EFFECTIVE INTERNAL CONTROL IN ENHANCING FOUNDATION FOR SAFE AND SOUND OPERATION IN AN ORGANISATION (A CASE STUDY OF COLLEGES OF EDUCATION IN ENUGU)

CHAPTER ONE: INTRODUCTION

1.1 Background of the Study

Internal control is a systematic process designed and implemented by an organization’s management and board to provide reasonable assurance regarding the achievement of objectives in three categories: effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations. According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO, 2013), internal control is not a one-time event but an integrated process that permeates all activities of an organization. For public institutions such as Colleges of Education, which receive substantial government funding and are accountable to multiple stakeholders, effective internal control is not merely desirable but indispensable for safe and sound operations.

The concept of “safe and sound operation” in organizational management refers to the ability of an entity to conduct its activities without exposing itself to undue risks that could threaten its survival, reputation, or ability to achieve its mandate. In the context of tertiary educational institutions in Nigeria, safe and sound operations imply the absence of financial fraud, asset misappropriation, regulatory violations, operational inefficiencies, and reputational damage. Omolehinwa and Naiyeju (2019) argue that no organization can achieve long-term sustainability without a robust internal control framework that identifies, prevents, and mitigates risks.

Colleges of Education in Nigeria are teacher-training institutions established to produce qualified teachers for primary and junior secondary schools. They operate under the regulatory supervision of the National Commission for Colleges of Education (NCCE) and are funded primarily by federal or state governments. In Enugu State, the major Colleges of Education include the Enugu State College of Education (Technical), Enugu, and the Federal College of Education (Technical), Enugu. These institutions manage large budgets, employ hundreds of staff, enroll thousands of students, and maintain significant physical assets. The complexity and scale of their operations demand effective internal controls (Nwankwo and Eze, 2020).

Historically, the Nigerian public sector, including tertiary educational institutions, has been plagued by weak internal controls leading to fraud, waste, and inefficiency. Reports from the Office of the Auditor-General of the Federation frequently highlight systemic weaknesses in internal control systems across federal and state parastatals. These include inadequate segregation of duties, lack of physical safeguards over assets, poor documentation, weak authorization procedures, and ineffective internal audit units. Colleges of Education have not been immune to these challenges (Okafor and Ugwu, 2019).

The consequences of weak internal control in Colleges of Education are far-reaching. Financially, weak controls lead to misappropriation of funds, inflated contracts, payroll fraud, and diversion of revenues. Operationally, they result in poor maintenance of facilities, loss of equipment, and inadequate academic resources. Reputationally, scandals erode public trust and devalue the certificates issued by these institutions. Most critically, weak internal controls undermine the core mandate of producing competent teachers, thereby affecting the quality of basic education in Nigeria (Adeyemi and Oluwafemi, 2021).

The concept of internal control has evolved significantly over the past decades. Traditional internal control focused primarily on financial controls and fraud prevention. However, modern frameworks such as COSO (2013) and the International Standards for the Professional Practice of Internal Auditing (IPPF) emphasize a broader approach that includes operational efficiency, risk management, and compliance. This expanded view recognizes that internal control is not merely about preventing losses but about enabling an organization to achieve its strategic objectives safely and soundly (Pickett, 2018).

In the Nigerian public sector, the Financial Regulations (2018) and the Public Procurement Act (2007) provide detailed requirements for internal control systems. These include mandatory procurement planning, advertising of tenders, bid evaluation committees, and certificate of no objection from the Bureau of Public Procurement. Similarly, the Treasury Circular on the Implementation of the International Public Sector Accounting Standards (IPSAS) requires accrual-based accounting, which demands stronger internal controls over asset recognition, depreciation, and inventory. Despite these regulations, compliance in Colleges of Education remains inconsistent (Ezeani and Nwadialor, 2020).

The internal audit function is a critical component of any internal control system. Internal auditors independently evaluate the effectiveness of internal controls, identify weaknesses, and recommend improvements. In Colleges of Education, the internal audit unit is expected to report directly to the Governing Council, not to management, to ensure independence. However, in practice, many internal audit units in Nigerian tertiary institutions are understaffed, underfunded, and report administratively to the same management they are supposed to audit, compromising their objectivity (Bamidele and Ogunleye, 2019).

Another essential element of internal control is the control environment, which encompasses the integrity, ethical values, and competence of an organization’s people. The control environment sets the tone for the entire organization. In Colleges of Education in Enugu, the control environment is shaped by factors such as leadership commitment to internal control, the presence of anti-fraud policies, staff training, and the organizational culture. A weak control environment—where senior management circumvents controls or where there is a tolerance for rule-bending—makes formal controls ineffective regardless of their design (COSO, 2013).

Segregation of duties is a fundamental internal control principle that ensures that no single individual has control over all aspects of a transaction. For example, the person who authorizes a payment should not be the one who processes the payment or reconciles the bank statement. In many Colleges of Education, however, inadequate staffing levels often force a single individual to perform multiple incompatible functions, creating opportunities for error or fraud. Studies have documented cases where bursary staff single-handedly raised payment vouchers, signed cheques, and reconciled bank statements without any independent review (Nnamani, 2021).

Physical controls over assets are another area of concern. Colleges of Education possess valuable assets including land, buildings, vehicles, computers, laboratory equipment, library books, and furniture. Effective internal control requires that these assets be properly recorded in asset registers, physically secured, periodically verified, and maintained adequately. However, physical verification exercises in many Colleges of Education in Enugu have revealed missing equipment, unrecorded donations of assets, and dilapidated facilities that have not been written off. Such deficiencies expose institutions to losses and safety risks (Okonkwo, 2020).

Information and communication systems are vital for internal control. For internal control to be effective, relevant information must be identified, captured, and communicated in a form and timeframe that enables people to carry out their responsibilities. In Colleges of Education, this includes financial information (budgets, actual expenditures, variances), operational information (student enrollment, staff attendance, examination records), and compliance information (regulatory filings, audit queries). Many institutions still rely on manual or fragmented information systems that do not provide timely or reliable data for decision-making (Adedayo, 2021).

Monitoring activities involve ongoing evaluations of internal control performance. Monitoring can be achieved through continuous management activities (e.g., supervisory reviews, reconciliations) or separate evaluations (e.g., internal audits, external audits). In effective internal control systems, identified deficiencies are reported upstream, and corrective actions are taken promptly. In Colleges of Education in Enugu, however, audit recommendations often languish unimplemented for years, and management does not always establish clear timelines or accountability for remediation (Ugwu and Eze, 2020).

