The Importance of ( COSO-ERM ) Model Implementation in Enhancing the Effectiveness of Internal Control Systems in the Jordanian Commercial Banks ( Field Study )

This study aimed to investigate the Importance of Committee of Sponsoring Organizations (COSO) Model for Enterprise risks management (ERM) Implementation in Enhancing the Effectiveness of Internal Control Systems in the Jordanian Commercial Banks. To achieve this goal a questionnaire was designed and distributed to a random sample of (65) respondents including financial managers, audit managers, internal auditors, and department of IT. (58) Questionnaires were valid for analysis at rate of (89%). The study population consists of all commercial banks in Jordan (13). The study hypotheses were tested using the descriptive and analytical approach. The findings showed a high level evaluation according to study sample point of view towards the importance of (COSOERM) Model Implementation in Enhancing the Effectiveness of Internal Control Systems in the Jordanian Commercial Banks. Certain differences in details of component evaluation, Enterprise risk management came first in ranking; followed by events identification; internal control environment, objective setting; information and communication; risk assessment; monitoring; risk response, and control activities. The study recommends banks management to give more attention for continuous improvement to their internal control and accounting systems, to keep up with Business environment improvement especially the continuous follow-up of the concerned activities, and arming the staff in various jobs and levels with necessary educations and skills.


Introduction
The world has known the control since ancient times and has evolved in its aims, structures, themes and functions, whether in respect of institutions or countries, and will remain in constant evolution because it will continue to be subjected to criticism as long as it comes to seeking the best use of available resources.Perhaps today there is a need to more effective control systems to address the cases of fraud and collapse accompanying major international and domestic companies and led to a loss of investor confidence, where the relationship transferred from a relationship of trust to another dominated by crises of confidence.So the internal control systems represents the safety valve to ensure that the economic unit operates according to the laws, policies and procedures adopted with a high level of efficiency and effectiveness in performance, assets protection against misuse, and make adequate care towards risks.Because commercial banks in Jordan do not differ in conditions as other economic units in the world in terms of the risks mentioned, This study came to test The Importance of (COSO-ERM) Model Implementation in Enhancing the Effectiveness of Internal Control Systems in the Jordanian Commercial Banks.

Problem of the Study
Economic units facing many problems as a result of their internal control systems weakness, due to Unavailability of the basic components, career inflation, unsound organizational structure, duplication and Power overlap, lack of clarity of plans, and weak of accountability with formal role of board of directors, Which requires the implementing of an effective internal control systems to achieve the accuracy and reliability of financial reporting, encourage commitment policies and laws, and to achieve efficiency and effectiveness of operational activities, So this study tries to answer if (COSO-ERM) model for enterprise risks management adoption, Is important to enhancing the effectiveness of internal control systems in the Jordanian commercial banks?

Study Importance
Because (COSO-ERM) model for enterprise risks management, establishes to a high effectiveness of internal control systems, for its positive role on decision making in banks, especially to those related to credit and investment, So the importance of the study come from the evaluating to which level that the Implementation of this Model Enhancing the Effectiveness of Internal Control Systems in the Jordanian Commercial Banks.

Procedural Definitions and Theoretical Framework of the Study •
Internal control: Committee of Sponsoring Organization of the Trade Way Commission (COSO), defined the internal control as a process designed and influenced by management, and by which it can obtain reasonable assurance that the objectives be achieved, credibility of financial statements, effectiveness of operational operations, compliance with policies, laws and regulations.

• Commission (COSO):
The Committee of Sponsoring Organizations (COSO) formed from the American Institute of Certified Public Accountants (AICPA), Financial Executives Institute (FEI), the Institute of Internal Auditors (IIA), the American Association of Accountants (AAA), And the Institute of Management Accountants (IMA).In 1992 (COSO) Organization issued a framework of integrated internal control, which is meant to provide guidance to assess and strengthen control systems, which form an acceptable reference for companies in the designing of policies, laws, and regulations used to adjust work activities as well as the acceptance by government legislation, including the law (SOX) of 2002.

