INTERNAL AUDIT AS A TOOL IN ACHIEVING THE ORGANISATIONAL OBJECTIVES (A CASE STUDY OF MAINSTREET BANK OF NIGERIA PLC)

CHAPTER ONE: INTRODUCTION

1.1 Background of the Study

Internal audit is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Unlike external audit, which focuses primarily on the accuracy of financial statements for external stakeholders, internal audit serves the needs of management and the board of directors. Internal auditors examine a wide range of organizational activities, including financial operations, compliance with laws and regulations, efficiency of operations, effectiveness of programs, and the reliability of information systems. The ultimate goal of internal audit is to help the organization achieve its strategic, operational, financial, and compliance objectives (IIA, 2017; Sawyer and Dittenhofer, 2018).

The concept of internal auditing has evolved significantly over the past several decades. Historically, internal audit was viewed primarily as a detective function focused on fraud prevention and the verification of financial records. This traditional approach emphasized “auditing around the computer” and checking transactions for accuracy. However, the modern definition, as articulated by the Institute of Internal Auditors (IIA), positions internal audit as a proactive, value-adding function that advises management on how to improve processes, reduce risks, enhance controls, and achieve organizational objectives. This shift from a compliance-oriented to a performance-enhancing role has made internal audit indispensable for organizations seeking to navigate complex, dynamic environments. In Nigeria, this evolution is gradually being embraced, though many organizations still underutilize the full potential of their internal audit departments (Adekoya and Adebiyi, 2019; Eze and Nwafor, 2019).

Organizational objectives are the specific, measurable goals that an organization sets to achieve its mission and vision. These objectives span multiple domains: financial objectives (profitability, cost reduction, revenue growth), operational objectives (efficiency, productivity, quality), compliance objectives (adherence to laws, regulations, and internal policies), strategic objectives (market share, competitive positioning, innovation), and reputational objectives (brand image, stakeholder trust). In the banking industry, organizational objectives are particularly demanding: banks must maintain adequate capital, manage credit risk, ensure liquidity, comply with extensive regulations (from the Central Bank of Nigeria, NDIC, and others), satisfy customers, generate returns for shareholders, and contribute to economic development. Achieving these diverse, sometimes conflicting objectives requires a robust internal audit function (Okafor and Udeh, 2020; Brigham and Ehrhardt, 2017).

Mainstreet Bank of Nigeria Plc has a distinctive history in the Nigerian banking landscape. The bank emerged from the restructuring of Afribank Nigeria Plc, which was one of the banks that required recapitalization following the Central Bank of Nigeria’s intervention during the 2009-2010 banking crisis. In 2011, the Central Bank of Nigeria revoked the license of Afribank Nigeria Plc and transferred its assets and liabilities to a newly incorporated entity, Mainstreet Bank of Nigeria Plc, which was 100% owned by the Asset Management Corporation of Nigeria (AMCON). The bank was created to manage the “good” assets of the defunct bank and to rehabilitate its operations for eventual sale. Mainstreet Bank operated under AMCON ownership until 2014, when it was acquired by another financial institution. This unique history—operating as a bridge bank under regulatory ownership—presents distinctive internal audit challenges and opportunities (CBN, 2011; AMCON, 2012; Adebayo and Oyedokun, 2020).

The internal audit function in a bank like Mainstreet Bank is particularly critical due to the nature of banking operations. Banks handle large volumes of transactions daily, manage significant amounts of customer funds, face complex regulatory requirements, and are exposed to various risks including credit risk, market risk, operational risk, liquidity risk, and reputational risk. Internal audit provides independent assurance that the bank’s risk management systems are adequate and functioning, that internal controls are effective, and that operations comply with laws and regulations. In the aftermath of the 2009 banking crisis, which highlighted severe weaknesses in risk management and internal controls at several Nigerian banks, the CBN has placed increased emphasis on strengthening internal audit functions as part of broader corporate governance reforms (CBN, 2014; Okafor and Udeh, 2021).

The role of internal audit in achieving organizational objectives can be understood through the lens of the IIA’s “three lines of defense” model. In this model, operational management (first line) owns and manages risk. Risk and compliance functions (second line) oversee risk and compliance activities. Internal audit (third line) provides independent assurance on the effectiveness of the first two lines. By providing independent, objective assessments, internal audit helps the board and senior management identify weaknesses, take corrective action, and improve organizational performance. Internal audit does not directly achieve objectives; rather, it enables others to achieve objectives by providing the assurance, insight, and advice needed to manage risks and improve controls (IIA, 2017; Spira and Page, 2019).

The internal audit process typically follows a structured cycle: planning (developing a risk-based audit plan aligned with organizational objectives), fieldwork (executing audit procedures, testing controls, gathering evidence), reporting (communicating findings, conclusions, and recommendations to management and the audit committee), and follow-up (tracking management’s implementation of audit recommendations). For internal audit to contribute effectively to achieving organizational objectives, this cycle must be executed competently and independently. The audit plan must focus on the risks that most threaten the achievement of objectives. Audit findings must be communicated clearly and timely. Management must be responsive to recommendations. The audit committee must provide strong oversight (Pickett, 2018; Moeller, 2019).

The relationship between internal audit and organizational performance has been the subject of considerable research. Studies have generally found a positive association between effective internal audit and organizational performance, though the strength of this association varies depending on factors such as internal audit quality, management support, and organizational culture. Internal audit contributes to performance by: (a) identifying control weaknesses before they result in significant losses, (b) recommending process improvements that reduce waste and increase efficiency, (c) detecting and deterring fraud and other irregularities, (d) providing assurance to management and the board that risks are being managed, (e) facilitating compliance with regulatory requirements, and (f) supporting strategic decision-making with objective insights. For Mainstreet Bank, which operated under unique circumstances, the contribution of internal audit to achieving organizational objectives is an important area of investigation (Alzeban and Gwilliam, 2019; Mihret and Yismaw, 2018).

