www.tjprc.org editor@tjprc.

org
International Journal of Accounting and
Financial Management Research (IJAFMR)
ISSN(P): 2249-6882; ISSN(E): 2249-7994
Vol. 4, Issue 3, Jun 2014, 17-28
TJPRC Pvt. Ltd.

ASSESSING THE ROLE OF INTERNAL CONTROL SYSTEM COMPONENTS IN KENYAN
PUBLIC UNIVERSITIES: A CASE STUDY OF JOMO KENYATTA UNIVERSITY OF
AGRICULTURE AND TECHNOLOGY
IRERI KAMAU SAMUEL

& JUMA WAGOKI
Jomo Kenyatta University of Agriculture and Technology, Nakuru CBD Campus, Nakuru, Kenya

ABSTRACT
Organizations establish systems of internal control to help them achieve performance and organizational goals,
prevent loss of resources, enable production of reliable reports and ensure compliance with laws and regulations.
The purpose of this research therefore was to establish the role of internal control system components in Kenyan public
universities. The study was conducted using both quantitative and qualitative approaches using survey and case study as
research designs. Data was collected using closed-ended questionnaires as well as review of available documents and
records. The study used a sample size of 138 respondents from finance and finance related departments. From the findings
of the study, it is clear that the university has clear structures and policies are documented. The findings indicate that staff
awareness of the risk assessment process and its objectives had the least mean implying that the respondents believe that
one of the reasons for ineffectiveness of the internal control systems is the fact that not all employees are aware of the risk
assessment process. The results also indicate that most employees are not conversant with the reporting structure which is
important in reporting on the structure and performance of their governance, risk management, and internal control system.
The findings also show that most employees are in agreement that information and how it is communicated is important in
enhancing internal controls. The respondents are equally unsure whether the internal auditors make appropriate
recommendations to management to improve or whether management discusses internal audit reports regularly. The trend
can be attributed to the feedback system and the communication channels used to report these recommendations and
therefore it is prudent that the university management ensures the monitoring and evaluation of internal controls is a
participatory process.
KEYWORDS: Internal Control, Risk Assessment, Control Environment
INTRODUCTION
Internal control is a process, effected by an entity's board of directors (University Governing Council),
management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the
effectiveness and efficiency of operations, reliability of financial and management reporting, compliance with applicable
laws and regulations and protect the organizations reputation (Kaplan, 2008). According to Cunningham (2004), Internal
Control Systems (ICS) begin as internal processes with the positive goal of helping a corporation meet its set objectives.
Management primarily provides oversight activity; it sets the entity's objectives and has overall responsibility over the ICS.
Internal controls are an integral part of any organizations financial and business policies and procedures (Kaplan, 2008).
Internal controls consist of all the measures taken by the organization for the purpose of; protecting its resources against
waste, fraud and inefficiency; ensuring accuracy and reliability of accounting and operating data; ensuring compliance with
18 Ireri Kamau Samuel