•
Enterprise risk management (ERM) The Committee of Sponsoring Organizations of the Trade way Commission (COSO) defined (ERM) as a process, effected by an entity's board of directors, management and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.The ERM framework is geared to achieving an organization's objectives, set forth in the following four categories: 1. Strategic, High-level goals, aligned with and supporting its mission.2. Operations, Effective and efficient use of its resources.

Literature Review (1) Al-Hanini study (2015),
This study aimed to evaluate the reliability of the internal control methods on the computerized information systems in banks operating in Jordan.A questionnaire was designed and distributed to the random sample of the study which consisted of 50 respondents of the managers and the employees of the computer units and the branches' managers and the financial managers in the banks operating in Jordan.After The Importance of (COSO-ERM) Model Implementation …… using the Statistical Package (SPSS) , it was concluded that the methods of the internal control used in the banks operating in Jordan were reliable because they met the requirements of the availability principle of the system; they adopted policies and control and precautionary procedures to reduce the system's downtime as possible , they met the requirements of the security principle of the system through the protection against the physical and logical access and the protection of the personal computers and the networks.and they also met the requirements of the principle of the maintenance and the adjustment in terms of the existence of a strategic plan of maintenance, periodic evaluation of the system, and the use of the proper procedures of documentations and finally they met the requirements of integration where the banks adopted control procedures on the sources of data, the input , the processes , the outputs and the transfer operations.The most important recommendation of the study concentrate on raising the employees' awareness of the importance of the control procedures and their goals before being trained to follow them.
(2) Ghosh study (2013), This study aimed to test the effect of applying (ERM) framework for project risks management (setting goals, identifying events, Risk assessment, and risk response) in creating value at Indian companies, in addition to identifying the determinants and constraints of applying this framework.The study applied on 100 companies listed on the Indian stock market, and for the purpose of achieving its objectives a Questionnaire was distributed to the CFOs, risk managers, and internal auditors.The results indicates that companies with high-volume, high-profit and complex operations prefer adopting (ERM) framework for the managing its internal and external risk more than small-sized companies.The results also indicate that adopting (ERM) framework for project risks management affect positively in creating value for companies through the ability to cope with risk, and get Competitive advantages, reduce stock prices fluctuation and reduce its costs.The study recommended the need to increase the participation of Board of Directors and improve its supervisor role in mentoring risk process in that companies.
(3) Scannell et al study (2013), the study aimed to examine how companies identify and manage supply chain risks and how those actions relate to systemic enterprise risk management (ERM).To achieve this goal, Data from 46 companies at the United States of America were analyzed to identify which factors affect the decision to develop a supply chain risk management (SCRM) system and how the resultant systems compare to an ERM system.The study concluded that project risk management system components (ERM) of (COSO) 2004 Provides a reasonable framework which enables companies to achieve integration between the (ERM) system and supply chain risk management (SCRM) system.The study recommended the need to link risk management system with supply chain risk management system at companies to develop their strategies.
(4) Barakat study (2009), the study aimed at investigating the degree of application of Basel's committee requirements by Jordan banks.A questionnaire was developed and distributed over 40 subjects from all commercial banks in Jordan, the data was analyzed by using Statistical Package for Social Sciences (SPSS).The results revealed that all banks in Jordan are applying Basel's II norms.Results do not reveal any significant difference on the extent of implementing Basel II committee resolutions.It seems that availability of internal control systems and providing the same with work freedom shall not be limited only to Jordan banks but the existence of Arab, and foreign banks in Jordan.Moreover the results revealed that there were significant differences in application of Basel's II norms between local banks and foreign banks.To manage risks, the executive management needs periodical evaluations of followed procedures, its appropriateness, the availability of managerial authorities, efficient human resources and management of fruitful discourse to enhance internal control system.The study recommends the need to test bank loans and foreign credit companies, and not rely solely on the internal control operations in granting the loans.
(5) Rittenberg study (2006), which aimed to clarify the role of Internal Control Standards guidelines in preparing the financial statements for small-sized public companies, which Issued by the Commission (COSO) in 2006 in response to the request of the US Securities Exchange to help small-sized public companies in the approval of the financial reports to Section 404 requirements of the Sarbanes-Oxley Committee for the year 2002, the study concluded that despite of the fact that the new standard does not modify or alter the original standard documents, but it covers the challenges facing small-sized businesses to the new standard guidance includes three sections each with a specific goal, the first overviews the senior management and other committees, the second goal presents practical guidance with practical examples of small businesses, and the third goal Provides evaluation tools to help organizations to implement and evaluate the internal control systems with regard to financial statements preparation.

