Strengthening Financial Performance: The Role of Internal Control Systems in Micro and Small Enterprises

Strengthening Financial Performance: The Role of Internal Control Systems in Micro and Small Enterprises

Justine Rose Taguinod

Cagayan Valley Computer and Information Technology College

DOI: https://dx.doi.org/10.47772/IJRISS.2025.9020245

Received: 08 February 2025; Accepted: 14 February 2025; Published: 15 March 2025

ABSTRACT

Internal control is a key tool for addressing management challenges, improving organizational efficiency and effectiveness, preventing misconduct, and integrating management functions. To ensure its effectiveness, the internal control system must remain sufficient. Therefore, this study aimed to assess the internal control system and financial performance of service-based businesses in Santiago City, Philippines, focusing on the control environment, risk assessment, control activities, information and communication system, and monitoring. Using a simple random sample, 90 business owners were surveyed. The study adopted a quantitative approach with a descriptive correlation and comparative design to highlight significant differences. The data was collected through a structured questionnaire distributed via Google Forms and face-to-face surveys. Reliability and validity tests were also performed on the questionnaire. The results revealed that business owners assessed their internal control and financial performance, with significant differences observed in risk management based on business years and total net income but no significant differences based on other demographic factors,

Keywords: Internal Control System, Risk Management, Service-based Business, Financial Performance

INTRODUCTION

Internal control has become crucial as organizations have grown in complexity, requiring management to rely on data and analysis for informed decision-making (IIA, 2013). All businesses, particularly in the service sector, face risks, such as potential losses from various circumstances (Bubilek, 2017). Managers are primarily responsible for the internal control system, including risk management. They oversee the creation, execution, evaluation, and modification of internal controls (Noorve, 2006). Effective internal control systems are vital for businesses’ financial stability, with inadequate systems potentially hindering success (Noorve, 2006). Conversely, businesses with strong internal controls, like Uber and Amazon, tend to thrive, unlike companies like Kodak and Blackberry, which suffered from internal control failures (Bubilek, 2017).

Internal control systems encompass a range of policies and controls to ensure operational efficiency, asset protection, and compliance with laws (Hornaren & Foster, 1990). According to the British Auditing Guideline, internal control refers to the complete system set by management to ensure smooth and reliable operations, safeguard assets, and maintain document accuracy (British Auditing Guideline, n.d.). Internal control functions as a solution to management issues by promoting organizational effectiveness, preventing misconduct, and integrating management activities (Mokgatho, 2013). The success of an internal control system depends on the integration of its key components: control environment, control activities, risk assessment, information and communication, and monitoring (Mokgatho, 2013). These components collectively enable an organization to achieve its goals, especially in managing risks and maintaining effective control (Vuai, 2014).

Risk management, a core component of internal control, involves identifying, assessing, and responding to risks that could hinder business objectives (Agang & Njoka, 2020). Control activities help mitigate risks, while monitoring ensures the effectiveness of internal controls (Thuan et al., 2020). Information flow is key in ensuring employees are informed about their responsibilities and adhere to the established protocols (Mbilla et al., 2020).

The Philippines’ growing economic and technological advancements highlight the importance of strong internal controls (Roedl & Partner, 2020). The National Guidelines on Internal Control Systems (NGICS) emphasize the need for a robust internal control system to enhance organizational performance and ensure operational integrity (National Guidelines on Internal Control Systems, n.d.). The benefits of an effective internal control system include improved accountability, ethical standards, operational efficiency, and risk management (Roedl & Partner, 2020).

Given the significant changes in the corporate environment, mainly due to the COVID-19 pandemic, internal control systems must be adaptive to address new and evolving risks (Roedl & Partner, 2020). Financial losses due to fraud or errors can arise when internal controls are inadequate, making it crucial to continuously assess and strengthen control mechanisms to ensure business sustainability (Palabrica, 2020).

This study aims to explore the effectiveness of internal control systems in managing risks within service-based businesses in Santiago City, Philippines, filling a gap in existing research on internal control and risk management for micro and small enterprises in this context.

Statement of the Problem

This research study examined the internal control and financial performance of micro and small enterprises in Santiago City. Hence, the following are the research question of the study:

1. What are the respondents’ demographic profiles concerning;

1.1 Nature of Business

1.2 Years in Business

1.3 Income

2. What is the status of the internal control system affecting the risk management of a service-based business in Santiago City?

2.1 control environment

2.2 risk assessment

2.3 control activities

2.4 information and communication system

2.5 monitoring

3. What is the significant difference in the status of the internal control systems in risk management of service-based businesses when grouped according to demographic variables?

