About the Author(s)


Juan-Pierré Bruwer Email symbol
Graduate Centre for Management, Cape Peninsula University of Technology, Cape Town, South Africa

Philna Coetzee symbol
College of Accounting Sciences, University of South Africa, Pretoria, South Africa

Jacolize Meiring symbol
Department of Taxation, University of South Africa, Pretoria, South Africa

Citation


Bruwer, J-P., Coetzee, P. & Meiring, J., 2019, ‘The perceived adequacy and effectiveness of internal control activities in South African small, medium and micro enterprises’, Southern African Journal of Entrepreneurship and Small Business Management 11(1), a148. https://doi.org/10.4102/sajesbm.v11i1.148

Original Research

The perceived adequacy and effectiveness of internal control activities in South African small, medium and micro enterprises

Juan-Pierré Bruwer, Philna Coetzee, Jacolize Meiring

Received: 28 July 2017; Accepted: 02 Apr. 2019; Published: 22 Aug. 2019

Copyright: © 2019. The Author(s). Licensee: AOSIS.
This is an Open Access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

Background: South African small, medium and micro enterprises (SMMEs) add significant socio-economic value to the national economy. Unfortunately, up to 80% of these business entities fail after being in existence for only 4 years. Previous research shows that a probable reason for the latter dispensation is that these business entities make use of ineffective and/or inadequate internal control systems which, inter alia, comprises inadequate internal control activities.

Objectives: This study seeks to ascertain whether internal control activities implemented in South African SMMEs have an effect on the perceived adequacy and effectiveness of their overall internal control systems.

Method: Though exploratory in nature, this study followed an empirical stance through the assistance of survey research. Data were collected from 119 SMME managers and 98 employees of South African SMMEs operating in the fast-moving consumer goods industry.

Results: Although only 18 of the 64 tested relationships are found to be statistically significant, none of the formulated hypotheses can be rejected as relevant statistically significant predictions can be made in relation to the perceived adequacy and effectiveness of internal control systems when applicable internal control activities of these business entities are taken into account.

Conclusion: This study provides a foundation for future studies to both scrutinise and enhance the internal control environment in South African SMMEs, ultimately improving the sustainability rate of South African SMMEs.

Keywords: Internal control systems; internal control activities; SMMEs; adequacy; effectiveness.

Introduction

Although South African small, medium and micro enterprises (SMMEs) were only formally recognised by the national government in 1996 through the publication of the National Small Business Act No. 102 of 1996 (South Africa 1996), these business entities have added significant socio-economic value1 to the national economy from as early as the 1980s (Rogerson 1997; Visagie 1997). However, since the early 2000s, South African SMMEs have been found to have one of the worst sustainability rates in the world (Wiese 2014), with up to 80% of these business entities failing after being in existence for only 4 years (Cant & Ligthelm 2002; Cant & Wiid 2013; Moloi 2013; Van Eeden, Venter & Viviers 2003). According to Bruwer and Coetzee (2016), the latter dispensation can partially be blamed on the inadequate and/or ineffective utilisation of internal control activities.

Internal control systems are collections of various inter-related elements that should collectively provide reasonable assurance to management surrounding the attainment of relevant business objectives (Agbejule & Jokipii 2009; Lee 2013; Spira & Page 2003). One of these elements is internal control activities, which are those activities, as implemented by management, that should assist management with the mitigation of risks by either preventing risks from occurring and/or detecting loss events after risks have materialised (Committee of Sponsoring Organizations of the Treadway Commission [COSO] 2013; McNally 2013). These activities can be manual and/or automatic in nature and are generally demarcated into five categories, namely, adequate document usage and design, proper authorisation activities, safeguarding of assets, segregation of duties and independent checks (COSO 2013). However, Siwangaza (2013) found that South African SMMEs have inadequate and/or ineffective internal control systems because they do not provide reasonable assurance in relation to the attainment of relevant business objectives. Bruwer (2016) found that South African SMMEs predominantly make use of customised internal control activities that primarily consist of preventive measures, which are strongly associated with the categories of ‘independent checks’ and the ‘safeguarding of assets’. Because SMMEs are mainly informal in nature (IFC 2013), it is unsurprising that these business entities have mostly unstructured systems and processes (Lee & Ahn 2009; Majid, Dora & Kamarudin 2008). Even so, research supports that, at a minimum, business entities should have basic internal control activities (Tazilah & Hussain 2015) to ensure that internal control systems will be able to support management in achieving their business objectives, supporting the sustainability of the business.

As mentioned before, research has been conducted in understanding the internal control system and internal control activities implemented within South African SMMEs. However, a gap exists in the current body of knowledge with reference to the effect of individual control activities implemented on the adequacy and effectiveness of the adequacy and effectiveness of internal control activities, as well as on the adequacy and effectiveness of the overall internal control system. When taking into account that the element of ‘internal control activities’ is a critical part of a sound internal control system, which directly affects the ability of a business entity to mitigate risks (Petersen 2018), it is important to understand this relationship – both from a practical- and theoretical perspective.

To this end, the main objective of this study is to determine whether internal control activities implemented in South African SMMEs have an effect on the perceived adequacy and effectiveness of their overall internal control systems. This study aims to (1) provide insight into South African SMME management regarding the relationship between their business entities’ internal control activities and their business entities’ systems of internal control, and (2) provide empirical evidence to policymakers that South African SMMEs are in need of a flexible, affordable and relatively formal internal control framework. For the remainder of this study, relevant discussion takes place under the following headings: theoretical framework and development of hypotheses, research design, methodology and methods, results, discussion, conclusion and recommendations.

