INTERNAL CONTROL SYSTEMS AND THEIR IMPACT ON REVENUE GENERATION IN NIGERIAN BANKS
Abstract
This study examined the relationship between internal control systems and revenue generation in Nigerian banks. The persistent incidence of financial fraud, operational losses, and declining revenue performance in the Nigerian banking sector provided the impetus for this investigation. The study was anchored on the Committee of Sponsoring Organizations (COSO) Internal Control Framework and the Agency Theory. A descriptive survey research design was adopted, and data were gathered from 180 respondents drawn from ten selected commercial banks in Lagos, Nigeria, using a structured questionnaire built on a five-point Likert scale. Purposive and stratified random sampling techniques were employed. Data were analysed using frequency tables, mean scores, standard deviation, and Pearson correlation analysis. The hypotheses were tested at a 0.05 level of significance using regression analysis. The findings revealed that control environment, risk assessment, control activities, information and communication, and monitoring activities each had a statistically significant positive impact on revenue generation in Nigerian banks. Specifically, robust control activities and a strong monitoring framework were identified as the most critical drivers of improved revenue performance. The study concluded that sound internal control systems are not merely compliance tools but strategic instruments that enhance revenue assurance, curb financial leakages, and build investor confidence. The study recommended, among other things, that bank management should institutionalise a culture of control consciousness, invest continuously in control technology, and ensure the independence of internal audit functions to sustain revenue growth.
Keywords: Internal Control Systems, Revenue Generation, Nigerian Banks, COSO Framework, Risk Assessment, Control Activities, Commercial Banks.
Chapter One Preview
INTRODUCTION
1.1 Background of the Study
The Nigerian banking sector occupies a central position in the nation's financial architecture. As financial intermediaries, banks mobilise savings, channel funds to productive investments, and facilitate the payment system that keeps commerce alive. Given their systemic importance, the operational efficiency, transparency, and revenue sustainability of Nigerian banks are matters of concern not only to shareholders but also to depositors, regulators, policymakers, and the broader economy. Yet, despite repeated regulatory reforms and capital base consolidations, Nigerian banks have continued to grapple with challenges that undermine their revenue generation capacity — challenges that are, in large measure, traceable to weaknesses in internal control systems.
An internal control system can be broadly understood as the entire set of policies, procedures, structures, and mechanisms put in place by an organisation's management and board of directors to provide reasonable assurance that operational objectives will be achieved, assets will be safeguarded, financial reporting will be reliable, and applicable laws and regulations will be complied with. The landmark framework provided by the Committee of Sponsoring Organizations of the Treadway Commission (COSO, 2013) identifies five interrelated components of an effective internal control system: the control environment, risk assessment, control activities, information and communication, and monitoring activities. Each of these components plays a distinct role in shielding organisational resources — including revenue — from loss, misappropriation, or underperformance.
Revenue generation in banks is a multifaceted concept that encompasses income from interest on loans, fees and commissions, foreign exchange transactions, treasury operations, electronic banking services, and other non-interest income streams. For Nigerian banks, revenue has historically been volatile. The Nigeria Deposit Insurance Corporation (NDIC) annual reports document cases where banks that appeared profitable on paper were subsequently found to have overstated revenues or suppressed provisions for bad loans. The Central Bank of Nigeria (CBN) has, at various times, imposed sanctions on banks for poor internal control practices that facilitated fraud, insider abuse, and regulatory non-compliance — all of which directly erode revenue.
The magnitude of the problem became starkly visible during the 2008 to 2009 banking sector crisis, when the CBN's special examination revealed that eight of Nigeria's 24 commercial banks were technically insolvent, largely due to poor credit risk management, inadequate internal controls, and outright corporate governance failures. The Asset Management Corporation of Nigeria (AMCON) was subsequently established to absorb toxic assets worth billions of naira — a cost ultimately borne by taxpayers. More recently, the 2020 to 2023 period saw several Tier-2 banks posting declining net interest margins, attributed partly to rising non-performing loans — a direct consequence of weak credit control activities.
Academic literature has long established that internal control systems and organisational financial performance are interconnected. Foundational studies by Doyle, Ge, and McVay (2007) demonstrated that firms with material weaknesses in internal controls tend to report lower earnings quality and higher earnings management incidence. In the Nigerian banking context, studies by Okafor (2019), Babatunde and Shaib (2020), and Eze and Oladipo (2021) have similarly observed that banks with robust internal control frameworks consistently outperform their peers in revenue generation, cost efficiency, and regulatory compliance scores. However, these studies have largely focused on profitability as the dependent variable, with revenue generation as a construct receiving less direct empirical attention.
The significance of internal controls to banking revenue is also evident from a governance perspective. The Basel Committee on Banking Supervision's guidelines on internal controls for banking organisations (Basel, 2012) emphasise that a well-structured internal control system reduces the incidence of operational risk events — losses arising from inadequate or failed internal processes, people, systems, or external events. Operational risk losses directly reduce net revenue, making internal controls not merely a compliance requirement but a revenue protection mechanism. In Nigeria, the CBN's Risk-Based Supervision framework and the Banks and Other Financial Institutions Act (BOFIA) 2020 both impose mandatory internal control requirements on banks, reflecting the regulatory consensus on the indispensability of these systems.
Despite the regulatory emphasis and the growing body of literature, anecdotal and empirical evidence suggests that many Nigerian banks continue to operate with internal control gaps. Reports from the Nigerian Financial Intelligence Unit (NFIU, 2022) indicate that financial fraud and cybercrimes targeting banks have escalated in recent years, with total fraud losses across the banking sector reaching over N12.4 billion in 2022 alone. Employee-related fraud, identity theft, and unauthorised fund transfers — all manifestations of weak internal control — continue to feature prominently in NDIC reports. These occurrences directly impair revenue by increasing provisioning requirements, generating regulatory penalties, and eroding customer trust.
Against this backdrop, this study investigates the specific dimensions of internal control systems that most significantly influence revenue generation in Nigerian commercial banks. By disaggregating internal control into its five COSO components and examining each component's relationship with revenue performance, this research offers a more granular and practically useful analysis than much of the existing literature. The findings are expected to guide bank management, internal auditors, regulatory authorities, and policymakers in designing and strengthening control frameworks that not only ensure compliance but actively support revenue optimisation.
1.2 Statement of the Problem
In spite of the substantial investments made by Nigerian banks in technology, human capital, and regulatory compliance infrastructure over the past decade, the banking sector continues to report significant revenue losses attributable to fraud, poor risk management, operational inefficiencies, and regulatory sanctions — all of which are symptomatic of weaknesses in internal control systems. The NDIC Annual Report for 2022 documented 42,946 fraud cases in Nigerian banks with a total value of N30.39 billion, indicating that fraudulent activities — largely enabled by control weaknesses — remain a persistent and growing threat to banking revenue.
Several Tier-2 and community banks have experienced periods of declining return on assets and shrinking net interest margins, not because their markets became less profitable, but because internal leakages — through undetected fraud, inappropriate loan disbursements, inadequate segregation of duties, and failure to identify emerging risks — undermined the full realisation of revenue potential. This is particularly concerning in the post-COVID-19 economic environment, where banks are under pressure to diversify revenue streams while managing elevated credit risk in a recovering economy.
Academically, while studies have examined internal controls in relation to financial reporting quality, profitability ratios, and corporate governance (Ogunleye & Adeyemi, 2020; Abiodun, 2021; Nwosu, Ezeabasili, & Ezeudu, 2022), there remains a notable gap in empirical research that focuses specifically on the link between disaggregated internal control components and revenue generation performance in Nigerian commercial banks. Most existing studies treat internal control as a unidimensional concept or focus on specific industries such as manufacturing or public sector entities. The banking sector — with its unique risk profile, regulatory environment, and revenue structure — warrants a dedicated and disaggregated investigation.
Furthermore, much of the existing research relies on secondary financial data from published accounts, which may not fully capture the operational realities of internal control implementation. Survey-based research that captures the perceptions and experiences of bank professionals — who directly implement and are affected by internal control systems — is relatively sparse. This study seeks to fill these gaps by gathering primary data from bank personnel across selected commercial banks in Lagos, Nigeria, and by examining each COSO component in relation to revenue generation outcomes.
1.3 Objectives of the Study
The broad objective of this study is to evaluate the impact of internal control systems on revenue generation in Nigerian commercial banks. The specific objectives are to:
1. Examine the effect of control environment on revenue generation in Nigerian banks.
2. Assess the impact of risk assessment on revenue generation in Nigerian banks.
3. Evaluate the influence of control activities on revenue generation in Nigerian banks.
4. Determine the effect of information and communication systems on revenue generation in Nigerian banks.
5. Investigate the impact of monitoring activities on revenue generation in Nigerian banks.
1.4 Research Questions
In line with the stated objectives, the following research questions guide this study:
1. To what extent does the control environment affect revenue generation in Nigerian banks?
2. How does risk assessment impact revenue generation in Nigerian banks?
3. In what ways do control activities influence revenue generation in Nigerian banks?
4. What is the relationship between information and communication systems and revenue generation in Nigerian banks?
5. What is the effect of monitoring activities on revenue generation in Nigerian banks?
1.5 Research Hypotheses
The following null hypotheses are formulated and tested at a 0.05 level of significance:
H01: Control environment does not have a significant positive effect on revenue generation in Nigerian banks.
H02: Risk assessment does not have a significant positive impact on revenue generation in Nigerian banks.
H03: Control activities do not have a significant positive influence on revenue generation in Nigerian banks.
H04: Information and communication systems do not have a significant positive relationship with revenue generation in Nigerian banks.
H05: Monitoring activities do not have a significant positive effect on revenue generation in Nigerian banks.
1.6 Significance of the Study
This study is significant on several fronts. First, its findings will be of immediate practical value to bank management and boards of directors. Understanding which specific internal control components most powerfully drive or restrain revenue performance equips decision-makers to prioritise control investments strategically rather than approaching compliance as a blanket, undifferentiated obligation.
Second, the study contributes to the body of academic knowledge by providing empirical evidence on the disaggregated relationship between COSO internal control components and banking revenue in a developing-country context. Given the limited number of studies that have examined this relationship with the specificity that this research offers, the findings will advance theoretical understanding and provide a reference point for future researchers.
Third, regulatory authorities — particularly the Central Bank of Nigeria and the Nigeria Deposit Insurance Corporation — will find the study's conclusions useful in refining supervisory frameworks. If specific control components are found to be more strongly associated with revenue performance, regulators can calibrate their supervisory emphasis accordingly, directing examination resources toward higher-impact areas.
Fourth, the study is significant for stakeholders such as investors, analysts, and rating agencies who monitor the health of Nigerian banks. A clearer understanding of how internal control systems translate into revenue performance provides additional analytical lenses for evaluating bank soundness beyond conventional financial ratios.
Finally, for students and academics in accounting, finance, and banking, this study serves as a model for applied research that bridges the gap between theoretical control frameworks and real-world banking practice.
1.7 Scope of the Study
This study is limited in scope to ten selected commercial banks operating in Lagos, Nigeria. Lagos was chosen because it is the commercial nerve centre of Nigeria and hosts the headquarters and major operational branches of virtually all systemically important Nigerian banks. The study covers the period from 2018 to 2023, which encompasses both the pre-COVID stability period and the post-COVID recovery phase — providing a sufficiently varied operational context.
The study focuses on the five components of internal control as defined by the COSO (2013) framework: control environment, risk assessment, control activities, information and communication, and monitoring activities. The dependent variable is revenue generation, conceptualised to include interest income growth, non-interest income growth, and overall gross revenue trend as perceived by bank professionals within the sampled institutions.
Only commercial banks with full banking licences from the CBN are included. Microfinance banks, mortgage banks, and development finance institutions are excluded due to their distinct operational mandates and regulatory requirements.
1.8 Limitations of the Study
Like all social science research, this study is not without limitations. First, the use of self-reported questionnaire data introduces the possibility of response bias, as respondents may provide answers they believe are expected rather than accurate reflections of their institutions' practices.
Second, restricting the sample to Lagos-based banks, while pragmatically justifiable, limits the generalisability of the findings to banks operating predominantly in other Nigerian states with different market dynamics.
Third, the cross-sectional nature of the survey means that the data capture a single point in time. Longitudinal changes in internal control systems and their effects on revenue over time cannot be fully captured by this design.
Fourth, access to some senior management respondents was restricted, as banks are typically cautious about disclosing control-related information for competitive and regulatory reasons. The researcher mitigated this by guaranteeing anonymity and framing the questionnaire in general operational terms rather than requesting specific institutional data.
Despite these limitations, the study maintains sufficient methodological rigour to yield valid and meaningful findings.
1.9 Operational Definition of Terms
Internal Control System: A set of integrated organisational policies, processes, and structures designed by management and governance bodies to provide reasonable assurance that strategic, operational, reporting, and compliance objectives will be achieved.
Control Environment: The foundation of the internal control system, encompassing the tone set by management, organisational culture, commitment to ethical values, and governance structures that influence the overall control consciousness of an entity.
Risk Assessment: The process by which an organisation identifies, evaluates, and prioritises internal and external risks that may prevent the achievement of its objectives.
Control Activities: The specific policies and procedures that help ensure management's directives are carried out, including authorisation controls, segregation of duties, physical controls, reconciliations, and IT general controls.
Information and Communication: The systems and processes through which relevant information is identified, captured, and communicated in a timely manner to enable personnel to discharge their internal control responsibilities.
Monitoring Activities: Ongoing or periodic evaluations conducted by management and internal auditors to assess whether the five components of internal control are present, functioning, and effective over time.
Revenue Generation: The total income earned by a bank from its core and ancillary operations, including interest income, fee-based income, foreign exchange income, and other operating income streams, reflecting the financial productivity of the bank's activities.
Nigerian Banks: For the purposes of this study, this term refers to commercial banks licensed by the Central Bank of Nigeria (CBN) to provide a full range of financial services to individuals, corporates, and government entities.
Purchase to unlock the full material.