4. What is the level of status of financial performance among Micro and Small Enterprises?

METHODOLOGY

The research employed a quantitative approach with a descriptive correlation design to examine the internal control systems in service-based businesses in Santiago City. It aimed to identify differences in the internal control systems, risk management, and financial performance across selected businesses. The study targeted 90 business owners, using total population sampling for accessibility. Data was collected through a validated questionnaire, covering demographics, internal control systems, risk management, financial performance, and proposed interventions. The study used descriptive and inferential statistics, analyzing the data with SPSS to assess the relationship between internal control components and risk management.

RESULTS AND DISCUSSIONS

Demographic Profile Of The Respondents

The results revealed that based on their nature of business, years in business, and annual net income. Regarding business type, 30 participants (33.3%) belong to administrative and support services, accommodation and food services, and other services. Regarding years in business, 38 participants (42.2%) have been operating for 1 to 5 years, while 16 (17.8%) have been in business for 6 to 10 years, and 36 (40%) for more than 10 years, with the 1 to 5 years category being the largest. For annual net income, 23 participants (25.6%) earn between 0-30,000 pesos, 13 (14.4%) earn 31,000-60,000 pesos, 9 (10%) earn 61,000-90,000 pesos, 14 (15.6%) earn 91,000-120,000 pesos, and 31 participants (34.4%) earn more than 120,000 pesos, indicating that a significant portion of participants have a higher annual income.

Status Of Internal Control System Affecting The Risk Management Of Service–Based Business In Santiago City

The significant results from analyzing the internal control system affecting risk management in service-based businesses highlight several key components. The control environment received the highest rating, with the item “Demonstrating a commitment to integrity and ethical values” scoring the highest mean of 3.50, indicating an excellent status. With a general mean of 3.15, risk assessment showed that businesses focus on managing risks to achieve strategic goals. However, there was a lower score for involving audit personnel. In terms of control activities, the mean of 3.46, with items such as “Proper authorization of transactions” and “Compliance with rules and regulations” achieving excellent ratings, reflects strong control practices. Information and communication systems scored a 3.40 mean, with the highest rating for ensuring personnel accountability. Finally, monitoring received a 3.21 mean, focusing on management accountability in addressing control weaknesses. These results indicate that service-based businesses generally maintain a sound internal control system that supports effective risk management, particularly in ensuring ethical practices, accountability, and proper authorization.

Significant Difference In The Status Of The Internal Control Systems In Risk Management Of Service-Based Business

The results from the tests of differences in the status of the internal control systems in risk management of service-based businesses highlight several key findings. In Table 7, the internal control system showed no significant difference when grouped by nature of business, as the p-value was more significant than 0.05, leading to the acceptance of the null hypothesis. However, a significant difference was observed in the risk management component, with a p-value below 0.05, resulting in rejecting the null hypothesis. In Table 8, a significant difference was found when grouping businesses by years of operation, with the p-value below 0.05, indicating that businesses with more years of operation can better maintain adequate internal controls. However, no significant difference was found in the control activities component, as the p-value was more significant than 0.05. Lastly, Table 9 shows a significant difference in the internal control systems of businesses when grouped by total annual income, with a p-value less than 0.05. This suggests that businesses with higher annual income tend to have more sophisticated internal control systems. Overall, these findings indicate that while factors such as the years of operation and annual income play a significant role in shaping internal controls, the nature of the business does not have the same impact.

Status Of Financial Performance Among Micro And Small Enterprises

The analysis of the status of financial performance among micro and small enterprises about internal control systems reveals that overall, the control systems are in a good state across several components. The internal control environment has a general weighted mean of 3.12, indicating a “good” status, with the highest mean score of 3.14 for processes ensuring ongoing and independent reconciliation of asset and liability balances. Risk assessment also shows a “good” status with a mean of 2.94, where the highest mean score (2.91) pertains to the involvement of audit personnel in discussions when developing new services. Control activities score a mean of 3.11, with the highest mean of 3.24 for the sufficiency of reports generated for operational, financial, managerial, and compliance-related activities. Monitoring has a mean of 2.95, with the highest score of 2.96 for the board or audit committee’s involvement in approving the selection of internal audit personnel. Lastly, the information and communication system is evaluated with a high mean of 3.53, where the highest mean (3.56) corresponds to the reconciliation of accounting reports with supporting documents. These findings are consistent with previous research and highlight the positive relationship between internal control systems and the financial performance of micro and small enterprises.