Theoretical framework and development of hypotheses

A system of internal control is usually underpinned by the agency theory (Jensen & Meckling 1976) where the ‘principle’ (owner) of a business is separated from its business by employing an ‘agent’ (e.g. manager) to tend to internal control matters.2 Notwithstanding the latter, within the management of smaller businesses (such as SMMEs), where management and owners are much closer or even the same individual(s), this theory becomes obsolete, and internal control systems may most likely be viewed within the context of the neo-institutional theory. The neo-institutional theory (DiMaggio & Powell 1983), building on the institutional theory, explains the similarity and stability of organisational arrangements within a given population or field of organisations (Greenwood & Hinings 1996), such as SMMEs. Internal control implementations within a SMME-landscape are thus viewed from the influence of institutionalised rules (e.g. COSO framework) and environments (e.g. sound internal control system that is mandated by numerous legislation and governance guidance documents, worldwide) (Heugens & Lander 2007). DiMaggio and Powell (1983) identified three influential mechanisms that affect the latter, namely, coercive mechanisms (societal and organisational pressures), normative mechanisms (professionalism) and mimetic mechanisms (building on best practices or successful role models).

With regard to internal control evident n SMMEs, it is therefore highly probable that existing business entities imitate successful business entities and adopt aspects of an array of internal control systems, with the main intent to assist in the achievement of their objectives (Coase 1937; Etzioni 1964) – referring to the mimetic mechanisms. More importantly, coercive measures, resulting from, inter alia, legitimated rules and structures, such as a sound internal control system that is based on a formal framework, underpin this study, referring to understand the adequacy and effectiveness of the internal control system (Greenwood & Meyer 2008).

Adequacy and effectiveness

Within the internal control concept, the terms ‘adequacy’ and ‘effectiveness’ have a very specific context (IIA 2019). The term ‘adequacy’ refers to a type of state of being reasonable, fair or acceptable (Cambridge Dictionaries Online 2019a). In layperson’s terms, it relates to whether something is ‘good enough’. In turn, the term ‘effectiveness’ can be defined as the ability to be successful or producing intended results (Cambridge Dictionaries Online 2019b). In layperson’s terms, it relates to whether something is ‘working as intended’. It is therefore first important to ensure that a specific internal control activity(ies) (and collectively the internal control system) is(are) adequate to mitigate (a specific) risk(s), meaning that a specific activity can mitigate numerous risks. Thereafter these activities can be tested for their effectiveness in reaching its objective in mitigating such risks. These two measures are used in this study as a proxy in determining whether internal control activities, as well as internal control systems, are sound.

Internal control systems

Although most businesses around the globe have some form of an internal control system in place to ensure that relevant objectives are met, whether these systems are actually achieving their objectives is questionable, especially because research over the years has resulted in mixed findings. Chenhall (2003) concludes that in order for internal control systems to be successful, it must be designed within the organisational context and have a formal structure. However, Stacey (2016) avers that the same success can be achieved through implementing carefully, thought-through, customised internal control systems. The importance of a sound internal control system is placed in perspective by previous studies (Langfield-Smith & Smith 2003; Simons 2013) where it was found that a sound system of internal control is non-negotiable to renew business strategies, adapt to ever-changing environments and build trust with relevant stakeholders.

Studies support that for an internal control system to help a business achieve its objectives, it should: (1) enhance the effectiveness, efficiency and economy of business operations; (2) assist with the compliance with applicable rules, regulations, policies and procedures; (3) safeguard relevant assets, and (4) fortify the integrity of both financial information and non-financial information (Adeniyi & Aramide 2014; IIA 2013).

In addition, such an internal control system needs to be both adequate and effective in its approach (Agbejule & Jokipii 2009; McNally 2013; Nicolăescu 2013; Rose 2015). To improve the internal control systems, to meet both relevant adequacy and effectiveness measures, many bodies have developed formal internal control frameworks over the years such as Criteria of Control Framework (CoCo) of 1995 as developed by the Canadian Institute of Chartered Accountants (1995); the Control Objectives for Information and Related Technology (COBIT) Framework of 1996 (last updated in 2013) as developed by the Information Systems Audit and Control Association (ISACA 2012); and the Integrated Internal Control Framework of 1992 (last updated in 2013) as developed by the Committee of Sponsoring Organisations (COSO 2013).

As one of the first developed internal control frameworks, it seems that the COSO Integrated Internal Control Framework is the most widely used framework in the world (Martin, Sanders & Scalan 2014). This framework is a structured process that consists of five inter-related elements, which, in turn, should, if implemented correctly, provide reasonable assurance to management surrounding the attainment of business objectives in the foreseeable future. The five inter-related elements comprise the following: (1) control environment (overall attitude of management towards internal control), (2) risk management (identification, evaluation and treatment of risks), (3) internal control activities (mitigating risks through preventive and detection initiatives), (4) information and communication (sharing of information with stakeholders), and (5) monitoring (ensuring that the system of internal control functions as intended).

In a South African dispensation, Siwangaza (2013) found that the internal control systems in SMMEs are inadequate and/or ineffective, with Bruwer (2016), as well as Bruwer and Siwangaza (2016), concluding that the control environment and the internal control activities, both elements of a sound internal control system, evident in South African SMMEs, were customised and displayed characteristics of inadequacy and/or inefficiency. Hence, clear tangent planes emerge that the overall adequacy and/or effectiveness of South African SMMEs’ internal control systems and the adequacy and/or effectiveness of their relevant inter-related elements may be strongly related.