& Juma Wagoki

Impact Factor (JCC): 4.4251 Index Copernicus Value (ICV): 3.0
the policies of the organization; evaluating the level of performance in all organizational units of the organization. ICS are
applicable to each organization in relation to key risks and are embedded within the operations and not treated as a separate
exercise. ICS should be able to respond to changing risks within and outside the company and they are a means to an end,
not an end itself, (Cunningham, 2004). He further states that internal controls are effected by people not merely policy
manuals and forms, but people functioning at every level of the institution. Internal control only provides reasonable
assurance to an institutions leaders regarding achievement of operational, financial reporting and compliance objectives;
promoting orderly, economical, efficient and effective operations; safeguarding resources against loss due to waste, abuse,
mismanagement, errors and fraud, (Kaplan, 2008). Internal controls lead to the promotion of adherence to laws,
regulations, contracts and management directives and the development and maintenance of reliable financial and
management data, and accurately present that data in timely reports.
According to Treba (2003), a system of internal control is a tool for ensuring that an organization realizes its
mission and objectives. He further notes that much as internal controls are often thought to be the domain of accountants
and auditors; it is actually management that has primary responsibility for proper controls. A critical element of any
comprehensive ICS is regular monitoring of the effectiveness of internal controls to determine whether they are well
designed and functioning properly (Treba, 2003). Lawson et al., (2006), noted that weaknesses in internal control systems
(control over the payroll, over expenditure commitments and over procurement processes) lead to failure to ensure that
resources are allocated to defined priorities and to guarantee that there is value for money will be attained in public
spending. Since the mid 1980s government funding to public universities in Kenya has declined in real terms. The causes
have been many but generally have included changing donor priorities, changing government rules and regulations to cope
with national economic turbulence, international economic trends, legislation and political trends in the country.
In addition, democratization, multiparty politics, fluctuation of local currencies, rising inflation, deregulation of economic
sectors, privatization of government activities, unemployment, debt servicing and donor fatigue have had negative effects
for the funding of university education in Kenya.
These changes have made it difficult for the national economy to sustain high budgets for university education.
Consequently, public universities have adopted numerous strategies to deal with the shrinking government funding. One of
the key measures is the establishment of internal control systems. Organizations establish ICS to help them achieve
performance and organizational goals, prevent loss of resources, enable production of reliable reports and ensure
compliance with laws and regulations (Mwindi, 2008). According to Hayes et al., (2005), ICS comprises five components;
the control environment, the entitys risk assessment process, the information and communication systems, control
activities and the monitoring of controls. Several studies have reported that most organizations have control activities and
that it plays a minor role compared to the other four components (Thuy, 2007 & SOX, 2002). Understanding the role of
internal control system components of any organization is thus critical in helping it achieve its objectives. Further, there is
limited evidence of research in the role played by internal control system components in Kenyan public universities.
The current study therefore limit itself to control environment, communication, monitoring of control and risk assessment
as it seeks to establish the role of internal control system components on Kenyan public universities.
STATEMENT OF THE PROBLEM
Systems in public universities have evolved over time and all the departments and units have undergone positive
transformations. Internal controls have been put in place to ensure safe custody of all university assets; to avoid misuse or
Assessing the Role of Internal Control System Components in Kenyan Public Universities: A Case Study 19
of Jomo Kenyatta University of Agriculture and Technology

www.tjprc.org editor@tjprc.org
misappropriation of university assets and to detect and safeguard against probable frauds. Records and accounting systems
have been continuously refined overtime and assessed based on international standards. Public universities have always
had an internal audit department to help in compliance with the internal policies and procedures. However despite all the
above efforts, public universities still struggles with liquidity problems, financial reports are not made timely,
accountability for the university financial resources is still wanting, frauds and misuse of institutional resources have been
unearthed and a number of decisions made have not yielded the expected results (Mwindi, 2008). It is therefore important
to establish the role of internal control system components currently being used by public universities, their adequacy and
shortcoming in order to enhance efficiency and effectiveness in public universities. The purpose of this research was to
establish the role of internal control system components in Kenyan public universities.
OBJECTIVES OF THE STUDY
The general objective of the research study was to assess the role of internal control system components in
Kenyan public universities. The study was guided by the following specific objectives:
To assess the role of the control environment in Kenyan public universities.
To examine the role of monitoring of controls in Kenyan public universities.
To determine the role played by the risk assessment process in Kenyan public universities.
To determine the role played by communication systems in Kenyan public universities.
REVIEW OF RELATED LITERATURE
Internal control is one of many mechanisms used in business to address the agency problem. Others include
financial reporting, budgeting, audit committees, and external audits (Jensen & Payne, 2003). Studies have shown that
internal control reduces agency costs (Abdel-khalik, 1993), with some even arguing that firms have an economic incentive
to report on internal control (Deumes & Knechel, 2008). Their argument assumes that providing this additional information
to the principal (shareholder) about the behaviour of the agent (management) reduces information asymmetry and lowers
investor risk and, therefore, the cost of equity capital. Other research has found that weaknesses in internal controls are
associated with increased levels of earnings management (Chan et al., 2008). According to Hayes et al., (2005), internal
control comprises five components; the control environment, the entitys risk assessment process, the information and
communication systems, control activities and the monitoring of controls. This sections attempts to address the five
components as they relate to financial performance in organizations.
Control Environment
Control Environment is the philosophy, style and supportive attitude, as well as the competence, ethical values,
integrity and morale of the people of the organization (DiNapoli, 2007). It is further affected by the organizations structure
and accountability relationships. Control Environment is the attitude and actions of the University Council and
Management regarding the significance of control within the university (DiNapoli, 2007). Control Environment provides
the discipline and structure for the achievement of the primary objectives of the system of internal control. According to
Thuy (2007), the control environment is the foundation of the ICS and sets the tone of an organization, influencing the
control consciousness of its staff. Control environment also provides the discipline and structure as well as the climate
which influences the overall quality of the ICS. Elements of the control environment are; the personal and professional
20 Ireri Kamau Samuel

