Moderating Effect of Government Regulations on Internal Control System and Fraud Prevention. A Case Banking Sector in Kenya

The main purpose of the study was to establish the moderating effect of government regulations on the relationship between internal control system and fraud prevention in baking sector. Structured questionnaire was used as tool for data collection. The study was based on all banks registered and operating in Kenya and the questionnaires were meant for branch managers, operations mangers and cash managers in head offices of all banks. One hundred and seventeen questionnaires were distributed and officers from 33 banks out 39 banks returned fully filled questionnaires. The questionnaires were analyzed using Structural equation Model (SEM). The findings indicated that the government regulations have significant moderating effect of control environment and risk assessment. However, there was insignificant moderating effect on control activities, communication and monitoring of activities. The study suggested that further studies and analysis should be undertaken to establish those legislations and regulations that should be enhanced, abolished and also establish need of new laws to enhance the functions of internal control system.


Introduction
Fraud is the act of denying a person something which such an individual is or would be entitled to in a dishonest manner. Fraud may include and not limited embezzlement, theft or any attempt to steal or unlawfully obtain or misuse the asset and manipulation of financial statement for personal gain (Ikeotuonye Victor and NnennaLinda, 2016). Fraud is manifested globally and differs in magnitude in both developing and developed countries. Fraud leads to loss mostly in monetary form in businesses and economies of countries, it may also administration and developments in countries (Nwankwo, 2013). Fraudulent activities have become more common in organizations however more extensive in financial institutions such as banks due to the instruments of their trade. Banks are more exposed to fraudulent activities as they deal in liquid cash which is easier to use and cash equivalent which can be converted into liquid cash very fast. Frauds generally cause losses which include but not limited to psychological, financial and operational (Adetiloye et al., 2016). Most banks have failed due to frauds which has led to a lot of suffering of the stakeholders (Nwankwo, 2013).
Fraud in banks have become a big challenge in different in developed and developing economies. Fraud in banks affect the stability and credibility of the banks negatively causing distress. Frauds negatively affect the performance of banking sector and economy as a whole (Nwankwo, 2013). Hong and Paek (2014), in their study observed that the fraudsters will mostly manipulate special items rather than the operating ones. In United States of America, In 2014, there were 14 cases of bank failures in the US which banks failed and this was an improvement from previous year of 2013 where at least 16 banks had collapsed (Karagiorgos et al., 2011). In India the use of internet has increased opportunities for fraudsters to commit crime, especially in inter-branch transactions loans and while depositing money (Madan, 2013).
A research study by Ikeotuonye Victor and NnennaLinda (2016) showed that, Nigerian banking industry lost approximately 25.61 billion naira through fraud and forgeries in year 2014 only. In 2013 the industry had lost 21.80 billion naira which showed that the fraudulent were on the increase. East African banking sector had lost 48.3 united states dollars between 2011 and 2012 (Kabue and Aduda, 2017) Chase bank in Kenya collapsed in 2015 after audit report revealed a loss 15 billion Kenya shillings (Kshs.) however the bank had reported a loss Kshs. 742 and in 2014 had reported a profit of Kshs. 2.3 billion. Price Waterhouse Coopers (PWC) (2018) carrried a survey and in the survey, it was reported that fraud targeting customers was at 65% in 2018. It was further reported that fraudulent cases involving top managers and employees were on decline between 2016 and 2018, from 70% to 62%. however fraudulent cases involving external entities increased from 17% to 30% in the same period.
Perpetrations of financial frauds in banks have continued despite of controls put in place to prevent and control the acts of stealing. The controls are sometimes compromised by the employees in order to defraud the institutions (Adetiloye et al., 2016). Fraud should be examined, studied and attributed to many factors and multifaceted approaches. One should mainly focus on the opportunities to commit fraud, motivational factors, rational of committing crime, technical ability and suitability of the target (Sharma and Sharma, 2017).