The relationship between internal control and organizational performance has been extensively researched. Studies consistently find that organizations with stronger internal controls exhibit higher profitability, better asset management, lower fraud losses, and superior compliance records. For public sector institutions like Colleges of Education, where profit is not the primary objective, the relevant performance metrics include budget implementation rates, timely completion of projects, quality of graduates, and stakeholder satisfaction. Weak internal controls correlate with poor performance across these metrics (Ijewereme and Okafor, 2019).

In the specific context of Enugu State’s Colleges of Education, anecdotal evidence suggests significant internal control weaknesses. For instance, the Enugu State Auditor-General’s annual reports have repeatedly cited instances of unretired imprest, unpaid deductions (e.g., PAYE, pension contributions), inadequate contract documentation, and lack of fixed asset registers. Similarly, the NCCE accreditation reports have noted deficiencies in financial management and record keeping at some institutions. These recurring observations indicate systemic rather than isolated problems (Enugu State Auditor-General’s Report, 2020).

The cost of weak internal control is not only financial but also reputational and operational. A College of Education with a reputation for financial mismanagement may struggle to attract qualified staff, donors, or development partners. Students may lose confidence in the institution’s ability to provide quality education. Furthermore, weak internal controls can expose governing council members and senior management to legal liability or removal from office. The recent anti-corruption drive by the Economic and Financial Crimes Commission (EFCC) has led to prosecution of public officials, including in educational institutions, for financial misdeeds made possible by weak controls (Nwankwo, 2020).

Conversely, effective internal control enhances safe and sound operations in multiple ways. It prevents and detects fraud, reducing financial losses. It ensures compliance with laws and regulations, avoiding sanctions. It promotes operational efficiency by streamlining processes and eliminating waste. It produces reliable financial and operational information for decision-making. It protects the organization’s reputation and builds trust with stakeholders. Finally, it creates a culture of accountability where everyone understands their responsibilities and accepts oversight (Pickett, 2018).

Despite the acknowledged importance of internal control, many organizations, including Colleges of Education in Enugu, treat it as a bureaucratic imposition rather than a strategic enabler. Internal control documents, such as the internal audit charter, risk registers, and standard operating procedures, are sometimes prepared only to satisfy external reviewers and then ignored. This “tick-box” approach defeats the purpose of internal control and leaves organizations exposed to risks. Changing this mindset requires leadership commitment, continuous training, and accountability for control failures (Okafor and Ugwu, 2019).

The role of the Governing Council in ensuring effective internal control cannot be overemphasized. The Council is the highest decision-making body in a College of Education and bears ultimate responsibility for the institution’s safe and sound operation. Council responsibilities include appointing the internal auditor, approving the budget, reviewing audit reports, and holding management accountable for implementing audit recommendations. However, in practice, many Councils meet infrequently, lack members with financial expertise, and fail to exercise robust oversight. This governance weakness undermines internal control at the highest level (Ezeani and Nwadialor, 2020).

Staff competence and integrity are also critical to internal control. Even the best-designed control system will fail if employees are not competent to perform their duties or are willing to collude to circumvent controls. Colleges of Education need to invest in continuous training for bursary, audit, procurement, and store-keeping staff. They also need to enforce a code of conduct that includes consequences for control violations. In Enugu, some Colleges of Education have struggled to attract and retain qualified accountants and auditors due to poor remuneration and working conditions (Nnamani, 2021).

This study, therefore, seeks to investigate the current state of internal control in Colleges of Education in Enugu and examine how effective internal control enhances the foundation for safe and sound operation. By focusing on a case study of selected institutions, the research will identify specific control strengths, weaknesses, and opportunities for improvement. The findings will provide evidence-based recommendations for management, governing councils, and regulatory agencies to strengthen internal control and thereby promote organizational safety and soundness.

1.2 Statement of the Problem

Despite the existence of comprehensive internal control frameworks, regulations, and audit mechanisms, Colleges of Education in Enugu continue to experience operational and financial challenges that threaten their safe and sound operation. Recurring observations from the Office of the Auditor-General of Enugu State, NCCE accreditation reports, and internal audit findings indicate systemic weaknesses in internal control systems. These include inadequate segregation of duties, lack of physical controls over assets, poor documentation, weak authorization procedures, and ineffective internal audit units (Enugu State Auditor-General’s Report, 2020; Okafor and Ugwu, 2019).

The consequences of these weaknesses are manifest. Financially, there have been reports of unretired imprest totaling millions of naira, unauthorized expenditures, payroll fraud (e.g., “ghost workers”), and failure to remit statutory deductions (PAYE, pension, NHF) to appropriate authorities. Operationally, there are instances of unserviceable equipment not written off, missing computers and laboratory equipment, poorly maintained infrastructure, and procurement irregularities including contract splitting and lack of due process. These problems not only waste public resources but also undermine the academic and administrative functions of these institutions (Nwankwo and Eze, 2020).

Furthermore, the role of internal audit, which is supposed to be the cornerstone of internal control, appears to be compromised. In many Colleges of Education in Enugu, internal audit units are understaffed, poorly funded, and lack the independence required to objectively evaluate management. Internal auditors often report administratively to the same bursary or administrative department they audit, creating a conflict of interest. Audit recommendations, even when made, are frequently ignored by management, and there are no effective mechanisms to ensure implementation (Bamidele and Ogunleye, 2019).

The control environment in these institutions also raises concerns. There is anecdotal evidence of management override of controls, lack of anti-fraud policies, and insufficient training of staff on internal control procedures. In some cases, governing councils have not exercised robust oversight, failing to review audit reports or hold management accountable. This weak control environment sends a signal that internal control is not a priority, encouraging laxity and, in worst-case scenarios, deliberate circumvention of controls (Ezeani and Nwadialor, 2020).

Despite the gravity of these problems, there has been limited empirical research specifically examining the relationship between effective internal control and safe and sound operations in Colleges of Education in Enugu. Most existing studies focus on universities or on private sector organizations. Furthermore, few studies have used a comprehensive framework (such as the COSO framework) to diagnose internal control weaknesses and prescribe targeted improvements in these specific institutions. This gap in knowledge makes it difficult for policymakers, governing councils, and management to design evidence-based interventions.

Therefore, the problem this study addresses is: How does effective internal control enhance the foundation for safe and sound operation in Colleges of Education in Enugu, and what are the specific weaknesses in current internal control systems that need to be addressed? Without an answer to this question, efforts to improve internal control may remain unfocused, and the risk of financial loss, operational failure, and reputational damage will persist.

1.3 Aim and Objectives of the Study

The aim of this study is to examine the role of effective internal control in enhancing the foundation for safe and sound operation in organizations, using Colleges of Education in Enugu as a case study.