Contribution of the Study
A part of previous studies focused on the analysis of internal control systems in terms of styles, applications, objectives and their impact on enterprise performance, another part focused on the structures of internal control systems and certain components impacts according to (COSO) model or SOX Act, a third part of researches have studied the framework (ERM) for the management of enterprise risk separately from the mentioned model (COSO).This study is characterized by evaluating the internal control systems at a different environment, with taking in the consideration all the eight components of the (COSO-ERM) model In order to test their importance in Enhancing the Effectiveness of Internal Control Systems in the Jordanian Commercial Banks.

Methodology of the Study
To realize the study objective, a descriptive analytical approach was used in collecting and analyzing data, for this purpose a questionnaire includes the eight components of the mentioned model (COSO) were designed.The methodology of the study recovers:

a. population and sample
The study population consisted of Jordanian commercial banks (13) banks, while the study sample encompassing the CFOs, directors of internal audit, internal auditors, directors of risk management, engineers at Computer center) in these banks.The questionnaires were distributed to a random sample at a rate of (5) questionnaires for each bank, where the number of distributed questionnaires was (65).Then (58) questionnaire was recovered and valid for analysis in rate of (89%).

b. data sources
The study is based on two types of data sources, secondary sources which represented in books, periodicals, reports and publications related to the subject of the study, Primary sources which consisted mainly through the questionnaire prepared for this purpose and were designed in two parts as follows: Part I: A letter addressed to the study sample which illustrates the scope and the study objectives, as well as private data of the sample (such as specialty and years of experience), as follows: The Importance of (COSO-ERM) Model Implementation …… The table above indicates: -The proportion of (62%) of the study sample was from those who have a preliminary (B.A) degree, which means that the study population was scientifically qualified to answer the study questions.-The proportion of (70.34%) of the study sample have an experience in banking business for more than 10 years, which means that the sample has a great practical experience enabling them to answer the study questions.-The majority of the study sample obtains professional certificates of accounting and auditing, which gives them additional capacity to answer the questionnaire with the quality required.-Most of the study sample was from those who have received training in the field of banking risk management and decisions of COSO Commission and its relationship to banking risks.

Part II:
The sample respondent's answers will be measured according to the Likert ladder.c. statistical methods used By using (SPSS), the appropriate statistical methods for data analyzing and hypotheses testing were: Measures of central tendency, such as the mean variance and frequencies, percentages, to describe the study sample opinions about the variables of the study and to determine the importance of the statements in the questionnaire, as well as the use of the standard deviation to describe the dispersion extent of the answers from their means.

• • • •
Cronbach's alpha test, and Spearman-Brown test were used, in order to test the stability of questionnaire paragraphs.

• • • •
T-test for one sample (T-Test) to find out if the response average had reached a middle class which is 3 or augmented or diminished it.All of this has been done.

d. test the validity and reliability of the instrument
Validity and reliability study tool were confirmed in two ways:

•
To ensure the validity, and in order to detect the ability of its data to achieve the desired goals, and to clarify the drafting phrases, and the suitability of each phrase of the axis which they belong to, the study tool was distributed in its primary form to a group of judges consisted of (8) members from the Jordanian universities faculty members who has qualification and experience accounting and Statistics fields, • Cronbach's alpha method was used for measuring the stability of the questionnaire, and as shown in Table (2) in the areas of internal control systems assessment in the Jordanian commercial banks, according to the (COSO-ERM) model for project risks management, the internal consistency has high degrees, where ranging between 0.904 stability in the area of responding to the risks and 0.730 for the goals identification, it was 0.943 for whole the questionnaire, all values were sufficient values to achieve the purpose for the study.The table indicates that the arithmetic mean value of the variable objectives setting reached (4.38) with a standard deviation of (0.50), the mean value of the study sample estimates indicates clearly their belief in the importance of objective setting in the importance to the objective setting as one of (COSO-ERM) model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks, the t value was (20.98) at level of significance (0.000) and where the significance level value less than 0.05, so we rejects the null hypothesis of the study and accept the alternative hypothesis which states: "There is an importance to the objective setting as one of (COSO-ERM) model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks ".H03 Testing: The following table shows the results of this hypothesis: The Importance of (COSO-ERM) Model Implementation …… in enhancing the effectiveness of internal control systems in the Jordanian commercial banks.The t value was (24.10) at level of significance (0.000) and the significance level value was less than 0.05, so we reject the null hypothesis and accept the alternative hypothesis which states: "There is an importance to the monitoring as one of (COSO-ERM) model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks".Conclusions 1-Generally, all (COSO-ERM) model components revealed playing big and important role in the effectiveness enhancing of the internal control systems in Jordanian commercial banks, which reached at 87%, but although of this god result the studied commercial banks must try to treat the deviation of 13 % which can be translated from other side by waste at same rate in the bank resources.

2-In details:
-There is a difference of 5 % between lowest and highest value, which also means that the lowest value reach to 15 % in term of diminishing in internal control effectiveness.-The biggest standard deviation of the study sample is 0.61 which reflect that the sample be more dissimilar to risk response, while the sample is more similar in the case of control environment importance in enhancing the internal control effectiveness of that banks.-The differences of deviations at the level of each internal control component, is clearly fluctuated by comparison with means, they are 42% for control environment; 33% objective setting; 13% event identification; 31% risk assessment; 22% risk response; 34% control activities; 39% information and communications; and 32% monitoring

Recommendations
Based on the conclusions, this study recommends the following: 1-Need to arm all individuals in all administrative jobs with necessary skills and qualifications, to ensure their relevant participation in rising the role of all internal control components at same level, in the enhancing of its effectiveness , because internal control process is affected by employees and affect them.2-Developing the application process of all internal components beginning with less situation in the effectiveness enhancing, ending with this have biggest role, that is because all mentioned components take the same importance in objectives realization.3-Need to develop more research in this area, especially on the efficiency domain to obtain a clear portrait needed for best performance in those banks.--------------------------xxxxxxxxxxxxxxx --------------------------

No. Paragraph
3. Reporting, Reliability of reporting.4. Compliance, Compliance with applicable laws and regulations.
• COSO-ERM framework It consists of eight interrelated components: 1. Internal environment, The internal environment sets the foundation for how risk is viewed and addressed by an organization's people, including risk philosophy; risk appetite; integrity and ethical values; and the environment in which it operate.2. Objective setting, Objectives must exist before management can identify potential risks affecting their achievement.ERM ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entity's mission and are consistent with its risk appetite.3. Event identification, Internal and external events affecting the achievement of an organization's objectives must be identified, distinguishing between risks and opportunities.4. Risk assessment, Risks are analyzed, considering likelihood and impact, as a basis for how they should be managed.Risks are assessed on an inherent and residual basis.5. Risk response, Management selects risk responses-avoiding, accepting, reducing, or sharing risk-developing a set of actions to align risks with the organization's risk tolerances and risk appetite.6.Control activities, Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out.7. Information and communication, Relevant information is identified, captured, and communicated in a form and time frame that enables people to carry out their responsibilities.Effective communication also occurs in a broader sense, flowing down, across, and up the organization.8. Monitoring.The entire ERM process is monitored and modifications are made as necessary.Monitoring is accomplished through ongoing management activities, separate evaluations, or both.

