Do Small and Medium Enterprises Optimally Utilize Computerized Accounting Systems Internal Controls? An Empirical Study

This research aimed to identify the computerized accounting systems employed by Nigerian SMEs, examine the extent to which Nigerian SMEs utilize the built-in internal control features in their computerized accounting systems, as well as explore the perceived reasons for the underutilization of any of the computerized accounting systems internal control features. The researcher employed the survey methodology in the conduct of the study, and data was collected using questionnaire administered to the an accounting officer in each of the 370 firms randomly selected from the population of SMEs in the south-south region of Nigeria. The research data was analyzed using frequencies, mean, standard deviation, and the one-sample T-test statistics. The results of the study indicate that Nigerian SMEs employ various accounting software in the performance of their accounting function, with QuickBooks, Peachtree (Sage 50), and MS-Navision being the most used. The study also indicate that Nigerian SMEs optimally utilize the built-in internal control features in their computerized accounting systems. The reasons for the underutilization of a few of the internal control features by firms are indicated in the study to include lack of awareness of the availability of the internal control features in their accounting systems, limited number of accounting staff, and lack of formal internal control policies. This study extends the body of knowledge in accounting, and its results would be useful to those in the academia, management and accounting personnel of SMEs, and other practitioners. Areas for further research have been suggested to confirm and extend the outcome of this study.


Introduction
Accounting system remains one of the most important information systems within an enterprise and has gradually moved from the originally manual systems to computerized systems (Qatanani & Hezabr, 2015). The major advantage of the computerized accounting systems over manual systems include their ability to perform the various tasks in the accounting cycle automatically and the provision of built-in internal control functionalities to enhance accuracy and security of financial data as well as safeguarding assets against fraud (Mujat et al., 2013;DiVito, 2008;Stephens, 2006). As noted by Steckel (2011), the built-in internal control features in accounting software are extremely useful in the implementation of various preventive, detective, and corrective internal control measures in organizations. Following the significance of small and medium enterprises (SMEs) in the socioeconomic development of nations around the world (Samuel, 2010;Selamat, Jaffer, & Kadir, 2013), several accounting software have been developed by various vendors to address the needs of small businesses, and the awareness and adoption of these computerized accounting systems by SMEs have increased tremendously over the years (Ismail & King, 2006, 2007. However, some SMEs especially those in the developing countries, are yet to embrace this technological development; while those that have adopted computerized accounting systems are faced with some challenges in implementing certain internal control features available in their accounting systems (Itang, 2018). In a study on the utilization of QuickBooks internal controls by small businesses in the United States, Steckel (2011) indicated that some built-in internal control features in the accounting software are underutilized by the firms. This study, therefore, sought to extend the study by Steckel (2011) beyond QuickBooks to other accounting software by exploring the extent to which SMEs in Nigeria optimally utilize the built-in internal control functionalities in their various computerized accounting systems.
Most of the businesses in Nigeria and the world over are SMEs and, based on their roles in economic development, are expected to maintain accurate financial records and internal control procedures (Steckel, 2011). Hence, SMEs, like larger firms, can employ the internal control features available in computerized accounting systems to strengthen their internal controls and safeguard their assets against fraud. However, firms may fail to utilize the built-in internal control features in their accounting systems due to certain reasons. Computerized accounting systems and its usage has gained the attention of practitioners and researchers in recent times. However, research into this unique area of accounting is very sparse. The aim of this study is, therefore, to bridge the gap in the accounting literature and to extend the body of knowledge regarding the utilization of built-in internal controls in computerized accounting systems. The objectives of this study was, therefore, to identify the computerized accounting systems employed by Nigerian SMEs, and to examine if Nigerian SMEs optimally utilize the internal control features available in their adopted computerized accounting systems, as well as explore the perceived reasons for the underutilization of any of the computerized accounting systems internal control features by the firms. To achieve these objectives, the following research questions were formulated: (i) Which computerized accounting systems are employed by Nigerian SMEs? (ii) To what extent do Nigerian SMEs utilize the built-in internal controls in their computerized accounting systems? (iii) What are the perceived reasons for the underutilization of any of the computerized accounting systems internal control features by Nigerian SMEs? In addition to answering the above research questions, the following hypothesis was also tested.
Ho: Nigerian SMEs do not optimally utilize the built-in internal controls in their computerized accounting systems. Following the scarcity of empirical research on the practical utilization of internal control features available in computerized accounting systems, this study is significant as it would be helpful in extending the body of knowledge in this unique area of accounting practice. The result of the study would also be useful to those implementing, administering, and using computerized accounting systems among SMEs, particularly concerning internal controls. The remaining sections of the paper presents the literature review, research methods, results of the study, and discussions, conclusions, and recommendations, respectively.

