Control Environment and Risk Management of Listed Financial Services Firms in Nigeria

A considerable number of studies have examined the effect of control environment on risk management at corporate level. However, these studies failed to disaggregate control environment into its elements and therefore failed to answer the question of which of the elements of control environment has the most impact. It is in view of this that this study examines the effect of control environment on risk management of listed financial services firms in Nigeria. Primary data was collected using the 5-point Likert scale structured questionnaire adopted from Ernst and Young (2003), the Committee of Sponsoring Organizations of the Treadway Commission (2013) and Simon and Fishbacher (2009) frameworks. 30 copies of the questionnaire were administered on each of the 35 sampled listed financial services firms. The data were diagnosed by means of normality test, multicollinearity test, heteroskedasticity test and reliability test and analyzed using descriptive (mean, standard deviation, minimum and maximum) and multiple regression analysis. Results show that all the 6 measures of control environment have significant effects on risk management among listed finance services firms in Nigeria. The study, therefore, concludes that integrity, values, ethics and behaviours of managers, management control and consciousness, commitment, board and audit committee participation in corporate governance and oversight and organizational structure, assignment of authority and human resource policy and practices are important considerations in risk management. The study recommends among others that the board and audit committee of the firms to take a more proactive participation in corporate governance and oversight. Managers must acknowledge their role in shaping organizational ethics and values and seize this opportunity to create a climate that can strengthen the relationships and reputations on which their companies’ success depends. Sound decision-making is a crucial skill for managers. From overseeing a team to leading a critical meeting, being an effective manager requires knowing how to analyze complex business problems and implement a plan for moving forward. Finally, management should position their organizations within their markets to exploit organizational


Introduction
Risk management is the process whereby management identifies the organization's vulnerabilities and develops strategies to reduce them. All systems of internal control involve tradeoffs between cost and benefit. For this reason, no system of internal control can be said to be 100 percent effective. Organizations accept the fact that risk can only be mitigated, not eliminated. Due to its role in corporate governance, the effectiveness of risk management is extremely important and the continuous improvement of its effectiveness is one way to improve the effectiveness of corporate governance as a whole. Risk management has always been a focal point for finance enthusiasts since the beginning of the industrial revolution (Dima & Orzea, 2014). Risk management affects the decision making process and hence corporate governance and performance as well. Recent financial crises point to the need for some forms of risk.
Management strategies for financial services firms. Financial failure is hardly a new phenomenon, but the rapidity with which financial services firms get into trouble in recent years is new and calls for investigation. While a number of factors affect risk management effectiveness, in this study, the focus is on the internal control environment and how its elements influence risk management effectiveness in financial services firms in Nigeria. It is interesting to note that a lot of interests have been generated in the area of control environment effectiveness in organizations. This is probably because effective control environment plays an important role in ensuring achievement of organization's goals. At the level of corporate regulation, the Securities and Exchange Commission requires listed firms to disclose more information on their internal control environment. Also, the study of internal control environment and its influence on risk management has increased internationally.
Organizations flourish when they establish control environments that foster the efficient execution of operations. When done properly, good internal controls help organizations deliver value to their stakeholders and achieve their strategic objectives while aligning with industry best practices, laws, and regulations to manage risks facing them. Ernst and Young (2003) and the Committee of Sponsoring Organizations of the Treadway Commission (2013) clearly outlines 6 determinants of effective control environment: Integrity, ethics and behaviour of key executives, management control consciousness and operating style, management commitment to competence, directors and audit committee participation in governance and oversight, organizational structure and assignment of authority and human resource policies and practices in the organization. For the purpose of this study, this framework is adopted in examining the effect of control environment on risk management.