Table ( 2) Cronbach's alpha coefficient to measure the stability of the questionnaire
Study HypothesesAccording to the problem's question, the Main Hypothesis (H0) can be formed:"No

importance to the (COSO-ERM) model implementation in enhancing the effectiveness of internal control systems in the Jordanian Commercial Banks", and
No importance to the risk assessment as one of (COSO-ERM) model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks".H05.No importance to the risk response as one of (COSO-ERM) model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks".H06.No importance to the control activities as one of (COSO-ERM) model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks".H07.No importance to the information and communications as one of (COSO-ERM) model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks".H08.No importance to the monitoring as one of (COSO-ERM) model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks".Hypotheses Testing and Discussing the Study ResultsOne-sample T-test was used to test the study (main hypothesis and sub-hypotheses) associated, where the following tables show the results of testing these hypotheses: H0 Testing: The following table shows the statistical details of this hypothesis: The Importance of (COSO-ERM) Model Implementation …… H04.

Table ( 3): t-test results of the importance to the (COSO-ERM) model implementation in enhancing the effectiveness of internal control systems in the Jordanian Commercial Banks
The table above shows that the arithmetic mean value of the importance to the (COSO-ERM)

model implementation in enhancing the effectiveness of internal control systems in the Jordanian Commercial Banks reached
(4.37)with standard deviation of (0.32). this means that the estimates of the study sample clearly indicate that there is a great conviction about that importance, where the average value of the sample answers came higher than the hypothetical average of the study estimated at value (3), according to Likert ladder, T. value was (32.55), at the level of significance (0.000), which is less than the expected error degree of the study (0.05), so we rejects the null hypothesis of the study, and accept the alternative hypothesis, which states: "

There is an importance to the (COSO-ERM) model implementation in enhancing the effectiveness of internal control systems in the Jordanian Commercial Banks". H01 Testing:
The following table shows the statistical details of this hypothesis:

Table ( 4): T-test results of the importance to the internal control environment as one of (COSO-ERM) model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks
) indicates that the arithmetic mean value of internal control environment has reached a value of (4.46) and standard deviation (0.35) and this clearly shows the great importance to the internal control environment as one of (COSO-ERM) model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks.the t value was (32.11) at level of significance(0.000),so we rejects the null hypothesis of the study, and accept the alternative hypothesis which states: "

There is an importance to the internal control environment as one of (COSO-ERM) model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks". H02 Testing:
The following table explains the results of this hypothesis: Table (5) t-test results of the importance to the objective setting as one of (COSO-ERM) model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks

There is importance to the event identification as one of (COSO-ERM) model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks". H04 Testing:
The following table shows The results of this hypothesis:

There is an importance to the risk assessment as one of (COSO-ERM) model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks".
H05 Testing: The following table shows the results of this hypothesis: Table (8): t-

as one of (COSO-ERM) model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks. The
t value was (16.32) at level of significance (0.000) and the significance level value was less than 0.05, so we reject the null hypothesis and accept the alternative hypothesis which states: "

There is an importance to the risk response as one of (COSO-ERM) model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks". H06 Testing:
The following table shows the results of this hypothesis:

one of (COSO-ERM) model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks.
The t value was(17.84)at level of significance (0.000) and the significance level value was less than 0.05, so we reject the null hypothesis and accept the alternative hypothesis which states: "There is an importance to the control activities as

one of (COSO-ERM) model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks". H07 Testing:
The following table shows the results of this hypothesis: Table(

10): t-test results for the importance of information and communications as one of (COSO-ERM) model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks
The above table indicates that the arithmetic mean value of information and communication has reached (4.37) with standard deviation (0.41), the mean value of the study sample estimates clearly indicate their belief in the importance of information and communication as one of (COSO-ERM)

model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks
. The t value was (25.54) at level of significance (0.000) and the significance level value was less than 0.05, so we reject the null hypothesis and accept the alternative hypothesis which states: "

There is an importance to the information and communication as one of (COSO-ERM) model components in enhancing the effectiveness of internal control systems in the Jordanian commercial banks". H08 Testing: The
following table shows the results of this hypothesis: