Internal Control Framework

The Figure below shows the conceptual framework components of dependent and independent variables. The effectiveness of an internal control framework is the dependent variable. This is achieved by the presence and proper functioning of all the predefined independent variables in relation to each category of the organization’s objectives. Proper functioning of independent variables provides reasonable assurance of proper functioning of dependent variable. The organization realizes preset objectives of efficient and effective operations, generation of accurate, reliable and informative financial reports that comply with relevant legal and regulatory requirements.

 Internal Control Framework


Figure 1: The Conceptual Framework of Internal Control

The internal control framework study involves investigation of whether internal control systems are followed in the private banking sector of Bangladesh. All the local private banks listed with Dhaka stock exchange will fall under the population of the study.

A total of 6(six) private banks whose stocks are traded on the stock exchange were selected as a sample. The following banks were selected to investigate the internal control structure: Dhaka Bank Ltd., Islami Bank Bangladesh Ltd., Standard Bank Ltd., IFIC Bank Ltd., ICB Islamic Bank Ltd., and Dutch Bangla Bank Ltd. The study uses the details of variables of different components of internal control framework techniques using the primary data collection method, particularly by questionnaire, observations and face-to-face communication and document analysis.

We have used SUMMATED (Likert) Scale in the measurement of degree of achievement of control objectives and implementation of several Internal Control Techniques. It is a scale, usually of approval or agreement, used in questionnaires. As per Likerts Model we have given highest score (5) for “Always” and least score (1) for “Never” except management philosophy and operating style. In case of management philosophy and operating style, as all questions imply negative attitude we have reversed the above scale.



Internal Control Framework Components

Firms need five interrelated components of an Internal Control Structure to ensure strong control over their activities. These are: control environment, risk assessment, control activities, Information and communication, and monitoring components. The extent to which each component is implemented is influenced by the size and complexity of the firm, type of industry, management philosophy, and corporate culture.

Internal Control Framework: Environment

Every organization, regardless of size, should devise a strong internal control environment. A weak control environment often indicates weakness in the other components of the internal control structure. Management philosophy and operating style, the first sub component of the control environment, require certain positive actions. These actions include setting an example of ethical behavior by following a personal code of ethics establishing a formal corporate code of conduct, stressing the importance of internal controls and treating personnel fairly and with respect. Integrity and ethical values represent a second subcomponent of the control environment. The ethical and unethical behaviors of managers and employees can have a pervasive impact on the entire internal control structure, creating an atmosphere that can significantly influence the validity of the financial reporting process. Every public and non- public firm should prepare a written code of corporate conduct that establishes the appropriate tone for management, subordinates and employees.

Commitment to competence is the third subcomponent of the control environment. Firms must recruit competent and trustworthy employees to encourage initiative and creativity and to react quickly to changing conditions. The board of directors or audit committee is a fourth sub component of the control environment. A properly functioning board of directors should appoint an audit committee of outside directors.

Organizational Structure is the fifth subcomponent of the control environment. It identifies the internal control framework of formal relationships for achieving firm objectives. Another subcomponent of the control environment is assignment of authority and responsibility. Authority is the right to command subordinates. Responsibility is ones obligation to perform assigned duties and to be held accountable for the results attained. Human Resource policies and practice, the seventh and final subcomponent of the control environment, involve a consideration of policies regarding the recruitment, orientation, training and motivation, evaluation, promotion, compensation, counseling, discharge and protection of employees.

Internal Control Framework: Risk Assessment

All firms regardless of size, structure, or industry, face significant external and internal risks. The Risk assessment component of the internal control framework structure consists of the identification and analysis of relevant risks that may prevent the attainment of company wide objectives and objectives of organizational units and the formation of a plan to determine how to manage the risks.

Internal Control Framework: Control Activities

A firm should develop specific control activities-policies; practices and procedures-to help ensure that employees properly carryout management directives. To fulfill objectives, control activities are implemented to address specific risks identified during risk assessment. One subcomponent of control activities relates to the achievement of financial reporting objectives. Another category of control activities relevant to achieving financial reporting objectives is performance reviews, which includes: comparing budget to actual vales, relating different sets of data –operating or financial – to one another, together with analysis of the relationships and investigative and corrective actions, and reviewing functional performance. A third subcomponent of control activities consists of General and application controls, helps ensure the reliability and integrity of information systems that process financial and non- financial information.

Internal Control Framework: Information and Communication

Information must be identified, processes, and communicated so that appropriate personnel may carry out their responsibilities. The following sub objectives ensure those accounting information systems methods and records result in reliable financial reporting- all transactions entered for processing are valid and authorized, all valid transactions are captured and entered for processing on a timely basis and in sufficient detail to permit the proper classification of transaction, the input data of all entered transactions are accurate and complete, with the transactions being expressed in proper monetary terms, all entered transactions are processed properly to update all affected records of master files or other types of data sets, all required outputs are prepared according to appropriate roles to provide accurate and reliable information, and all transactions are recorded in the proper accounting period.

Internal Control Framework: Monitoring

The purpose of monitoring, the final component of the ICS is to assess the quality of the ICS over time by conducting ongoing activities and separate evaluations. Ongoing monitoring activities, such as supervision of employees, are conducted daily. Separate monitoring activities, such as audits of the internal control structure and accounting records, are performed periodically.

Internal Control Framework Conclusion

The study tries to analyze the components of different control variables used for assessing the internal control systems of banks considered here. The study found that all the banks considered for the paper achieved the control objectives in a greater extent and the deviation regarding achievement of control objectives is minimum. Based on average the local listed private banking sector frequently emphasis on short – term profits and operating goals and they differ among themselves in a greater extent regarding the extent of emphasis. One or few individuals seldom dominate management group. The deviation among them is negligible. It implies that the risk aversive ness of managements grouping local listed private banking sector. Management is seldom aggressive toward selecting alternative accounting principles.


Out of 6 banks, all the banks have written corporate code of conduct. Management behavior is frequently restricted by written corporate code of conduct. All the banks frequently recruit competent and trustworthy employees to encourage initiative and creativity and to react quickly to changing condition. Appointment of audit committee is not practiced in our country. But the respondents interchangeably use the internal audit committee with the outside audit committee. Thus the data presented in the report is not reflecting the underlying reality.


All the banks very frequently prepared an up to date organization chart. Information systems function frequently separated from incompatible functions but they deviate in a great extent regarding the magnitude of separation. Team members are very frequently empowered to make decision by not seeking multiple layers of approval. But they deviate in a greater extent. Internal audit function is always separate from accounting.


All the banks very frequently prepared written employee job description, required written approval for changes made to information systems and properly delegate authority to employees. All the banks very frequently have written recruitment policy and complied with it, have training program, have given instructions to new employees and have periodic rotation of duties. Based on average it is found that all the banks very frequently conduct credit risk assessment. Banks differ among them in a minimum extent regarding credit risk assessment.


All the banks always properly authorized all the transaction and activities and there is no deviation among them regarding authorization. All the banks very frequently segregate authorization functions but they always segregate recording and custodian function. All the banks very frequently design simple and pre numbered documents.


All the banks always maintain accurate records of assets including information restrict physical access to assets by unauthorized users and protect records and documents. All the banks always make reconciliation between two independently maintained records. All the banks very frequently have on going and separate monitoring activities and the deviation regarding these points is minimum. The conclusion can be made that more or less existing internal control structure is effective for all the private banks considered in the study.