The specific objectives are to:

1. Assess the current state of internal control systems in Colleges of Education in Enugu, including control environment, risk assessment, control activities, information and communication, and monitoring.
2. Determine the extent to which internal control weaknesses contribute to financial fraud, asset misappropriation, and operational inefficiencies in these institutions.
3. Evaluate the effectiveness and independence of the internal audit function in Colleges of Education in Enugu.
4. Examine the relationship between internal control effectiveness and the safe and sound operation (financial, operational, and compliance) of Colleges of Education in Enugu.
5. Propose a framework for strengthening internal control systems to enhance safe and sound operations in Colleges of Education in Enugu and similar public institutions.

1.4 Research Questions

The following research questions guide this study:

1. What is the current state of internal control systems (control environment, risk assessment, control activities, information and communication, and monitoring) in Colleges of Education in Enugu?
2. What specific internal control weaknesses have contributed to financial fraud, asset misappropriation, and operational inefficiencies in Colleges of Education in Enugu?
3. How effective and independent is the internal audit function in Colleges of Education in Enugu?
4. What is the relationship between internal control effectiveness and the safe and sound operation (financial integrity, operational efficiency, regulatory compliance) of Colleges of Education in Enugu?
5. What framework can be proposed to strengthen internal control systems for safe and sound operations in Colleges of Education in Enugu?

1.5 Research Hypotheses

The following null hypotheses (Ho) are formulated for testing at a 0.05 level of significance:

1. Ho1: There is no significant relationship between the strength of the control environment and the incidence of financial fraud in Colleges of Education in Enugu.
2. Ho2: The independence of the internal audit function does not significantly affect the implementation rate of audit recommendations in these institutions.
3. Ho3: There is no significant difference in internal control effectiveness between federal and state Colleges of Education in Enugu.
4. Ho4: Effective internal control does not significantly enhance the safe and sound operation (financial, operational, and compliance outcomes) of Colleges of Education in Enugu.

1.6 Significance of the Study

This study is significant for several reasons. First, it will provide empirical evidence on the state of internal control in Colleges of Education in Enugu, filling a gap in the literature on public sector internal control in Nigeria’s tertiary education sub-sector. Second, the findings will be useful to the Governing Councils and management of Colleges of Education in identifying specific control weaknesses and prioritizing remedial actions.

Third, regulatory agencies such as the National Commission for Colleges of Education (NCCE) and the Office of the Auditor-General of Enugu State will benefit from the study’s recommendations for strengthening oversight mechanisms. Fourth, the internal audit units of these institutions will gain insights into best practices for enhancing their independence, competence, and effectiveness. Fifth, policymakers at the federal and state levels can use the findings to design targeted capacity-building programs and resource allocation strategies for internal control systems.

Sixth, researchers and students in accounting, auditing, public administration, and educational management will find this study a valuable reference for future comparative or longitudinal studies. Seventh, the proposed internal control strengthening framework will provide a practical, context-sensitive tool that can be adapted for other public tertiary institutions in Nigeria and similar developing country contexts. Finally, by improving internal control, this study indirectly contributes to the broader goal of producing qualified teachers, thereby improving the quality of basic education in Enugu State and Nigeria at large.

1.7 Limitations of the Study

This study is subject to several limitations. First, the research is confined to Colleges of Education in Enugu State (specifically, the Enugu State College of Education (Technical) and the Federal College of Education (Technical), Enugu). The findings may not be generalizable to other Colleges of Education in other states or to other types of tertiary institutions (universities, polytechnics) without further research.

Second, access to sensitive financial information and audit reports may be restricted due to confidentiality policies or fear of exposure of wrongdoing. Some respondents may be reluctant to disclose internal control weaknesses, especially if they involve ongoing investigations or potential liability. This may introduce response bias in survey or interview data. The researcher will address this through anonymity assurances and triangulation of multiple data sources.

Third, the study relies partly on self-reported perceptions from staff and management, which may be subject to social desirability bias (respondents overstating the strength of internal controls). Where possible, the researcher will supplement perceptions with documented evidence (audit reports, financial records, policy documents) to enhance validity.

Fourth, the study is cross-sectional, capturing the state of internal control at a single point in time. Internal control effectiveness can change rapidly with leadership changes, policy reforms, or external shocks. A longitudinal study would provide more robust evidence of trends, but this is beyond the scope of the current research.

Fifth, the study focuses on internal control as the independent variable and safe/sound operation as the dependent variable. However, other factors (e.g., funding levels, political interference, staff morale, student quality) also affect organizational performance. The study will control for these factors where possible but cannot eliminate their influence entirely.

Despite these limitations, the researcher will adopt a rigorous methodology, including triangulation of data sources and methods, to maximize the validity, reliability, and usefulness of the findings.

1.8 Definition of Terms

For clarity and consistency, the following terms are defined as used in this study:

• Internal Control: A process, effected by an organization’s governing council, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the categories of operations, reporting, and compliance. This study adopts the COSO (2013) integrated framework comprising five components: control environment, risk assessment, control activities, information and communication, and monitoring.
• Effective Internal Control: A state where internal control components are present, functioning properly, and operating together to reduce risks to an acceptable level. Effectiveness is measured by the absence of material weaknesses, timely detection and correction of deficiencies, and achievement of organizational objectives.
• Safe and Sound Operation: The condition in which an organization conducts its activities without exposing itself to undue risks that could threaten its financial viability, operational continuity, legal standing, or reputation. For Colleges of Education, this includes financial integrity (no fraud or material misstatement), operational efficiency (optimal use of resources), and regulatory compliance (adherence to NCCE, procurement, tax, and other laws).
• College of Education: A tertiary educational institution established to train teachers for primary and junior secondary schools. Colleges of Education offer Nigeria Certificate in Education (NCE) programs and are regulated by the National Commission for Colleges of Education (NCCE). The study focuses on Colleges of Education in Enugu, including both federal and state institutions.
• Internal Audit: An independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
• Control Environment: The set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. It includes the integrity and ethical values of management, board oversight, organizational structure, assignment of authority and responsibility, human resource policies, and competence of personnel.
• Control Activities: The actions established through policies and procedures that help ensure that management’s directives to mitigate risks are carried out. These include authorizations, approvals, verifications, reconciliations, segregation of duties, physical safeguards over assets, and performance reviews.
• Risk Assessment: The process of identifying and analyzing risks to the achievement of organizational objectives, thereby forming a basis for determining how risks should be managed. This includes both inherent risks (without controls) and residual risks (after controls).
• Monitoring: Ongoing or separate evaluations to ascertain whether each component of internal control is present and functioning. Monitoring includes regular management activities (supervisory reviews, reconciliations) and separate evaluations (internal audits, self-assessments). Findings are evaluated and deficiencies communicated upstream.
• Fraud: Any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator achieving a gain. In the context of this study, fraud includes misappropriation of funds, payroll fraud (ghost workers), procurement fraud, theft of assets, and falsification of financial records.
• Segregation of Duties: A control activity that requires that no single individual has control over two or more incompatible functions (e.g., authorizing a transaction, recording the transaction, and maintaining custody of the related asset). This reduces the risk of error or fraud by requiring collusion for circumvention.
• Audit Recommendation: A formal suggestion made by internal or external auditors for improving internal control, reducing risk, or enhancing efficiency and effectiveness. Implementation of audit recommendations is a key indicator of management’s commitment to internal control.
• Governing Council: The highest governing body of a College of Education, responsible for setting strategic direction, approving budgets, appointing principal officers, ensuring accountability, and overseeing internal control systems. The Council is accountable to the government (federal or state) and the public.