The effectiveness of internal audit depends on several critical factors. Auditor independence: internal auditors must have organizational independence, including reporting directly to the board’s audit committee rather than to management. Without independence, auditors may be pressured to suppress or modify adverse findings. Auditor competence: internal auditors must possess the technical knowledge, skills, and professional certifications (e.g., Certified Internal Auditor, CIA) needed to audit complex banking operations. Management support: internal audit cannot be effective if management is uncooperative or ignores audit recommendations. Audit committee effectiveness: a strong, independent, financially literate audit committee enhances internal audit effectiveness by providing oversight and ensuring management responsiveness. Resources: adequate funding, staffing, and technology are essential for internal audit to perform its duties. For Mainstreet Bank, the extent to which these factors were present during its operation is relevant to understanding internal audit’s contribution (Eze and Nwafor, 2019; Adebayo and Oyedokun, 2020).

The audit committee of the board plays a particularly important role in internal audit effectiveness. The audit committee is responsible for approving the internal audit charter, appointing the chief audit executive, reviewing the audit plan, discussing audit findings, and monitoring management’s response to audit recommendations. In banks, the audit committee is typically composed of non-executive directors, with a requirement that members be financially literate. For Mainstreet Bank, the composition and effectiveness of the audit committee during its period of operation would have significantly affected internal audit’s ability to contribute to organizational objectives (FRCN, 2014; CBN, 2014).

Internal audit in the banking sector faces specific challenges that may affect its ability to contribute to organizational objectives. These include: the complexity of banking operations (multiple product lines, diverse customer segments, sophisticated financial instruments), the volume of transactions (making sampling challenging), the need for specialized skills (e.g., information technology audit, treasury audit, credit audit), regulatory scrutiny (multiple regulators with overlapping requirements), and the potential for management override of controls. For a bank like Mainstreet, which was created under special circumstances (as a bridge bank owned by AMCON), additional challenges may have included: rapid establishment of systems and controls, integration of legacy issues from the predecessor bank, management of distressed assets, and heightened public scrutiny. Understanding these challenges is essential for evaluating internal audit’s role (Okafor and Udeh, 2021; Eze and Nwafor, 2020).

The concept of “value-added” auditing is central to the modern internal audit profession. Beyond traditional compliance and control-oriented audits, internal audit adds value by: (a) identifying opportunities for cost savings and process improvements, (b) providing benchmarking insights, (c) facilitating risk assessments for new initiatives, (d) advising on control design for new systems, (e) conducting fraud investigations, and (f) supporting the audit committee in fulfilling its oversight responsibilities. For internal audit to add value, it must be proactive, forward-looking, and strategically aligned with organizational objectives. This means moving beyond a narrow focus on historical transactions to include operational, strategic, and information technology audits. For Mainstreet Bank, which was created to rehabilitate and eventually sell the bank, internal audit’s value-added contributions would have been particularly important (IIA, 2017; Sawyer and Dittenhofer, 2018).

The regulatory environment for internal audit in Nigerian banks has strengthened since the 2009 banking crisis. The Central Bank of Nigeria (CBN) issued revised guidelines on corporate governance and internal audit, including requirements for: mandatory internal audit function reporting directly to the board audit committee, minimum qualifications and experience for chief audit executives, required audit coverage of key risk areas (credit, market, operational, compliance), and mandatory audit committee meetings. The Financial Reporting Council of Nigeria (FRCN) also issued codes of corporate governance that emphasize the importance of internal audit. For Mainstreet Bank, compliance with these regulatory requirements would have been expected, though the bank’s unique status as an AMCON-owned bridge bank may have affected the application of some requirements (CBN, 2014; FRCN, 2014).

Finally, this study focuses on Mainstreet Bank of Nigeria Plc as a case study because the bank represents a unique organizational context for examining internal audit’s role in achieving organizational objectives. Operating as a bridge bank under AMCON ownership, Mainstreet Bank faced distinct challenges: managing inherited assets and liabilities, restoring confidence, preparing for eventual sale, and achieving operational stability despite ownership uncertainty. The internal audit function at such a bank would have played a critical role in identifying risks, ensuring controls, and supporting the bank’s rehabilitation objectives. By studying Mainstreet Bank, this research can generate insights that are relevant not only to banks but to any organization undergoing significant restructuring or operating under special circumstances (AMCON, 2012; Adebayo and Oyedokun, 2020).

1.2 Statement of the Problem

Mainstreet Bank of Nigeria Plc, as a bridge bank created from the assets of a distressed bank and owned by the Asset Management Corporation of Nigeria (AMCON), had a unique mandate: to rehabilitate operations, manage assets and liabilities prudently, maintain customer confidence, and ultimately prepare the bank for sale to a new owner. In this challenging context, the internal audit function was expected to play a critical role in helping the bank achieve its organizational objectives. However, it is unclear to what extent internal audit was actually effective in this role. Evidence from similar restructuring situations suggests that internal audit in distressed or transitional entities may face significant challenges: lack of independence (where management is under pressure to show progress and may resist negative findings), inadequate resources (due to cost constraints), high turnover of audit staff (due to uncertainty about the bank’s future), difficulty auditing complex legacy issues (e.g., bad loans, unresolved disputes), and tension between the audit committee (composed largely of AMCON appointees) and management. These challenges may have limited internal audit’s ability to add value and contribute to achieving the bank’s objectives. There is a lack of empirical research specifically examining the role and effectiveness of internal audit at Mainstreet Bank. Therefore, this study is motivated to investigate internal audit as a tool for achieving organizational objectives at Mainstreet Bank of Nigeria Plc, identify the factors that facilitated or hindered internal audit effectiveness, and draw lessons for similar organizations.