Financial services firms occupy a central position in the nation's financial system and are essential agents in the development process. By intermediating between the surplus and deficit units, financial services firms increase the quantum of savings and investments and hence create wealth. By granting credits and insuring them, financial services firms create money thus influencing the level of money supply which is an essential item in the growth of national income as it determines the level of economic activities in the country. Also, financial services firms are central to the payments system by facilitating economic transactions between various national and international economic units and by so doing encourage and promote trade, commerce and industry. However, for financial services firms to be able to function effectively and contribute meaningfully to the development of a country, the industry must be stable, safe, sound and riskless. However, for these conditions to be met there must be a sound internal control environment and risk management system in place.
While a considerable number of studies have examined the effect of control environment on risk management, the studies failed to disaggregate the elements of control environment and thus answer the question as to which of the elements of control environment has the greatest effect. For example, Al-Rawi et al. (2009), Al-Thuneibat et al. (2015, Ayagre et al. (2014), Barisic and Tusek (2016), Bett and Memba (2017), Li and Nadeem (2010), Nuswantara and Pujiono (2017), Rae et al. (2008), Vitayanti and Nini (2017) and Ziad et al. (2014) found significant effect. However, Lemi (2015) and Muraleetharan (2016) failed to find any significant effect. In view of the foregoing, the following research questions were examined by the study: Does integrity of managers affects risk management of listed financial services firms in Nigeria? In what way does ethical values and behaviour influence risk management of listed financial services firms in Nigeria? How does management control consciousness and operating cycle affect risk management of listed financial services firms in Nigeria? In what way does management commitment to competence influences risk management of listed financial services firms in Nigeria? To what extent does board of directors and audit committee participation in governance and oversight affect risk management of listed financial services firms in Nigeria? How does organizational structure and assignment of authority and human resource policy and practices affect risk management of listed financial services firms in Nigeria? Following these research questions, the specific objectives of the study are to: i. Assess the effect of integrity of managers on risk management of listed financial services firms in Nigeria. ii.
Examine the impact of ethical values and behaviour on risk management of listed financial services firms in Nigeria. iii.
Analyse the influence of management control consciousness and operating cycle on risk management of listed financial services firms in Nigeria. iv.
Assess the effect of management commitment to competence on risk management of listed financial services firms in Nigeria. v.
Examine the impact of board of directors and audit committee participation in governance and oversight on risk management of listed financial services firms in Nigeria. vi.
Analyse the influence of organizational structure and assignment of authority and human resource policy and practices on risk management of listed financial services firms in Nigeria. In line with the research questions and specific objectives, the following hypotheses were formulated and tested: Ho1: Integrity of managers has no significant effect on risk management of listed financial services firms in Nigeria, Ho2: Ethical values and behaviour of managers have no significant impact on risk management of listed financial services firms in Nigeria, Ho3: Management control consciousness and operating cycle have no significant influence on risk management of listed financial services firms in Nigeria, Ho4: Management commitment to competence has no significant effect on risk management of listed financial services firms in Nigeria, Ho5: Board of directors and audit committee participation in governance and oversight have no significant impact on risk management of listed financial services firms in Nigeria, and H6: Organizational structure and assignment of authority and human resource policy and practices have no significant influence on risk management of listed financial services firms in Nigeria.
This study is significant in many respects: It offers immense contribution to knowledge by examining the effect of control environment on risk management of listed financial services firms in Nigeria. This study is of enormous benefit to deposit money banks, mortgage banks, insurance firms, finance houses and their management, employees, shareholders, depositors, auditors (both external and internal) and the regulatory authorities. It also assists other stakeholders in their stewardship role in achieving firms' objectives and provides guidance for the existence of basic and consistent controls and to define responsibilities for managing them. This is of greatest interest for multinational companies, insurance organizations, banks, securities houses and non-financial institutions given the extent of their business activities in derivative products. The study is, however, restricted to 35 listed financial services firms that met the thresholds used by the study. The remaining part of the study is divided into literature review, methodology, results and discussion and conclusion and recommendations.