Internal control activities

As previously mentioned, internal control activities, as one of the five inter-related elements of a sound system of internal control, are those activities that management implements to provide reasonable assurance that business objectives will be achieved by adequately and efficiently mitigating risks, which may prevent such risks from realising. Internal control activities fall into the following five major categories (Al-Thuneibat, Al-Rehaily & Basodan 2015; COSO 2013; Kobelsky 2014):

  • Adequate document usage and design: Source documents are used to vindicate the occurrence of transactions, and should make provision for an array of details (e.g. dates, signatures, product/service descriptions and so on) while also being pre-numbered. As rule of thumb, original source documents are issued by businesses to those entities that receive products, services or cash, while duplicate source documents are kept as proof by such business entities (e.g. tax invoice, receipt, goods received note and so on). Other documents may also include internal documents (e.g. memos and reports).
  • Proper authorisation activities: Before any transaction can take place, it needs to be properly authorised. More often than not, authorisation activities are performed by management; however, management may delegate authority to non-managerial staff, if appropriate.
  • Safeguarding of assets: The safeguarding of assets entails the mitigation of risks, which may adversely influence a business’ premises (location where it is based), people (employees and customers) and equipment. This is generally done by means of implementing preventive and/or detective control measures (e.g. locks on doors, alarm systems and so on).
  • Segregation of duties: For the sake of mitigating internal risks (e.g. collusion, theft, embezzlement and so on), the person responsible for authorising a transaction (person A) should not be the same person that performs the transaction (person B) and should not be the same person that records the transaction (person C).
  • Independent checks: By making use of random and/or periodic intervals, independent checks can be performed mitigate risks. This can include, inter alia, physical stock counts, monitoring of staff, supervision of staff, performing quality checks and periodic staff reviews.

Research on individual internal control activities is limited. A probable reason for the latter dispensation is that in a study conducted by Sahd and Rudman (2016), it was found that many proactive internal control activities in large organisations are becoming more reactive in nature because of the rapid evolution of technology. The latter has been ongoing since the early 2000s when many conventional (manual) internal control activities were started being replaced by computerised controls (Stringer & Carey 2002). Whether this is applicable for SMMEs is debatable as these types of business entities may be less structured and less complex than larger business entities. Furthermore, research (Tazilah & Hussain 2015) supports the component ‘internal control activities’ as the one crucial element that should be present to ensure a sound internal control system. Based on a study by Bruwer (2016), it was found that South African SMMEs made use of (manual) preventive controls to safeguard assets while also making mostly use of (manual) independent checks to strengthen their internal control systems, with limited use of source documents (original and duplicate), detective controls to safeguard assets and proper authorisation activities – rendering their implemented internal control activities as customised. Although customised internal control activities can add value in relation to business culture and business values (Christ et al. 2012), whether this is the case in South Africa SMMEs is debatable and needs to be investigated further. However, it is first important to understand which specific internal control activities add the most value to the perceived value of the adequacy and effectiveness of internal control activities, which leads to the following hypotheses:

H1: Individual internal control activities have a positive effect on the perceived adequacy of the element ‘internal control activities’ in South African SMMEs.

H2: Individual internal control activities have a positive effect on the perceived effectiveness of the element ‘internal control activities’ in South African SMMEs.

In the second place, it is important to understand which specific internal control activities will improve the perceived value of the overall internal control system, leading to the following hypotheses:

H3: Individual internal control activities have a positive effect on the perceived adequacy of existing internal control systems in South African SMMEs.

H4: Individual internal control activities have a positive effect on the perceived effectiveness of the existing internal control systems in South African SMMEs.

Research design

Survey research was conducted to obtain insight from various SMME managers and their employees. Although it was not possible to measure the adequacy and effectiveness of internal control activities and internal control systems because of limited reporting structures and information available, the perceptions of management and employees were used to test the perceived adequacy and effectiveness of existing internal control activities and implemented internal control systems. This is a limitation in the study and can be further investigated. Moreover, because this study was exploratory in nature, only basic and manual features of the element ‘internal control activities’ were focused on. The reasoning behind the latter was that if a correlation(s) existed between the perceived effectiveness and/or adequacy of implemented internal control activities and internal control systems, it would allow for further research (more descriptive in nature) to be conducted in future.

The scope of this study was limited to the Cape Metropole because of time and budget constraints. Data were collected using a mixture of non-probability sampling methods to obtain rich data, namely, purposive sampling and convenience sampling, from 120 SMMEs. In core, this resulted in responses being received from 119 South African SMME managers (individuals that were responsible for implementing and/or managing internal control within their respective business entities) and 98 employees (individuals that were responsible for operational activities in these business entities) which were based in the Fast-Moving Consumer Goods (FMCG) industry3 (second largest sub-sector in the national economy). All sampled South African SMME managers were actively involved in their business’ operations while simultaneously being regarded as owners and/or managers – having relevant managerial experience and authority to make business-related decisions. In addition, all sampled South African SMME employees had no authority to make business decisions.

Data were collected through means of surveys. Each survey consisted of a briefing session to explain relevant concepts to respondents (which may sometimes be complex) before being asked to complete the survey. To mitigate the risk of research bias, an independent data collection firm was used. All field workers of the independent data collection firm were trained before being sent into the field.

