The impact of internal audit on risk management in Islamic banks a case study : Faisal Islamic Bank of Sudan – 2023

Prepared by the researcher :  Dr.Rihab Khider Fadulelgaliel Hussien – Faculty of medical and engineering sciences – Sudan

Democratic Arabic Center

International Journal of Economic Studies : Twenty-Eighth Issue – February 2024

A Periodical International Journal published by the “Democratic Arab Center” Germany – Berlin

:To download the pdf version of the research papers, please visit the following link

https://democraticac.de/wp-content/uploads/2024/02/%D8%A7%D9%84%D9%85%D8%AC%D9%84%D8%A9-%D8%A7%D9%84%D8%AF%D9%88%D9%84%D9%8A%D8%A9-%D9%84%D9%84%D8%AF%D8%B1%D8%A7%D8%B3%D8%A7%D8%AA-%D8%A7%D9%84%D8%A7%D9%82%D8%AA%D8%B5%D8%A7%D8%AF%D9%8A%D8%A9-%D8%A7%D9%84%D8%B9%D8%AF%D8%AF-%D8%A7%D9%84%D8%AB%D8%A7%D9%85%D9%86-%D9%88%D8%A7%D9%84%D8%B9%D8%B4%D8%B1%D9%88%D9%86-%D8%B4%D8%A8%D8%A7%D8%B7-%E2%80%93-%D9%81%D8%A8%D8%B1%D8%A7%D9%8A%D8%B1-2024.pdf

 Abstract

The research dealt with the impact of internal audit on risk management in Islamic banks. The research problem is summarized in the following main question: The impact of internal audit on risk management in Islamic banks? The study aimed to identify the clarity of the authority and responsibility of internal auditing and its impact on the process of measuring and identifying operational risks in banks, highlighting the relationship between the availability of independence and objectivity of the internal auditor and the extent of its contribution to measuring. The study assumed that the lack of clarity in the authority and responsibility of the internal auditor limits the efficiency of measuring and identifying operational risks in banks, the lack of independence and objectivity of the internal auditor limits the measurement and identification of market risks in banks, and the weak level of professional development of the internal auditor limits the ability to measure and identify credit risks in banks. The study used the descriptive approach to develop the theoretical framework and case study. The deductive approach developed the general perception of the research axes. Inductive approach, hypothesis testing, descriptive analytical approach, data analysis. The study reached many results, including: The study’s hypotheses were proven to be correct. The limited internal audit authority in banks affects their ability to detect operational risks. Weak cooperation of bank employees with internal audit reduces access to information that enables them to predict market risks. Weak interest in seminars and workshops affects In the field of internal auditing in banks, regarding the ability of the internal auditor to deal with credit risks, the study reached several recommendations, including: issuing appropriate legislation, to enable the internal audit department to carry out its work more broadly, the necessity of adhering to international auditing principles and standards, and amending applicable legislation. Fulfilling the duties of these bodies and holding courses Continuous training for all administrative levels to familiarize them with the pillars of effective institutional control. Their role in risk management, working to increase disclosure and transparency in banks.

The first axis

Methodological framework and previous studies

First: the methodological framework

Introduction: Internal auditing is considered an independent and objective assurance and advisory activity, designed to add value and improve the organization’s operations, and help achieve the organization’s objectives through a regular and disciplined approach to evaluating and improving the effectiveness of risk management and control processes. To achieve these objectives, internal auditing standards must be available that describe the nature of audit services. The internal audit provides a standard for measuring the quality of its performance through the internal audit charter, which defines the authority, responsibility, independence and objectivity of internal auditing. Internal auditing works to evaluate and improve institutional control and risk management by preparing a framework for risk assessment in terms of identifying risks on a regular and continuous basis and assessing the probability and type of risks and their expected effects. Giving priority in treating risks with the greatest impact and carrying out risk management in a manner commensurate with the level of risk acceptance in the organization. 

Research problem:

 The research problem is represented by the high risks (credit, market and operational) in the field of banking, in light of the weak interest from bank management in the role that internal audit can play in providing information that helps in measuring and predicting risks. Therefore, the research problem can be summarized in a main question. And sub-questions are as follows:

The main question: To what extent does internal audit affect risk management in banks? .