Literature Review
The control environment is the foundation of an effective system of internal control. According to the Institute of Internal Auditors (IIA, 2011), most of the well-publicized failures (including not only Enron and WorldCom, but also the governance failures that led to the 2008 global financial crisis) were, at least in part, the result of weak control environments. In the absence of a demonstrably effective control environment, no level of design and operating effectiveness of controls within business and information and technology processes can provide meaningful assurance to stakeholders of the integrity of an organization's internal control system. Also, the International Standards for the Professional Practice of Internal Auditing (Standards) Glossary (2011) defined the control environment as the attitude and actions of the board and management regarding the significance of control within the organization. The control environment provides discipline and structure for the achievement of the primary objectives of the system of internal control. The control environment includes the following elements: Integrity and ethical values; management philosophy and operating style; organizational structure; assignment of authority and responsibility; human resource policies and practices; and competence of personnel. Rae et al. (2008) examined the impact of control environment on risk management. The conceptual framework for the study was guided by COSO's frameworks on internal controls and enterprise risk management and data from a questionnaire survey of 64 Australian firms are analysed using a structural equation model. The results of the study support that internal control environment has a significant intervening effect on risk management. Li and Nadeem (2010) examine the role and importance of internal control environment in good risk management practice with a particular emphasis on management structure and reporting system of China Aviation Oil Corporation Ltd. Qualitative research method was considered, using Committee of Sponsoring Organization of the Treadway Commission and Fortis Bank as source of data. Based on the analysis, results show that control environment has significant effect on risk management. Ayagre et al. (2014) evaluated the effect of control environment on risk management among Ghanaian Banks. A five point Likert scale was used to measure respondents' knowledge and perception of internal control environment and the banks risk management. Responses ranged from strongly disagree to strongly agree, where 1 represented strongly disagree (SD) and 5 represented strongly agree (SA). Statistical Package for Social Sciences (SPSS) was used to analyzed data and presented in the form of means and standard deviations for each question and each section of the questionnaire. The study found that control environment has significant influence on banks risk management. Ziad et al. (2014) evaluated the extent of influence of internal control environment on risk management among Jordanian banks. A questionnaire was distributed randomly to the working employees and to different management levels. Data was analyzed using the statistical program SPSS in addition to other statistical methods. The study concluded that control environment has significant effect on risk management. Lemi (2015) examined the effect of control environment on risk management in the public universities in Ethiopia. The study used cross sectional survey through questionnaire administered on the employees of the universities. Data were analyzed using descriptive statistics and inferential statistics. The result indicates that control environment has no significant effect on risk management. Al-Thuneibat et al. (2015) investigated the influence of internal control environment of Saudi shareholding companies on risk management. A questionnaire was used to collect data about the internal control environment and risk management. Then, Multiple Regression and t-test were used to analyze the data and test the hypotheses. The results of the study revealed that the degree of impact of internal control on risk management is very high. It also appears from the analysis that the effect of internal control environment on risk management is significant and positive. Muraleetharan (2016) examined the relationship between control environment and risk management of public and private organizations in Jaffna District of Sri Lanka. Data were collected through questionnaire and 181 samples were selected from employees. Chi square and regression statistical analysis were used to measure the variables. The study finds no statistically significant relationship between control environment and risk management. Barisic and Tusek (2016) investigated whether a supportive control environment is associated with risk management and what characteristics of a control environment are important in this respect. A survey was conducted via a questionnaire on 54 mostly large companies in Croatia. Appropriate methods of statistical analysis were used in order to analyses the survey results. According to the research results, in the case of a supportive control environment there is a greater chance that risk management will be effective and that its recommendations will be taken into account to a greater extent. In addition, the survey results showed a statistically significant correlation between risk management and a higher level of supportive control environment. Bett and Memba (2017) examined the effect of control environment on risk management among processing firms in Kenya. The study adopts a survey research design and a census of 189 respondents was used in the study. The data collected were analysed by use of descriptive statistics and inferential statistics. The results confirmed that control environment has a significant influence on risk management. Nuswantara and Pujiono (2017) used case study material to examine the influence of control environment on the risk management in Indonesia local governments. The case illustrates that the discretion of control environment (the encouragement of a local government's control environment) is considered as a springboard for risk management. Similarly, Vitayanti and Nini (2017) examined the overall effect of control environment on risk management in the local government of Palu. The result of statistical test using multiple regression analysis with the help of SPSS 16.0 program shows significant effect on risk management in the local government of Palu. Al-Rawi etal. (2019) examined the relationship between control environment and risk management and UAE businesses.an empirical survey using a questionnaire was carried out to achieve this objective. The case study taken into analyses is based on one hundred valid questionnaires were randomly distributed to different types of UAE businesses and subsequently collected. The collected data were analyzed using the statistical package for social sciences (SPSS) version 12 the survey results revealed a significant positive relationship between control environment and risk management and UAE businesses. This study is based on the contingency theory of risk management, which suggests that risk management is a function of several factors, internal and external to the organization. In this study, one of such factors is the internal control environment of the organization.

Methodology
This is a cross-sectional study involving listed financial services firms in Nigeria. The population of the study is 53; however, the sample size is 35, after filtering out 18 firms, which are currently under suspension by the Nigerian Stock Exchange on account of MRF (10), MRS (4), BLS (3) and DWL (1). Appendix A contains the population and sample of the study. In order to generate the necessary data for the study, primary instrument (structured questionnaire) was used. The questionnaire was structured in statement format based on the Ernst and Young (2003) evaluation model for control environment, which consists of 6 items. Each of the 6 items were then scored beginning from 1 suggesting that the control environment is ineffective to 5 indicating that the control environment is highly effective. The total value was then determined by summing up the scores for these items for each component of control environment.
The data were analyzed through the use of descriptive statistics (mean, standard deviation, minimum and maximum) and inferential statistics (multiple regression analysis). STATA 13 was used to run the data to provide the descriptive and inferential statistics. The F-statistic in the analysis of variance (ANOVA) which shows the overall model effect was used to test for significance of model. P-value and t-value were used to reject or accept hypotheses of the study. Two-tail p-values test the hypothesis that each coefficient is different from 0. To reject this, the p-value has to be lower than 0.05. The t-values test the hypothesis that the coefficient is different from 0. To reject this, t-value must be greater than +1.96. The t-values are obtained by dividing the coefficient by its standard error. The t-values also show the importance of a variable in the model.
The study tests for data normality using Shapiro-Wilk test. Also, Tolerance value and Variance Inflation Factor (VIF) were calculated to test for multicollinearity among the independent variables. Furthermore, the study tests for heteroskedasticity and reliability (internal consistency) using Cronbach Alpha. The study estimated and tested the following OLS model: RMi = α + β1INTi + β2EVBi + β3MCOi + β4MCCi + β5BAPi + β6SAPi + εi Whereas: RM = Risk management, measured based on Smith and Fischbacher (2009). α = Constant, which is the value of the dependent variable assuming that all the exploratory variables are 0. β1 -β6 = Beta coefficients of the explanatory variables. INT = Integrity EVB = Ethical values and behaviour MCO = Management control consciousness and operating cycle MCC = Management commitment to competence BAP = Board of directors and audit committee participation in governance and oversight SAP = Organizational structure and assignment of authority and human resource policy and practices INT, EVB, MCO, MCC, BAP and SAP are all measured based on Ernst and Young (2003) and COSO (2013). ε = Stochastic error term i = Firm subscript (in this case, i = 35)

4.Results and Discussion
This section contains the results of the analyses, statistical interpretations, policy and managerial implications and how they compare and contrast with previous empirical studies. It is useful to note that out of the 1,050 copies of questionnaire sent out, while 880 copies were returned; only 870 were usable. As shown in Table 1, the number of observations is 870 (represents the number of usable questionnaire returned). Risk management has a mean of 4.276 with a standard deviation of 0.881. Similarly, integrity of managers has a mean of 4.351 with a standard deviation of 0.992. Ethics, values and behaviours have a mean of 4.241 with a standard deviation of 1.062. Also, management control consciousness and operating cycle have a mean of 4.184 with a standard deviation of 0.929. Management commitment to competence has a mean of 4.299 with a standard deviation of 0.804. Furthermore, board of directors and audit committee participation in governance and oversight has a mean of 4.0 with a standard deviation of 1.040. Finally, organizational structure and assignment of authority and human resource policy and practices have a mean of 4.126 with a standard deviation of 0.908. All the variables with the exception of MCC (which has a minimum mean of 2) have minimum mean of 1 and maximum mean of 5. A cursory comparison of the mean values of the variables shows high strength in terms of relationship. The results of the normality test are reported in Table 2. From Table 2, the