To measure the adequacy and effectiveness (dependent variables) of both internal control activities and internal control systems, four statements were used to measure respondents’ perceptions. These four statements were used as a proxy to measure the perceived adequacy and effectiveness of the internal control activities and the internal control system. For the independent variables, viewed through the lens of the neo-institutional theory, specifically coercive measures, relevant internal control activities of the COSO integrated framework (COSO 2013) were used, comprising 45 items. To answer the four hypotheses, exploratory factors analysis and logistic regression analyses were used.

Firstly, using exploratory factor analysis, the 45 items were reduced to nine factors and seven items (see Appendix 1) through the conducting of principal component and principal axis factoring analyses. Secondly, logistic regression analyses, which pertain to the study of a relationship between one outcome variable and one or more predictor variables (Joliffe & Morgan 1992; Peng & So 2002), were conducted, namely, the relationship between the implemented individual internal control activities and the perceived adequacy and effectiveness of internal control activities and the overall internal control systems.

Demographical information

Out of the 217 respondents, a total of 119 (54.48%) were members of management of South African SMMEs and had full business making decision rights. Moreover, the respondents could be described as follows:

  • There were 96.64% South Africans and 3.36% non-South Africans.
  • Of the respondents, 62.15% had between 1 and 5 years of managerial experience, and 37.85% had more than 5 years of managerial experience.
  • About 18.49% had the highest qualification lower than Grade 12 (final year of the secondary schooling system), 48.74% had the highest qualification of Grade 12 qualification and 32.77% had a tertiary qualification.

The employees of South African SMMEs, 98 out of the 217 respondents (45.16%), had no decision-making rights and could be described as follows:

  • Those who were employed on a full-time basis constituted 83.54% and those who were employed on a part-time basis represented 16.46%.
  • Eighty-one per cent had been employed between 1 and 5 years and 19% were employed for more than 5 years.
  • Of the respondents, 41.77% had the highest qualification lower than Grade 12 (final year of the secondary schooling system), 45.57% had the highest qualification of Grade 12 qualification and 12.66% had a tertiary qualification.

The SMMEs of respondents were regarded as non-franchised and operated in the FMCG industry. These business entities could be described as follows:

  • 6.57% were private companies, 11.62% were close corporations, 14.14% were partnerships and 67.68% were sole traders.
  • 76.26% had one outlet, and 23.74% had more than one outlet.
  • 13.64% employed between 11 and 50 employees (medium), 27.78% employed between 6 and 10 (very small) employees and 58.59% employed less than 6 employees (micro).
  • 45% were in existence for between 1 and 5 years, and 55% were in existence for 6 years or more.
Construct validity and reliability of measures

To measure variables, respondents were asked to provide responses through a five-point Likert scale (1 = strongly disagree, 2 = disagree, 3 = neither agree nor disagree, 4 = agree, and 5 = strongly agree). All variables measuring the dependent variables (perceived efficiency and perceived adequacy of implemented internal control activities and implemented internal control systems) underwent exploratory factor analysis using principal axis factoring and promax rotation. A total of 45 items were reduced to nine factors and seven items. Whether a factor analysis is appropriate depends on the results of the Kaiser–Meyer–Olkin (KMO) measure of sampling adequacy. If a factor achieves a KMO value which is greater than 0.500, it is deemed to be a suitable factor (Field 2009). All KMO test values of 0.600 or higher are required to justify the appropriateness of a factor when exploratory factor analysis is performed while simultaneously being supported by a p < 0.001 for Bartlett’s test of sphericity (Cohen & Sayag 2010; Field 2009). In terms of reliability of a factor, a Cronbach’s alpha above 0.700 is normally deemed satisfactory; however, in the case of exploratory research, a Cronbach alpha of 0.600 is deemed as acceptable (Hair et al. 2010). The factorisation is summarised in Appendix 1 – all factors met the applicable criteria.

Model specification

Using the results from the exploratory factor analysis as a basis, relevant logistic regression analyses were performed. The standard logistic regression model4 used to test the four hypotheses above was structured as follows (see Equation 1):

For this study, a total of four models were used to empirically test the hypotheses. All relevant responses from the dependent variables obtained were transformed to read as either ‘yes’ or ‘no’ by converting values less than 3 to ‘no’ and converting all remaining values to ‘yes’ (see Appendix 2).

Ethical consideration

Relevant ethical considerations were taken into account for this study. All respondents were safeguarded from physical harm, all respondents provided informed consent, all information provided by respondents were treated with the highest levels of confidentiality and all respondents were guaranteed anonymity.

Results and discussion

Using the results of the logistic regression analyses as basis (see Appendix 3), the results are textually depicted below for each of the four models.

Model 1

Using the Hosmer–Lemeshow as a basis, it appears that the logistic regression model has an acceptable fit5 to the data with a recorded p-value of 0.738. In addition, there was an improvement when taking into account the correct classification percentage of 87.1% (83%). Taking into account the results of the logistic regression analysis, all statistically significant relationships had a positive relationship and referred to the perceived adequacy of the internal control activities, namely, the safeguarding of people and equipment (PE) (β = 0.740); the location of the business (LOCATION) (β = 0.550); when management in South African SMMEs were solely responsible for authorising transactions (MANAUT) (β = 1.045) and when internal control activities that had sound characteristics (e.g. adaptability, suitability and supportiveness) (OICA) were used (β = 2.224).

