Proceedings of 26th International Business Research Conference
7 - 8 April 2014, Imperial College, London, UK, ISBN: 978-1-922069-46-7
This study investigates the problems on internal control systems based on the COSO frameworks and look at how the problem is correlated to each other. In addition, the study attempts to suggests ways in which the corrective actions should be taken for the Thai public universities particularly in the point of view of professional internal auditors (both the director of the internal audit unit at a university and its subordinates).
With regard to the first component of the COSO, both two groups of the sample agreed that the insufficiency of a number of internal auditors is the most important aspect for the control environment. Similarly, they also perceived that the risk identification and risk assessment procedures have not been clearly written. Next, according to the control activities, the directors realised that the delay of gathering evidence is the difficulty to perform an audit; whereas, their subordinates emphasized on the timeliness of the set of financial statements be prepared as the first obstacle for them. Additionally, with regard to information and communication, the lack of accurate and complete data to be examined is the primary concern for them. Furthermore, the director concerned about the prior audit findings and discrepancies that have not been corrected by auditee as the most important impediment for the monitoring; on the other hand, it is specified that the prompt response to take any corrective actions as suggested by the audit report not provided by the top management is the primary concern for their subordinates. Moreover, it is found that extent of the problem on one component of the COSO frameworks is correlated with the other problems Finally, how the Thai public universities would improve the systems of internal control has been also provided in this paper.
Field of Research: Accounting
1.
Briefly, according to the National Education Act B.E. 2542 (1999) and Amendments
(Second National Education Act B.E. 2545 (2002)), education in Thailand is mainly provided by both the private and the public sectors and monitored by the Thai government through the Ministry of Education for all levels of education: early childhood, primary, secondary, and higher. The Commission of Higher Education shall be responsible for proposing policies, development plans, and standards for higher education. The provision for higher education basically is made through the university both private and public. In this research, however, it is concentrated on the public universities (both fully and partially funded by the Thai government and both nonautomomous and autonomous universities).
The Section 58 of the National Educational Act B.E. 2542 specifies that there shall be mobilization of resources and investment in terms of budgetary allocations, financial support and properties. Thus, there shall be a system for auditing, following-up and evaluation, by internal units and state agencies responsible for external auditing, of efficiency and effectiveness in utilization of educational budgetary allocations (the Section
62 of the National Educational Act B.E. 2542). Internal auditing function as part of the organizational governance structure, thus, plays a vital role in motoring the internal control system of the organization (Zakaria et al., 2006) which is consistent with
_____________________________________________________________________
Dr. Somboon Saraphat, Management Sciences Faculty, Kasetsart University Si Racha , Thailand, Email: fmssbs@src.ku.ac.th; somboonsaraphat@gmail.com
Tel. 6638 352830-40 #448 Fax. 6638 352380
1

Proceedings of 26th International Business Research Conference
7 - 8 April 2014, Imperial College, London, UK, ISBN: 978-1-922069-46-7 the Section 6 of the Royal Decree on Criteria and Procedures for Good Governance, B.E.
2546 (2003) (Office of The Public Sector Development Commission Thailand, 2014), specifying that the government agency (including the public universities) shall meet effectiveness and value for money, for example, for the a university's responsibility.
Essentially, the scopes of a university's responsibility in the Thai context may fall within (1) the producing of the graduates, (2) carrying out the research engagement, (3) providing the academic services for the communities, and (4) promoting and maintaining the art and national cultural. The university council and its management communicate the vision, mission, goals, achievements, and difficulties of the institution in a clear, effective, and forthright manner to both internal and external constituencies and; actively support shared governance of the institution (Meyer, 1975; Zakaria et al., 2006; Jesus and Eirado, 2012)
To provide the reasonable assurance for the university's effectiveness and efficiency of the operations, the reliability of financial reporting, and the compliance with the applicable laws and regulations, a university needs to design the system of internal control and audit functions as the more effective corporate governance mechanism widely and successfully implemented (Chamberlain et al., 1993). The most integral part of the internal control and audit functions is the "COSO frameworks". In reality each public university in Thailand might have the different procedures for the system of internal control and the risk management; however, one thing in common is that all Thai public university must apply the systems of internal control in accord with COSO frameworks because it's stipulated by the Office of the Auditor General of Thailand (2011).
