Internal auditing and operational risk management for some selected remittance companies in Mogadishu-Somalia

The purpose of this study was to investigate the relationship between internal auditing and operational risk in Somalia since in my best knowledge there is no study examined the relationship between internal auditing and operational risk in Somalia. Five remittance companies were selected as a sample and self-administered questionnaire was distributed 80 employees of these companies, these employees contained internal auditors, operational managers, and financial mangers. Descriptive statistics was used firstly for the data description of the variable using mean and standard deviation, and then correlations of the variables were presented based on Pearson correlations. The findings of this study include that Somali Remittance Company’s risk identification is weak, weak segregation of duties, no identity of previous incurred risks, reporting behind the schedule and impaired internal audit independence, which highlighted broad operational risk in the remittance companies. As a whole the study found that internal audit and operational risk have significant negative relationship (r=-0.0.15 and P=0.893) with Cranach’s alpha of 0.90 or 90%.


Internal auditing
Internal audit is an independent, objective assurance activity and can provide valuable insight in providing assurance that major business risks are being managed appropriately and the risk management and internal control framework is operating effectively (Gerrit and Ignace, 2006).

Operational risk management
Operational risk is the risk of loss arising from various types of human or technical errors (Linsley, 2006).The process of managing or reducing risks arising from human and the technical errors is called operational risk management (ibid).In recent years further uncertainty arises in the area of operational risk due to the value of intangible asset and goodwill but the emerge of probability mathematics has been the treatment of operational risk (Sporow, n.d).Operational risk comes from three areas which are: a) People risk; which includes human error, lack of experts, lack of compliance, and fraud b) Process risk; which includes new products or services as well as insufficient controls c) System risk: it is technological risk (Francais, 2010).*Corresponding author.E-mail: ciiseiidle10@gmail.com.

Problem statement
Risk is inherent in every economic activity and every organization has to manage it according to its size and nature of operation (Saiyor, 2010).Operational risk which originates both from business operation and external factors will affect the margin of profitability; where by margin of profitability also will decrease with increase of risk (Mahmood, 2009).
Remittance industries are the most exposed one to risks resulted from employee fraud external threat and nature of their business which is purely running a lot of money.Somali remittance companies lost $1million last four years, whilst there is no vivid means to protect or even to caution to that risk, mishap matter is that risks are exposed after they occurred and damaged enough to organization existence (Ismail, 2010).However, this study attempts to examine the salvation to this hazardous problem and shedding a light to managers how internal auditing relates to operational risk in remittance companies, and how internal auditors can take part in risk mitigation

Research objectives
The following are the objectives of the study -To examine the relationship between internal auditing and people risk -To investigate the relationship between internal audit and process risk -To examine the relationship between internal audit and operational risk

Significant of the study
The study is very essential since it examines operational risk management in Somali remittance companies.The study was served as a guide for practitioners and academician in handling operational risk of Somali remittance companies.In addition, the study contributed the literature covering internal auditing and operational risk management in Somali remittance companies.After findings this study provided recommendations that were useful to managers, owners and the potential investors on how internal auditors can contribute operational risk management, to at least understand or get the source of operational risk and how to compensate it.