Model 2

Again, the Hosmer–Lemeshow test shows that the logistic regression model has an acceptable fit to the data with a recorded p-value of 0.901. Moreover, there was an improvement when taking into account the correct classification percentage of 87.6% (84.7%). Taking into account the results, if South African SMMEs made use of internal control activities in relation to the safeguarding of PE, it had a statistically significant and positive effect (β = 1.109) on the perceived effectiveness of implemented internal control activities (ICA_EFFECT). This is also true for the location of the business (LOCATION) (β = 0.552); when employees of South African SMMEs were monitored (STAFMON) (β = 1.772) and when South African SMMEs made use of internal control activities that had sound characteristics (OICA) (β = 1.866). On the contrary, a negative effect is reported when employees in South African SMMEs authorised transactions based on policies in the business (EMAUT) (β = ‒1.466) and when employees were supervised in the business (STAFSUP) (β = ‒1.393).

Model 3

Based on the Hosmer–Lemeshow test, the logistic regression model has an acceptable fit to the data with a recorded p-value of 0.982. There was an improvement when taking into account the correct classification percentage of 94.6% (92.3%). This resulted in the following regarding the perception of adequacy of internal control systems: if South African SMMEs made use of internal control activities in relation to the safeguarding of PE, as well as when internal control activities that had sound characteristics (e.g. adaptability, suitability and supportiveness) (OICA) were used, it had a statistically significant and positive effect (β = 1.650 and 2.388, respectively) on the perceived adequacy of implemented internal control systems (ICS_ADEQ). In contrast, if employees in South African SMMEs authorised transactions based on policies in the business (EMAUT), it had a statistically significant and negative effect (β = -3.401) on the perceived adequacy of implemented internal control systems (ICS_ADEQ).

Model 4

The Hosmer–Lemeshow test also shows that the logistic regression model has an acceptable fit to the data with a recorded p-value of 0.248. Furthermore, there was an improvement when taking into account the correct classification percentage of 92.3% (90.5%). Taking into account the results of the logistic regression analysis, the following is evident regarding the perceptions of the effectiveness of implemented internal control systems: if South African SMMEs made use of internal control activities in relation to the safeguarding of PE, it had a statistically significant and positive effect (β = 1.490) on the perceived effectiveness of implemented internal control systems (ICS_EFFECT). This is also true when the SMMEs made use of reconciliation activities in the business (RECON) (β = 0.875); were performance measured in the business (STAFPERF) were applied (β = 1.510) and when internal control activities that had sound characteristics (e.g. adaptability, suitability and supportiveness) (OICA) were used (β = 3.435). Negative correlations were reported when employees in South African SMMEs authorised transactions based on policies in the business (EMAUT) (β = -2.420).

Taking into account the results from the logistic regression analyses, it is apparent that out of the 64 tested associations, only 18 were found to be statistically significant; 14 being positive and four being negative

Notwithstanding the fact that most tested associations were statistically insignificant, none of the developed hypotheses can be rejected. This is especially supported by the fact that the following statistically significant predictions can be made:

  • The odds were 2.096 times greater for South African SMMEs to have perceived adequate internal control activities if internal control activities related to the safeguarding of assets, in relation to people and equipment, were rated one unit higher.
  • The odds were 1.733 times greater for South African SMMEs to have perceived adequate internal control activities if internal control activities related to the safeguarding of assets, in terms of location, were rated one unit higher.
  • The odds were 2.844 times greater for South African SMMEs to have perceived adequate internal control activities if only management was responsible for authorising transactions.
  • The odds were 9.244 times greater for South African SMMEs to have perceived adequate internal control activities if internal control activities with sound characteristics were rated one unit higher.
  • The odds were 3.031 times greater for South African SMMEs to have perceived effective internal control activities if internal control activities related to the safeguarding of assets, in relation to people and equipment, were rated one unit higher.
  • The odds were 1.733 times greater for South African SMMEs to have perceived effective internal control activities if internal control activities related to the safeguarding of assets, in terms of location, were rated one unit higher.
  • The odds were 5.882 times greater for South African SMMEs to have perceived effective internal control activities the monitoring of employees were rated one unit higher.
  • The odds were 9.244 times greater for South African SMMEs to have perceived effective internal control activities if internal control activities with sound characteristics were rated one unit higher.
  • The odds were 5.209 times greater for South African SMMEs to have perceived adequate internal system activities if internal control activities related to the safeguarding of assets, in relation to people and equipment, were rated one unit higher.
  • The odds were 9.244 times greater for South African SMMEs to have perceived adequate internal control system if internal control activities with sound characteristics were rated one unit higher.
  • The odds were 4.438 times greater for South African SMMEs to have perceived effective internal control systems if internal control activities related to the safeguarding of assets, in relation to people and equipment, were rated one unit higher.
  • The odds were 2.399 times greater for South African SMMEs to have perceived effective internal control systems if internal control activities related to reconciliations were rated one unit higher.
  • The odds were 4.525 times greater for South African SMMEs to have perceived effective internal control systems if the performance measurement of employees were rated one unit higher.
  • The odds were 31.046 times greater for South African SMMEs to have perceived effective internal control systems if internal control activities with sound characteristics were rated one unit higher.

Conclusion and recommendation

Although the literature on internal control activities and internal control systems are extensively developed, a gap exists on the adequacy and effectiveness of these mechanisms within an SMME environment.