& Juma Wagoki

Impact Factor (JCC): 4.4251 Index Copernicus Value (ICV): 3.0
integrity and ethical values of management and staff, appropriate culture in the organization, attitude towards internal
control throughout the organization; commitment to competence; the managements philosophy and operating style; a good
organizational structure, set up proper authorization limits; and human resource policies and practices (Laura, 2002).
The study by Wallace & Kreutzfeldt (1991), was among the first to demonstrate the importance of the control environment
in explaining the existence of an internal audit function. More recently Goodwin-Stewart & Kent (2006), provided
evidence that the existence of an internal audit function is related to the level of commitment to risk management.
Recent case studies on internal auditing in Belgium illustrate the importance of the control environment when studying
internal auditing practices. The study found that certain control environment characteristics such as level of risk and
control awareness, extent to which responsibilities related to risk management and clearly defined and communicated
internal controls are significantly related to the financial performance of the organization.
Risk Assessment
Risk assessment is the process of identifying and analyzing relevant risks to the achievement of the entitys
objectives and determining the appropriate response (DiNapoli, 2007). It involves risk identification; risk evaluation
(estimating the Impact of a risk; assessing the likelihood of the risk occurrence); assessment of the risk appetite of the
organization; and development of responses. Risk assessment should be performed and should identify; controllable risks
(risks on which Internal Control procedures can be established) and uncontrollable risks (risks that are caused by the
external environment that the entity operated in). According to the Cadbury Report (1992), risk management should be
systematic and also embedded in company procedures. And there should be a culture of risk awareness in the organization.
As governmental, economic, industry, regulatory and operating conditions are in constant change, risk assessment should
be an ongoing iterative process. Risk assessment implies identifying and analyzing altered conditions and opportunities and
risks (risk assessment cycle) and modifying internal control to address changing risk (Heald, 2003).
Information and Communication Systems
According to DiNapoli (2007), information should be communicated to all stakeholders such as management,
university council, line ministries and employees who need it in the form and within a time frame that helps them to carry
out their responsibilities. He further asserts that information should be appropriate, timely, current, accurate and accessible
as such reliable and relevant therefore transactions should be promptly recorded and proper classified. The feedback from
this communication helps management and council to evaluate how well the systems of internal control are working.
Information and communication are essential to realizing the internal control objectives. If all personnel understand their
own role in the ICS and they as well know how their individual activities relate to the work of others, a clear message
received from top management that control responsibilities, will be taken seriously (DiNapoli, 2007).
Monitoring
Monitoring is the process that assesses the quality of the system's performance over time, which includes ongoing
monitoring activities, separate evaluations or a combination of the two (Kaplan, 2008). Management should focus
monitoring efforts on internal controls and the achievement of the organizations mission. For monitoring to be most
effective, all employees need to understand the organization's mission, objectives, risk tolerance levels and their own
responsibilities (DiNapoli, 2007). Monitoring is the review of an organization's activities and transactions, that is, the ICS
to assess the quality of performance over time and to determine whether controls are effective. Ongoing monitoring of
Assessing the Role of Internal Control System Components in Kenyan Public Universities: A Case Study 21
of Jomo Kenyatta University of Agriculture and Technology