Internal control system (ICS) requirement in banks is vital due the fact that banking sector plays very important role in development of economy in any country. Most countries are faced by instabilities of macro-economics, slow real economic risks of fraud and corruption. The ICS in banks can reduce these vices that affect the economy negatively (Kumuthinidevi, 2016). Commission of Sponsoring Organization (COSO) stated that ICS is said to work properly if the five components -control environment, risk assessment, control activities, communication of information and monitoring present and functioning well (Commission of Sponsoring Organization, 2013). Control environment are factors which determine the effectiveness of policies, procedures and methods specific to a process (Ikeotuonye Victor and NnennaLinda, 2016). The control environment comprises the ethical values of the organization and integrity, these parameters enable the top management to carry out its governance oversight responsibilities; the organizational structure and assignment of authority and responsibility; the process for attracting, developing, and retaining competent individuals; and the accuracy of performance measures, incentives, and rewards to drive accountability for performance. The resulting control environment has a pervasive impact on the overall system of internal control (Akwaa-Sekyi and Gené, 2016). Price water House Coopers (2012) indicated that, the control environment includes the governance and management functions and the attitudes, awareness, and actions of those charged with governance and management concerning the entity's internal control and its importance in the entity.
Communication of information is concerned with identification, capture and exchanging of operational, financial and compliance related information on timely bases. Information that is relevant, accurate, appropriate, understandable, accessible and timely will enable personnel in the organization to manage, conduct and control operations (AbiolaI and Oyewole, 2013). According to Badara and Saidin (2013) relevant information must be identified, recorded and communicated in a form and time frame that will allow people to carry out their responsibilities. Communication of information can reduce the risk of fraud. Lack of proper safe means of receiving and disseminating information to the relevant authority for action increases cases of non-reporting of suspicious activities that leads to fraud (Hayali et al., 2013). Information sharing is an important tool for alerting the concerned parties about any suspicious activity and fraud prevention. The shared information by reserve or central bank about methods of operations incase of fraud cases reported help in identifying loopholes, initiation of corrective measures and encourage review of guidelines (Chakrabarty, 2014).
Monitoring is the evaluation of the events and transactions of the organization to determine whether performance of the organization is qualitative and to check effectiveness of the controls. Monitoring involves all management oversight of the ICS (Etengu and Amony, 2016). Commission of Sponsoring Organization (2013) stated that continuous evaluations or separate evaluations or combination of the two evaluations are used to assess the presence and functionality of ICS components. Assessment of ICS can also be done through internal and external audits to determine the effectiveness (Kumuthinidevi, 2016). The staff on the other hand have responsibilities of evaluating various systems of internal controls and enhance them where needed. Any discovered deficiencies should be addressed immediately and added to the overall systems of internal control (AbiolaI and Oyewole, 2013). The staff on the other hand have responsibilities of evaluating various systems of internal control and enhance them where needed. Any discovered deficiencies should be addressed immediately and added to the overall systems of internal control (AbiolaI and Oyewole, 2013). By monitoring, internal control activities are continuously kept under strict watch and their performance are assessed. This what the whole organization should engage in, indicating that fraudulent actions are revealed and dealt with within soonest possible. Where an organization lacks proper evaluation mechanisms of its own policies and frequent revision of it practices, the organization risks being defrauded by employees who are used to the practices and who might find a way to conceal their fraudulent activities (Hayali et al., 2013).
Kenyan banking sector is robust in sub-Saharan Africa and it has expanded all over East Africa in which at least 282 of Kenyan banks' branches are situated. This expansion of banking sector has increased regulatory challenges to the government. These challenges has pushed the East African central banks to harmonize the supervisory and regulations programs to oversight the banks effectively in the region (Mwega, 2014). Banking regulations are important as banks affect the economic performance of a country. Kenyan banking regulations are meant to deter proliferation and improve customers and investors' confidence by preventing banks failures (Osano and Gekara, 2018). Financial services regulatory framework in Kenya involves various agencies that focus on different segments. The regulatory structure attracts a lot of politicking which in return leads to slow development and applications of regulations (Okioga, 2013). CBK introduced credit regulations through financial institutions in order to protect the depositors, ensure criminals do not use banks in their activities as well as ensure banks maintain confidentiality. Regulations of credit is also important in cautioning against risks (Musabi and Mbithi, 2018). Banking regulations may sometimes be complex and difficult to interpret (Gündoğdu, 2013)