1.3 Aim of the Study

The aim of this study is to examine internal audit as a tool for achieving organizational objectives, using Mainstreet Bank of Nigeria Plc as a case study.

1.4 Objectives of the Study

The specific objectives of this study are to:

1. Examine the internal audit practices and procedures at Mainstreet Bank of Nigeria Plc.
2. Assess the role of internal audit in the bank’s risk management, control, and governance processes.
3. Determine the extent to which internal audit contributed to achieving the bank’s organizational objectives (financial, operational, compliance, strategic).
4. Identify the challenges that affected internal audit effectiveness at Mainstreet Bank.
5. Propose recommendations for strengthening internal audit as a tool for achieving organizational objectives in similar organizational contexts.

1.5 Research Questions

The following research questions guide this study:

1. What were the internal audit practices and procedures at Mainstreet Bank of Nigeria Plc?
2. What role did internal audit play in the bank’s risk management, control, and governance processes?
3. To what extent did internal audit contribute to achieving the bank’s organizational objectives (financial, operational, compliance, strategic)?
4. What were the major challenges affecting internal audit effectiveness at Mainstreet Bank?
5. What recommendations can be made for strengthening internal audit as a tool for achieving organizational objectives in similar contexts?

1.6 Research Hypotheses

The following hypotheses are formulated in null (H₀) and alternative (H₁) forms:

Hypothesis One

• H₀: Internal audit had no significant effect on the achievement of financial objectives (profitability, cost control) at Mainstreet Bank.
• H₁: Internal audit had a significant effect on the achievement of financial objectives (profitability, cost control) at Mainstreet Bank.

Hypothesis Two

• H₀: There is no significant relationship between internal audit recommendations and operational improvements at Mainstreet Bank.
• H₁: There is a significant relationship between internal audit recommendations and operational improvements at Mainstreet Bank.

Hypothesis Three

• H₀: Internal audit independence did not significantly affect the effectiveness of the audit function at Mainstreet Bank.
• H₁: Internal audit independence significantly affected the effectiveness of the audit function at Mainstreet Bank.

Hypothesis Four

• H₀: Challenges such as resource constraints and management resistance did not significantly affect internal audit’s contribution to organizational objectives at Mainstreet Bank.
• H₁: Challenges such as resource constraints and management resistance significantly affected internal audit’s contribution to organizational objectives at Mainstreet Bank.

1.7 Significance of the Study

This study is significant for several stakeholders. First, the management and board of directors of financial institutions undergoing restructuring or operating under special circumstances will benefit from insights into how internal audit can contribute to achieving organizational objectives, including lessons from Mainstreet Bank’s experience. Second, internal audit professionals (Chief Audit Executives, internal auditors) will gain insights into best practices, common challenges, and strategies for enhancing audit effectiveness in challenging environments. Third, the Asset Management Corporation of Nigeria (AMCON) and the Central Bank of Nigeria (CBN) will benefit from understanding the role of internal audit in bridge banks or distressed entities, informing future interventions and resolution strategies. Fourth, the Nigerian banking industry more broadly will gain insights into internal audit’s contribution to organizational objectives, supporting continuous improvement in governance and risk management. Fifth, the Institute of Internal Auditors (IIA Nigeria) and professional bodies will find value in the study’s identification of challenges and best practices, informing training programs and guidance for members. Sixth, academics and researchers in auditing, corporate governance, and banking will benefit from the study’s contribution to the literature on internal audit effectiveness in unique organizational contexts (bridge banks, transitional entities). Seventh, policymakers and regulators (FRCN, NDIC) will gain evidence on the factors that affect internal audit effectiveness, informing regulatory requirements and guidance. Eighth, students of accounting, auditing, and banking will find the study useful as a case study illustrating the application of internal audit concepts in a real-world challenging environment. Finally, the broader Nigerian financial system will benefit as improved understanding of internal audit’s role in achieving organizational objectives leads to stronger governance practices across the banking sector.

1.8 Scope of the Study

This study focuses on internal audit as a tool for achieving organizational objectives, using Mainstreet Bank of Nigeria Plc as a case study. Geographically, the research is limited to the Nigerian operations of Mainstreet Bank, focusing primarily on its corporate headquarters and key operational centers during its period of operation (2011-2014). The bank was a commercial bank created by the Central Bank of Nigeria and owned by the Asset Management Corporation of Nigeria (AMCON) following the restructuring of Afribank Nigeria Plc. Content-wise, the study examines the following areas: internal audit practices and procedures (audit planning, fieldwork, reporting, follow-up); the role of internal audit in risk management, control, and governance; the contribution of internal audit to achieving organizational objectives (financial, operational, compliance, strategic); challenges (independence, resources, competence, management support, audit committee effectiveness); and improvement strategies. The study targets internal auditors (including the Chief Audit Executive), management staff (Executive Directors, departmental heads), audit committee members (if accessible), and external stakeholders (CBN, AMCON officials) involved in oversight. The time frame for data collection is the cross-sectional period of 2023–2024, though retrospective data and recollections from the bank’s operational period (2011-2014) will be considered. The study does not cover the operations of the bank after its acquisition in 2014, nor does it cover other banks (except for comparative context), nor external audit (except as it relates to internal audit).

