ABSTRACT

For several centuries, internal auditing has been believed to be helping firms in protecting financial resources and assess recognized internal control measures with the key concentration being control awareness and monitoring. Similarly, internal auditors are endured, and have not been treated with esteem in most organizational control. The advent of contemporary operational and commercial risks has obligated various companies to articulate policies and to upraise the standing of internal audit. Though a change of internal auditing from system based internal auditing to risk based internal audit has been applied extensively with the developed nations in the centre stage, previous research in internal audit has explored objectivity issues in relation to computerized accounting systems. The financial performance requires suitable risk based internal audit practices hence efficient and effective internal audit. In this study the researcher sought to find the effect of computerization in relation to RBIA in the county government of Homa Bay, Kenya. This study adopted descriptive survey research for it best explains the explicit occurrence in its contemporary tendencies, modern measures and connections among dissimilar aspects at the present. The target population for the study constituted of 60 respondents who were finance officers, internal auditors, the information technology officers, relationship officers/managers and accountants. The study administered questionnaires which comprised of structured and unstructured queries to all the respondents since it was the best suitable instrument to collect data. From the findings, the study concludes that RBIA over risk valuation/assessment, risk profiling, and yearly risk based audit planning and auditing staffing should be enhanced transparency and accountability in computerized environment, hence enhancing financial procedures. The study recommends that policy makers in the county government of Homa Bay in Kenya should adopt effective computerized accounting systems in implementation of risk based internal audit practices such as risk profiling, risk assessment, annual risk based audit scheduling, internal auditing standards/policies and auditing recruitment to enhance effective and efficient financial performance.

CHAPTER ONE: INTRODUCTION

1.1 Background of the Study

IT evolution in auditing and accounting is believed to have started several decades slightly over 50 years in the past with the first functioning commercial computer (Fadzil et al., 2005). Accounting techniques of several public and private entities whether large or small have been computerized. Additionally, it is claimed that there ought to be thorough considerations of the controls in a high-tech situation, and their influence on the auditor’s valuation of risk, and the consequent internal audit techniques. The above-mentioned measures are thought to frequently comprise using computer-assisted audit techniques (CAATs) as stipulated by ACCA (2011). Jones and Young (2006), argued that electronic data process (EDP) auditors later formed the independent audit body known as the Electronic Data Processing Auditors Association (EDPAA). Key objective of the association formed was to formulate policy guidelines, control procedures, and internal audit principles for electronic data processing auditors.

Heidenhof, 2002 in his study asserted that, “In early 1990s, African countries began to focus on the improvement of public finance specifically, on budget and expenditure management reforms”. The foregoing is said to have been occasioned by donors’ concerns. African countries commenced a critical review of hitherto existing systems and processes in their governments. Due to the realization that the existing systems and processes were outdated, integrated financial management systems (IFMIS) was recommended for piloting. IFMISs is an oracle application software tool tailored to suit financial management tools that incorporate the use of computerized systems. According

1

to a report by the United States Agency for International Development (USAID, 2008), the scope and scale of IFMIS can vary.

Jones and Young (2006) in their study argued that EDP auditor molded the EDPAA. The objective of the association was to yield measures, policies and morals for EDP auditors. The initial edition of (control Objectives) was published in the year 1977, this publication is now known as, “Control Objectives for information and related Technology (CobiT)”. It is the set of commonly recognized information technology control goals for information technology auditors. In 1994, EDPAA was integrated to (Information Systems Audit and Control Association) ISACA.

What marks this research stimulating is due to numerous academicians who are swift to argue out the necessity for internal auditors to adopt to variations brought about with information technology development, however acknowledging how these variations impacted on internal auditors have not been adequately investigated. While some papers view computerized accounting systems as increasing audit related risk, it is essential to understand how these changes in the accounting process can develop the work of the internal auditors or else this proves that actually there is a necessity to evaluate and study other studies.

1.1.1 Computerized Accounting System

According to Weber (2011), “Computerized accounting system (CAS) involves the use of computers in processing accounting data into information to facilitate quick decision making through timely preparation of financial reports and financial reporting in this case refers to the way in which financial information is recorded, processed and conveyed to the end users of this information in particular”.

2

Accounting system use to be manual process using paper, books and documents for business information, however accounting in the recent past has been computerised i.e. it involves the use of computers to process the financial transactions. Advances in information communication technology (ICT) have generated substantial changes in the field of business operations in conjunction to software in accounting. It has been proved that a computerized accounting system has several advantages such as speed, accuracy and reliability of financial information compared to a manual accounting system Osmond (2011). Before the advent of ICT in accounting practice, these bookkeeping practices were being executed manually. Nevertheless, nowadays several certified public accountant and data capturing clerks choose to use accounting software to record, report and analyse their organisation’s financial information. This information is collected from transactions and is compiled into financial reports (Weber, 2011).

1.1.2 Risk Based Internal Auditing

RBIA stems basically from models that accept inherent risk (risk of a substantial misrepresentation in the business financial reports ascending as a result of error or omission as a consequence of factors other than failure of controls) and control risk (risk of a substantial misstatement in the financial statements ascending due to lack or failure in the implementation of appropriate controls) are separate models that inherent risk ascends from components of the audit atmosphere that are absolutely autonomous of attributes that control the level of control risk. Operationalizing the distinction between inherent risk (IR) and control risk (CR) has however, proved problematic. It seems to be a slight agreement concerning aspects that may recognize inherent risks and there is slight circulated indication concerning how inherent risk is considered by specialists. Also, it is not hitherto clear neither does it make noble reasonable sense to try to isolate (IR) and (CR) in the way required by standard setters (DeZoort et al, 2002).