Internal Control System and Fraud
Financial problems experienced in recent time have demonstrated that in some organizations mostly in financial institutions, risk-management and internal control practices were ineffective or imperfect (Ali, 2013). International Federation of Accountants (IFAC) indicated that previously many organizations focused on financial reporting controls until many more financial crises arose (International Federation of Accountants, 2012). Tunji (2013), noted that collapse of ICS in any organization will lead to the failure or suffering of the organization. Karagiorgos et al. (2013) in their research indicated that the bank failures have mostly been due to fraud. Basle committee analyzed the situations leading to bank failures and it observed that the failures and losses in banks could have been avoided had the banks maintained strong ICS. Karagiorgos et al. (2013), in their research observed that strong ICS are pertinent to the banks due to their susceptibility to fraud. Similarly banking sector in Nigeria has suffered a lot due to mismanagement resulting from either lack of adherence to laid down principles and policies that have been established by the management or lack of ICS (Ifeanyi et al., 2011). Some banks in Kenya have collapsed and others placed under receivership because of frauds connected latest cases being Imperial and Dubai banks due to weak or undermined ICS (Gesare et al., 2016). The ICS has five components and ICS is said to operate properly in all the components are present and working. Various studies have been undertaken on components of ICS.

Control Environment
The study undertaken by gave mixed results on the significance of control environment in enhancing the effectiveness of the ICS in listed banks in Nigeria (Iorsue et al., 2018). Research findings by Kumuthinidevi (2019) showed that control environment in some banks were strong while others were weak. The study undertaken on the effectiveness of ICS in Ghanaian banks indicated that the control environment was strong (Ayagre et al., 2014). Further findings on ICS showed that the control environment had significant effect on financial performance of Nongovernmental organizations in Uganda (Etengu and Amony, 2016). The study on risk management in commercial banks undertaken in Kisii County in Kenya found that the control environment has positive significant influence in risk management in commercial banks (Gesare et al., 2016). The reviewed studies gave different results on control system, they were undertaken from different sectors and none however established the role of the government regulations on the relationship between the variables. Therefore, this study analyzed the moderating effect of government regulations on the relationship between the control environment and fraud prevention. It was hypothesized that: H 01 : Government regulations do not moderate relationship between control environment and fraud prevention in banking sector.

Risk Assessment
The study by Akwaa-Sekyi and Gené (2017) showed that risk assessment significantly and negatively affect risk on credit. Risk assessment has been found to be strong in Al Rajhi bank and at the same time weak Alinma Bank as per the study findings on effectiveness of ICS in private banks (Kumuthinidevi, 2019). Risk assessment has been found to have significant influence on the financial performance of institutions of higher learning (Muhunyo et al., 2018). Conference findings presented by Thao (2018) showed that risk assessment had neutral effect on ICS in private joint stock commercial banks. Tong et al. (2014), studied internal control in enterprises controlled by the Chinese government and they found risk assessment was not satisfactory. The reviewed gave contradicting results, however the issues of government regulations were not studied. The study therefore hypothesized that H 02 : Government regulations do not moderate relationship between risk assessment and fraud prevention in banking sector.

Control Activities
The study by Kumuthinidevi (2016) on the effectiveness of ICS in private banks found that the control activities have moderate effect. The control activities in small, medium and micro enterprises in South Africa were found have limited influence and adequacy of ICS as per the findings of research undertaken by Bruwer et al. (2013). Muhunyo et al. (2018), in their research findings found that control activities have significant influence on the financial performance of institutions of higher education in Kenya. The mixed results from different studies reviewed shows that there is no consensus among researchers on control activities. This study focused on hypothesis that: H 03 : Government legislations do not moderate relationship between control activities and fraud prevention in banking sector.