1.9 Definition of Terms

Internal Audit: An independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Organizational Objectives: The specific, measurable goals that an organization sets to achieve its mission and vision, including financial, operational, compliance, strategic, and reputational objectives.

Mainstreet Bank of Nigeria Plc: A bridge bank created in 2011 by the Central Bank of Nigeria, owned by the Asset Management Corporation of Nigeria (AMCON), following the restructuring of Afribank Nigeria Plc, which operated until its acquisition in 2014.

Bridge Bank: A temporary financial institution created by regulators to take over the assets and liabilities of a failed or distressed bank, operate it, and prepare it for sale to a new owner.

Asset Management Corporation of Nigeria (AMCON): A Nigerian government agency established to purchase non-performing loans from banks and manage them, and to recapitalize distressed banks following the 2009 banking crisis.

Risk Management: The process of identifying, assessing, and responding to risks that could prevent the organization from achieving its objectives.

Internal Control: The policies, procedures, and mechanisms implemented by management to provide reasonable assurance regarding the achievement of organizational objectives, including reliable financial reporting, compliance with laws, and safeguarding of assets.

Corporate Governance: The system of rules, practices, and processes by which a company is directed and controlled, balancing the interests of shareholders, management, customers, regulators, and other stakeholders.

Audit Committee: A committee of the board of directors (typically composed of independent non-executive directors) responsible for overseeing the financial reporting process, internal controls, and the internal and external audit functions.

Chief Audit Executive (CAE): The senior internal audit executive responsible for managing the internal audit function, reporting to the audit committee and senior management.

Audit Plan: A document developed annually by the internal audit function, based on risk assessment, that identifies the audits to be conducted, their scope, timing, and resource requirements.

Audit Recommendation: A suggestion or directive made by internal auditors to management aimed at correcting identified deficiencies, improving processes, or strengthening controls.

Audit Follow-up: The process of tracking management’s implementation of audit recommendations to ensure that corrective actions are taken.

Value-Added Auditing: The approach to internal auditing that focuses on identifying opportunities for cost savings, process improvements, and strategic insights beyond traditional compliance assurance.

Independence (Auditor Independence): The ability of internal auditors to perform their work without bias, conflict of interest, or undue influence from management, including organizational independence (reporting to the audit committee) and objectivity (unbiased attitude).

Competence (Auditor Competence): The knowledge, skills, abilities, and professional certifications (e.g., Certified Internal Auditor, CIA) that internal auditors possess to perform their duties effectively.

Three Lines of Defense Model: A framework for risk management and control where operational management is the first line, risk and compliance functions are the second line, and internal audit is the third line.

Restructuring: The process of reorganizing a distressed or underperforming organization to restore viability, including changes in management, operations, capital structure, and ownership.

Central Bank of Nigeria (CBN): The apex monetary authority of Nigeria, responsible for regulating banks and other financial institutions, including the intervention that led to the creation of Mainstreet Bank.

CHAPTER TWO: LITERATURE REVIEW

2.1 Conceptual Framework

A conceptual framework is a structural representation of the key concepts or variables in a study and the hypothesized relationships among them. It serves as the analytical lens through which the researcher organizes the study, selects appropriate methodology, and interprets findings. In this study, the conceptual framework is built around two primary constructs: Internal Audit (the independent variable) and Organizational Objectives (the dependent variable). Additionally, the framework identifies the specific dimensions of each construct and the mediating and moderating variables that influence the relationship (Miles, Huberman, and Saldaña, 2020).

The independent variable, Internal Audit, refers to an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. For the purpose of this study, internal audit is conceptualized along six key dimensions derived from the International Professional Practices Framework (IPPF) of the Institute of Internal Auditors: (a) independence and objectivity (the organizational reporting lines and mental attitude that ensure auditors can perform their work without bias or undue influence), (b) professional competence (the knowledge, skills, and certifications of internal audit staff), (c) scope of work (the range of activities covered, including financial audits, compliance audits, operational audits, information technology audits, and risk management audits), (d) audit process (the methodology for planning, executing, reporting, and following up on audits), (e) quality assurance and improvement (the processes for ensuring audit quality, including internal assessments and external reviews), and (f) audit committee relationship (the interaction with and oversight by the board’s audit committee). Each dimension contributes differently to the overall effectiveness of internal audit and, consequently, to the achievement of organizational objectives (IIA, 2017; Sawyer and Dittenhofer, 2018).

The dependent variable, Organizational Objectives, refers to the specific, measurable goals that an organization sets to achieve its mission and vision. For the purpose of this study, organizational objectives are conceptualized along five key dimensions relevant to a banking institution like Mainstreet Bank: (a) financial objectives (profitability, cost reduction, revenue growth, return on equity, capital adequacy), (b) operational objectives (efficiency, productivity, process improvement, service delivery quality), (c) compliance objectives (adherence to laws, regulations, CBN guidelines, anti-money laundering requirements, and internal policies), (d) strategic objectives (market positioning, competitive advantage, customer acquisition and retention, reputation management), and (e) risk management objectives (identification, assessment, mitigation, and monitoring of credit, market, operational, and liquidity risks). A comprehensive assessment of internal audit’s contribution requires examining its impact across multiple objective dimensions (Brigham and Ehrhardt, 2017; Okafor and Udeh, 2020).