Especially where this phenomenon is usually viewed through the lens of the agency theory, it is not necessarily applicable within the SMME environment, as the line between managers and owners becomes blurred. Therefore, in this study, the gap is viewed through the lens of the neo-institutional theory, using one of the most well-known and respected guidance documents on internal control as a basis. It became apparent that internal control activities in South African SMMEs have limited influences on the adequacy and effectiveness of the internal control system. Out of the 64 tested associations for the perceived adequacy and effectiveness, respectively, only 14 were positive and statistically significant. Although this study partially addresses phenomena, which SMMEs need to take into account to implement a sound internal control system, based on a formal framework(s), more questions need to be answered. To this end, future studies could focus on aspects such as to why only a few internal control activities influence the perceived adequacy and effectiveness of implemented internal control systems in South African SMMEs, ultimately supporting the sustainability of SMMEs in South Africa.

Furthermore, when specific internal control activities are scrutinised, it is interesting to note a clear pattern. Three specific internal control activities are the most influential, namely, the safeguarding of people and equipment (positive in four models), the location of the business (positive in two models) and internal control activities that had sound characteristics, such as adaptability, suitability and supportiveness (positive in four models) – referring to a flexible internal control system. In contrast, when employees authorise transactions (even if this is within the business policies), it had a negative influence on the perceived adequacy and effectiveness of the internal control system (negative in three models). This adds a practical contribution to the body of knowledge and should be taken into account by owners or managers of South African SMMEs when implementing internal control systems.

Acknowledgements

Competing interests

The authors have declared that no competing interests exist.

Author’s contributions

J-P.B. and P.C. contributed towards the introduction, literature review, research design and methodology and the conclusion sections. J.M. contributed towards the results and discussion sections.

Funding

This research received no specific grant from any funding agency in the public, commercial, or not-for-profit sectors.

Data availability statement

Data sharing is applicable to this article as new data were created or analysed.

Disclaimer

The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of any affiliated agency of the authors.

References

Adeniyi, A. & Aramide, A., 2014, ‘Enhancing the performance of electricity distribution companies in Nigeria via internal control system’, Research Journal of Finance and Accounting 5(22), 197–214.

Agbejule, A. & Jokipii, A., 2009, ‘Strategy, control activities, monitoring and effectiveness’, Managerial Auditing Journal 24(6), 500–522. https://doi.org/10.1108/02686900910966503

Al-Thuneibat, A.A., Al-Rehaily, A.S. & Basodan, Y.A., 2015, ‘The impact of internal control requirements of profitability of Saudi shareholding companies’, International Journal of Commerce and Management 25(2), 196–217. https://doi.org/10.1108/IJCOMA-04-2013-0033

Bruwer, J.-P., 2016, ‘The relationship(s) between the managerial conduct and the internal control activities in South African fast moving consumer goods SMMEs’, Unpublished DTech (Internal Auditing) thesis, Cape Peninsula University of Technology, Cape Town, South Africa.

Bruwer, J-P. & Coetzee, P., 2016, ‘A literature review of the sustainability, the managerial conduct of management and the internal control systems evident in South African Small, Medium and Micro Enterprises’, Problems and Perspectives in Management 14(2), 201–211. https://doi.org/10.21511/ppm.14(2-1).2016.09

Bruwer, J-P. & Siwangaza, L., 2016, ‘Is the control environment a basis for customised risk management initiatives in south African small, medium and micro enterprises?’, Expert Journal of Business and Management 4(2), 105–117.

Cambridge Dictionaries Online, 2019a, Adequacy, viewed 01 March 2019, from http://dictionary.cambridge.org/dictionary/english/adequacy.

Cambridge Dictionaries Online, 2019b, Effectiveness, viewed 01 March 2019, from http://dictionary.cambridge.org/dictionary/english/effectiveness.

Canadian Institute of Chartered Accountants, 1995, Guidance on control, Canadian Institute of Chartered Accountants, Toronto.

Cant, M. & Ligthelm, A., 2002, ‘Small business problems in the South African context: A proactive entrepreneurial approach’, paper delivered at the 7th Asia-Pacific Decisions Science Institute Conference, Bangkok, Thailand, 24–27th July.

Cant, M.C. & Wiid, J.A., 2013, ‘Establishing the challenges affecting South African SMEs’, International Business and Economics Research Journal 12(6), 707–716. https://doi.org/10.19030/iber.v12i6.7869

Chenhall, R.H., 2003, ‘Management control systems design within its organizational context: Findings from contingency-based research and directions for the future’, Accounting, Organizations and Society 28(2), 127–168. https://doi.org/10.1016/S0361-3682(01)00027-7

Christ, M.H., Emett, S.A, Summers, S.L. & Wood, D.A., 2012, ‘The effects of preventive and detective controls on employee performance and motivation’, Contemporary Accounting Research 29(2), 432–452. https://doi.org/10.1111/j.1911-3846.2011.01106.x

Coase, R.H., 1937, ‘The nature of the firm’, Economica 4(16), 386–405. https://doi.org/10.2307/2626876

Cohen, A. & Sayag, G., 2010, ‘The effectiveness of internal auditing: An empirical examination of its determinants in Israeli Organizations’, Australian Accounting Review 20(3), 296–307. https://doi.org/10.1111/j.1835-2561.2010.00092.x

Committee of Sponsoring Organizations of the Treadway Commission (COSO), 2013, Internal control – integrated framework: Executive summary, viewed 17 November 2016, from https://na.theiia.org/standards-guidance/topics/Documents/Executive_Summary.pdf

DiMaggio, P.J. & Powell, W.W., 1983, ‘The iron cage revisited: Institutional isomorphism and collective rationality in organizational fields’, American Sociological Review 48(2), 147–160. https://doi.org/10.2307/2095101

Dixit, S., 2006, ‘The flavour and fragrance industry today: A perspective’, Chemical Weekly, November, 6p.