www.tjprc.org editor@tjprc.org
internal control is built into the normal, recurring operating activities of an entity it involves actions against irregular,
unethical, uneconomical, inefficient and ineffective Internal Control Systems (DiNapoli, 2007). Monitoring involves
separate evaluations which cover the evaluation of the effectiveness of the ICS in achieving set objectives and any
deficiencies should be reported for Councils action (Kaplan, 2008). The study further noted that failure to monitor risk
correctly could lead to financial collapse of an organization. The internal audit function is often the key monitor of the ICS,
they examine the controls and control system, identify where controls have failed so that these failures can be rectified and
also make recommendations to management for new and improved systems. Emasu (2010), noted that the effectiveness of
internal audit function partly depends on; legal and regulatory framework, placement of the function and its independence,
existence of audit committees, resources allocated to the function and professionalism of internal audit staff. It is however
a bitter reality that internal audit departments are rarely adequately facilitated. Regarding the size and facilitation of the
internal audit function, Gerrit and Mohammad (2010), found evidence in support of its monitoring role and thus
enhancement of an organizations financial performance.
RESEARCH METHODOLOGY
The study adopted a combination of survey and case study research design. The study thus employed the survey
method since it is economical, allows for rapid data collection and allows the researcher to understand a population from a
part. Case study were also be used since JKUAT was chosen as a representative of a public university in Kenya with the
hope that the results of the study can be replicated and applied to other universities in Kenya and beyond. The study
focused on finance and finance related departments of the University targeting particularly Finance and Accounts, Audit,
Procurement and Systems Administrators of the University.
The sampling frame for respondents within JKUAT was a list from which the researcher purposively sampled and
the random selected with the objective of sampling at least 50% of the departmental heads and all staff in finance and
accounts related offices. The researcher therefore used purposive sampling techniques in selecting a total of
138 respondents. Data was collected primarily using closed-ended questionnaires. The study used descriptive statistics
specifically employing measures of central tendency and dispersion to analyze data and the results were presented in
tables. The researcher sent 138 questionnaires and received 114 filled questionnaires. Out of the received questionnaires,
20 were either partially filled or filled incorrectly. Therefore, 94 correctly filled questionnaires were fit for analysis,
thereby giving a response rate of 68%.
RESEARCH FINDINGS
From the findings, majority of the respondents at approximately 92% were from the main campus. This can be
attributed to the fact that most of the university activities and systems are centralized. Previous studies by Sah and Stiglitz
(1991) pointed out that in dealing with internal control systems the advantage of the centralized system is that top decision
makers are able to retain maximum control over operations.
Control Environment
The respondents were given propositions on a Likert scale to ascertain their level of agreement to the role of
control environment in Kenyan public universities and their responses are depicted in table 1.

22 Ireri Kamau Samuel

& Juma Wagoki

Impact Factor (JCC): 4.4251 Index Copernicus Value (ICV): 3.0
Table 1: Role of Control Environment
1 2 3 4 5 Mean
Standard
Deviation
In JKUAT there is clear separation of roles and
responsibilities
3 19 22 32 18 3.46 1.11
The policies, procedures and guidelines are
documented
7 15 11 39 22 3.57 1.22
The university has a clear organizational structure 2 5 4 48 35 4.16 0.80
The reporting structure is clearly stipulated 15 23 21 29 6 2.87 1.21
All employees are aware of the guidelines 23 39 10 14 8 2.41 1.20
The guidelines are effectively followed by the
university Council
5 17 35 26 11 3.22 1.05
All staff perform their responsibilities as per the
regulation and guidelines
19 29 14 18 14 2.78 1.31
Segregation / separation of roles can lead to
attainment of university of financial objectives
3 12 4 42 33 3.96 1.11
Segregation / separation of roles can lead
minimizing of costs
11 17 22 31 13 3.20 1.23
Compliance to university guidelines can lead to
reliable financial reporting
12 17 28 35 2 2.98 1.08
There is a positive attitude by Council towards
implementing the internal control guidelines
18 17 33 14 12 2.84 1.26
The internal control guidelines are able to detect
irregularities
15 26 17 27 9 2.88 1.26
The control environment in the university is enough
to attain its objectives
17 31 11 22 13 2.82 1.33