The conceptual framework posits a positive relationship between the effectiveness of internal audit and the achievement of organizational objectives. Specifically, when internal audit is independent, competent, well-scoped, and supported by an effective audit committee, it contributes to organizational objectives through several mechanisms: (a) risk reduction (identifying and helping to mitigate risks that could prevent objective achievement), (b) control improvement (identifying control weaknesses and recommending enhancements), (c) fraud detection and deterrence (identifying irregularities and creating a deterrent effect), (d) process optimization (identifying inefficiencies and recommending improvements), (e) compliance assurance (ensuring adherence to laws and regulations, avoiding penalties), and (f) strategic insight (providing objective assessments that inform strategic decision-making). Conversely, when internal audit is weak—lacking independence, competence, or resources—its contribution is diminished, and organizational objectives may be harder to achieve (Alzeban and Gwilliam, 2019; Mihret and Yismaw, 2018).

An important feature of this conceptual framework is the recognition of mediating mechanisms through which internal audit affects organizational objectives. The framework identifies four primary mediating mechanisms: (a) assurance (internal audit provides independent assurance to management and the board that controls are effective and risks are managed), (b) insight (internal audit provides analysis, recommendations, and forward-looking perspectives that help management make better decisions), (c) objectivity (internal audit’s independence ensures that assessments are unbiased and credible), and (d) accountability (internal audit creates a “paper trail” and accountability that encourages management to maintain good controls and take corrective action). Each mechanism operates through different channels and may be more or less important depending on the organizational context (IIA, 2017; Pickett, 2018).

The framework also identifies several moderating variables that influence the strength of the relationship between internal audit and organizational objectives. These include: (a) organizational factors (size, complexity, organizational culture, management philosophy), (b) governance factors (strength and independence of the board and audit committee, tone at the top), (c) environmental factors (regulatory intensity, industry competition, economic conditions), (d) resource factors (funding for internal audit, technology, staff), (e) management support (the willingness of management to accept and act on audit recommendations), (f) audit committee effectiveness (the competence, independence, and diligence of the audit committee), and (g) external audit interaction (the coordination between internal and external audit). For Mainstreet Bank, which operated as a bridge bank under AMCON ownership, the specific values of these moderating variables—particularly management support, governance factors, and environmental factors—would have significantly affected internal audit’s contribution (Eze and Nwafor, 2019; Adebayo and Oyedokun, 2020).

The framework also distinguishes between the direct and indirect effects of internal audit on organizational objectives. Direct effects include immediate outcomes such as detection of a fraudulent transaction, correction of a control weakness, or identification of a compliance gap. Indirect effects include the deterrent effect (employees are less likely to commit fraud if they know internal audit is active), the learning effect (management improves processes based on audit recommendations), and the confidence effect (external stakeholders have greater confidence in the organization’s governance). Over time, these indirect effects accumulate and contribute to sustained organizational performance. The framework captures both types of effects (Moeller, 2019; Spira and Page, 2019).

The framework also acknowledges the limitations of internal audit. Internal audit provides “reasonable assurance,” not absolute assurance. Controls can be circumvented by collusion, overridden by management, or rendered ineffective by human error. Internal audit cannot guarantee that all risks will be avoided or that all objectives will be achieved. Moreover, internal audit is a cost to the organization; the benefits of internal audit must exceed its costs for it to be value-adding. The framework suggests that the optimal level and quality of internal audit is a balance between the cost of audit and the risk reduction and performance benefits it provides (Pickett, 2018; Sawyer and Dittenhofer, 2018).

Methodologically, the conceptual framework guides the development of research instruments and analytical procedures. Interview guides and survey questionnaires are structured to capture each dimension of internal audit (independence, competence, scope, process, quality, audit committee relationship) and each dimension of organizational objectives (financial, operational, compliance, strategic, risk management). Questions probe specific examples from Mainstreet Bank’s experience. The framework also guides the analysis of secondary data, including internal audit reports, audit committee minutes, board reports, and financial statements (Creswell and Creswell, 2018; Saunders, Lewis, and Thornhill, 2019).

Empirical studies that have employed similar conceptual frameworks in banking contexts provide validation for this approach. For example, studies on internal audit effectiveness in European banks found that independence and audit committee support were the strongest predictors of internal audit’s contribution to financial and compliance objectives. Studies on African banks found that the scope of internal audit (covering operational and IT audits, not just financial audits) was positively associated with operational performance. In Nigeria, research on banks has found that internal audit effectiveness varies significantly by bank ownership structure and regulatory environment, with banks under regulatory supervision (like Mainstreet) facing unique challenges. These findings support the relevance of the current framework for Mainstreet Bank (Adebayo and Oyedokun, 2020; Eze and Nwafor, 2021; Okafor and Udeh, 2021).

The conceptual framework also addresses the unique characteristics of Mainstreet Bank as a case study. As a bridge bank created from the assets of a distressed institution and owned by AMCON, Mainstreet Bank faced unique internal audit challenges: establishing an internal audit function from scratch (or inheriting from the predecessor), dealing with legacy issues (bad loans, unresolved disputes), managing heightened regulatory scrutiny, operating under temporary ownership, and preparing for eventual sale. The framework includes these unique characteristics as moderating variables that likely affected the relationship between internal audit and organizational objectives (AMCON, 2012; CBN, 2011).

Visually, the conceptual framework for this study can be represented as a diagram with “Internal Audit” (independent variable) at the left, with six boxes (independence, competence, scope, process, quality, audit committee relationship). An arrow points to “Organizational Objectives” (dependent variable) on the right, with five boxes (financial, operational, compliance, strategic, risk management). Along the arrow are placed the four mediating mechanisms (assurance, insight, objectivity, accountability). Above the arrow are placed the moderating variables (organizational factors, governance factors, environmental factors, resource factors, management support, audit committee effectiveness, external audit interaction). This visual representation aids readers in quickly grasping the hypothesized relationships (Miles et al., 2020).