Esarey, J. & Pierce, A., 2012, ‘Assessing fit quality and testing for misspecification in binary-dependent variable models’, Political Analysis 20(4), 480–500. https://doi.org/10.2307/23359643

Etzioni, A., 1964, Modern organizations, Englewood Cliffs, NJ, Prentice-Hall.

Field, A., 2009, Discovering statistics using SPSS, Sage, London.

Greenwood, R. & Hinings, C.R., 1996, ‘Understanding radical organizational change: Bringing together the old and new institutionalism’, Academy of Management Review 21(4), 1022–1054. https://doi.org/10.2307/259163

Greenwood, R. & Meyer, R.E., 2008, ‘Influencing ideas: A celebration of DiMaggio and Powell (1983)’, Journal of Management Inquiry 17(4), 258–264. https://doi.org/10.1177/1056492608326693

Hair, J.F., Black, W.C., Babin, B.J. & Anderson, E.E., 2010, Multivariate data analysis, 7th edn., Macmillan, Prentice Hall.

Heugens, P. & Lander, M.W., 2007, Testing the strength of the iron cage: A meta-analysis of neo-institutional theory, ERIM Report Series, ERS-2007-007-ORG, viewed n.d., from https://papers.ssrn.com/sol3/papers.cfm?abstract_id=962252.

IFC, 2013, Closing the credit gap for formal and informal micro, small and medium enterprises, viewed 29 Mar 2017, from https://www.ifc.org/wps/wcm/connect/4d6e6400416896c09494b79e78015671/Closing+the+Credit+Gap+Report-FinalLatest.pdf?MOD=AJPERES.

IIA, 2013, The revised standards for the professional practice of internal auditing, viewed 11 March 2015, from https://na.theiia.org/standards-guidance/Public%20Documents/IPPF%202013%20English.pdf.

IIA, 2019, Governance, risk & control, viewed 15 April 2019, from https://na.theiia.org/standards-guidance/topics/pages/governance-risk-and-control.aspx.

ISACA, 2012, Comparing COBIT 4.1 and COBIT 5, viewed 19 May 2015, from https://www.isaca.org/COBIT/Documents/Compare-with-4.1.pdf.

Jensen, M.C. & Meckling, W.H., 1976, ‘Theory of the firm: Managerial behaviour, agency costs and ownership structure’, Journal of Financial Economics 3(1), 305–360. https://doi.org/10.1016/0304-405X(76)90026-X

Ji, S.W., Yu, Z.Z., Zhang, Z.H. & Gao, Y.H., 2013, ‘The double-closed-loop quality model of fast moving consumer goods supply chain based on Quality House’, Advanced Materials Research 694–697(1), 3484–3487. https://doi.org/10.4028/www.scientific.net/AMR.694-697.3484

Joliffe, I.T. & Morgan, B.J.T., 1992, ‘Principal component analysis and exploratory factor analysis’, Statistical Methods in Medical Research 20(1), 141–151. https://doi.org/10.1177/096228029200100105

Kobelsky, K.W., 2014, ‘A conceptual model for segregation of duties: Integrating theory and practice for manual and IT-supported processes’, International Journal of Accounting Information Systems 15(4), 304–322. https://doi.org/10.1016/j.accinf.2014.05.003

Langfield-Smith, K. & Smith, D., 2003, ‘Management control systems and trust in outsourcing relationships’, Management Accounting Research 14(3), 281–307. https://doi.org/10.1016/S1044-5005(03)00046-5

Lee, S. & Ahn, H., 2009, ‘Structural equation model for EDI controls: Controls design perspective’, Expert Systems with Applications 36(2), 1731–1749. https://doi.org/10.1016/j.eswa.2007.12.008

Lee, Y.F.L., 2013, ‘Managerial philosophy of Chinese CEOs in modern businesses: A cross-cultural study’, Tékhne: Review of Applied Management Studies 11(2), 54–63. https://doi.org/10.1016/j.tekhne.2013.09.001

Majid, I.A., Dora, M.T. & Kamarudin, M.F., 2008, ‘Factors influencing the formation of business ventures’, Journal of Human Capital Development 1(1), 29–40. https://doi.org/10.1068/a151395

Martin, K., Sanders, E. & Scalan, G., 2014. ‘The potential impact of COSO internal control integrated framework revision on internal audit structured SOX work programs’, Research in Accounting Regulation 26(1), 110–117. https://doi.org/10.1016/j.racreg.2014.02.012

McNally, J.S., 2013, ‘The 2013 COSO framework and SOX compliance: One approach to an effective transition’, viewed 09 November 2016, from http://www.coso.org/documents/COSO%20McNallyTransition%20Article-Final%20COSO%20Version%20Proof_5-31-13.pdf.

Moloi, N., 2013, ‘The sustainability of construction small-medium enterprises (SMEs) in South Africa’, Unpublished MSc (Building) dissertation, University of the Witwatersrand, Johannesburg, South Africa.

Montandon, A., 2013, ‘Retail in South Africa: Profile and future prospects’, European Retail Research 27(2), 125–152.

Mouloungui, S.M.K.E., 2012, ‘Assessing the impact of finance on small business development in Africa: The cases of South Africa and Gabon’, Unpublished MTech: Comparative Local Development dissertation, Tshwane University of Technology, Pretoria, South Africa.

NCR, 2011, Literature review on small and medium enterprises’ access to credit and support in South Africa, Underhill Corporate Solutions, Pretoria, viewed 23 November 2016, from http://www.ncr.org.za/pdfs/Literature%20Review%20on%20SME%20Access%20to%20Credit%20in%20South%20Africa_Final%20Report_NCR_Dec%202011.pdf.

Nicolăescu, E., 2013, ‘The need for effective internal audit as part of good corporate governance practices’, Psychosociological Issues in Human Resource Management 1(1), 108–113.

Peng, C.Y.J. & So, T.S.H., 2002, ‘Logistic regression analysis and reporting: A primer’, Understanding Statistics 1(1), 31–70. https://doi.org/10.1207/S15328031US0101_04

Petersen, A., 2018, ‘The effectiveness of internal control activities to combat occupational fraud risk in fast moving consumer goods Small, Medium and Micro Enterprises (SMMEs) in the Cape Metropole’, Unpublished MTech: Internal Auditing thesis, Cape Peninsula University of Technology, Cape Town, South Africa.

Rogerson, C.M., 1997, SMMEs and poverty in South Africa. Input Report for the National Project on Poverty and Inequality, viewed 28 July 2017, from http://www.smmeresearch.co.za/SMME%20Research%20General/Conference%20Papers/SMMEs%20and%20poverty%20in%20SA.pdf.

Rose, R.V., 2015, ‘A lesson from HIPAA: Adequate policies and procedures are equally as important for foreign corrupt practices act compliance’, The EDP Audit, Control, and Security Newsletter 51(3), 1–5. https://doi.org/10.1080/07366981.2015.1031561

Sahd, L.M. & Rudman, R., 2016, ‘Mobile technology risk management’, The Journal of Applied Business Research 32(4), 1079–1096. http://doi.org/10.19030/jabr.v32i4.9723

Simons, R., 2013, Levers of control: How managers use innovative control systems to drive strategic renewal, Harvard Business Press, Boston, MA.

Siwangaza, L., 2013, ‘The status of internal controls in fast moving consumer goods SMMEs in the Cape Peninsula’, Unpublished MTech: Internal Auditing thesis, Cape Peninsula University of Technology, Cape Town, South Africa.

South Africa, 1996, National Small Business Act No. 102 of 1996, Government Printer, Pretoria, viewed 27 November 2016, from http://www.thedti.gov.za/sme_development/docs/act.pdf.

Spira, L.F. & Page, M., 2003, ‘Risk management: The reinvention of internal control and the changing role of internal audit’, Accounting, Auditing and Accountability Journal 16(4), 640–661. https://doi.org/10.1108/09513570310492335

Stacey, R., 2016, The chaos frontier- creative strategic control for business, Butterworth-Heinemann Limited, Wiltshire.

Stringer, C. & Carey, P., 2002, ‘Internal control re-design: An exploratory study of Australian organisations’, Accounting, Accountability & Performance 8(2), 61–86. https://doi.org/10.1108/MAJ-08-2013-0910

Tazilah, M.D.A.B. & Hussain, N.B.C., 2015, ‘The importance of internal control in SMEs: Fraud prevention and detection’, International Conference on Business, Accounting, Finance and Economics, Malaysia, 9th October 2015.

Van Eeden, S., Viviers, S. & Venter, D., 2003, ‘A comparative study of selected problems encountered by small businesses in the Nelson Mandela, Cape Town and Egoli metropoles’, Management Dynamics 12(3), 13–23.

Visagie, J.C., 1997, ‘SMMEs’ challenges in reconstructing South Africa’, Management Decision 35(9), 660–667. https://doi.org/10.1108/00251749710186496

Wiese, J.S., 2014, ‘Factors determining the sustainability of selected small and medium-sized enterprises’, Unpublished MBA dissertation, North-West University, Potchefstroom, South Africa.

Zwikael, O. & Smyrk, J., 2015, ‘Project governance: Balancing control and trust in dealing with risk’, International Journal of Project Management 33(4), 852–862. https://doi.org/10.1016/j.ijproman.2014.10.012

Appendix 1

TABLE 1-A1: Summary of principle axis factoring for factors included.

Appendix 2

TABLE 1-A2: Description of variables used in logistic regressions.

Appendix 3

TABLE 1-A3: Logistic regression analyses results.

Footnotes

1. South African SMMEs contribute up to 57% of the national gross domestic product and provide employment opportunities to approximately 61% of the national workforce (Mouloungui 2012; NCR 2011).

2. Risks may realise in a business when the ‘principle’ and ‘agent’ have different views and/or attitudes toward the treatment of risks (Zwikael & Smyrk 2017).

3. It is an industry that is characterised by high levels of competition relating to the selling of FMCG, predominantly situated within the wholesale and retail industry, operating in at least one of the following two sub-sectors: (1) retail trade, except motor vehicles and motorcycles, repairs of personal household goods, and (2) catering and accommodation (Dixit 2006; Ji et al. 2013; Montandon 2013).

4. πi is the probabilitythat the dependent variable takes on a value of 1, χi represents the control variables included in the regression, βc represents the coefficients of the control variables and α is an intercept parameter.

5. All Hosmer and Lemeshow values which are greater than 0.05, only shows an acceptable fit and not necessarily a good fit (Esarey & Pierce 2012).