzing the primary data, tables, pie charts and percentage were used. The analysis was done with the aid of Microsoft Excel.

10. Findings and Discussions

This section presents a detailed discussion and analysis of findings of the study with particular reference to the responses received, findings of the study, tables and figures and other related charts that are useful to the study. Data collected for the study were quantitatively and qualitatively analyzed. Thus, the following findings emanated from the study; From Figure 1 it was revealed that show 48% representing 19 respondents have worked for the hospital between eleven (11) to twenty (20) years while 15% have only worked for six (6) to ten (10) years. The longer an employee works for an institution will have some influence on their performance and will enhance the organization to achieve its overall objectives with regards the implementation of sound internal financial controls.

Figure 1. Number of years of experience. Source: Field work, 2019.

From Table 1 below out of forty respondents, 63% stated that they have acquired tertiary education while 25% and 12% respectively have basic and secondary. The effect of this was that respondents had no problems in responding to the questionnaire. It means that they may have the capacity and ability to adopt to any financial framework the hospital may choose. As far as educational attainment was concerned the majority of the respondents had tertiary education. This implies that respondents have appreciably high level of education.

Table 1. Educational background of respondent.

Educational Background

Frequency

Percentage %

Basic

5

12

Secondary

10

25

Tertiary

25

63

TOTAL

40

100

Source: Field work, 2019.

From Table 2, the findings confirmed the assertion of the Tread way commission of the committee of sponsoring organizations (COSO), that it is management responsibility to set up the internal control system and that the internal auditor’s role is to evaluate the effectiveness or otherwise of the system. The assessment of the components of internal control s reported above. Control environment is the component that provides the foundation needed for the other components to build on in internal financial controls systems. Guidance for Smaller Public Companies Reporting on Internal Control over Financial Reporting (Draft for public comment, 2005). Overall, the control environments in the hospital were very good and they were in line with COSO standard. The weakest area the hospitals were management Philosophy and operating style and assignment of responsibilities as the accounted for a small portion of the respondents.

Table 2. Control environment.

Control Environment

Frequency

Percentage %

Yes

No

Yes

No

Total

Integrity and ethical values

25

15

62.5

37.5

40

Commitment to competence

20

20

50

50

40

Governing body

15

25

37.5

62.5

40

Management philosophy and operating style

30

10

75

25

40

Organizational structure

35

5

87.5

12.5

40

Assignment of Responsibilities

31

9

77.5

22.5

40

Source: Field work 2019.

From Table 3, 62% out of the total respondents, stated that it is important for organizations to have agreed upon financial reporting objectives which will help in implementing sound internal control systems. About 25% of respondents confirmed that assessment of fraud is significant for attainment of over financial objective of firms.

Table 3. Risk analysis.

Variables

Frequency

Percentage (%)

Yes

No

Yes

No

TOTAL

Importance of financial reporting objectives

25

15

62

38

40

Identification/Analysis of financial reporting risks

15

25

38

62

40

Assessment of fraud risk

10

30

25

75

40

Source: field work 2019.

10.1. Summary of Findings

EXISTENCE OF INTERNAL FINANCIAL CONTROLS IN PUBLIC HOSPITALS

It was discovered from the findings that there was existence of internal financial controls regulated by laid down procedures and indirect application of COSO. As a government organization it was more concerned about solving what it considered more pressing issues of fulfilling its objectives than ensuring quality, as it was not a profit-making entity.

10.2. Level of Compliance and Other Financial Management Regulations

It was also revealed that the level of compliance was high and compliance to other financial management regulations like Financial Administration, Procurement and Internal Audit Act.

10.3. Implication for Compliance and Non-Compliance

It was also discovered there was strong compliance with the internal financial controls, and this may help to reduce the volume of work for the auditor. On the other hand, human error in the use of judgment, simple processing errors and mistakes, collusion of staff in circumventing controls and unscrupulous people abusing their responsibility was revealed by the study.

11. Conclusion

Internal financial controls were enforced better in profit organizations compared to non-profit organizations like public hospitals. Non-profit organizations like public hospitals believed that their objective was not profit making but to concern themselves with providing health care to their citizenry. Even though public hospitals were complying with internal financial controls and they were not enforced like profit making organizations.

12. Recommendation

In light of the above findings, the researcher will make the following recommendations:

Effective and efficient internal financial controls come from inspired leadership (servant Leadership) throughout the organization; from excellent monitoring system design; and effective use of information and technology. This concept must be strongly imbued into the entire machinery of the staff of public hospitals to create the necessary institutional capacity to foster national development.