The propositions with the highest means were the presence of a clear organizational structure (4.16), separation of
roles can lead to attainment of university objectives (3.96) and policies, procedures and guidelines are documented (3.57).
The means from these propositions clearly show that the respondents agree that the university has clear structures and
policies are documented. The presence of clear structures, policies and guidelines is in agreement with Whittington and
Pany (2001), who asserted that the control environment sets the tone of the organization and influences the control
consciousness of everyone in the organization.
They further noted that the control environment is the foundation of all other internal controls. Furthermore, from
table 1 it can be seen that some propositions such as internal control guidelines are able to detect irregularities (2.88),
presence of a positive attitude by council towards implementing the internal control guidelines (2.84) and that all staff
perform their responsibilities as per the regulations and guidelines (2.78). The means of these propositions tend towards
neutrality implying that most of the respondents are unsure of whether the internal control systems in place are able to
detect irregularities. The respondents also indicate that they are unsure if all employees perform their duties as per the
regulations. They are equally unsure of the councils attitude towards implementing internal control guidelines. The trend
can be attributed to a lack of an effective feedback system in many organizations as reported by Whittington and Pany
(2001). The results were further tested for significance and it was concluded that control environment plays a significant
role in public universities.
Risk Assessment
The respondents were given various propositions on risk assessment in Kenyan public universities to ascertain
their level of agreements to these propositions. Their responses were then analyzed according to their level of satisfaction
on a Likert scale and presented in table 2. From the findings staff awareness of the risk assessment process and its
Assessing the Role of Internal Control System Components in Kenyan Public Universities: A Case Study 23
of Jomo Kenyatta University of Agriculture and Technology

www.tjprc.org editor@tjprc.org
objectives had the least mean (2.16) implying that the respondents believe that one of the reasons for ineffectiveness of the
internal control systems is the fact that not all employees are aware of the risk assessment process. Notably, most
respondents are either unsure or unwilling to say whether the audit committee has designed an appropriate strategy of
identifying risks (2.91).
The means of other propositions such as audit committee has designed a system to offer appropriate response
(2.90), it is the managements role to identify, evaluate and respond to risks (2.79) and council is concerned with the
identification, monitoring and evaluation (3.35) clearly show that most of the respondents are either unaware, lack the
information or are not involved in the risk assessment process. Various researchers have reported similar trends where
besides disagreeing about feedback, employees have also been in disagreement with the type of feedback provided by
management.
Table 2: Role of Risk Assessment
1 2 3 4 5 Mean
Standard
Deviation
The audit committee has designed an appropriate strategy
of identifying risks
11 29 19 27 8 2.91 1.19
The audit committee designed a system to offer appropriate
response to risks
16 31 9 22 16 2.90 1.40
It is managements role to identify, evaluate and respond to
risk in projects
21 23 14 27 9 2.79 1.33
Council is concerned with the identification, monitoring &
evaluation
12 19 7 36 20 3.35 1.36
All staff aware of the risk assessment process and it
objectives
29 38 14 9 4 2.16 1.10
Continuous risk assessment ensure better performance 4 15 10 39 26 3.72 1.16

Effective risk assessment requires that management provides framework for the entire workforce to engage and
participate and may include processes like preparing, verifying and distributing risk assessment-related issues. The results
of were further tested for significance and it was concluded that risk assessment plays a significant role in public
universities.
Communication
The respondents were given various propositions on issues on communication as a component of internal controls
in public universities. Their responses were analyzed and presented in table 3. From their responses, the highest means
were on information should be communicated to all stakeholders (3.84), information received helps individuals carry out
their responsibilities (3.79) and communication systems enhances performance (3.77). The responses from these
propositions indicate that the respondents are in agreement that information and how it is communicated is important in
enhancing internal controls.
This is agreement to previous studies by Watts (1999) who reported that internal controls can only work
effectively when they, together with the risks they are supposed to modify, are clearly understood by those involved.
Therefore, controls should not be documented and communicated in isolation but integrated through formal and informal
channels into the elements of the management system in which they are intended to operate, including the related
objectives, activities, processes, systems, risks, and responsibilities.
24 Ireri Kamau Samuel

& Juma Wagoki

Impact Factor (JCC): 4.4251 Index Copernicus Value (ICV): 3.0
Table 3: Role of Information and Communication Systems
1 2 3 4 5 Mean
Standard
Deviation
Information should be communicated to all stakeholders 3 9 11 48 23 3.84 1.01
Information received on projects helps stakeholders to carry out
their responsibilities well
7 13 4 39 31 3.79 1.20
The reporting system on projects spells out the responsibilities of
each personnel in that project
13 25 17 21 18 3.06 1.35
All transactions are promptly recorded and classified to provide
reliable information
11 27 36 18 2 2.71 0.98
Information and communication systems are simple and easy to use 28 31 17 11 7 2.34 1.23
Information and communication system has enhanced performance 6 12 11 34 31 3.77 1.2