3

The RBIA role in Kenya especially in government departments, state owned agencies, county governments among others faces a perception and, to some level, a integrity problem as a value component of the organization indicating that internal audit in public organization’s has not sufficiently implemented its functions as anticipated in financial management due to escalation in the number of public financial losses. For instance, there is the 2005 Anglo-Leasing Scandal, EURO Bond and the National Youth Service (NYS) Scandals, which are all indicators of ineffectiveness in public internal auditing. Consequently, it is important that a study be carried out to assess the challenges affecting internal audit performance in business management in the county government of Homa Bay. Risk based internal auditing incorporates risk management and has been implemented by commercial State Corporations with a view to achievement of effective financial control and return.

Local studies on impact of risk based internal audit on computerized accounting system in the county governments are scanty with a few focusing on the role of auditing and governance in Government. For instance, Maiteka (2010) undertook a study of the impact of RBIA on corporate governance in the public sector in Kenya concentrating on designated Ministries and found that risk based internal auditing assessed risks facing Government Ministries on financial management and focussed on very risky areas in order to surge accountability and transparency, hence improving decent governance.

1.1.3 Computerized Accounting System and Risk Based Internal Auditing

In relative to discovering the influence of computerized accounting techniques on risk based internal auditing, quality of financial reports in the county government of Homa

Bay is the main concern. Internal Auditors have a role of determining whether the 4

commercial statements of the county fairly characterise the reasonable view of the county’s financial operations. This can only be achieved where the internal controls set in place are efficient and working as in this case, computerization of the accounting system. The risk assessment needs to be in line with computerization to help in facilitating audit trail of the transactions. Internal auditors are therefore mandated to apply computer aided audit tools (CAAT) in order to be relevant in the computerized environment.

The study therefore seek to link the two aspects i.e. computerized accounting system and the risk based internal auditing in the county government of Homa Bay.

1.1.4 County Government of Homa Bay

The county Governments came as a result of devolution in the recently newly promulgated constitution of Kenya 2010 being among the 47 counties. Homa Bay county government is situated along the Lake Victoria within Nyanza region comprising of eight

(8)     sub counties, under the leadership of the Governor, Deputy Governor, County Secretary and Chief Officers.

The county government of Homa bay started by undertaking their financial transactions through partial computerization of financial transactions in the financial year 2013/2014 where most of the transactions were carried out manually i.e. drawing of cheque, Cash Book entries, Final Accounts among others. From the financial year 2014/2015, the county government of Homa Bay adopted computerized accounting system i.e. IFMIS and Internet Banking. Internal Audit as a department in the County Government of Homa Bay plays role of financial advisory in matters relating to risk assessment, evaluation and their mitigation.

5

1.2 Research Problem

Computerized systems appear in different forms such as IFMIS, EDP, CAATs, DSA, EMCP, and CSRP etc. The assertion is that there are variations in both auditing and accounting system which started more than fifty years ago (Fadzil et al., 2005). Additionally, it is observed that accounting systems of several government agencies irrespective of their dimensions are computerized. ACCA (2011) recommends for the incorporation of computer-assisted audit techniques in organizations as a way of managing risks.

According to KACC (2008) absence of suitable control mechanisms and audit tracks have shaped opportunities for corrupt activities in Kenya’s public sector. The same problem is also evident in some organizations which in spite of having computerized systems have not separated functional duties between IT operations and other departments such as finance. This is in line with the allegation that while computerization provides unquestionable benefits, it also conveys considerable risks to business and information security. Therefore, when the internal audit system is fragile or lacking completely, financial losses are likely to be incurred through corrupt activities of unscrupulous auditors and financial managers. As KACC exemplifies that there exists instances where organizations have a revenue collection system that does not have audit trails and standard access controls mechanism, a situation that creates proliferation of swindling of public funds. The foregoing affects the services that are supposed to be funded by the government through its agencies. Ultimately, the socio-economic expansion of the nation is bound to be negated.

6

Control function, such as that implemented by internal audit can lead to improved organisation’s performance. However, despite this assertion, the scanty use of computerized accounting systems to process financial transactions has led to several audit queries. External auditors report for the financial year end 2013/2014 for Homa Bay county raised several issues relating to efficiency, accuracy, reliability and accountability which all points out that internal controls set by the county government of Homa Bay are week and inefficient. This raises the concern of whether internal auditors have role to play in risk detection and their influence in financial controls. The assertion suggests that their applicability or suitability to County Government is not fully developed and exploited. Apart from some limited implementation in successful Central Government, no known studies have been reported relating to their impact in with regard to the risk base internal auditing and the extent of adoption within the county government of Homa Bay in Kenya. The study therefore sought to scrutinize the outcome of computerized accounting systems on risk based internal auditing in the County the Government of Homa Bay.

1.3 Research Objective

The general objective of the research is to evaluate the consequence of high-tech accounting systems on risk based internal audit in County the Government of Homa Bay.

1.4 Value of the Study

The research is considered valuable to the policy makers because on its completion, it will offer insights into the relevance of high-tech accounting systems on audit risk management in enhancing corporate governance and as a result, improving financial performance in county Governments. In particular Chief Officers and Management have appreciated the importance of computerization on risk based internal audit and have

7