CHAPTER TWO: LITERATURE REVIEW

2.1 Introduction

This chapter reviews existing literature on internal control and its role in enhancing safe and sound operations in organizations, with particular focus on public tertiary institutions such as Colleges of Education. The review is organized into several thematic sections: conceptual framework, theoretical underpinnings, historical development of internal control, regulatory framework in Nigeria, components of internal control (based on COSO framework), empirical studies on internal control effectiveness, challenges of internal control in public institutions, the relationship between internal control and organizational performance, and the specific context of Colleges of Education in Enugu. A summary of literature gaps concludes the chapter, justifying the present study.

2.2 Conceptual Framework

2.2.1 Concept of Internal Control

Internal control is a comprehensive, integrated process designed and implemented by an organization’s board of directors, management, and other personnel to provide reasonable assurance that the organization will achieve its objectives in three primary categories: effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations. According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO, 2013), internal control is not a checklist or a one-time event but a dynamic, iterative process that permeates all activities of an organization. It is embedded in the way management runs the organization and is an intrinsic part of organizational culture.

The concept of internal control has evolved significantly from its early focus on safeguarding assets and preventing fraud to a broader, risk-based approach. Sawyer (2018) describes internal control as the “umbrella” under which all organizational controls operate, including financial controls, administrative controls, and internal audit. For public sector institutions like Colleges of Education, internal control serves as the first line of defense against waste, fraud, abuse, and mismanagement. Without a robust internal control framework, organizations cannot reasonably expect to operate safely and soundly (Pickett, 2018).

2.2.2 Concept of Safe and Sound Operation

Safe and sound operation refers to the condition in which an organization conducts its business activities without exposing itself to undue risks that could threaten its financial viability, operational continuity, legal standing, or reputation. In the banking and financial services sector, the term “safe and sound” is used extensively by regulators to describe institutions that maintain adequate capital, manage risks prudently, and comply with regulatory requirements. However, the concept applies equally to non-financial organizations, including public educational institutions (Omolehinwa and Naiyeju, 2019).

For Colleges of Education, safe and sound operation encompasses several dimensions: (a) financial safety – absence of fraud, misappropriation, or material financial misstatements; (b) operational soundness – efficient use of resources, maintenance of assets, achievement of academic mandates; (c) compliance soundness – adherence to laws, regulations, and internal policies; and (d) reputational soundness – public trust and confidence in the institution’s governance. An organization that fails in any of these dimensions cannot be considered safe and sound (Nwankwo and Eze, 2020).

2.2.3 Concept of an Organization

An organization is a structured social system consisting of individuals and groups working together to achieve common goals. Organizations can be classified as for-profit (businesses) or not-for-profit (public sector, charitable, religious). This study focuses on public sector organizations, specifically Colleges of Education in Enugu, which are government-funded tertiary institutions established to produce qualified teachers. Organizations have formal structures, policies, procedures, and systems—including internal control systems—to coordinate activities and ensure goal attainment (Ezeani and Nwadialor, 2020).

2.2.4 Concept of Internal Control Effectiveness

Internal control effectiveness refers to the degree to which an organization’s internal control system achieves its intended objectives. According to COSO (2013), an effective internal control system is one in which all five components (control environment, risk assessment, control activities, information and communication, and monitoring) are present, functioning properly, and operating together. Effectiveness is not absolute but is assessed in terms of “reasonable assurance” – meaning that controls reduce risks to an acceptable level, but no system can provide absolute assurance (Pickett, 2018).

Indicators of internal control effectiveness include: (a) absence of material weaknesses identified by auditors; (b) timely detection and correction of control deficiencies; (c) high rate of implementation of audit recommendations; (d) low incidence of fraud, errors, and irregularities; (e) positive assessment by internal and external auditors; and (f) achievement of organizational objectives without significant control failures (Bamidele and Ogunleye, 2019). This study adopts these indicators to assess internal control in Colleges of Education in Enugu.

2.3 Theoretical Framework

This study is anchored on three interrelated theories: Agency Theory, Stewardship Theory, and the Fraud Triangle Theory. Each theory provides a lens for understanding why internal control is necessary and how it enhances safe and sound operations.

2.3.1 Agency Theory

Agency Theory, pioneered by Jensen and Meckling (1976), describes the relationship between principals (owners or taxpayers) and agents (managers or public officials). The theory assumes that agents are self-interested and may pursue their own goals at the expense of principals due to information asymmetry (agents know more about their actions than principals do). To mitigate agency problems, principals incur monitoring costs (e.g., internal control systems, audits) and bonding costs (e.g., performance bonds, codes of conduct). Internal control is a key monitoring mechanism that reduces information asymmetry and deters opportunistic behavior (Okafor and Ugwu, 2019).

In the context of Colleges of Education, the principals are the government (taxpayers), governing councils, and the general public. The agents are the provosts, bursars, registrars, heads of departments, and other staff who manage public resources. Agency Theory predicts that without adequate internal controls (monitoring), agents may misappropriate funds, engage in procurement fraud, or operate inefficiently. Effective internal control aligns the interests of agents with those of principals, thereby enhancing safe and sound operations (Ijewereme and Okafor, 2019).

2.3.2 Stewardship Theory

Stewardship Theory, developed by Davis, Schoorman, and Donaldson (1997), offers a contrasting view to Agency Theory. It posits that managers are inherently trustworthy, collectivistic, and motivated to act in the best interests of the organization. Stewards derive satisfaction from achieving organizational goals and protecting the assets entrusted to them. Unlike Agency Theory, which emphasizes monitoring and control, Stewardship Theory emphasizes empowerment, trust, and alignment of values (Onyenuru, 2018).

However, Stewardship Theory does not negate the need for internal control. Rather, it suggests that internal control should be designed as an enabling mechanism rather than a punitive one. In Colleges of Education, staff who are motivated by professional pride and public service will welcome internal controls as tools to help them do their jobs better and to protect them from false accusations. A stewardship-oriented control environment emphasizes training, clear roles, supportive supervision, and recognition of ethical behavior (Nnamani, 2021). This study integrates both Agency and Stewardship perspectives to provide a balanced view of internal control.