Internal audit and operational risk management
The traditional role of internal auditing was to focus on assessing the effectiveness of internal controls operated by the business, there has been a move toward risk based internal auditing.The idea of risk based internal audit is to look at business process with in the internal control system in an environment of risk (IIA, 2009).McConnell and Blacker (2000) on their study of modeling operational risk they found that banks actually use internal auditing as respond to operational risk 80%, using interview with 46 bank executives and internal auditors in the United States.
If the organization"s risk management processes are in the developmental stages the internal auditors may prefer to adapt consulting role.if the risk management process is well developed, the internal auditing can play an assurance role (IIA, 2009).Internal auditors are well positioned to provide assurance and support management and the board to achieve the objectives and goals of the organization.These organizational goals and objectives need not only be operational or financial but also include risk management.Well defined internal audit activities with clear understood roles can help identify, assess, and respond risks that may compromise the attainment of organization"s goals (Ferreira, 2007).
IIA (2010) global internal audit survey component of the common body of knowledge studies indicate that 57% of internal auditing activities around the world perform an audit of enterprise risk management process, the study also focus the perception of internal auditors on their role of risk management by interviewing 200 internal auditors, 77% indicate that they play formal role for managing risks while 20% indicated that they have informal consulting role the other 3% indicated that they perform internal control function IIA, (2011).But study made by (Pop, 2009) utilizing interview and questionnaire to gather in European banks indicated that 78% of internal auditing activities in Europe banks had primary responsibility for risk management for their organizations (Ismail, 2010).Sarens and Beeldein (2006) their study of internal auditor"s perception on their role of risk management using qualitative methodology in Belgium and US companies indicate that internal auditor"s role is time specific and changes quickly.It is important to see that constantly emerging changes in the business environment are important bases for the role internal auditors in risk management.Consideration should be given in the evolution towards high level of risk based internal auditing is absolutely needed in internal auditors want to play an important role for risk management.In study conducted by Fourie and Erasmus (2010) in South Africa that focused on internal audit activities performed.it is primarily based on the perceptions of internal auditors of large companies in south Africa.The study indicated a result differ to the result of IIA conducted in many countries around the world include South Africa.Majority of the respondent indicated that their activities comprised operational, performance, information system and financial audit.But the study had two limitations first the study did not include the perception of stakeholders and the senior management, secondly the scope of the study was limited.Mohmood (2009) in his study "examination of operational risk in commercial bank in Malaysia" using case study for 17 local commercial bank and 3 international banks in Malaysia indicated that there are nine determinants of operational risk, expanses, income, liquidity asset, leverage, regulatory capital, base lending rate, nonperforming loan, gross domestic product, and size, all the nine variable were considered and tested using regression analysis.

Who has the responsibility of the risk management?
There is conflict question about "who has the overall responsibility of risk management in the originations?" the international standard for professional practice of internal auditing issue by institute of internal auditors clearly answered this question by identifying role of internal auditors that should be undertaken and those should not be undertaken, the below diagram explain the core roles of internal auditors, legitimate roles of internal auditors and the roles that should be undertaken by internal auditors regarding the risk management of the originations that would be the responsibility of internal auditors (Figure 1) (IIA, 2011).

DATA AND METHODOLOGY
This study was conducted through quantitative research design, The study was conducted in 24 remittance companies and selected five remittance companies out of 24 currently working remittance companies based on their long time in the business and the capability of being having internal auditors which are DAHABSHIL, AMAL, MUSTAQBAL, OLYMPIC AND IFTIN.80 respondents was selected as a sample based on the previous literature; in the study of Ismail entitled "internal auditing and risk management".
Based on the previous literature internal auditing is measured two factors; the independence of the internal auditors and the functions they perform and operational risks can be measured according to creation or removal of process, identity of incurring risk, frequency of reporting, segregation of duties, training of the employees, risk identification procedure, and documentation of the risk.
Descriptive statistics was used firstly for the data description of the variable using mean and standard deviation, and then correlations of the variables were presented based on Pearson correlations (Table 1) and the applied scale is five points Likert scale interpreted as follow.

Demographic data
The respondents were asked to specify their gender (Table 2).95.5% of the respondents were male and 2.5% of the respondents were female, this indicates that gender balance in remittance companies shifts to men, female groups hold inferior jobs and are less likely persuading jobs by getting the administration of their homes and children, on the other hand male are mostly the bread winner of their families, this causes the tendency of the male to the jobs in Somalia.
The respondents were asked to specify their marital status (Table 3).68.8% of the respondents were married and 31.2% of the respondents were unmarried.Respondents were mostly under married status.
The respondents were asked to demonstrate their office on work (Table 4).26.25% of the respondents worked on internal audit office, 61.25% of the respondents worked on finance office, most of the respondents work in fiancé office, they may be accountants, cashiers and counters or other tasks, while the rest of the 12.5% worked on operation office.

Correlations between internal audit and people risk
The first objective of this study was to investigate the effect of internal audit on firms" people risk (Table 5).The correlation between internal audit and people risk is -0.068.It means that one level increase of internal audit were lead to 0.068 decrease of the people risk.The probability of this correlation coefficient occurring by chance is 0.548.This coefficient shows that there is a statistically non significant relationship between internal audit and people risk, (r= -0.068 and P>0.01).

Correlations between internal audit and process risk
The second objective of this study was to investigate the effect of internal audit on the process risk (Table 6).The correlation between internal audit and process risk is -0.026.It means that one level increase of internal audit were lead to 0.026 decrease of the process risk.The probability of this correlation coefficient occurring by chance is 0.818.This coefficient shows that there is a statistically non significant negative relationship between internal audit and process risk (r= -0.416 and P> 0.01).