SMEs and Computerized Accounting Systems Usage
Small and medium enterprises (SMEs) play a significant role in the economic growth and development of many countries around the world (Samuel, 2010;Selamat et al., 2013). Their role in economic development notwithstanding, SMEs have been indicated to face problems such as lack of knowledge of fundamental business processes (KPMG Nigeria, 2014), which has reflected in their accounting practices. The accounting system, being the most fundamental information system that forms part of an organization's business infrastructure, has gradually evolved from the manual systems to computerized ones (Qatanani & Hezabr, 2015). Computerized accounting systems involve "the application of computers and related technologies in the collection, recording, storing and processing of financial data, and interpreting and reporting financial information to stakeholders" (Itang, 2020, pp. 39). Computerized accounting systems have been indicated to offer various advantages including automated processing of financial data, savings in time and resources, employees motivation, information accuracy, and enhancement of internal controls (Hurt, 2013;Itang, 2020;Mujat et al., 2013;Steckel, 2011). Hence, business organizations across the globe, including SMEs, have embraced, and adopted computerized accounting systems over the years (Ismail & King, 2006). Several computerized accounting systems or accounting software have been developed by various software vendors to meet the needs of small businesses, some of which are commercially distributed while others are open source applications (Mujat et al., 2013). As indicated by Wystocka and Jelonek (2015), some accounting applications are provided through cloud computing, making it possible for SMEs to enjoy the benefits of computerized accounting solutions in the "cloud" or web infrastructure, without having to host any software or storage in their own offices. Some of the accounting software developed for, and adopted by, SMEs include the following among other (Amidu, Effah, & Abor, 2011;Intuit, 2009;Itang, 2017;Sage Software, 2014Steckel, 2011;Tally Solutions, 2009;Wyn Solution, 2011;Zielinski, 2015):  Itang (2017), in a study of the impact of computer-based accounting information systems on internal control effectiveness among SMEs in Nigeria, indicated that the most used accounting software by Nigerian SMEs are Peachtree [Sage 50] (33%), QuickBooks (22%) and Tally ERP (13%); while Amidu et al. (2011), in their study of e-accounting (computerized accounting) practices among SMEs in Ghana showed that most SMEs in Ghana Research Journal of Finance and Accounting www.iiste.org ISSN 2222-1697 (Paper) ISSN 2222-2847 (Online) Vol.11, No.20, 2020 employ Tally ERP (23%), Sage Pastel (13%), and Sun Small Business (11%).

Internal Controls in Small and Medium Enterprises
Internal control is defined by the Committee on Sponsoring Organizations of the Treadway Commission (COSO) as "a process effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance" (COSO, 2013, pp. 3). From the definition provided by COSO (2013), internal control systems are expected to achieve three objectives, namely: (i) enabling organizations to ensure effective and efficient operations; (ii) ensuring that information provided in financial reports are reliable; and (iii) ensuring that relevant policies, laws, and regulations are complied with. Internal controls, as noted by Steckel (2011, pp. 13), also cover areas such as "organizational culture, risk assessment, effective communication and information gathering, and various control and monitoring activities". COSO (2013) maintains that the internal control process aims to prevent, detect, and deter misappropriation of assets and fraud by establishing processes for proper authorization, approval, verifications, reconciliations, segregation of duties, and performance review. Chen and Chuang (2012) noted internal controls to be the lubricating oil for the efficient interrelationships and interactions between operating revenue, inventory, purchasing, investments, financing, and accounts payable, which must be rigorously explored to ensure the accuracy of reported financial information. However, in their study of 500 Chief Audit Executives and internal auditors of non-public firms, which are mostly SMEs, Hermanson, Smith and Stephens (2012) indicated that the firms have less effective internal controls than public firms, primarily due to the former's poor tone-at-the-top and existence of management override and policy deviations arising from their management structure. Johnson and Fludesill (2001) indicated that small businesses are more prone to fraud because of their weak internal control systems, particularly with respect to segregation of duties. The emergence of computerized accounting systems and their increased implementation of by SMEs are, therefore, expected to ease the internal control problems faced by SMEs through the systems' built-in internal control functionalities.