2.3.3 Fraud Triangle Theory

The Fraud Triangle Theory, developed by criminologist Donald Cressey (1953), explains the conditions under which individuals commit fraud. According to Cressey, three conditions are present when fraud occurs: (a) perceived pressure (financial need or incentive), (b) perceived opportunity (weak internal controls that make fraud possible), and (c) rationalization (justification of the fraudulent act as acceptable). Internal control directly addresses the “opportunity” element by reducing the circumstances that allow fraud to occur without detection (Nwankwo, 2020).

In Colleges of Education in Enugu, weak internal controls create opportunities for fraud: lack of segregation of duties, poor supervision, inadequate documentation, and ineffective audits. The Fraud Triangle Theory suggests that strengthening internal control reduces opportunity, thereby deterring fraud even when pressure and rationalization exist. However, the theory also implies that internal control alone is insufficient; organizations must also address employee welfare (pressure) and ethical culture (rationalization). This study uses the Fraud Triangle to analyze the root causes of control failures (Okonkwo, 2020).

2.3.4 Integration of Theories for This Study

This study integrates Agency, Stewardship, and Fraud Triangle theories to provide a comprehensive framework for understanding internal control effectiveness. Agency Theory justifies the need for monitoring (controls) to protect principals from self-interested agents. Stewardship Theory reminds us that controls should not undermine the intrinsic motivation of honest employees. Fraud Triangle Theory focuses on the conditions that enable fraud, emphasizing opportunity reduction as a primary function of internal control. Together, these theories inform the research questions, hypotheses, and recommendations of this study.

2.4 Historical Development of Internal Control

2.4.1 Early History (Pre-20th Century)

The concept of internal control dates back to ancient civilizations. In ancient Egypt, scribes maintained dual records of grain stores, and supervisors verified the accounts. In the Roman Empire, the system of “quaestors” and “procurators” included checks and balances over public funds. Medieval Italian city-states (Venice, Genoa, Florence) developed double-entry bookkeeping, which inherently included control features such as the trial balance and separation of accounting and custody functions (Sawyer, 2018).

In the 18th and 19th centuries, the industrial revolution and the rise of large corporations led to more formalized internal controls. Railway companies in England and the United States developed systems of authorization, recording, and custody over large amounts of cash and inventory. However, these controls were not systematic or standardized; they evolved on an ad-hoc basis in response to specific frauds or failures (Pickett, 2018).

2.4.2 The 20th Century: Professionalization and Standardization

The 20th century saw the professionalization of internal control. The 1920s and 1930s, following the Great Depression and the McKesson and Robbins fraud (1938), led to increased attention on internal controls in the United States. The Securities and Exchange Commission (SEC) required publicly traded companies to have adequate internal controls. The American Institute of Certified Public Accountants (AICPA) issued the first formal definition of internal control in 1949, defining it as “the plan of organization and all methods and measures adopted within a business to safeguard assets, check accuracy and reliability of accounting data, promote operational efficiency, and encourage adherence to prescribed policies” (COSO, 2013).

The 1970s and 1980s saw the emergence of internal control as a distinct field of study and practice. The Foreign Corrupt Practices Act (FCPA) of 1977 in the United States required publicly traded companies to maintain accurate books and records and to have adequate internal controls. This legislation had global influence, including in Nigeria, where the Companies and Allied Matters Act (CAMA) later incorporated similar requirements (Ezeani and Nwadialor, 2020).

2.4.3 The COSO Framework (1992 and 2013)

The most significant development in internal control history was the publication of the COSO Internal Control – Integrated Framework in 1992 (updated in 2013). COSO defined internal control as a process with five interrelated components: control environment, risk assessment, control activities, information and communication, and monitoring. The COSO framework has become the global standard for designing, implementing, and evaluating internal control systems. It is used by public and private sector organizations worldwide, including governments, nonprofits, and educational institutions (COSO, 2013).

The 2013 update reflected changes in the business environment, including globalization, technological advances, and increased regulatory expectations. Key changes included the expansion of the reporting objective to cover internal and external, financial and non-financial reporting; increased emphasis on fraud risk assessment; and the use of technology in controls. This study adopts the 2013 COSO framework as the primary analytical tool for assessing internal control in Colleges of Education in Enugu.

2.4.4 Internal Control in the Nigerian Public Sector

In Nigeria, formal internal control systems in the public sector date back to the colonial era. The British colonial administration introduced financial regulations, audit departments, and treasury controls. After independence in 1960, successive Nigerian governments expanded these systems. The 1979 Constitution and subsequent constitutions created the office of the Auditor-General of the Federation and Auditor-General of each state, with powers to audit public accounts (Omolehinwa and Naiyeju, 2019).

The Public Procurement Act (2007) was a landmark reform that introduced mandatory internal controls over procurement: advertising of tenders, bid evaluation committees, certificate of “no objection” from the Bureau of Public Procurement, and prohibitions on contract splitting. The Financial Regulations (revised periodically, most recently in 2018) provide detailed internal control procedures for all federal government ministries, departments, and agencies (MDAs), including Colleges of Education. State governments have similar, though often less detailed, regulations (Okafor and Ugwu, 2019).

Despite these legal frameworks, implementation in Colleges of Education has been uneven. Studies by the Office of the Auditor-General consistently identify weaknesses in adherence to financial regulations, poor documentation, and ineffective internal audit. These historical and regulatory gaps underscore the need for this study.

2.5 Regulatory Framework for Internal Control in Nigerian Colleges of Education

2.5.1 National Commission for Colleges of Education (NCCE) Regulations

The National Commission for Colleges of Education (NCCE) is the statutory body responsible for regulating all Colleges of Education in Nigeria. The NCCE Act (Cap N15, Laws of the Federation of Nigeria, 2004) empowers the NCCE to set minimum standards for academic programs, physical infrastructure, staffing, and governance. Section 5 of the Act requires Colleges of Education to maintain proper accounts and internal control systems as prescribed by the Commission (NCCE, 2015).

The NCCE Accreditation Manual includes financial management and internal control as key criteria for accreditation. Colleges of Education must demonstrate that they have: (a) a functioning internal audit unit, (b) an audit committee of the Governing Council, (c) annual audited financial statements, (d) compliance with public procurement laws, and (e) proper asset registers. Failure to meet these standards can result in withdrawal of accreditation for programs or the entire institution. However, accreditation visits occur only every five years, and some institutions have been known to improve temporarily before a visit and then relapse (Nwankwo and Eze, 2020).