In summary, the conceptual framework of this study provides a clear, logical, and empirically grounded structure for investigating internal audit as a tool for achieving organizational objectives at Mainstreet Bank of Nigeria Plc. By disaggregating internal audit into six dimensions and organizational objectives into five dimensions, and by acknowledging the mediating mechanisms and moderating variables, the framework enhances the validity and reliability of the research findings. It also serves as a bridge between the theoretical foundations (discussed in section 2.2) and the empirical investigation (chapters three and four) (Creswell and Creswell, 2018).

2.2 Theoretical Framework

A theoretical framework is a collection of interrelated concepts, definitions, and propositions that present a systematic view of phenomena by specifying relationships among variables, with the purpose of explaining and predicting those phenomena. In this study, five major theories are adopted to explain the relationship between internal audit and organizational objectives: the Agency Theory, the Stewardship Theory, the Resource-Based View (RBV) of the Firm, the Institutional Theory, and the Modern Internal Audit Theory (also known as the Value-Added Theory). These theories collectively provide a robust lens for understanding how internal audit contributes to organizational objectives, why it is effective or ineffective, and what factors influence this relationship (Jensen and Meckling, 1976; Davis, Schoorman, and Donaldson, 1997; Barney, 1991; DiMaggio and Powell, 1983; IIA, 2017).

2.2.1 Agency Theory

Agency Theory, developed by Jensen and Meckling (1976), is one of the most influential theories in corporate governance, auditing, and organizational economics. The theory describes the relationship between principals (owners/shareholders) and agents (managers who run the company on behalf of owners). In the context of Mainstreet Bank, the principals included AMCON (as the 100% owner), the CBN (as regulator with ownership-like authority over distressed entities), and ultimately Nigerian citizens (as beneficiaries of financial system stability). The agents were the bank’s management—the Managing Director, Executive Directors, and other senior managers. Agency Theory posits that agents may not always act in the best interests of principals due to information asymmetry (agents have more information about the bank’s operations, risks, and financial position than principals do) and divergent interests (agents may pursue personal goals such as job security, power, or career advancement rather than the bank’s rehabilitation objectives) (Jensen and Meckling, 1976; Premchand, 2019).

In the context of this study, Agency Theory explains the fundamental need for internal audit at Mainstreet Bank. Because AMCON and the CBN (principals) could not directly observe every decision and action taken by bank management (agents), they relied on internal audit to provide independent, objective monitoring. Internal audit reduced information asymmetry by providing principals with reliable information about management’s performance, risk management, and compliance. It also reduced agency costs by deterring and detecting agent opportunism (e.g., unauthorized lending, self-dealing, operational inefficiencies). The theory predicts that organizations with stronger internal audit functions (more independent, better resourced, higher competence) will have lower agency costs and better achievement of organizational objectives. For Mainstreet Bank, which was created to rehabilitate a distressed institution, agency costs were likely significant, making internal audit particularly important (Mihret and Yismaw, 2018; Okafor and Udeh, 2020).

Agency Theory also explains the role of the audit committee in internal audit effectiveness. The audit committee acts as an agent of the principals to oversee the internal audit function, ensuring auditor independence, reviewing audit plans, and monitoring management’s response to audit findings. The theory predicts that audit committees that are independent, financially literate, and diligent will enhance internal audit effectiveness. For Mainstreet Bank, the composition and effectiveness of its audit committee (appointed by AMCON) would have significantly affected internal audit’s contribution to organizational objectives (FRCN, 2014; CBN, 2014).

Empirical research has consistently supported Agency Theory predictions about internal audit. Studies have found that organizations with higher perceived agency costs (e.g., larger, more complex, more highly leveraged) invest more in internal audit and have stronger internal audit functions. In the banking sector, research has found that internal audit effectiveness is associated with lower loan losses, fewer regulatory sanctions, and higher profitability. For Mainstreet Bank, Agency Theory suggests that the bank’s unique ownership structure (100% owned by AMCON) and regulatory oversight created strong agency concerns that internal audit was expected to address (Adebayo and Oyedokun, 2020; Eze and Nwafor, 2019).

2.2.2 Stewardship Theory

Stewardship Theory, developed by Davis, Schoorman, and Donaldson (1997), offers a contrasting perspective to Agency Theory. While Agency Theory assumes that agents are self-interested and opportunistic, Stewardship Theory posits that managers and employees are inherently trustworthy, responsible, and motivated to act in the best interests of the organization and its stakeholders. Stewards derive satisfaction from organizational achievement, collective success, and the responsible management of resources placed in their care. In the context of Mainstreet Bank, Stewardship Theory suggests that most bank managers and staff were public servants (in a sense) who genuinely wanted to rehabilitate the bank, protect depositor funds, and prepare the bank for successful sale. They did not require constant monitoring and punitive controls; rather, they needed the tools, training, and support to fulfill their stewardship responsibilities (Davis et al., 1997; Mellett, 2019).

In the context of this study, Stewardship Theory explains the role of internal audit in enabling, rather than merely controlling, the achievement of organizational objectives at Mainstreet Bank. From a stewardship perspective, internal audit provides stewards (management and staff) with the information and insights they need to do their jobs better. Audit findings about process inefficiencies help stewards improve operations. Risk assessments help stewards prioritize risks. Recommendations help stewards strengthen controls. Internal audit, in this view, is a partner in organizational success, not an adversary. This perspective is consistent with the modern internal audit emphasis on value-adding and consulting activities, beyond traditional compliance and fraud detection (IIA, 2017; Sawyer and Dittenhofer, 2018).