The respondents were further unsure on whether the reporting system spells out the responsibilities for each
individual (3.06) or on all transactions being promptly recorded and classified to provide reliable information (2.71).
The results indicate that most employees are not conversant with the reporting structure.
The findings are in agreement to those reported by Thuy (2007), who noted that organizations should
transparently report on the structure and performance of their governance, risk management, and internal control system in
their various reports to internal and external stakeholders, such as through their periodic accountability reports.
With respect to the simplicity of the communication systems, the respondents disagree that the systems are simple and easy
to use (2.34). This implies most respondents believe that the information communication systems in place are complex thus
hampering their use and effectiveness. The results were further tested for significance and it was concluded that
communication plays a significant role in public universities.
Monitoring of Controls
The respondents were asked to indicate their level of agreement to propositions based on monitoring of controls in
public universities. Their responses were tabulated based on a Likert scale as shown in table 4. The findings indicate that
most respondents believe the university has an internal audit department (4.45). Their response on other propositions
contrasts with the agreement of the presence of an internal audit department. In particular, internal audit having sufficient
staff (3.32), internal audit conduct audits regularly (2.50) and internal audit reports addresses weaknesses in our internal
control system (2.83). The means of the propositions indicate neutrality in opinion and therefore critical components for
effective internal control systems such as sufficient manpower may be lacking.
The respondents are equally unsure whether the internal auditor makes appropriate recommendations to
management to improve (2.91) or whether management discusses internal audit reports regularly (3.10). The trend can be
attributed to the feedback system and the communication channels used to report these recommendations. The respondents
however disagreed that internal audits are produced regularly (2.47). The findings are in agreement with Treba (2003) who
pointed out that organizations need a structured process to ensure that the internal control system is being thoroughly
evaluated on a timely basis. The actual timing should at least be dependent on the pace of internal and external change. For
example, monitoring can take place periodically in tandem with the yearly business planning and evaluation cycle, or when
there are indications of reduced effectiveness, such as several failures of individual controls. The results of the study were
further tested for significance and it was concluded that monitoring of controls plays a significant role in public
universities.
Assessing the Role of Internal Control System Components in Kenyan Public Universities: A Case Study 25
of Jomo Kenyatta University of Agriculture and Technology

www.tjprc.org editor@tjprc.org
Table 4: Role of Monitoring of Controls
1 2 3 4 5 Mean Standard Deviation
Our institution has an internal department 2 4 10 12 66 4.45 0.99
Our internal audit is sufficiently staffed 7 18 22 32 15 3.32 1.18
Internal audit staffs conduct regular audit activities
in our institution
14 36 29 13 2 2.50 0.98
Internal audit report address weaknesses in our
internal control system
9 33 24 21 7 2.83 1.11
Internal audit reports are produced regularly 17 39 20 13 5 2.47 1.10
Management discusses internal audit reports
frequently
2 27 36 18 11 3.10 1.02
Internal auditor makes appropriate
recommendations for management to improve
11 18 37 24 4 2.91 1.04

CONCLUSIONS
Based on the findings of the study, the it was concluded that since the internal control system is a crucial aspect of
an organizations governance system and ability to manage risk, and is fundamental to supporting the achievement of an
organizations objectives and creating, enhancing, and protecting stakeholder value, the university must ensure that the
control environment is one that promotes and nurtures internal control systems. From the findings and those from various
researchers it is evident that employees have also been in disagreement with the type of feedback provided by
management. Effective risk assessment requires that management provides framework for the entire workforce to engage
and participate and may include processes like preparing, verifying and distributing risk assessment-related issues.
Therefore, the university must put in place systems that provide clear feedback mechanism. Internal controls can only work
effectively when they, together with the risks they are supposed to modify, are clearly understood by those involved.
Therefore, controls should not be documented and communicated in isolation but integrated through formal and informal
channels into the elements of the management system in which they are intended to operate, including the related
objectives, activities, processes, systems, risks, and responsibilities. Lastly, the balance between risks and related controls
is continually changing in a dynamic environment and controls should be continually reevaluated and re-optimized through
consistent monitoring of controls. The study recommends the strengthening of training and guidance in internal control
systems to ensure that all employees are not only aware of controls but actively participate in ensuring their effectiveness.
REFERENCES
1. Abdel-Khalik, A. (1993). Why Do Private Companies Demand Auditing? The Case for Loss Control. Journal of
Accounting, Auditing and Finance, 8, 31-52.
2. Cadbury Committee. (1992). Report of the Committee on the Financial Aspects of Corporate Governance,
London: Gee.
3. Chan, M. (1995). Achieving audit uniformity out of diversity: a case study of an international bank, Managerial
Auditing Journal, 10(4), 44-48.
4. COSO. (1992). Internal Control-integrated Framework, Committee of Sponsoring Organizations of the Treadway
Commission, New York: Coopers and Lybrand.
5. Cunningham, L. A. (2004). The Appeal and Limits of Internal Controls to Fight Fraud, Terrorism, Other Ills. J.
Corp. L. 29, 267-273.
26 Ireri Kamau Samuel