Sub-questions:

1. What is the impact of the clarity of the authority and responsibility of internal audit in measuring and identifying operational risks in banks?
2. What is the impact of the internal auditor’s independence and objectivity in measuring and determining market risks in banks?
3. What is the impact of the professional development of the internal auditor in measuring and determining credit risks in banks?

The importance of the research:

The importance of the research is represented by the emergence of complex and sophisticated risks that require keeping up with control systems, and therefore the importance of research and study in the field of the relationship between internal auditing as a control mechanism for risk management. The research can open horizons and provide ideas that help researchers in studying the relationship between auditing and other banking accounting fields. The research may present results and recommendations that may help decision makers pay more attention to the role of internal auditing and its contribution in the field of risk management, clarifying the authority and responsibility of internal auditing and its impact on the process of measuring and identifying operational risks in banks.

Research objectives:

The research aims to achieve the following objectives:

A/ Identify the clarity of the authority and responsibility of internal audit and its impact on the process of measuring and identifying operational risks in banks.

B/ Highlighting the relationship between the independence and objectivity of the internal auditor and the extent of its contribution to measuring and identifying market risks in banks.

C/ Study the relationship between the level of professional development of the internal auditor and the ability to measure and determine credit risks in banks.

D/ Shedding light on the relationship between the availability of the internal audit department’s financial resources and the ability to measure and identify the risks of financial failure in banks.

Research hypotheses:

In order to answer the research questions and objectives, the research assumes the following:

1. The lack of clarity of the authority and responsibility of the internal auditor limits the efficiency of measuring and identifying operational risks in banks.
2. The lack of independence and objectivity of the internal auditor limits the measurement and identification of market risks in banks.
3. The weak level of professional development of the internal auditor limits the ability to measure and determine credit risks in banks.

Research methodology:

To achieve the research objectives, the researchers relied on the use of the following methods:

The descriptive approach to analyze and describe the study data, the deductive approach: to derive the research problem, using the Statistical Package for the Social Sciences (SPSS) program and the historical approach to list previous studies that are related to the variables of the study.

Data collection sources and tools:

1. Primary sources: questionnaire.
2. Secondary sources: books, scientific journals, and the international information network.

The limits of the study :

A- Spatial boundaries: Faisal Islamic Bank – Sudan

B- Time limits: (2023)

C- Human limits: Employees of Faisal Islamic Bank.

Second: Previous studies

There are many previous studies related to the research topic, which the researcher presents as follows:

• (Sana Study2022)[1]: The research addressed the topic of the determinants of internal audit quality and its role in evaluating risk management in government units in Sudan. The research problem was the weak interest in the determinants of internal audit quality based on risks in the public sector and the role it plays in evaluating risk management and its focus on financial auditing, reviewing the extent of compliance with laws and regulations, and neglecting to examine Assessing economic and administrative efficiency and evaluating risk management. The research aims to measure the impact of the availability of independence for internal auditing on evaluating risk management, studying the impact of providing professional competence of internal auditors on evaluating risk management. The researcher followed the historical approach, the deductive approach, the inductive approach, and the descriptive analytical approach using statistical methods to analyze the questionnaire. . The researcher reached several results, the most important of which is: I found a positive relationship between internal auditing and activating the role of risk management in government units in Sudan. I found a positive relationship between government units’ reliance on internal auditing with all its components to reduce manipulation, fraud, and embezzlement, and the existence of specialized risk management. The researcher recommended the following: Activating risk management at the Ministry of Finance and Economic Planning so that it can predict the future economic risks that the ministry may be exposed to in the course of global economic events.
• (Mahmoud’s study, 2013)[2]: This study aimed to identify the concept and importance of internal auditing, clarify its objectives and contemporary understanding of it, as well as study and analyze the relationship between activating contemporary directives in internal auditing and reducing its risks in the banking sector. To achieve the objectives of the study, it was proposed to create a statistically significant relationship between activating corporate governance as a new approach to internal auditing, reducing audit risks in the banking sector, and carrying out internal audit activities through risk management to reduce threats. Among the findings of the study: It became clear that internal audit in most banks works to provide important and appropriate information to the Banking Control Committee, which helps it perform the tasks it is responsible for. Among the study’s recommendations: attention to developing internal audit systems, expanding their authority, and proving their independence from senior management. This study agreed with the research in that internal auditing is an exploited variable, and differed in the dependent variable, as the study addressed audit risks as a goal, while this research was concerned with risk management.
• (Ahlam Study 2017)[3]:The study addressed the role of internal audit in mitigating operational risks by applying it to the Saudi Sudanese Bank. The problem of the study was the organizational status of the Internal Audit Department, as although the Internal Audit Department belonged to the Board of Directors recently, this did not reflect clearly on the operational risks in Sudanese banks. The researcher seeks to test the following hypotheses: There is a significant relationship between the dependency The Internal Audit Department refers to the Board of Directors and operational risks in Sudanese banks. There is a significant relationship between the diversity of specializations of the internal audit department personnel and operational risks in Sudanese banks. There is a significant relationship between the qualification and training of the internal audit department personnel and operational risks in Sudanese banks. The study relied on the deductive method, the inductive method, the historical method, and the descriptive analytical method to conduct the applied study. The study reached several results, including: The lack of diversification of specializations related to internal auditing at the Saudi Sudanese Bank helped increase the risks of banking operation. The study reached a number of recommendations, including: the need for the internal audit department to actually report to the Board of Directors so that the executive management does not influence it, and the need to diversify specializations related to internal audit because this helps reduce risks.
• (Muhammad Nour 2020)[4]: The study addressed the impact of internal audit on corporate risk management in light of corporate governance. The problem of the study is represented by the following question: What is the impact of internal audit on risk management in industrial companies under corporate governance? The study aimed to identify the impact of the interaction between internal auditing and other governance mechanisms on the effectiveness of corporate governance, and to present the development of internal auditing, its concept, objectives, standards and various names in preparation for studying the extent of its role in managing corporate risks under corporate governance. The study relied on the historical approach to track and evaluate previous studies and the deductive approach to determine the formulation of the problem and hypotheses. The most important findings of the study: that the scope of work of internal auditors, their scientific and practical qualifications, and the professional independence available to them in the research sample are largely consistent with governance requirements. The company’s internal audit is characterized by independence, which has helped in implementing risk management. The most important thing that the study recommends: the necessity of activating governance as a new function for internal auditing in industrial companies in general and Kenana Company in particular, and the necessity of further qualification and independence and expanding the scope of work of audit committees in accordance with achieving governance objectives.
• (Ihab study, 2013)[5]: The study raised the topic in a main question: What is the impact of the role of the internal auditor on risk management in light of international auditing standards? This study aimed to identify quality standards for internal audit management, through modern auditing standards, and to clarify the role of modern internal auditing in enhancing risk management. Among the most important findings of this study: The field study demonstrated the existence of a relationship between trait standards and risk management. One of the most important recommendations is the need for senior management in banks to pay attention to the internal audit function, and work to develop and modernize it to reduce risks.The study agreed with the research on the need to pay attention to increasing the efficiency of internal auditing because of its influential roles in the facility, but the difference came in the study’s interest in internal auditing in terms of reducing risks in banks, while the research was interested in internal auditing and its relationship to risk management.

The second axis

Theoretical framework

First: Internal audit:

The concept of internal audit:  It is an independent evaluative function established within the organization for the purpose of examining and evaluating the activities carried out by the organization, as a group of independent aspects of activity within the facility created by senior management to carry out its service in verifying operations and restrictions on an ongoing basis to ensure the accuracy of accounting and statistical data in ensuring the adequacy of the precautions taken to protect assets and verify Ensuring that the establishment’s employees follow established policies, plans and administrative procedures and measuring the validity of these plans and policies[6].

Internal audit is the examination of documents, books and records of the facility by an independent administrative department and is part of the internal control system[7].

     The importance of internal audit:

     The importance of review stems from the importance of oversight, as oversight is an organizational activity that exists at all organizational levels, and the need for oversight arises as a result of the possibility of errors occurring in the implementation of plans.

     Internal audit is considered the focus of the regulatory system, as there is no accountability without review, and there is no oversight without accountability and without oversight. Therefore, internal audit is considered one of the most important organizational control departments that measures and evaluates the effectiveness of other means of control. Internal audit is also considered one of the control tools, and it has a specific role related to measuring the ability of other control tools to achieve their objectives and evaluating them. Therefore, internal auditors who carry out their work efficiently become experts in everything related to the design and best implementation of the various control tools, and this experience includes their understanding of the different and overlapping relationships. Between oversight departments, and how to integrate them within the framework of the overall internal control system[8].  Internal audit provides its services to both the organization’s management and its board of directors. Internal auditors bear the responsibility of providing it with information related to the suitability of the internal control system and the effectiveness and quality of the facility’s financial performance.