Stewardship Theory also explains why excessively adversarial or rigid internal audit approaches can be counterproductive. If internal auditors are perceived as “gotcha” auditors who focus on blame rather than improvement, management may become defensive, withhold information, and resist recommendations. This undermines internal audit’s ability to contribute to organizational objectives. Stewardship Theory suggests that internal audit should be conducted in a collaborative, respectful manner that supports and empowers management as stewards of the organization. For Mainstreet Bank, which operated under challenging circumstances, a collaborative approach may have been particularly important (Eze and Nwafor, 2019; Adebayo and Oyedokun, 2020).

Empirical research has found that organizations with a stewardship culture (characterized by trust, collaboration, and shared commitment to organizational success) have more effective internal audit functions, as measured by management implementation of audit recommendations and achievement of organizational objectives. For Mainstreet Bank, Stewardship Theory suggests that fostering a collaborative relationship between internal audit and management was essential for internal audit to be a tool for achieving organizational objectives (Okafor and Udeh, 2021).

2.2.3 Resource-Based View (RBV) of the Firm

The Resource-Based View (RBV) of the firm, developed by Jay Barney (1991) and others, explains that firms achieve sustainable competitive advantage not merely by exploiting market opportunities but by developing resources that are valuable, rare, imperfectly imitable, and non-substitutable (VRIN). Resources can be tangible (physical assets, financial capital) or intangible (knowledge, reputation, organizational routines, information systems). In the RBV framework, internal audit is not merely a cost or a compliance requirement but a potential source of competitive advantage when it is implemented in a way that creates VRIN resources (Barney, 1991; Peteraf, 1993).

In the context of this study, RBV explains how internal audit at Mainstreet Bank could have contributed to achieving organizational objectives as a strategic resource. A high-quality internal audit function that provides accurate, timely, and insightful information is a valuable resource because it enables better decision-making, risk management, and control. It may be rare if few banks (especially bridge banks) had invested in similarly sophisticated internal audit functions. It may be imperfectly imitable if it is based on unique organizational routines, culture, and experience that cannot be easily copied. It may be non-substitutable if there are no equally effective alternatives for generating the same assurance and insight. For Mainstreet Bank, which faced unique risks and challenges, a high-quality internal audit function could have been particularly valuable (Wade and Hulland, 2004; Melville, Kraemer, and Gurbaxani, 2004).

RBV also explains why simply having an internal audit department (the structure) does not guarantee that it will contribute to organizational objectives. The value of internal audit depends on how it is embedded in complementary organizational resources and capabilities. A bank with a sophisticated internal audit system but no culture of using audit information for decision-making will not realize the benefits. A bank with excellent internal auditors but no management support will also underperform. For Mainstreet Bank, the complementarity between internal audit and other organizational resources (management commitment, audit committee oversight, information systems, staff training) was likely a key determinant of internal audit’s contribution (Eze and Nwafor, 2021; Okafor and Udeh, 2020).

Empirical research in the RBV tradition has found that information systems (including internal audit systems) can be sources of competitive advantage when they are integrated with organizational processes and when they develop over time through learning and adaptation. In the banking sector, studies have found that banks with more sophisticated internal audit functions (broader scope, more skilled staff, better technology) have better risk management outcomes and higher profitability. For Mainstreet Bank, the RBV suggests that investment in internal audit should be viewed as a strategic investment, not just a cost (Adebayo and Oyedokun, 2020).

2.2.4 Institutional Theory

Institutional Theory, developed by DiMaggio and Powell (1983) and Scott (2001), explains why organizations within a given field tend to adopt similar structures, practices, and processes over time. The theory identifies three mechanisms of institutional isomorphism: coercive isomorphism (pressure from regulators, laws, or powerful organizations), mimetic isomorphism (copying successful competitors in response to uncertainty), and normative isomorphism (pressure from professional bodies, training, and networks). According to Institutional Theory, organizations adopt practices such as internal audit not only because they improve technical performance but because they confer legitimacy, which enhances survival and access to resources (DiMaggio and Powell, 1983).

In the context of this study, Institutional Theory explains why Mainstreet Bank adopted specific internal audit practices. Coercive pressures included CBN’s corporate governance guidelines for banks, which mandated internal audit functions reporting to the audit committee, minimum qualifications for chief audit executives, and specific audit coverage requirements. Mimetic pressures included observing other Nigerian banks (especially those that had survived the 2009 crisis) and copying their internal audit practices to appear modern and competent. Normative pressures included the influence of professional bodies such as the Institute of Internal Auditors (IIA Nigeria) and the Institute of Chartered Accountants of Nigeria (ICAN), which promote certain internal audit standards as professional norms (CBN, 2014; FRCN, 2014).

Institutional Theory also explains why internal audit may have been adopted “ceremonially” or symbolically at some organizations. Organizations may create the appearance of a strong internal audit function (e.g., creating an internal audit department on paper, producing audit reports) without actually implementing effective audit practices in practice. This “decoupling” of formal structure from actual practice allows organizations to gain legitimacy while avoiding the costs or disruptions of genuine reform. For Mainstreet Bank, which was under intense regulatory scrutiny, the pressure to appear compliant may have been particularly strong. However, given the bank’s unique status as a bridge bank, the extent of decoupling is an empirical question (Adebayo and Oyedokun, 2020; Nwankwo and Okeke, 2020).