It is recommended that the existence and operation of the internal financial controls system should be effective. For it to be effective, targets should be set for its operations. It means therefore that the target could be compared to the performance.

COSO for a long time has been used indirectly for internal financial controls for non-profit-making organizations like the public hospitals. It is recommended that COSO should be used directly as one of the laws and conventions. It will help to achieve effective and efficient use of scarce resources of non-profit making organization.

It is recommended that management should take COSO seriously especially those in non-profit making organizations like the public hospitals to achieve value for money with the resources at their disposal.

Internal financial controls are a basic responsibility of any manager. To be effective, the internal financial controls system must have the strong support of the entity’s leadership.

It is recommended that policies and procedures should be observed consistently throughout the Hospitals. Also, irregularities revealed by the internal financial controls system must attract prompt and effective corrective action. To assure continued effectiveness, the Hospitals internal financial control system must be reassessed frequently.

Even though, no system of internal financial controls can provide an absolute guarantee against the occurrence of fraud, abuse, inefficiency, and human error. However, it is recommended that a well-designed system of internal financial controls can give reasonable assurance that significant irregularities will be detected. At the same time, even well-designed internal financial controls can be defeated by collusion, especially if that collusion involves senior executives who have the power to disarm or bypass the control system.

Thus, it is necessary to set priorities. In almost all countries, and especially in developing and transition economies, the highest priority should be placed on assuring the reliability of the financial systems and the integrity and security of the controls over transactions.

Conflicts of Interest

The authors declare no conflicts of interest.

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1] Asare, T. (2006) The Public Sector Accounting Standards (IPSAS) and the Ghana Audit Service: Challenges and the Way Forward. Ghana Audit Service.
[2] Krishnan, J. (2005) Audit Committee Quality and Internal Control: An Empirical Analysis. The Accounting Review, 80, 649-675.
https://doi.org/10.2308/accr.2005.80.2.649
[3] Hardiman, N. (2006) Politics and Social Partnership: Flexible Network Governance. The Economic and Social Review, 37, 343-374.
[4] Georgiou, G. (2005) Investigating Corporate Management Lobbying in the U.K. Accounting Standard-Setting Process: A Multi-Issue/Multi-Period Approach. Abacus, 41, 323-347.
https://doi.org/10.1111/j.1467-6281.2005.00185.x
[5] Mwangi, I. (2021) Effect of Fraud Mitigation Strategies on Tax Fraud Among Large Tax Payers in Kenya Revenue Authority. Ph.D. Thesis, Dedan Kimathi University of Technology.
[6] Kamara, S.A. (2024) The Relevance of Human Resources Auditing and Culture on Employees’ Performance and Organizational Growth. European Journal of Political Science Studies, 7, 54-95.
https://doi.org/10.46827/ejpss.v7i1.1684
[7] Doyle, J., Ge, W. and McVay, S. (2006) Determinants of Weaknesses in Internal Control over Financial Reporting. Journal of Accounting and Economics, 44, 193-223.
[8] Committee of Sponsoring Organizations of the Treadway Commission (2006) Internal Control over Financial Reporting—Guidance for Smaller Public Companies, Volume II: Guidance.
https://egrove.olemiss.edu/aicpa_assoc/383
[9] Internal Control Integrated Framework (1992) and Turnbull’s Guidance on Internal Control (1999). Official COSO Guidance Page.
https://www.coso.org/guidance-on-ic
[10] The Committee of Sponsoring Organizations of the Treadway Commission (CO-SO) Released the Internal Control—Integrated Framework in 1992 to Provide Organizations a Comprehensive Model to Design, Implement, and Evaluate Internal Controls.
https://www.coso.org/internal-control/?utm_source
[11] United States, Congress (2002) Sarbanes-Oxley Act of 2002. Public Law 107-204, 116 Stat. 745, 2002.
https://www.congress.gov/search?q=%7B%22source%22%3A%22legislation%22%2C%22search%22%3A%22+Sarbanes-Oxley+Act+of+2002%22%7D
[12] Saunders, M., Lewis, P. and Thornhill, A. (2007) Research Methods for Business Students. 5th Edition, Pearson.

Journals Menu
Follow SCIRP
Contact us
customer@scirp.org
WhatsApp +86 18163351462(WhatsApp)
Click here to send a message to me 1655362766
Paper Publishing WeChat

Copyright © 2025 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.