Communication of Information
The findings by Thao (2018) on effectiveness of ICS in private banks indicated that information communication systems were neutral in establishing effectiveness of ICS. The research study by Rafindadi and Olanrewaju (2019) on impact of ICS on financial accountability of non-governmental organizations found that non-governmental organizations did not have effective communication mechanisms that affected their operations and delivery of services. The banks in Jordan have been found to have sound and effective policies in communication that bare capable of generating high quality and relevant information (Salameh, 2019). Michael (2016), studied the ICS in Nigerian churches and it was concluded that there was poor communication between the leaders and other staff. The reviewed studies focused on ICS in various sectors and none studied the role government regulations play besides the studies gave different results. The study therefore hypothesized that: H 04 : Government regulations do not moderate relationship between communication of information and fraud prevention in banking sector.

Monitoring of Activities
Self-assessment or monitoring has been found to be neutral in determining the effectiveness of ICS in private joint-stock commercial banks (Thao, 2018). Monitoring is able to identify the shortcomings of the ICS and also facilitate communication of these problems to the responsible people for rectifications (Koutoupis and Pappa, 2018). The study findings by Michael (2016) indicated that monitoring of activities in Nigerian churches were not effective in ensuring that the internal controls are complied with. Salameh (2019), studied the impact of ICS on the quality of financial statements in banks based in Jordan, in the study it was concluded that there is significant relationship between the monitoring and quality of financial statements. The conclusions on monitoring activities in the reviewed studies were divergent and therefore required further analysis. The study intended to expand the analysis by including government regulations. The study hypothesized that: H 05 : Government regulations do not moderate relationship between monitoring of activities and fraud prevention in banking sector.

Methodology
The study used census where all banks in Kenya were targeted. Kenya has 42 banks registered and operating as records of Central Bank of Kenya. The study omitted some three banks Chase, Imperial and Dubai banks that have either collapsed or put under statutory management by the Central Bank of Kenya. One hundred and seventeen questionnaires were distributed and the respondents were the Branch managers, Operations managers and Cash supervisors or managers in the head offices on the banks. The questionnaires that were duly filled were received from 33 banks out of the targeted population of 39 banks which translated to 84.6% response rate as the banks were research unit. factor analysis was undertaken to reduce the number of variables, the reliability and validity tests were undertaken to determine the suitability of the variables. The questionnaires were analyzed using structured equation model (SEM) for hypothesis testing purposes.

Reliability and Validity Test
The questionnaires were analyzed for reliability and validity. The reliability was tested using Cronbach alpha. The Cronbach alpha for the items presented in the questionnaire must be at least 0.7 (Sukirman, 2019). The reliability test results are presented in table 4.1. The Cronbach alpha ranges between 0.785 and 0.913. The average Cronbach alpha is 0.848 which is within acceptable value of Cronbach's alpha of measuring reliability which is between 0.7 and 0.9 as recommended by (Mohajan, 2017).
Average Variance Extracted (AVE) is used to measure convergent and discriminant validity. The AVE and cross loadings must be at least 0.5 for discriminant and convergent validity to be achieved (Sukirman, 2019). The values of AVE and cross loadings are presented in table 4.2 and from the results that show all values above minimum requirement, it was concluded that the minimum criterion was met and all items were suitable for further analysis.

Adequacy and Sphericity Tests
The KMO test indices should fall between 0 to 1. The value of 0.5 or more meet the criteria of adequacy of sample (Ngoc, 2019) Bartlett's test of sphericity tests the hypothesis that the correlational matrix is an identity matrix (Watkins, 2018) The Bartlett's test statistics must be significant (p<.05) for factor analysis to be suitable (Williams et al., 2010). Table 4.3 shows the KMO test on adequacy of sample and Bartlett's test of sphericity tests which indicate that the data meet the cut off criteria required. .000

Hypotheses Test Results
The study objective was to establish the moderating effect of government legislation on the relationship between the ICS and fraud prevention  The regression results on moderating effect of government regulations on the relationship between various components of ICS and fraud prevention are shown in table 4.4. The results indicate the various coefficients on independent variables, t values and p values that were used to test hypothesis on moderating effect of government legislations on various independent variables in fraud prevention. Different components of ICS were used to create hypotheses on moderating effect of government legislations on the relationship between ICS and fraud prevention.