Empirical studies in the Nigerian banking sector have found evidence of both substantive and symbolic adoption of internal audit practices. Banks under regulatory intervention or with significant ownership by regulators (like Mainstreet) were found to have more substantive internal audit practices, as they faced stronger coercive pressures and closer oversight. For Mainstreet Bank, Institutional Theory suggests that the bank likely had formal internal audit structures and practices that were consistent with regulatory requirements, but the substantive effectiveness of those practices (their actual contribution to achieving organizational objectives) required empirical investigation (Eze and Nwafor, 2019; Okafor and Udeh, 2021).

2.2.5 Modern Internal Audit (Value-Added) Theory

Modern Internal Audit Theory, as articulated by the Institute of Internal Auditors (IIA) and reflected in the International Professional Practices Framework (IPPF), represents the contemporary understanding of internal audit’s role. This theory posits that internal audit should be a value-adding activity, not merely a compliance or assurance function. Value is added by: (a) providing objective, independent assurance that helps the organization manage risks and improve controls, (b) offering consulting services that help management improve processes and performance, (c) identifying opportunities for cost savings and efficiency improvements, (d) providing insights into emerging risks and strategic opportunities, and (e) facilitating good governance by supporting the board and audit committee in their oversight responsibilities. The ultimate goal of internal audit, according to this theory, is to help the organization achieve its objectives (IIA, 2017; Sawyer and Dittenhofer, 2018).

In the context of this study, Modern Internal Audit Theory explains the broad scope of activities through which internal audit can contribute to organizational objectives at Mainstreet Bank. Beyond traditional financial and compliance audits, a value-adding internal audit function would have conducted operational audits (identifying inefficiencies in loan processing, customer service, treasury operations), IT audits (assessing system security, data integrity, and disaster recovery), and strategic audits (evaluating the bank’s readiness for sale, assessing the reputation and market positioning). The theory predicts that internal audit’s contribution to achieving organizational objectives is greatest when it has a broad scope, includes consulting activities, and is aligned with the organization’s strategic priorities (Pickett, 2018; Moeller, 2019).

Modern Internal Audit Theory also emphasizes the importance of risk-based auditing. Rather than auditing all areas equally, internal audit should focus its resources on the areas of highest risk to the achievement of organizational objectives. For Mainstreet Bank, high-risk areas would have included credit risk (managing the inherited loan portfolio), operational risk (maintaining controls during transition), compliance risk (meeting CBN requirements), and reputational risk (restoring customer and public confidence). A risk-based audit plan ensures that internal audit resources are deployed where they can add the most value (IIA, 2017; Spira and Page, 2019).

Empirical research has found that internal audit functions that adopt modern, value-adding practices (risk-based auditing, consulting, broad scope) are more highly valued by management and audit committees and are associated with better organizational performance. In the Nigerian banking sector, research has found that banks with more mature internal audit functions (broader scope, more consulting, stronger risk focus) had better compliance records and lower credit losses. For Mainstreet Bank, Modern Internal Audit Theory suggests that internal audit’s contribution to achieving organizational objectives would have depended on how fully it adopted value-adding practices (Eze and Nwafor, 2021; Okafor and Udeh, 2021).

2.2.6 Synthesis of the Five Theories

Taken together, Agency Theory, Stewardship Theory, Resource-Based View (RBV), Institutional Theory, and Modern Internal Audit (Value-Added) Theory provide a comprehensive, multi-layered theoretical foundation for this study. Agency Theory explains the monitoring role of internal audit in reducing information asymmetry and agency costs between owners and managers. Stewardship Theory complements Agency Theory by recognizing that managers are often trustworthy stewards and that internal audit should enable rather than constrain. RBV explains how internal audit can be a source of competitive advantage when it creates VRIN resources. Institutional Theory explains why organizations adopt internal audit practices (isomorphic pressures) and why there may be gaps between formal policies and actual practices (decoupling). Modern Internal Audit Theory explains the value-adding mechanisms (assurance, insight, objectivity, accountability) through which internal audit contributes to achieving organizational objectives (Jensen and Meckling, 1976; Davis et al., 1997; Barney, 1991; DiMaggio and Powell, 1983; IIA, 2017).

The synthesis of these theories also guides empirical testing and practical recommendations. Research questions and hypotheses derived from this theoretical framework can focus on: from Agency Theory, the effectiveness of internal audit in reducing agency costs at Mainstreet Bank; from Stewardship Theory, the extent to which management perceived internal audit as a partner or adversary; from RBV, whether internal audit was a valuable resource that contributed to the bank’s rehabilitation; from Institutional Theory, whether internal audit practices were substantively or symbolically adopted; and from Modern Internal Audit Theory, whether internal audit added value through risk-based auditing, consulting, and broad scope. The framework suggests that internal audit’s contribution to achieving organizational objectives at Mainstreet Bank depends on all five theoretical dimensions: effective monitoring (Agency), collaborative stewardship (Stewardship), resource development (RBV), substantive implementation (Institutional), and value-adding practices (Modern Internal Audit) (Creswell and Creswell, 2018).

In conclusion, the theoretical framework of this study is firmly anchored in five well-established, complementary theories: Agency Theory (Jensen and Meckling, 1976), Stewardship Theory (Davis et al., 1997), Resource-Based View (Barney, 1991), Institutional Theory (DiMaggio and Powell, 1983), and Modern Internal Audit (Value-Added) Theory (IIA, 2017). These theories collectively explain the relationship between internal audit and organizational objectives, the mechanisms through which internal audit contributes to objective achievement, the factors that influence internal audit effectiveness, and the evolution of internal audit from compliance to value-adding. The framework provides a solid foundation for the conceptual framework (section 2.1), the research methodology (chapter three), and the interpretation of findings (chapters four and five) (Miles et al., 2020).