Objectives of internal audit:

The objectives of internal audit can be divided into:[9] The goal of protecting the facility and the goal of evaluation. The goal of protecting the facility is to review past events for the purpose of verifying the accuracy and application of accounting control and the extent of the possibility of relying on accounting data, and that the facility’s assets are safe from theft and negligence, and evaluating procedures. Internal control, and since the internal auditor has enough time to evaluate all aspects of internal control, the goal of protection is called financial auditing. As for the goal of evaluation, it is considered an extension of the review of financial events and means ensuring that every part of the facility’s activity is subject to control. Therefore, achieving This goal is through creating an internal audit program using the organization’s organizational chart and not through its financial reports. The internal auditor assesses the extent to which the objectives of the subsystems are consistent with the main goal set by senior management, or in other words, the extent to which the system is consistent with the management’s goal and purpose. Also, the presence of a system A sound internal audit will necessarily lead to a highly efficient external audit in order to limit the scope of the examination for the external auditor based on the soundness of the internal audit system.

Second: Risk management

Risk concept: The American Institute of Internal Auditors defined risk as: the possibility of the occurrence of conditions or events that could affect the achievement of the organization’s objectives. Risks are measured by the degree of their impact on the organization’s objectives and the degree of probability of their occurrence. Risks are defined as the possibility of a loss occurring either directly through losses in the results of Business or capital losses, or indirectly through the presence of restrictions that limit the organization’s ability to achieve its goals and objectives, as such restrictions weaken the organization’s ability to continue to provide its work and practice its activities on the one hand, and limit its ability to exploit the available opportunities. In a regulated business environment on the other hand[10].

   Types of risks to which financial institutions may be exposed:

Financial institutions face multiple types of risks, including:[11].

Liquidity risk: Liquidity risk increases when owners of liabilities such as depositors and insurance policyholders demand immediate payment of financial claims they have with a financial institution, or when holders of off-balance sheet borrowing promises suddenly demand to exercise their right to borrow. When debit holders request a direct payment of cash, financial claims are returned to the financial institution, which in turn either borrows additional amounts or sells some of its existing assets to meet those withdrawal requests. The most liquid asset is cash, but the financial institution must limit the amount of cash it holds because it is not invested or earned any interest on it.

Interest rate risk: A type of risk that financial institutions face when there is a mismatch in maturity dates between assets and liabilities, and when there is fluctuation in the interest rate.

The financial institution faces uncertainty regarding the market value of assets or liabilities when the interest rate changes. Knowing that the fair market value equals the present value of the current and future cash flows on the assets or liabilities, we find that a higher interest rate increases the discount rate on the cash flows on the assets. (liabilities) and thus reduces the market value of assets (liabilities), and conversely, a lower interest rate increases cash flows on assets (liabilities).

Market risk: Market risk arises when financial institutions swap assets, liabilities and derivatives more than they hold them for long periods for investment, financing or hedging purposes. Market risks are linked to the risk of interest rates and the risk of foreign exchanges. We also find that the risk of the financial institution as a whole has an influential role in this type of risk, in addition to that it adds another dimension to the risk, which is swap activities. Therefore, it is an additional risk to which the financial institution is exposed when it is linked to the risk of foreign exchanges. And the interest rate of the swap strategy[12].

Market risk or swap risk is the risk that can be exposed when a financial institution takes an open or unhedged long or short position on bonds, equity, commodities, and derivatives, as prices may change in a direction opposite to what is expected, knowing that what is meant by a long position It means making a purchase, while the short position means making a sale[13].

Risk management concept: It is the process by which the risks facing the company or financial institution are measured and evaluated and an attempt is made to control them, reduce them, transfer them to another party, avoid them, reduce their negative effects, and accept some or all of their consequences.

“It is the identification, analysis and economic control of these risks that threaten the assets or revenue capacity of the project.” It is also known as a process through which those in charge of managing organizations develop the necessary policies and procedures to identify the risks surrounding the work of their various activities, then measure them and evaluate their financial impacts, and respond to them by reducing them or minimizing their effects to the extent acceptable to senior management and the board Administration[14].

Risk management objectives: The purpose of risk management is to reduce the probability of loss occurring and reduce the negative effects of loss when it occurs. The basic step in this direction begins with identifying and analyzing all expected sources of risk and estimating the maximum value of the risk expected from them. Then comes the stage of dealing with these risks.