Internal Control Features in Computerized Accounting Systems
Several studies have indicated that computerized accounting systems have built-in internal control features that help to enhance the integrity and effectiveness of the accounting process and the performance of the accounting systems as a whole (see Fardinal, 2013;Hurt, 2013;Steckel, 2011). Itang (2020), while conceptualizing the structural characteristics of computerized accounting systems, indicated internal controls as one of the functional components of computerized accounting systems; and this supports the position of Mundy and Owen (2013) that computerized accounting systems help to prevent common internal control weaknesses in firms. Mundy and Owen (2013) indicated that such internal controls include those that incorporate processes and methodologies for accounting for financial transactions and financial statements preparation. In its user guide titled "Internal Control for Small Businesses to Reduce the Risk of Fraud", Intuit (2009) provides details of internal controls inherent in QuickBooks accounting software and their implementation procedures. A manual to guide the implementation of the Payment card Industry Data Security Standard (PCIDSS) provided by Intuit (2010) presents procedures for implementing payment card data security controls in QuickBooks in line with the Standards issued by the United States' Payment Card Industry Security Standards Council (PCISSC) in 2010. The 2018 user guide to QuickBooks accounting presented by Intuit (2018) also highlights the software's internal control features and their implementation procedures. Other accounting software vendors have also provided details on the internal control functionalities available in their various accounting software and the implementation procedures (see Busy Infotech, n.d;Dynamics Africa, 2016;Navision Depot, 2013;Sage Software, 2009, 2014Tally Solutions, 2009).
Several other independent authors have indicated various forms of internal controls inherent in computerized accounting systems (see Hanini, 2015;Hurt, 2013;Itang, 2017Itang, , 2020Steckel, 2011;Wyn Solutions, 2011;Zielinski, 2015). However, Itang (2020) summarized all the indicated built-in internal control in computerized accounting systems into five categories, namely: access control, segregation of duties, accuracy checks, security controls, and audit trails.
(i) Access controls -this set of controls ensures that only predefined users have access to the system with the use of usernames and passwords. While the username identifies the individual user, the password grants the user access into the system. (ii) Segregation of duties -these controls ensure that users profiles are defined in the systems based on their status, job functions, and roles, such that no single user can handle a transaction cycle from start to finish. (iii) Accuracy checks -this set of controls ensures the accuracy of data in terms of format, type, figures, duplications, and totals. (iv) Security controls -these controls ensure the safeguard of data from intrusions, theft, and manipulations, Research Journal of Finance and Accounting www.iiste.org ISSN 2222-1697 (Paper) ISSN 2222-2847 (Online) Vol.11, No.20, 2020 as well as protect data against loss from contingencies and disasters.
(v) Audit trails -this set of controls enables the system to keep track of the activities of individual users and the transactions executed by them. As noted by Itang (2017), internal controls play essential role in the life of an organization and computerized accounting systems are veritable tools for enhancing the internal controls process for the overall success of the organization. Several empirical studies have shown that the built-in internal control functionalities in computerized accounting systems have improved the performance of firms in terms of productivity, service delivery, profitability, and reporting (see Al-Qudah, 2011;Christauskas & Miseviciene, 2012;Ige, 2015;Saracina, 2012). However, studies that examine the extent to which firms, particularly SMEs, have optimized the use of the builtin internal controls features in their computerized accounting systems are very scare. The only related study identified by the author in the literature is that of Steckel (2011), which examined the level of utilization of internal controls available in QuickBooks accounting software among small businesses in the United States. They administered online questionnaire to 200 firms and 36 responses (18%) were received, of which only 21 firms were QuickBooks users. The result of the study indicated that internal controls in QuickBooks accounting software were underutilized by the firms. Steckel (2011) also found that the underutilization of QuickBooks internal controls was mostly because some users were unaware that such internal control features were available in their accounting systems. This present study, therefore, aims to extent the work of Steckel (2011) beyond QuickBooks to other computerized accounting systems employed by SMEs with reference to the Nigerian environment.