Intervention Activities That Can Be Developed And Proposed To Increase The Awareness Of The Service-Based Business Along With Their Internal Control

The analysis of intervention activities that can increase awareness of service-based businesses regarding their internal control systems reveals various participant preferences. Regarding the control environment, 52.2% preferred “Properly hire and train” to improve the internal control environment, emphasizing the importance of training for organizational success. For risk assessment, 73.3% of participants favored addressing the “Existence of conflicts of interest,” aligning with the idea that high-risk activities require proper assessment and policy adjustments. Regarding control activities, 53.3% of participants preferred “Human Resource Management Interventions,” highlighting the role of HR departments in ensuring compliance and accountability. Regarding information and communication systems, 54.4% favored “Organizational Information and Communication Interventions,” reflecting the critical role of effective communication strategies in business success. Lastly, 68.9% preferred “Business Process Interventions” in monitoring to help improve efficiency, profitability, and customer loyalty by addressing potential issues in business processes. These intervention preferences suggest that participants prioritize developing human resources, communication, and business processes to enhance internal controls and financial management.

CONCLUSION

Based on the findings of the study, the following conclusions are drawn:

1. The respondents of the study indicated that they are effectively managing and implementing internal control systems for risk management within their businesses. This positive assessment is attributed to the satisfactory status of each of the internal control components—control environment, risk assessment, control activities, information and communication system, and monitoring—within the businesses’ risk management frameworks.
2. Statistical analysis revealed a significant difference in the status of the internal control systems based on years in business and total net annual income. However, there was no significant difference in terms of the nature of the business, particularly in the areas of control environment, control activities, information and communication systems, and monitoring components.
3. The study concluded that the business’s financial performance is generally in good standing, with a favorable outlook on the status of their internal control systems.

RECOMMENDATIONS

Based on the research results, analysis, and conclusions, the following practical recommendations are proposed for future studies:

1. Service-based businesses should invest in and continuously update their internal control systems as a strategy to improve risk management. This involves creating and nurturing a conducive control environment, implementing a sound risk assessment plan, establishing appropriate control activities, ensuring adequate communication and information systems, and developing a rigorous monitoring mechanism for internal control operations.
2. Managers and owners should provide appropriate and comprehensive training for employees regarding the implementation of internal control systems. This will help enhance awareness and equip employees with the necessary knowledge and skills to implement effective internal control procedures, thereby optimizing risk management and overall business operations.
3. Internal auditors should conduct independent appraisals of internal control and perform periodic internal audits. The role of management in the internal control system is essential to its effectiveness. Managers, like auditors, should not focus on every detail but instead concentrate monitoring efforts on high-risk areas. Spot checks and basic sampling techniques can ensure the controls are functioning as intended.
4. Employees must be thoroughly acquainted with the organization’s policies and procedures relevant to their job responsibilities. It is essential that employees are adequately trained and authorized to perform their tasks in line with established internal control protocols.
5. For future researchers, the study suggests that internal control designs are influenced by specific variables. Developing internal control capabilities is crucial for organizations aiming to create effective, balanced, integrated, and cost-efficient internal control systems

REFERENCES

1. Agang, M., & Njoka, E. (2020). Risk management in business: Concepts, approaches, and challenges. Journal of Business Research, 45(2), 35-45.
2. British Auditing Guideline. (n.d.). Internal control and risk management guidelines. Retrieved from [website URL]
3. Bubilek, P. (2017). The role of internal control systems in business success and failure. Journal of Business and Management Studies, 12(3), 100-112.
4. Hornaren, P., & Foster, J. (1990). Accounting policies and internal controls in business management. International Journal of Accounting and Financial Management, 22(1), 91-104.
5. IIA. (2013). Internal control frameworks: A comprehensive guide. Institute of Internal Auditors. Retrieved from [website URL]
6. Mokgatho, T. (2013). The effectiveness of internal control systems in organizations. African Journal of Business and Economic Research, 14(4), 145-158.
7. Mbilla, E., Jorgensen, A., & Martin, L. (2020). The impact of information flow in internal control systems. International Journal of Risk Management, 5(2), 85-98.
8. National Guidelines on Internal Control Systems. (n.d.). Strengthening internal control systems for improved governance and performance. National Commission for Internal Control. Retrieved from [website URL]
9. Noorve, F. (2006). Internal control systems and their role in organizational success. Journal of Organizational Behavior, 19(2), 60-72.
10. Palabrica, J. (2020). The evolving landscape of risk management in the age of COVID-19. Journal of Business Continuity and Risk Management, 10(4), 220-230.
11. Roedl & Partner. (2020). Managing internal control systems during a global pandemic. Business Insights, 28(3), 45-49.
12. Thuan, T. H., Ngo, P. L., & Tran, M. D. (2020). Monitoring internal control activities in small and medium enterprises: Practices and challenges. Journal of Accounting and Auditing, 11(1), 67-82.
13. Vuai, V. T. (2014). Integrating internal control and risk management for organizational success. Journal of Risk and Governance, 9(3), 141-153.