Control Environment and Fraud Prevention
The study findings on table 4.4 shows that control environment has a t value of -2.490 and a p value of 0.013 which is less than the critical p value of 0.05. The t value is less than the critical value of 1.694 and falls in rejection region. Therefore, the null hypothesis was rejected and it is concluded that government regulations do moderate the relationship between control environment and fraud prevention. The results imply that the laws provided by regulating authorities and government do affect the organization culture and operations which on the other hand contribute in prevention of fraud in banks.

Risk Assessment and Fraud Prevention
The study results on table 4.4 indicate that risk assessment has t value of 2.068 and p value of 0.039 which is less than critical p value of 0.05. The t value falls in rejection region. Therefore, it is concluded that government regulations do moderate the relationship between risk assessment and fraud prevention. This implies that government legislations put in place do help in assessing and preventing risks of fraud or the organizations do consider the legislative and regulatory framework to be important to be used in organizations to assess and act on risk of fraud.

Control Activities and Fraud Prevention
The test statistics of control activities are t = -1.703 and p = 0.087 as shown in table 4.4. These values are less and greater than critical values of t = -1.694 and p = 0.05 respectively. Therefore, the null hypothesis is not rejected and it is concluded that government regulations do not moderate relationship between control activities and fraud prevention. The findings imply that the laws and regulations provided by government and other regulatory authorities are not effective in ensuring that the control activities are strengthened and seal all loopholes that might be capitalized on by the fraudsters to commit fraud.

Communication of Information and Fraud Prevention
Study findings shows that communication of information test statistics (t = -0.927, p = 0.354) also falls in nonrejection region. Therefore, the null hypothesis is not rejected. It is therefore concluded that Government regulations do not moderate relationship between communication of information and fraud prevention in banking industry in Kenya. These findings imply that if there are legislations and regulations that govern how to communicate in order to prevent fraud, these laws are not adhered to or the concerned staff may not be well conversant with legislations thus they are not able apply or utilize them properly for the benefit of their organizations.

Monitoring of Activities and Fraud Prevention
The study findings pertaining to monitoring of activities shows a t value of 1.640 which is less than the critical value of 1.694 and p value of 0.101 which is greater than critical value of 0.05 therefore falls in rejection region. It was therefore concluded that Government regulations do not moderate relationship between monitoring of activities and fraud prevention in banking industry in Kenya. These findings imply that government regulations in place are not able to enhance monitoring of activities to work properly in ensuring that the mechanisms put in place to address fraud menace are tight and operational. It may also indicate that the regulations by government pertaining to proper monitoring are not considered or are not taken seriously by the concerned individuals as they should.

Recommendations
The findings also showed that the government regulations do not have moderating effect on the relationship between control activities, communication of information and monitoring of controls and fraud prevention. It is recommended that the government and other regulatory bodies to put in place stringent legislations and ensure that the banks follow them. The government should introduce regular and strict inspection of banks to ensure that the laws are followed. Inspections will ensure that the government will be able to notice loopholes in the laws that are used in order to manipulate the financial statements. It is also recommended that heavy penalties and fines for the organizations and individuals who violates the laws. Punishing the fraud perpetrators will have punitive and deterrent effect that will discourage others from engage in activities that might lead to fraud. The government should introduce an office that will be responsible for ensuring that the laws are followed by the banks. The office should not replace the already existing regulatory bodies but should be able to supplement these bodies. The government should also come up with the policy document that can be able seal the loopholes in accounting standards and other regulations that are used by the firms to manage earnings and defraud the investors.
The study recommends that research study should be carried out to establish the government legislations and regulations that can be used, ones that need to amended or abolished in order to improve and strengthen the ICS to protect the investors' investments and grow the economy.