& Juma Wagoki

Impact Factor (JCC): 4.4251 Index Copernicus Value (ICV): 3.0
6. Deume R., & Knechel, W. (2008). Economic Incentives for voluntary reporting on internal risk management and
control systems, Auditing: A Journal of Practice and Theory, 14, 8-9.
7. DiNapoli, T. P. (2007). Standards for Internal Control; In New York State Government.
www.osc.state.ny.us/agencies/ictf/docs/intcontrol_stds.pdf
8. Emasu, S. (2007). Public financial management Concepts & Practices, ACCA International Public Sector
Bulletin, 7, 6-10
9. Gerrit, S., & Mohammad J. A. (2010). Monitoring Effects of the Internal Audit Function: Agency Theory versus
other Explanatory Variables. International Journal of Auditing. 15(1) 1-20.
10. Goodwin-Stewart, J., & Kent, P. (2006). The use of internal audit by Australian companies, Managerial Auditing
Journal, 21(1) 81-101.
11. Hayes, R. Dassen, R. Schilder, A., & Wallage, P. (2005). Principles of Auditing, New York: Pearson Education
Limited.
12. Heald, D. (2003). Value for Money tests and accounting treatment in PFI schemes. Accounting, Auditing &
Accountability Journal, 16(3), 342-371.
13. Jensen, K.L., & Payne, J.L. (2003). Management trade offs of internal control and internal audit expertise.
Auditing: A Journal of Practice and Theory, 22, 99-119.
14. Kaplan Publishing. (2008). Professional Accountant (PA). The Complete Text. Berkshire: Kaplan Publishers.
15. Kathuri, N., & Pals, A. (1993). Introduction to Educational Research. Njoro, Kenya: Egerton University Press.
16. Laura, F. S. (2002). Risk Management the re-invention of Internal Control and the Changing role of Internal
Audit. Accounting, Auditing & Accountability Journal 16 (4), 640-661.
17. Lawson, A. De Renzio P., & Umarji, M. (2006). Assessment of Public Finance Management in Mozambique,
2004/05. Maputo: SAL Consulting and overseas Development institute.
18. Mwindi, D. (2008). Auditing. Nairobi: Focus Books.
19. Sah, R. K., & Stiglitz, J. E. (1991). The Quality of Managers in Centralized versus Decentralized Organizations.
Quarterly Journal of Business and Economics 106(1), 289-295.
20. Surbanes Oxley Act (2002). One Hundredth Congress of the USA at the 2
nd
Session 302 and 404, Washington.
21. Thuy, V. (2007). Lifting the Curse of the SOX through employee assessments of the Internal Control
Environment. University of Kansas Law Review, 1, 56 64).
22. Treba L. M. (2003). Evaluating internal controls: control self-assessment in government. Governance Finance
Review, 19(3), 2-14.
23. Wallace W. A., & Kreutzfeldt R.W. (1995). The Relation of Inherent and Control Risks to Audit Adjustments.
Journal of Accounting Auditing and Finance. 10(3), 459-481.

Assessing the Role of Internal Control System Components in Kenyan Public Universities: A Case Study 27
of Jomo Kenyatta University of Agriculture and Technology

www.tjprc.org editor@tjprc.org
24. Watts, H. (1999). A Conceptual Framework to Financial Reports and Internal Audits. Journal of Accounting
Auditing and Finance 20, 753-778.
25. Whittington, O., & Pany, K. (2001). Principles of Auditing and Other Assurance Services. New York:
Irwin/McGraw- Hill.