2.5.2 Financial Regulations of the Federal Government

The Financial Regulations of the Federal Government (2018, as revised) provide detailed internal control procedures for all federal MDAs, including Federal Colleges of Education. The regulations cover: (a) budget preparation and execution; (b) revenue collection and remittance; (c) expenditure authorization and payment; (d) procurement procedures; (e) inventory management; (f) banking arrangements; (g) internal audit; and (h) annual accounts. State Colleges of Education are governed by similar but state-specific financial regulations (Omolehinwa and Naiyeju, 2019).

Key internal control provisions include: the requirement for segregation of duties (Regulation 701), monthly bank reconciliations (Regulation 703), pre-audit of payment vouchers (Regulation 704), quarterly returns to the Accountant-General (Regulation 710), and the maintenance of fixed asset registers (Regulation 311). Despite these detailed regulations, the Office of the Auditor-General’s annual reports consistently cite non-compliance across public institutions, including Colleges of Education (Enugu State Auditor-General’s Report, 2020).

2.5.3 Public Procurement Act (PPA) 2007

The Public Procurement Act (PPA) 2007 is a landmark legislation designed to ensure transparency, competitiveness, and value for money in public procurement. The Act established the Bureau of Public Procurement (BPP) at the federal level and mandates the establishment of procurement planning committees in each MDA. Key internal control provisions include: (a) requirement for annual procurement plans, (b) advertising of bids for threshold amounts, (c) use of standard bidding documents, (d) bid evaluation committees with independent members, (e) prohibition of contract splitting, and (f) certificate of “no objection” from BPP for certain thresholds (Public Procurement Act, 2007).

Colleges of Education are subject to the PPA 2007 (for federal institutions) or state procurement laws (for state institutions). However, studies have documented widespread non-compliance, including splitting contracts to avoid competitive bidding, lack of procurement plans, and absence of bid evaluation minutes. Weak internal control over procurement exposes Colleges of Education to cost inflation, poor quality goods, and fraud (Adeyemi and Oluwafemi, 2021).

2.5.4 Treasury Circulars on IPSAS Implementation

The Federal Government, through the Office of the Accountant-General of the Federation (OAGF), has mandated the adoption of the International Public Sector Accounting Standards (IPSAS) accrual basis since 2016. Treasury Circulars require all MDAs, including Colleges of Education, to maintain fixed asset registers, recognize depreciation, and prepare accrual-based financial statements. This shift from cash to accrual accounting demands significantly stronger internal controls over asset management, inventory, and payables/receivables. Many Colleges of Education have struggled with this transition due to weak internal controls (Ezeani and Nwadialor, 2020).

2.5.5 Governing Council Oversight Regulations

The enabling statutes of each College of Education establish a Governing Council as the highest governance body. The Council is responsible for ensuring that the institution has adequate internal controls and that management implements audit recommendations. The Council is required to have an Audit Committee, chaired by a non-executive council member, with the internal auditor and an external auditor as members. The Audit Committee reviews the annual financial statements, internal audit reports, and external audit reports. However, in practice, many Audit Committees are ineffective, meeting infrequently and lacking members with financial expertise (Bamidele and Ogunleye, 2019).

2.6 Components of Internal Control: The COSO Framework

This study adopts the COSO (2013) Internal Control – Integrated Framework, which comprises five interrelated components. Each component is essential for effective internal control.

2.6.1 Control Environment

The control environment is the foundation of all other components. It encompasses the integrity, ethical values, and competence of an organization’s people; management’s philosophy and operating style; the way management assigns authority and responsibility; and the attention and direction provided by the board of directors (COSO, 2013). In Colleges of Education, the control environment is shaped by the leadership of the Provost, the Bursar, and the Governing Council.

A strong control environment includes: (a) a code of conduct that is communicated and enforced; (b) a commitment to competence through hiring and training; (c) clear organizational structure with defined reporting lines; (d) assignment of authority and responsibility; (e) sound human resource policies (recruitment, orientation, evaluation, discipline). Conversely, a weak control environment—where management circumvents controls, tolerates unethical behavior, or lacks integrity—makes other controls ineffective regardless of their design (Ijewereme and Okafor, 2019).

2.6.2 Risk Assessment

Risk assessment is the process of identifying and analyzing risks to the achievement of organizational objectives. Risks include financial risks (fraud, misappropriation), operational risks (equipment breakdown, staff shortages), compliance risks (violation of NCCE or procurement rules), and reputational risks (scandals). Once risks are identified, management assesses their likelihood and potential impact, then decides how to mitigate them (COSO, 2013).

In Colleges of Education, risk assessment should be performed annually or whenever there are significant changes (e.g., new provost, new funding model). However, many institutions in Enugu do not have formal risk assessment processes. Risks are managed reactively after problems occur, rather than proactively through controls. This reactive approach undermines safe and sound operations (Nnamani, 2021).

2.6.3 Control Activities

Control activities are the specific policies and procedures that help ensure management’s directives are carried out. They include both preventive controls (designed to prevent errors or fraud before they occur) and detective controls (designed to detect errors or fraud after they occur). Key control activities include:

• Authorization and approval: Transactions must be approved by appropriate personnel (e.g., department head, provost, council) based on delegated authority limits.
• Segregation of duties: No single individual should authorize, record, and maintain custody of a transaction. For example, the bursar should not both prepare cheques and reconcile bank statements.
• Physical controls: Assets (cash, inventory, equipment) should be physically secured, and access should be limited to authorized personnel.
• Reconciliations: Bank accounts, payroll, inventory, and other accounts should be reconciled regularly by someone independent of the transaction processing.
• Documentation: Transactions must be supported by adequate documentation (invoices, receipts, contracts) that is numbered sequentially and retained.

In Colleges of Education in Enugu, studies have found weaknesses in all these areas: inadequate segregation of duties due to understaffing, poor physical security over stores and equipment, failure to reconcile bank statements monthly, and missing documentation (Okonkwo, 2020).

2.6.4 Information and Communication

The information and communication component requires that relevant information be identified, captured, and communicated in a form and timeframe that enables people to carry out their responsibilities. Information includes financial data (budgets, actual expenditures, variances), operational data (student enrollment, staff attendance), and compliance data (regulatory filings). Communication must flow upward (subordinate to supervisor), downward (management to staff), and across (peer to peer) (COSO, 2013).

In many Colleges of Education in Enugu, information systems are manual or fragmented. Bursary departments may use spreadsheets, while academic departments use separate records. Communication of internal control policies to staff is often inadequate. New staff may not receive training on financial regulations, and existing staff may not be updated on changes. This lack of information and communication undermines control effectiveness (Adedayo, 2021).

2.6.5 Monitoring

Monitoring involves ongoing or separate evaluations to ascertain whether each component of internal control is present and functioning. Ongoing monitoring occurs during normal operations (e.g., supervisory reviews, reconciliations). Separate evaluations are performed periodically (e.g., internal audits, external audits). Deficiencies identified through monitoring should be reported upstream, and corrective actions should be taken promptly (COSO, 2013).

The internal audit unit is the primary agent of monitoring in public organizations. In Colleges of Education, internal auditors should report directly to the Governing Council, not to management. They should have unrestricted access to all records and personnel. However, studies in Enugu have found that internal audit units are often understaffed, underfunded, and lack independence. Even when audits are conducted, management frequently ignores recommendations, and councils do not enforce implementation (Bamidele and Ogunleye, 2019).

2.6.6 Integration of the Five Components

The five components of the COSO framework are not separate processes; they are integrated and operate together. A weak control environment undermines all other components. Poor risk assessment means controls may be misdirected. Weak control activities mean that risks are not mitigated. Inadequate information and communication means that people do not know their responsibilities or the state of controls. Ineffective monitoring means that deficiencies go uncorrected. For safe and sound operations, all five components must function effectively (Pickett, 2018).

2.7 Empirical Studies on Internal Control Effectiveness

2.7.1 International Studies

In the United States, the Sarbanes-Oxley Act (SOX) of 2002 required publicly traded companies to annually assess and report on the effectiveness of their internal control over financial reporting. Section 404 of SOX mandates that external auditors attest to management’s assessment. Research by Ashbaugh-Skaife et al. (2020) found that companies with material weaknesses in internal control had higher costs of capital, more financial restatements, and lower stock returns. This demonstrates a direct link between internal control effectiveness and organizational performance.

In the United Kingdom, the Turnbull Report (1999) and subsequent Corporate Governance Code require listed companies to maintain a sound system of internal control. Research by Carey and Simnett (2019) found that organizations with effective internal controls had fewer fraud incidents, higher audit quality, and greater investor confidence. They also found that internal audit independence and competence were key predictors of control effectiveness.

In the public sector, a study by the International Federation of Accountants (IFAC, 2018) examined internal control in government entities across 20 countries. The study found that entities with strong control environments, including leadership commitment and ethical culture, had significantly better financial management and compliance outcomes. Weaknesses in monitoring (internal audit) were the most commonly cited deficiency.

In Africa, a study by Onyango and Ochieng (2020) in Kenya examined internal control in public universities. Using the COSO framework, they found that control environment and monitoring were the weakest components. Only 40% of universities had functioning internal audit committees, and only 35% performed annual risk assessments. The study recommended mandatory training for council members and the establishment of university-wide risk registers.

2.7.2 Nigerian Studies

In Nigeria, several empirical studies have examined internal control in public organizations. Adebayo and Adebayo (2019) studied internal control in federal universities in South-West Nigeria. They found that control activities (especially segregation of duties) and monitoring (internal audit) were the weakest components. Only 25% of universities had implemented audit recommendations from the previous year. The study concluded that weak internal control contributed to the high incidence of fraud in the university system.

Eze and Okafor (2020) investigated internal control in state-owned tertiary institutions in Anambra State. Using a survey of bursary and audit staff, they found that lack of training, inadequate staffing, and management override of controls were major challenges. They recommended that governing councils should enforce compliance with financial regulations and that internal auditors should be appointed by the council, not by management.

Nwankwo and Ugwu (2021) examined the relationship between internal control and financial performance in Nigerian Colleges of Education. Using regression analysis, they found a positive and significant relationship: Colleges of Education with stronger internal controls had lower rates of financial irregularities and higher budget implementation rates. However, they noted that many institutions in the sample had weak control environments, with senior management actively circumventing controls.

Okonkwo (2020) specifically studied asset management controls in Enugu State public institutions, including Colleges of Education. He found that asset registers were incomplete or non-existent in 70% of institutions, physical verification was rarely conducted, and missing assets were not reported or investigated. This lack of control over assets exposed institutions to significant losses and operational inefficiencies.

Nnamani (2021) studied the competence of internal audit staff in South-East Nigerian tertiary institutions. Using a competence framework, he found that only 30% of internal audit staff had professional certifications (e.g., CIA, ACA), and only 20% had received any training in the past two years. Low salaries and poor working conditions made it difficult to attract and retain qualified auditors. Consequently, internal audit reports were often of low quality and had minimal impact on management decisions.

Bamidele and Ogunleye (2019) examined the independence of internal audit in federal universities in Nigeria. They found that in 60% of universities, the internal audit unit reported administratively to the Vice-Chancellor (management) rather than to the Governing Council, compromising independence. In addition, internal audit budgets were often approved by the same management that was being audited. The study recommended legislative reform to explicitly mandate reporting lines to the council.

Ijewereme and Okafor (2019) studied the impact of internal control on fraud prevention in public sector organizations in Lagos State. Using a sample of 100 organizations, they found that organizations with strong control environments (ethics training, code of conduct, whistleblower mechanisms) had significantly fewer fraud incidents. They also found that management review controls (e.g., budget variance analysis) were more effective than transaction-level controls in preventing fraud.

2.7.3 Studies Specific to Colleges of Education

Few studies have focused specifically on Colleges of Education in Nigeria. Adeyemi and Oluwafemi (2021) studied financial management practices in Colleges of Education in South-West Nigeria. They found that only 45% of institutions had functional internal audit units, and only 30% had audit committees that met at least quarterly. The study recommended that the NCCE should make internal control compliance a condition for accreditation.

In the South-East region, Nwankwo and Eze (2020) studied budget implementation in Colleges of Education, including those in Enugu. They found that weak internal controls led to significant variances between budgeted and actual expenditures, with many expenditures occurring without prior authorization. They also found that internal audit reports were frequently submitted late, after the fiscal year had ended, making it impossible to take corrective action during the year.

Ezeani and Nwadialor (2020) studied compliance with procurement regulations in Enugu State Colleges of Education. They found widespread non-compliance: contracts were split to avoid competitive bidding, procurement plans were not prepared, and bid evaluation committees either did not exist or did not meet. They concluded that weak internal control over procurement was a major source of financial leakage.

2.8 Challenges of Internal Control in Public Organizations

2.8.1 Management Override of Controls

One of the most significant challenges to internal control effectiveness is management override—where senior managers intentionally circumvent controls for convenience, personal gain, or to hide poor performance. Agency Theory predicts that managers, given the opportunity, may override controls because they have the authority and the ability to instruct subordinates to bypass procedures. In Colleges of Education in Enugu, examples include provosts approving expenditures without council authorization, bursars making payments without proper documentation, and senior staff using their positions to influence procurement outcomes (Okafor and Ugwu, 2019).

Management override is particularly difficult to prevent because the perpetrators are often the same people responsible for designing and monitoring controls. COSO (2013) recommends that organizations implement specific controls to mitigate override risk, such as requiring dual signatures for large payments, independent review of management approvals, and surprise audits. However, these controls are often absent or ineffective in public institutions (Pickett, 2018).

2.8.2 Inadequate Staffing and Competence

Many public organizations, including Colleges of Education in Enugu, suffer from inadequate staffing in key control functions. Bursary departments may have only one or two accountants for thousands of transactions. Internal audit units may have one or two staff members for an institution with hundreds of employees. Inadequate staffing makes it impossible to properly segregate duties, as the same person must perform multiple incompatible functions (e.g., recording cash and reconciling bank statements). This creates opportunities for error or fraud (Nnamani, 2021).

Even where staff are present, competence may be lacking. Public sector salaries are often lower than private sector equivalents, making it difficult to attract and retain qualified accountants and auditors. Many internal auditors in Colleges of Education do not have professional certifications and have not received recent training. As a result, they may not understand modern internal control concepts or the specific risks facing their institution (Bamidele and Ogunleye, 2019).

2.8.3 Lack of Independent Internal Audit

The independence of internal audit is a cornerstone of effective internal control. However, in many Nigerian public institutions, internal audit units lack genuine independence. They report administratively to the same management they are expected to audit, and their budgets are approved by management. Internal auditors who report critical findings risk being marginalized, denied training opportunities, or even transferred. This environment discourages auditors from reporting serious weaknesses (Ijewereme and Okafor, 2019).

Even where internal audit is nominally independent, the quality of its work may be poor. Audit plans may not be risk-based; audits may focus on routine compliance rather than high-risk areas. Reports may be delayed, poorly written, or lacking in actionable recommendations. Management may respond with token actions or simply ignore the findings. Without an effective audit committee of the Governing Council to champion internal audit, the function remains weak (Onyango and Ochieng, 2020).

2.8.4 Inadequate Technology and Automation

Many Colleges of Education in Enugu still rely on manual or semi-manual accounting systems. Cashbooks are handwritten, ledgers are maintained on paper, and spreadsheets are used without proper controls over versioning and access. Manual systems are prone to arithmetic errors, are difficult to reconcile, and are vulnerable to loss or destruction. They also provide fewer audit trails than automated systems (Adedayo, 2021).

Automated accounting systems (e.g., SAGE, QuickBooks, or government ERP systems) offer many advantages: automatic calculations, built-in controls (e.g., approval workflows, access restrictions), easy report generation, and audit trails. However, many institutions lack the hardware, software, or technical expertise to implement these systems. In some cases, systems have been procured but are not used because staff have not been trained. The transition to IPSAS accrual accounting makes automation even more critical, yet many institutions are struggling (Okonkwo, 2020).

2.8.5 Weak Governing Council Oversight

The Governing Council is the ultimate oversight body for internal control in a College of Education. However, many councils are ineffective. Members may be political appointees with no financial or audit expertise. They may meet only once or twice per year, and meetings may be dominated by non-financial matters. The Audit Committee of the council may be dysfunctional, with members not understanding their roles or not having access to necessary information (Ezeani and Nwadialor, 2020).

Furthermore, councils may not hold management accountable for internal control failures. Even when audit reports are presented, councils may accept management’s explanations without probing, or they may defer action to subsequent meetings that never occur. In some cases, council members themselves may be complicit in control failures, especially if they have personal or political ties to management (Nwankwo and Eze, 2020).

2.8.6 Political Interference and Funding Volatility

Colleges of Education are public institutions subject to political interference. Politicians may pressure management to award contracts to favored firms, employ unqualified staff, or release funds without following due process. Such interference directly undermines internal controls. Similarly, the volatile funding environment for public institutions—late release of budgets, partial releases, or abrupt cuts—makes it difficult to plan and maintain consistent controls. Desperate for funds, management may bypass controls to pay salaries or keep the institution running (Nnamani, 2021).

2.8.7 Cultural Factors and Impunity

In some Nigerian public institutions, there is a culture of impunity where internal controls are seen as obstacles to be circumvented rather than safeguards to be respected. Senior staff may believe that rules apply only to junior staff, or that “government money” belongs to no one and can be treated casually. This cultural factor, reinforced by the low probability of detection or punishment for control violations, undermines even well-designed controls (Okafor and Ugwu, 2019).

2.9 Internal Control and Organizational Performance

2.9.1 Financial Performance

A substantial body of research demonstrates a positive relationship between internal control effectiveness and financial performance. For for-profit organizations, effective internal control reduces fraud losses, improves working capital management, and enhances investor confidence, leading to lower cost of capital and higher profitability (Ashbaugh-Skaife et al., 2020). For public sector organizations like Colleges of Education, financial performance is measured by budget implementation rates, value for money, and absence of financial irregularities.

Studies in Nigeria have found that public institutions with stronger internal controls have higher budget implementation rates (i.e., they spend their allocated funds as planned), fewer audit queries, and lower rates of fund diversion (Nwankwo and Ugwu, 2021). Conversely, weak internal controls lead to delayed reporting, unreconciled balances, and unsubstantiated expenditures, all of which attract audit queries and may result in sanctions or recovery proceedings.

2.9.2 Operational Performance

Internal control also enhances operational performance. Control activities such as authorization, approval, and reconciliations ensure that resources are used for their intended purposes. Physical controls over assets (e.g., locks, access logs, asset registers) reduce losses and improve asset availability. Performance review controls (e.g., comparing actual to budget, variance analysis) help management identify inefficiencies and take corrective action (COSO, 2013).

For Colleges of Education, operational performance includes metrics such as timely payment of salaries, availability of teaching materials, maintenance of facilities, and completion of capital projects. Weak internal controls have been associated with delayed salary payments (due to unremitted deductions), lack of laboratory equipment (due to procurement delays), dilapidated buildings (due to maintenance funds being diverted), and abandoned projects (due to contract inflation and poor oversight) (Adeyemi and Oluwafemi, 2021).

2.9.3 Compliance Performance

Compliance with laws and regulations is a major objective of internal control. For Colleges of Education, key regulations include the NCCE Act, Financial Regulations, Public Procurement Act, tax laws (PAYE, VAT, withholding tax), pension laws, and environmental regulations. Effective internal control ensures that the institution obtains necessary permits, files required returns, withholds and remits taxes on time, and follows procurement rules (Ezeani and Nwadialor, 2020).

Non-compliance can result in penalties, loss of accreditation, legal action against management, and reputational damage. The EFCC and ICPC have prosecuted provosts, bursars, and other officers for non-compliance with procurement and financial regulations. Internal control is the first line of defense against such legal exposures.