Prob>z values of all the variables are significant, which suggests that the variables are not normally distributed. These results require a special regression analysis using robust standard error, instead of the normal standard error. It also suggests the use of Cameron and Trivedi's IM test for heteroskedasticity instead of ordinary test of heteroskedasticity. The results of multicollinearity test are reported in Table 3. As shown in Table 3, the VIF values and tolerance levels of all the variables are less than 4 and 1, respectively (the threshold for the presence or otherwise of multicollinearity). These results suggest that there is no multicollinearity among the independent variables. The results of heteroskedasticity test are reported in Table 4.  From Table 4, the p-value of heteroskedasticity is significant, which suggests that there is heteroskedasticity in the model. This result requires a special regression analysis using robust standard error, instead of the normal standard error. The results of reliability test are reported in Table 5.  (Gujarati, 2003). The reliability test results as reported in Table 5 show that alpha values of all the variables are >0.70. This indicates that there is high internal consistency among the various statements in the structured questionnaire and by extension; the data set derived therefrom are reliable and can be used for purpose of statistical analysis and testing of hypotheses. The results of regression analysis are reported in Table 6. As shown in Table 6 Lemi (2015) and Muraleetharan (2016).
The findings of the study have made significant contributions in the sense that as indicated in Table 6, the magnitude of impact of each of the elements of control environment on risk management are clearly indicated. For example, among the five elements that show positive and significant effects on risk management, ethics, values and behaviours of managers show the highest impact (0.390), followed by organizational structure, alignment of authority and human resource policy and practices (0.300), followed by integrity of managers (0.238), followed by management commitment to competence (0.183) and finally management control consciousness and operating cycle (0.096).

Conclusion and Recommendations
This study examines the effect of control environment on risk management of listed financial services firms in Nigeria. In view of the results of the study. Results show that all the 6 measures of control environment have significant effects on risk management among listed finance services firms in Nigeria. The researchers concluded that integrity of managers, ethics, values and behaviours of managers, management control consciousness and operating cycle, management commitment to competence, board of directors and audit committee participation in governance and oversight and organizational structure and assignment of authority and human resource policy and practices are important considerations in managing risks. This study recommends among others that the board and audit committee of the firms to take a more proactive participation in corporate governance and oversight. In addition, management of financial services firms should improve the measures adopted by their corporation that enhance corporate performance, organizational integrity, standards, ethical operational practices and managerial efficiency.
There is also the need for the board and audit committee of the firms to take a more proactive participation in corporate governance and oversight. Managers must acknowledge their operational role in shaping organizational ethics and values and seize this opportunity to create a climate that can strengthen the relationships and reputations on which their corporations' success depends. In addition, it should also be emphasized that sound decision-making is a crucial skill for organizational managers. From overseeing a team to leading a critical meeting, being an effective manager requires knowing how to analyze complex business problems and implement a plan for moving forward. Finally, management should position their organizations within their markets environments to exploit organizational competencies and strengths. Board of directors and audit committee participation in governance and oversight 6 Organizational structure and assignment of authority and human resource policy and practices Smith and Fischbacher (2009) 5  4  5  4  4  4  5  5  5  5  5  5  4  4  5  3  4  4  3  2  3  4  2  3  2  4  3  4