Study Design
The survey methodology, which offers the advantages of being inexpensive, allowing for quick data acquisition, provision for explanations based on individual attitudes and opinions, as well as enhancing empirical inferences (Kpolovie, 2016;Salhin et al., 2016;Totten, Panacek & Price, 1999), was employed in the study. Based on the five categories of computerized accounting systems internal controls indicated by Itang (2020), a 15-item scale was developed on a Likert-type scale to assess the utilization of the controls by the sampled firms, with three questions for each of internal controls categories. This 15-item scale was incorporated into the 28-item questionnaire (see sample copy in Appendix) that was administered for the study.

Study Population and Sample
The study focused on small and medium enterprises in Nigerian, with SMEs operating within the south-south region of the country forming the population of the study. From the statistics of 9,276 SMEs in the south-south region of Nigeria (SMEDAN, 2013), a sample of 370 firms was randomly drawn based on  sample size determination table.

Data Collection and Analysis
The data for the study was collected using a self-completed questionnaire administered to key accounting and finance staff in each of the 370 sampled firms, of which only 227 useful responses were received, giving a high and acceptable response rate of 61.3%. The researcher employed descriptive statistics such as frequencies, mean, and standard deviation in answering the research questions, while one sample T-test statistics was used in testing the research hypothesis with the aid of the SPSS-Statistics software.

Reliability and Normality Tests
To ensure the reliability of the research instrument, the Cronbach Alpha test of internal reliability (consistency) was performed and result gave a satisfactory Alpha value of 0.764, which higher than the acceptable benchmark value; indicating that research instrument is reliable, and that the results can be generalized. The use of the onesample T-test requires that the sample data be normally distributed. Therefore, the Kolmogorov-Smirnov test was used to test the extent to which the data were normally distributed, and the results, as shown in Table 1, gave Z values greater than the significance level of 0.05 for all the hypothesized items, indicating the data followed a normal distribution.
Research Journal of Finance and Accounting www.iiste.org ISSN 2222-1697 (Paper) ISSN 2222-2847 (Online) Vol.11, No.20, 2020 Table 2 shows the distribution of the firms by industrial sector, which indicates that the sampled firms cut across various industrial sectors, with the oil and gas sector having the highest number of firms (65 out of 227 [i.e. 28.6%]), followed by wholesale/retail sector and accommodation/food services sector with 35 firms (15.4%) and 25 firms (11%) respectively. The table also indicates that the agricultural sector has the least number of firms with only 3 (1.3%). Table 3 shows the frequency distribution by respondents' job titles. Accountants/account officers were 98 (43.2%), chief accountants were 50 (22%), while those with finance/accounts manager designation were 45 (19.8%). Those occupying the positions of CFO/financial controller and auditor were 25 (11%) and 9 (4%) respectively.   Table 4 shows the distribution of firms by number of staff engaged in the accounting function. Out of the 227 firms, 100 firms engaged between 1-3 staff (44%) in the accounting function, while 95 had between 4-6 accounting staff (41.8%) and 21 had 7-9 accounting staff (9.3%). Accounting staff strength of between 10-12 and 13 and above were engaged by 9 and 2 firms, respectively.

Computerized Accounting Systems Used by Nigerian SMEs
The first objective of the study was to identify the accounting systems employed by Nigerian SMEs in their accounting function. Hence, the first research question: Which computerized accounting systems are employed by Nigerian SMEs? In answering this research question, data collected on accounting software used by the sampled firms was analysed using frequency distribution to indicate accounting software and the number of firms that employ each of them in their accounting function. As shown in Table 5, fifteen (15) accounting software have been identified to be employed by Nigerian SMEs, with QuickBooks being the most used with 57 firms (25.1%) to its advantage, followed by Peachtree/Sage 50 Accounting and MS-Navision with 55 firms (24.2%) and 25 firms (11.5%), respectively.

Utilization of Internal Controls in Computerized Accounting Systems
The second objective of the study was to examine the extent to which Nigerian SMEs have utilized internal control features in in their computerized accounting systems. Hence, the second research question: To what extent do Nigerian SMEs utilize the built-in internal controls in their computerized accounting systems? In answering this research question, data collected on questionnaire items B1-B15 was analysed using mean and standard deviation statistics.  Table 6 shows that the respondents indicated positive opinions towards the extent of utilization of internal control features in their computerized accounting systems, where mean for all measurement items was greater than 3 and standard deviation less than 1, except for one security control item, namely credit card information protection, which had a mean of 1.05. This result indicates that Nigerian SMEs utilize the built-in internal control features in their computerized accounting systems to a great extent, except for credit card information protection security control.

Perceived Reasons for Underutilization of Some Internal Control Features
The third objective of the study was to explore the reasons perceived by the respondents for the underutilization of any of the internal control features in their computerized accounting systems. Hence, the third research question: What are the perceived reasons for the underutilization of any of the computerized accounting systems internal controls by Nigerian SMEs? In answering this research question, data collected on questionnaire items C1-C15 was analysed using the frequencies of responses for each of the reasons against the underutilized controls.  Table 7 shows that 4 firms did not utilize regular/periodic password change because of lack of awareness of availability of such controls in their accounting systems. It also indicates that 12 firms did not restrict their system users to specific roles based on their job function as well as restrictions on editing and reporting functions due to having very few employees. Fourteen (14) firms did not assign the administration of the accounting systems to a dedicated officer because very few employees. The table also shows that all the 227 firms did not utilize the credit card information protection security control because there is no management policy on the use of credit cards in the accounting system. The three audit trail control items were not utilized by 8 firms due to lack of awareness of the availability of the internal control features in their accounting systems.

Hypothesis Testing
The sole hypothesis for the study was stated in its null form thus: Ho: Nigerian SMEs do not optimally utilize the built-in internal controls in their computerized accounting systems. This hypothesis was tested using the responses to items B1-B15 on the questionnaire using the one-sample T-test and the results were as indicated in Table 8.

Discussion of the Results
The objectives of this study was three-fold, namely: to identify the computerized accounting systems (accounting software) employed by Nigerian SMEs in the performance of their accounting function; to examine the extent to which Nigerian SMEs optimally utilize the built-in internal control features in their computerized accounting systems; and to explore the perceived reasons for underutilization of any of the internal control features in the accounting systems. The results of the study indicate that Nigerian SMEs employ various accounting software in the performance of their accounting function, and that the most used accounting software are QuickBooks (used by 25.1% of the firms), Peachtree/Sage 50 (used by 24.2% of the firms), and MS-Navision (used by 11.5% of the firms). This result is in line with the position of Itang (2017), which indicated Peachtree and QuickBooks to be the most used accounting software by SMEs in Nigeria.
Three internal control features were tested for each of the five internal control groupings (access controls, segregation of duties, accuracy checks, security controls, and audit trail controls). A total of 15 internal control features were, therefore, examined for utilization. The results of the study indicate that Nigerian SMEs utilize these built-in internal control features to a great extent, excepting one security control, credit card information prevention control, which was indicated to be greatly underutilized by the firms. The reason for the gross underutilization of the credit card information protection control could be related to the fact that the use of credit cards as a direct means of payment through the accounting systems is not a common practice in Nigeria. This position is reflected in the lack of management policy on credit card protection being the reason indicated for not utilizing this control feature by some firms. Other internal control features not utilized by some firms are: (i) Regular/periodic password change, duplicate entries prevention, and audit trail controls. These controls were not utilized due to lack of awareness of the availability of such controls in their accounting systems. (ii) User roles restriction, editing and reporting restriction, and dedicated systems administrator, which were not utilized due to the firms having very few numbers of employees in the accounting function. The issue of limited number of employees in SMEs and lack of awareness of some control features in accounting systems by users indicated by this study as the reason for underutilization of some built-in internal control features in computerized accounting systems supports the position of Itang (2018) and Steckel (2011).
The results of the test of hypothesis for the study indicate that Nigerian SMEs optimally utilize the built-in internal control features in their computerized accounting systems. This position contrasts with the result of Steckel (2011), which indicated that the built-in internal controls in QuickBooks accounting software are underutilized by SMEs. However, this difference could be because of increased awareness of available accounting software and their inherent functionalities in recent times.