As internal control based on COSO contribute value to, and is inextricably integrated as part of, the overall governance and management process (The Committee of Sponsoring
Organization of the Treadway Commission, 2014, p. 5). Therefore, looking at the potential impediments to the systems of internal control and indentify the possible solutions to these weaknesses raised by those who perform their duties as professional internal auditors at the chosen universities is very important.
COSO frameworks as internal control philosophy was established by the Committee of
Sponsoring Organizations of the Treadway Commission in 1985 with the main aiming to sponsor the National Commission on Fraudulent Financial Reporting (the Treadway
Commission). Internal control is here defined as the process, effec ted by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance
(The Committee of Sponsoring Organization of the Treadway Commission, 2013, p.3).
The five components of the COSO framework include (1) control environment which sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure,
(2) risk assessment which is like a prerequisite for determining how the risks should be managed, (3) control activities which involve policies and procedures that help ensure management directives are carried out. They help ensure that necessary actions are taken to address the risks that may hinder the achievement of the entity's objectives, (4) information and communication which play a key role in internal control systems as they produce reports. In a broader sense, effective communication must ensure information flows down, across and up the organization, and (5) monitoring, internal control systems
2

Proceedings of 26th International Business Research Conference
7 - 8 April 2014, Imperial College, London, UK, ISBN: 978-1-922069-46-7 need to be monitored
—a process that assesses the quality of the system's performance over time. This is accomplished through ongoing monitoring activities or separate evaluations (Sarends and Beelde, 2006; The Committee of Sponsoring Organization of the
Treadway Commission, 2013; Zhou et al., 2013).
Because of the new public management focused on good governance, the COSO frameworks are gaining wider acceptance among the not-for profit organisations including the public universities. A university has paid more special attention on accountability to both internal and external constituencies by utilising the constraint resources as efficient and as effective as possible and simultaneously improving the quality of education and the internal control and audit function have a vital role in governing the educational administration at all levels of a university in order to achieve its objectives (Chamberlain et al., 1993; Arena, 2013).
In order to make the system of internal control adaptable and suitable for any universities,
The Office of the Auditor General of Thailand (2011) allow the government agencies universities design and implement its own systems of internal control and audit function.
To a lesser extent, a university is required to apply the COSO frameworks as the system of internal control and report the performance of the internal control system to The Office of the Auditor General of Thailand every year, especially the weaknesses of the internal control systems and the recommendations for improvement. Accordingly, it is a significant effort to investigate the impediments to internal audit control and audit as it is the usual information for strengthening an effective governance. There have been the previous studies measuring the effectiveness of internal control system (i.e.Ashbaugh-Skaife et al.,
2008; Ma and Ma, 2011; Onumah et al., 2012; Onumah and Krah, 2012; Danescu and
Dogar, 2012). However, the investigation on the internal control-based problems is limited.
This first purpose of this study is, therefore, to investigate the extent to which the problems on internal control are perceived by the two types of auditor in this research: the director of the internal audit unit and its subordinate. They are both responsible for performing an audit at the various subunits of a university. As they work in the same environment and typically have the same educational background and professional experience, hence, the following hypothesis is formulated.
H1: The perceived problems on internal audit control system is not different between the director of the internal unit and the its subordinate who are professional and full-time auditors at a university.
The second purpose of the research explores the correlations among the integrated components of the COSO frameworks. Noticeably, internal control is not a serial process but dynamic and integrated process. The five components of the COSO operate together in an integrated manner. All five components work together to reduce the risk of non achieving an objectives to an acceptable level (The Committee of Sponsoring
Organization of the Treadway Commission, 2013, p.8). Thus, it is expected that one problem on a certain component of the COSO may be correlated to others. Based on this argument, the following hypothesis is proposed:
H2: The extent of the problem on one component of the COSO frameworks is correlated with the other problems.
3

Proceedings of 26th International Business Research Conference
7 - 8 April 2014, Imperial College, London, UK, ISBN: 978-1-922069-46-7
Lastly, the researcher attempts to deriving at how the problems on each component of the
COSO frameworks would be solved which is the second purpose of the research. These solutions are obtainable through the open-ended questions. Thus, there is no hypothesis for this second purpose of this research.
This article, therefore, aims to rectify this missing link in order to gain insights into impediments of audit control systems, and also look at how the problem is correlated to each other. In addition, the study attempts to suggests ways in which the corrective actions should be taken for the more effective internal control systems especially in the case of Thai public universities.
3.
The demand for accountability, transparency, and efficiency is becoming more important for the public univesities (Chamberlain et al., 1993) because they are, to a greater extent, funded from the government; whereas, private institutions do not have many regulations which demand exact compliance (Zakaria et al., 2006). Thus, internal control is inextricably linked with the public universities. All considered, a total of 126 surveys were distributed to the 63 public universities across Thailand. Half of these surveys were expected to complete by the directors and the other halves were for its subordinates. They both work in the department of internal unit of a university as professional internal auditor.
Research instrument had been divided into 3 sections, including (1) demographic data, (2) in measuring the extent of the problems on internal control systems, 31 items relating to the five components of the COSO framework were operationalised with a Linkert scale from 1 (strongly disagree) to 5 (strongly agree) and the Cronbach's alpha ranging from
0.70-0.90 deemed reliable (Hair et al.,2010), and (3) the how the problems would be solved with the open-ended questions.
4. Findings and Discussions
Descriptive Data
Demographic data
Table 1: Demographic data
Director of Internal Audit Subordinate
Frequency Percent Frequency Percent
Sex
Male
Female
Total
Age (years):
25-35
36-45
46-55
above 55
Total
Education:
Associate
Bachelor
Master
Total
13
20
33
6
8
14
5
33
0
11
22
33.0
39.4
60.6
100.0
18.2
24.2
42.4
15.2
100.0
0
33.3
66.7
100.0
6
24
30
2
15
7
6
30
2
21
7
30
20
80
100
6.7
50.0
23.3
20.0
100
6.7
70.0
23.3
100
4

Proceedings of 26th International Business Research Conference
7 - 8 April 2014, Imperial College, London, UK, ISBN: 978-1-922069-46-7
Experience (years): below
1
1 – 5
6 – 10 above 10
5
15
4
9
15.2
45.5
12.0
27.3
6
15
6
3
20.0
50.0
20.0
10.0
Total 33 100 30 100.0
Usable data were collected from 63 internal auditors ( 33 directors and 30 subordinates), yielding the overall usable response rate of 50 percent. According to table 1
(demographic data), the majority of the respondents was male ( for both director of internal audit (60.60 %) and those who perform an audit under the supervision of the director of internal audit (80 %). The director of internal audit aged between 46 and 55 years (42.40
%); whereas, their subordinates had been in the age of 36 to 45 years. With regard to the education, more directors of internal audit possessed the master's degree ( 66.70 %); on the other hand, their subordinates mostly earned the bachelor's degree (72.4 %). Based on professional experience as professional internal auditor, obviously, both the directors of internal audit (45.50 %) and their subordinates had been engaged in the internal audit professional between 1 and 5 years.
THE COSO-BASED PROBLEMS ON INTERNAL CONTROL SYSTEMS
Table2: Overall internal control-based problems
COSO components Director Subordinate t-test
Mean S.D. Mean S.D. p-value
Control environment 2.63 0.83 2.77 0.78 0.49 tstatistics
-0.69
Risk assessment
Control activity
Information and communication
Monitoring
2.30 1.11 2.36 1.35 0.87
2.60 0.96 2.86 1.03 0.30
2.27 1.13 2.27 1.05 0.99
2.33 1.11 2.67 1.70 0.35
-0.17
-1.04
0.00
-0.95
Table 2 represents overall internal control-based problems, obviously, it can be seen that both the director of the internal unit of the university and their subordinates have similar perceptions on the COSO framework-based problems as they are no significant differences. In addition, the results suggest that the problems on control environment and control activity are more important than others components.
Table 3 illustrates the internal control-based problems by each item of the question.
Obviously, both two groups of the sample agreed that the insufficiency of a number of internal auditors is the most important aspect for the control environment. In addition, the auditors who are under the supervision of the director of internal audit unit of the university shown strong opinion about this issue than their superior which is significantly different from each other (p<0.05). This result is consistent with Ge and McVay (2005) who found that poor internal control is usually related to an insufficient commitment of resources.
Similarly, they also perceived that the risk identification and risk assessment procedures have not been clearly written. Next, according to the control activities, the chief internal
5

Proceedings of 26th International Business Research Conference
7 - 8 April 2014, Imperial College, London, UK, ISBN: 978-1-922069-46-7 auditors realised that the delay of evidence gathering and the performing an audit are firstly prioritised; whereas, their subordinates emphasized on the timeliness of the set of financial statements be prepared as the first obstacle for them. Additionally, the agreement on information and communication-based problems has been made; namely, the greater
Table 3: The results of an Independent Samples T-test
COSO components and items
Director
Mean SD
Subordinate
SD
Mean pvalue
T-Test t statistics
Control Environment
Poor support by top management to run the internal control systems and audit functions
2.84 1.48 2.63 1.16
0.09
Inadequate financial budget for internal control systems and audit functions
2.73 1.51 3.17 1.29 0.21
Unclear role, authority, and responsibility of internal auditors
Inadequate training not provided to personnel to
1.97
1.47 2.43 1.46
0.77
2.73 1.38 2.90 1.27 0.46 acquire knowledge and skill on internal control and audit
No good role model for ethical conduct and integrity by the leaders
2.00 1.29 1.97 1.32 0.89
Inadequate knowledge, competencies, and necessary skills to perform an audit by auditors
3.03
1.16 3.28 0.92
0.50
Some internal auditors do not comply with the manual instructions
2.03 1.40 2.57 1.25 0.72
Poor collaboration and coordination of internal auditors
Inconsistent and unstandardised internal audit
1.97
1.42 2.20 1.42
0.89
2.30 1.49 2.43 1.30 0.37 procedures
Insufficient internal auditors
Constraint time resources to effectively perform an audit
3.67
1.45 3.90 0.99
0.03
3.15
1.44 3.17 1.17
0.18
Lack of clear performance indicators
Suboptimisation (the goal of the subunit is different for the organization)
2.84
2.06
1.46
1.41
2.63
2.37
1.30
1.27
0.56
0.51
Poor collaboration from auditee due to wrong perception of the objectives of internal audit
Risk Assessment
2.42 1.37 2.47 1.46 0.49
Lack of the direction for internal audit
Lack of the written risk analysis and risk exposure
2.36
1.67 2.23 1.36
0.41
2.48
1.41 2.63 1.56
0.60 processes
Risk factors cannot be identified
Control Activity
Lack of standardised forms of evidence to keep recording
Ease of access to data by an unauthorised persons
2.06
2.03
1.17
1.51
2.20
2.37
1.42
1.59
0.23
0.95
Poor time management for gathering evidence and performing an audit
2.84
1.21 2.57 1.17
0.72
Lack of good filing systems and up-to-date data
Lack of performance review by an independent person
Untimely financial statements preparation by auditee 2.75
1.34 2.93 1.22
0.66
Information and Communication
Lack of accurate and complete data 2.79
1.14 2.83 1.32
0.42
Lack of regular, complete, and on-time 2.55
1.23 2.70 1.26
0.87 communication
2.52
1.33 2.73 1.28
0.91
2.67
1.43 2.89 1.31
0.40
2.18
1.56 2.00 1.31
0.08
1.58
1.52 1.57 1.22
0.10 Very limited communicating fraud to the top management or audit committee
Monitoring
Prior audit findings ignored by auditee 2.79 1.54 2.83 1.311 0.44
0.62
1.24
-
1.26
0.52
0.10
-
0.92
1.60
-
0.64
0.37
-
0.74
-
0.06
0.60
-
0.89
0.12
0.41
-
0.40
-
0.43
-
0.86
0.98
-
0.66
-
0.62
-
0.55
-
0.15
-
0.49
0.50
0.03
0.11
6

Proceedings of 26th International Business Research Conference
7 - 8 April 2014, Imperial College, London, UK, ISBN: 978-1-922069-46-7
Lack of follow-up procedures and the evaluation of internal control systems by auditors
Lack of the control self-assessment report
Lack of the prompt response to take any corrective actions by the top management
Lack of written follow-up reports
1.84
1.30 2.14 1.57
0.36
2.16 1.55 2.04 1.71 0.65
2.64
1.17 2.86 1.25
0.95
-
0.79
0.29
-
0.74
2.03
1.47 2.17 1.65
0.58 -
0.36 importance of the problem is placed on the lack of accurate and complete data to be examined. Furthermore, the director paid special attention to the prior audit findings and discrepancy that have not been corrected by the recipients as the most important impediment for the monitoring (in other words internal audit recommendations are also not given enough attention which is consistent with the work of Onumah and Krah, 2012); on the other hand, it is specified that the prompt response to take any corrective actions as suggested by the audit report not provided by the top management is the primary concern for their subordinates. Based on these results, the first hypothesis is supported.
Besides, the correlations (table not provided) among the various problems on internal control systems show the statistically significant positive relationship between the problems regarding control environment, risk assessment, control activities, information and communication, and monitoring ( r ranges from 0.46-0.50 with p < 0.01). In addition, it can be seen that the correlation between control activity and the information and communication is highest (r = 0.74, p< 0.01). Overall, these results are consistent with the proposed hypothesis (the problem is interrelated), thus, the second hypothesis is supported.
Based on the open-ended questions, the respondents were asked to provide the ways to improve the systems of internal control at their workplace. The following results were supplied by both the number of the directors and its subordinates.
Control Environment
1. Equip the leaders at all level of the organization with the knowledge of the internal control procedures and practices. In addition, they should have realised that how the internal control and audit functions are so important to the organization.
2.Communicate with the auditee on how they would take any corrective actions as specified in the prior audit findings.
3. Recruit a number of well-qualified auditors (both academic and experience requirements) and put them to the right job.
4. Clearly establish the written authority delegation and the chain of command.
5. Establish the written work instructions.
6. Arrange a set of in-house training programmes on internal control and audit engagement for personnel who are generally involved with the internal auditors.
7. Establish and make use of an internal audit charter in the department of internal audit.
8. Clearly lay out an organizational chart.
9. Set out the punishment measures to penalise those who break the rules and regulations applicable to the internal control systems.
11. Develop the personnel development plan to be in line with the organizational development.
7

Proceedings of 26th International Business Research Conference
7 - 8 April 2014, Imperial College, London, UK, ISBN: 978-1-922069-46-7
12. Outsource the internal audit services from professional service firms, when professional internal auditors do not exist within an organisation.
Risk Assessment
1. Assess the risks for all activities within an organization as prescribed by Office of the Auditor General of Thailand.
2. Design the processes of risk analysis and assessment.
3. Indentify the risk factors before performing an audit.
4. Assign the specialist who has more specific knowledge other than accounting to be one of the internal auditor members.
5. Clearly develop the audit programmes for an internal audit engagement.
6. Completely understand how internal audit is directed and implemented.
Control Activity
1. Specifically take steps to control the high risk areas that have not been defined by the applicable laws and regulations.
2. Clearly establish a set of internal control systems within an organization.
3. Activity risks must be reduced by activity control systems
4. Develop a good working paper to obtain the relevant evidence as complete as possible.
5. Regularly keep the work instructions updated.
6. Assign the independent persons (both physical appearance and state of mind to perform an audit).
7. Establish standarised audit procedures.
Information and Communication
1. Provide the better corporate communication through the newsletter, leaflet, announcement, internet, etc.
2. Implement the information technology with the various activities.
3. Regularly coordinate with others who get involved with the internal control systems and audit functions.
4. Keep the information accurate, complete, reliable, and timely.
5. Make the auditee aware of the importance of the internal audit.
6. East to access to the office of internal auditor of the university.
7. Possess the human relation by the internal auditors.
8. Communicate the objectives of the internal control and audit to the auditee that it would help the top management in providing the reasonable assurance for the objectives can be achieved rather than for fraud detection.
Monitoring
1. Review the organizational performance when the risk factors have been shown to ensure that the discrepancies would be quickly indentified and promptly corrected.
2. Continuously assess and improve the internal control-based discrepancies.
3. Develop the proper performance indicators covering all areas of the core performance.
4. Prepare the a formal performance report.
5. Designate committee members who are held accountable for appraising performance and following up the improvement plan.
6. Timely present the significant audit findings to the top management for the prompt response
.
8

Proceedings of 26th International Business Research Conference
7 - 8 April 2014, Imperial College, London, UK, ISBN: 978-1-922069-46-7
This study investigates the problems on internal control systems based on the COSO frameworks and look at how the problem is correlated to each other. In addition, the study attempts to suggests ways in which the corrective actions should be taken for the Thai public universities particularly in the point of view of professional internal auditors (both the director of the internal audit unit at a university and its subordinates). Overall findings show the similar perceptions on the COSO framework-based problems between these two groups of internal auditor as they are no significant differences, except for the unavailability of the internal auditor raised by the junior auditors which need to be addressed. In addition, it is found that the extent of the problems on five components of the COSO operate together in an integrated manner, suggesting that the causes of the problems should identified from many sources. Lastly, it is expected that research findings would provide the Thai public university with the tremendous concerns about the difficulties to run the internal control and audit functions effectively and also gaining insight into how the problems can be solved.
Arena, M. (2013) 'Internal audit in Italian universities: an empirical study', Procedia-
Social and Behavioral Sciences , vol. 93, pp.2000-2005.
Ashbaugh-Shake, H., Collins, D. W., Kinney Jr, W. R. and RyanLaFond. (2008) 'The effect of SOX internal control deficiencies and their remediation on accrual quality', The Accounting Review , vol 83, no. 1, pp. 217-250.
Chamberlain, D., Gordon, g. and Plunkett, L (1993) 'Improving accountability in colleges and universities', Internal Audit , Spring.
Danescu, T. and Dogar, C. (2012) 'COSO principles and European Social Fund funded projects in Romania', , ProcediaSocial and Behavioral Sciences , vol.
62, pp.901-905
Ge, W. and McVay, S. (2005) 'The disclosure of material weaknesses in internal control after the Sarbannes-Oxley Act', Accounting Horizons , vol. 19, no. 9, pp. 137-158.
Hair, J. F., Black, W. C., Babin, B. J., Anderson, R. E., & Tatham, R. L. (2010)
Multivariate Data Analysis (7th ed.), Pearson Prentice Hall.
Jesus, J.D. and Eirado, J.S.B. (2012) 'Relevance of accounting information to public sector accountability: A study of Brazilian federal public universities' of Applied Management Studies , vol. 10, pp. 87-98.
, Review
Ma, J. and Ma, C. (2011). 'Factor analysis based on the COSO framework and the government audit performance of control theory', Procedia Engineering , vol.
15, pp. 5584-5589.
Meyer, D. (1975) 'The Internal Auditor. Altamonte Springs' , vol. 32, no,4, pp. 57-60
Office of the Auditor General of Thailand. (2001) ' Instructions: Internal control report preparation in accord with the Office of the Auditor General of Thailand
Commission of Internal Control Procedures B.E. 2544', [Electronic], Available http://www.dld.go.th, [24 March , 2014]
Office of the National Education Commission, Office of the Prime Minister, Kingdom of Thailand. (2003) 'National Education Act B.E. 2542 (1999) and
Amendments (Second National Education Act B.E. 2545 (2002))', Bangkok:
Pimdeekarnpim
9

Proceedings of 26th International Business Research Conference
7 - 8 April 2014, Imperial College, London, UK, ISBN: 978-1-922069-46-7
Office of the Public Sector Development Commission Thailand. (2014) 'Royal Decree on Criteria and Procedures for Good Governance, B.E. 2546 (2003)',
[Electronic], Aavailable: http://www2.opdc.go.th, [24 March, 2014].
Onumah, J.M. and Krah, R. Y. (2012) 'Barriers and Catalysts to effectiveness internal audit in the Ghanaian public sector', Research in Accounting in
Emerging Economies , vol. 12 (A), pp. 177-207.
Onuah, J. M., Kuipo, R. and Obeng V. A. (2012) 'Effectiveness of internal control systems of listed firms in Ghana', Research in Accounting in Emerging
Economies , vol. 12A, pp. 31-49.
Saren, G. and Beelde, D. (2006) 'The relationship between internal audit and senior management', Int. J. Audit , vol. 10, pp. 219-241.
The Committee of Sponsoring Organization of the Treadway Commission. (2013)
'Internal Control-Integrated Framework', [Electronic],
Available:http://www.coso.org, [24 March, 2014].
The Committee of Sponsoring Organization of the Treadway Commission. (2014)
'Improving organizational performance and governance: how the COSO frameworks can help', Governance and Operational Performance .
Zakaria, Z. Selvaraj, S.D. and Zakaria Z (2006) 'Internal auditors: their role in the institutions of higher education in Malaysia', Managerial Auditing Journal , vol.
21 no. 9, pp. 892-904.
Zhou, H., Zhaou, H. and Tian, Z. (2013) 'An analysis of internal control problem of state-owned highway construction enterprise', Procedia Computer Science , vol. 17, pp. 314-323.
10