Control Activities

Control activities are the policies and procedures that aid in ensuring that the directives initiated by the management to
mitigate risks are performed (Public Company Accounting Oversight Board, n.d).

Benefits

In a study conducted by Kamau (2016) on Small and Medium Enterprises (SMEs) in Nairobi, Kenya, the result shows that
there is a significant positive relationship between control activities and financial performance. This indicates that
control activities have a positive effect on the financial performance of Small and Medium-sized enterprises.

Periodic reconciliation To come-up with a high-quality decision, a high-quality information is needed (Laudon and
Laudon, 2012, as cited in Susanto, 2017). High-quality information will enhance the managers' ability to perceive
changes occurring both inside and outside the organization, allowing for swift and accurate responses (Azhar, 2013, as
cited in Susanto, 2017).

ICT applications can contribute to improved information and knowledge management inside the firm, can reduce
transaction costs and can increase the speed and reliability of transactions for both B2B and B2C transactions.

Automated control would generally be expected to be lower risk if relevant information technology
general controls are effective
Obstacles

When designing internal control activities, business leaders consider the costs and ensure that the costs do not outweigh
the benefits once an adverse event has occurred. Establishing effective and efficient control procedures is a priority for
leaders (Aladejebi, 2017).

In addition, SMEs face a number of internal and external obstacles when implementing an IT system. According to a
study conducted by Pillay (2016), internal barriers, such as immediate Return on Investment (ROI) and lack of existing
hardware, significantly hinder the adoption of Information Technology (IT) by Small and Medium-sized Enterprises
(SMEs). An additional external barrier to IT adoption is the lack of infrastructure.

As stated by (Niskanen, 2010) in the article of Vanstraelen and Schelleman in 2017, a Big 4 audit firm is less likely to be
hired by a family-owned or controlled business. Furthermore, as family ownership grows, the likelihood of hiring a Big 4
auditor lowers. Being a non-family-owned business, they have a higher chance performing audits or having audits of
outside parties than family-owned.

Even though according to (Suarez, 2017) that effective internal control systems particularly in family-owned business are
critical to the success; additionally, managers who oversee internal control maintenance must not only comprehend the
system's value and impact on their performance, but also implement it efficiently. Hence, he pointed out that there shall
be a system established that measures the effectiveness of internal control of the business.

General: This is consistent with the findings of Bardhan, Lin, and Wu's (2015) study, which suggests that family firms are
unlikely to have more company-level material weaknesses than non-family firms. Company-level material weaknesses
include deficiencies in one or more of the five components of the control framework established by the Committee of
Sponsoring Organizations of the Treadway Commission (COSO), which includes the control environment, risk
assessment, control activities, information and communication, and monitoring.
Information and Communication

Relevant information pertaining to an organisation’s internal control, in a broad sense, should be properly
communicated to relevant stakeholders in an organisation in a transparent manner. This will result in the empowerment
of relevant stakeholders to execute their applicable responsibilities effectively, which will in turn help the organisation to
achieve its objectives (Bruwer, 2016). Furthermore, it is important that all processes within an organization should be
captured in official policy and procedure manuals which should be distributed to all staff so that they are aware of their
responsibilities and how their responsibilities affect those of others within the organization (Fourie & Ackermann, 2013)

An effective internal communication plays a very important role in developing positive attitudes such as organizational
identification, organizational commitment, trust, job satisfaction, and positive employee-organization relationships.
Employees feel valued when they believe their opinions matter and are asked for feedback (Men & Stacks, 2014).
According to Beattie and Ellis (2014), from a management point of view, communication is the process wherein people
are informed and guided to achieve the best results in their tasks in line with the success of the organization. Also, an
effective communication does not only pertain to putting up your thoughts and opinions in order but also relaying of
information to the people in way that would capture their attention and push them to make a difference. Moreover,
according to the study results of Abu Naser et. al (2016), the shortcomings in the communication in the administration
will reflect on the entirety of the regulatory process because the communication process signifies an important part of
everyday business.

Fourie, H., & Ackermann, C. (2013). The impact of COSO control components on internal control effectiveness: an
internal audit perspective. Journal of Economic and Financial Sciences, 6(2), 495-518.

Monitoring

Monitoring Activities are ongoing evaluations, separate evaluations, or some combination of the two are used to
ascertain whether each of the five components of internal control, including controls to effect the principles within each
component, is present and functioning. Ongoing evaluations, built into business processes at different levels of the
entity, provide timely information. Separate evaluations, conducted periodically, will vary in scope and frequency
depending on assessment of risks, effectiveness of ongoing evaluations, and other management considerations (COSO,
2013).

There is an emphasis in the importance of the monitoring component of internal control by placing the monitoring
component “on top” of the other four components of internal control (Spencer Pickett, 2005 as cited by, Fourie &
Ackermann, 2013). This is due to the fact that for controls to be working effectively, they need to be monitored on a
regular basis (Coetzee et al., 2010, as cited by, Fourie & Ackermann, 2013).

According to Provasi (2013), COSO’s first step is to build awareness on the framework itself. An awareness of the
organization’s integrity and ethical values reinforces the accountability culture for employees, which is reflected in the
extent of monitoring activities (Rae, et al., 2017). Employees should be made aware that the onus is on them to
communicate any deficiencies in the prescribed controls. In addition, organisations could use customers to identify
certain weaknesses in the control system by, for example, examining customer complaints and conducting customer
satisfaction surveys. Management should take corrective action on recommendations made by the IAA. Furthermore,
the IAA should do follow-up audits to ensure that management has implemented agreed changes (Fourie & Ackermann,
2013). Various individual factors reflect the subjective evaluation of the gap between the cost and benefit of the
recommendation, — for example whether the recommendation is worth the effort. The most significant difficulty,
according to Mikhaylov & Mikhaylova (2015), is time and money. Accordingly, Hasson et al. Al. (2019) also noted that
gathering consumer feedback is expensive, requires active participation from customers, and has poor response rates.
Furthermore, customer survey response rates are typically about 5%, which does not adequately capture the wide range
of consumer opinions