Correlations between internal audit and operational risk
The last objective of this study was to investigate the effect of internal audit on firms" operational risk (Table 7).The correlation between internal audit and operational risk is -0.064.It means that one level increase of internal audit were lead to 0.064 decrease of the operational risk.The probability of this correlation coefficient occurring by chance is 0.574.This coefficient shows that there is a statistically non significant negative relationship between internal audit and operational risk (r= -0.064 and P>0.01).

DISCUSSION
The aforementioned results indicate that in Somalia, there is a week negative relationship between internal audit and operational risk management, which mean as internal audit effectiveness increase the operational risks will decrease and vise verse.But as indicated in the descriptive analysis, Somali Remittance Company"s risk identification is weak, this means there is no precautions or proactive steps that Somali remittance companies designed in order to identify risks before they occur.This may result that remittance companies were unable to manage risks because risk management starts as an identification of what could cause harm to the organization.
As mentioned by Somali Money Transfer Association in 2009, one of the operational risks that Somali remittance companies frustrated is the increasing frequency of escaping money made by line managers of the remittance companies.The under lied reasons of this physical fraud are less segregation of duets and less knowledge of previous incurred risks.McConnell and Blacker (2000), on their study of modeling operational risk, found that banks actually use internal auditing for risk management tool and the internal auditors have clear role on risk management by using interview with 46 bank executives and internal auditors in the United States, 80% of the respondent indicate that internal auditors have role on risk management.
IIA support this argument with its global internal audit survey component of the common body of knowledge studies, they found that 57% of internal auditing activities around the world perform an audit of enterprise risk management process, by interviewing 200 internal auditors 77% indicate that they play formal role for managing risks while 20% indicated that they have informal consulting role the other 3% indicated that they perform internal control function (IIA, 2010).The third study supported the idea that internal auditors and risk management have negative relationship is the study made by Pop (2009).Utilizing interview and questionnaire to gather in European banks indicated that 78% of internal auditing activities in Europe banks had primary responsibility for risk management for their organizations.
Another studies found that internal audits and risk management have negative relationship.But there are other opponents to this idea.In the study conducted by Correlation is significant at the 0.01 level (2-tailed).Fourie and Erasmus (2010) in South Africa, it focused on internal audit activities performed, which was primarily based on the perceptions of internal auditors of large companies in South Africa, majority of the respondent indicated that their activities comprised operational, performance, information system and financial audit, but no risk management at all.But the study had two limitations first, the study did not include the perception of stakeholders and the senior management, secondly the scope of the study was limited Fourie and Erasmus (2010).
Another study by Ismail (2010), indicated that is no relationship between internal audit and risk management in Somalia, he argued that internal auditors of Somali remittance companies perform only the function of internal control by using questionnaire and interview together with sample of fourteen Somali remittance Correlation is significant at the 0.01 level (2-tailed).
companies.But this study had limitations such as purposive sampling procedure that is based on the researcher"s own judgments and the companies locate in Somalia may have less knowledge and application of risk management.

Recommendations
(i) Establishment of risk management department in order to identify risks before they occur, setting the objectives of risk management and identification of previous incurred risks.
(ii) Maintaining proper segregation of duets suitable for Somali remittance companies in order to reduce the money laundering and decorated frauds.
(iii) Reporting systems should have scheduled deadlines that are to be ensured by internal controllers.
(iv) Establishment of strong audit committee with properly clarified duets and responsibilities towards internal audit and managements.
(v) In order to maintain the independence of internal auditors, board of directors should nominate internal auditors that report directly to the board.(vi) Somali remittance companies should communicate the role of internal auditors though out the organization.

Limitations
(i) The followings are the main limitations (ii) The study was carried out only five remittance companies out of 24 currently working remittance companies that may compromise in generalizing the results to the population (iii) Nonprobability sampling techniques, especially purposive sampling procedure was utilized by the study that might cause biases (iv) The study was conducted in places where some respondent may seen the information secret.

Figure 1 .
Figure 1.Core roles of internal auditors, legitimate roles of internal auditors and the roles that should be undertaken by internal auditors regarding the risk management.

Table 4 .
Office on work.

Table 5 .
Correlations between internal audit and people risk

Table 6 .
Correlations between internal audit and process risk

Table 7 .
Correlations between internal audit and operational risk