Conclusion and Recommendations
The results of the study indicate that Nigerian SMEs optimally utilize the built-in internal control features in their computerized accounting systems. It has also highlighted the computerized accounting systems used by SMEs in Nigeria, with QuickBooks, Peachtree (Sage 50), and MS-Navision as the most-used accounting systems. The www.iiste.org ISSN 2222-1697 (Paper) ISSN 2222-2847 (Online) Vol.11, No.20, 2020 perceived reasons for the underutilization of some of the computerized accounting systems internal control features are indicated to be lack of awareness by users, very few numbers of accounting staff, and lack of management policy on internal controls. This study has contributed to the body of knowledge in accounting and has bridged the gap in the literature regarding computerized accounting systems and internal controls. It is hoped that those performing accounting function in SMEs, those involved in the management of SMEs, accounting systems administrators and other related professionals, and academics would find the results of the study extremely useful.
The researcher recommends that SMEs should take their internal controls more seriously by establishing formal internal control policies and procedures for their firms, which would guide their employees in internal controls implementation efforts. SMEs should also invest in the training and development of their staff to enable them gain deeper knowledge on the functionalities of their accounting systems, particularly the built-in internal control features. More so, no matter how small the size of a firm might be, the accounting function should not be left in the hands of a single individual as this would hamper the implementation of even the very basic internal controls, particularly segregation of duties. Further research is recommended to confirm the results of this study. Another area for further research would be to determine the level of training given by SMEs to their accounting staff on their adopted computerized accounting systems 2 = Disagree (DA) 3 = Undecided (UN) 4 = Agree (AG) 5 = Strongly agree (SA) Please tick any of the boxes marked 1-5 as appropriate.
Item No.
Question/Statement SD DA UN AG SA Access Controls 1 2 3 4 5 B1 Our organization uses unique username to identify individual users of the accounting systems B2 Every user accesses the accounting systems with unique password. B3 Our organization's password policy requires periodic password change. Segregation of Duties 1 2 3 4 5 B4 In our accounting system every user's access is limited to specific features based on job functions. B5 Only specific users can perform editing, deleting, and reporting functions in the accounting system. B6 Our accounting system is managed by a dedicated administrator. Accuracy Checks 1 2 3 4 5 B7 Our accounting system only accepts dates and numeric entries in specified formats. B8 Our accounting system is set up to prevent duplicated source document entries. B9 Our accounting system is set up to prevent wrong data type entries (e.g. numeric Vs alphabets). Security Controls 1 2 3 4 5 B10 In our accounting system, data files are schedules for regular/periodic backups. B11 In our accounting systems, Closing Date is set up for each accounting period. B12 In our accounting system customer credit card protection is enabled to secure card information. Audit Trail Controls 1 2 3 4 5 B13 Our accounting system is set up to maintain audit trail on users and transactions. B14 Audit trail report in our accounting system captures user, transaction details, and posting time. B15 In our accounting system only the Administrator and/or other specified user can run audit trail report.

SECTION C: PERCEIVED REASONS FOR UNDERUTILIZATION OF INTERNAL CONTROLS
The section explores the reasons for possible underutilization of the built-in internal control features in computerized accounting systems used by your organization based on the following perceived reasons. A = Lack of management policy on the internal controls B = Lack of awareness of the internal control features C = Very few employees in the accounting function D = Not applicable (if response to related question in Section B was positive) Please tick any of the boxes marked A-D as appropriate. No audit trail maintained because of: C14

Item
Audit trail report is not detail enough because of: C15 There is no restriction on who runs audit trail report because: END OF QUESTIONNAIRE… THANKS FOR YOUR PARTICIPATION!