The third axis

Field study

First: Faisal Islamic Bank of Sudan

Origins and development: Faisal Islamic Bank of Sudan was established pursuant to Temporary Order No. 9 of 1977 dated 04/04/1977. In May 1977, eighty-six Sudanese and Saudi founders and some citizens of other Islamic countries met and agreed to the idea of incorporation and subscribed to half of the capital approved at that time and on 18 August 1977, Faisal Islamic Bank of Sudan was registered as a public limited joint stock company in accordance with the Companies Law of 1925, and the bank actually commenced its operations as of May 1978. The authorized capital was 1,000 million Sudanese pounds and the paid-up capital was 700 million Sudanese pounds[15].

Vision: An Islamic bank with Sudanese characteristics, committed to quality and excellence in its work, happiness for customers, confidence in suppliers, development of society, care for employees, and maximization of shareholders’ rights.

The message: A bank that combines its Islamic orientation with its Sudanese characteristics, and aims to develop excellence, with the best efficiency, a full and sound financial center, contemporary legitimate banking products, growing external relations, and modern systems and technologies, on which the employees are based as a creative team, committed to honesty, trained in skill, qualified in knowledge, It adheres to transparency as an approach, to ensure the happiness of customers, shareholders and society.

Bank objectives: The fourth clause of the articles of association specified the bank’s goals and objectives as follows[16]:

1. Carrying out all banking, commercial, financial, and investment work, and contributing to industrialization, economic, urban, agricultural, commercial, and social development projects in any region, region, or district in the Republic of Sudan or outside it.
2. Accepting deposits of various types.
3. Collecting and paying orders, bills of exchange, and other papers of value, and dealing in foreign exchange in all its forms.
4. Drawing, issuing, accepting, endorsing, executing and issuing promissory notes and checks, whether paid in the Republic of Sudan or abroad, shipping receipts, and any transferable, transferable, or collectible papers, or dealing in these papers in any way, provided that they are free of any legal prohibition.
5. Giving good loans in accordance with the rules determined by the bank.
6. Trading and providing precious metals and providing safes to store valuable property.
7. Representing various banking bodies, provided that he does not deal with usury and takes into account the rules of Islamic Sharia in his dealings with these banks.
8. Accepting funds from individuals and legal persons, whether for the purpose of saving .

Second: Analyzing data and testing hypotheses

Research questionnaire design: In order to obtain information and primary data for this research, the researcher designed a questionnaire to find out (the impact of internal auditing on risk management in Islamic banks). The questionnaire is one of the well-known means of collecting field information and is characterized by the possibility of collecting information from multiple items from the research sample and it is analyzed. To reach the specified results.

Table (1) : Distribution of questionnaire items

Source: Preparation of the researcher, based on the questionnaire data, 2023.

The research sample members were asked to determine their answers to what each statement describes according to a five-point graded Likert scale, which consists of five levels (strongly agree, agree, neutral, disagree, strongly disagree). These statements were distributed according to the research hypotheses, as was Coding the respondents’ answers so that they can be easily entered into the computer for statistical analysis, as follows:

Table (2) Distribution of approval grades :

Source: Preparation of the researcher, based on the questionnaire data, 2023.

Table (3) Weight and weighted mean of the research scale :

Source: Preparation of the researcher, based on the questionnaire data, 2023.

Evaluation of measurement tools:

1. Content validity tests of the scale: The content validity test was conducted for the scales’ statements by evaluating the validity of the concept and the validity of its questions in terms of wording and clarity, which may be due either to differences in meanings according to the culture of society or as a result of translating the scales from one language to another. The researcher presented the questionnaire to a number of (3) Academic referees and specialists in the field of research, to analyze the contents of the scales’ statements and determine the extent of compatibility between the statements of each scale, then accept and modify some of the statements, and after retrieving the questionnaire from the arbitrators, then make the amendments that were assumed to it, while the other number of arbitrators indicated that the questionnaire in its current form is complete. For search terms.
2. Tests of consistency and internal stability of the measures used (the degree of reliability of the data): The stability of the measures means the degree to which the measures are free from errors, that is, the degree of internal consistency between the different statements that measure a variable. Reliability means stability, that is, obtaining the same values when the measurement tool is reused, and therefore it leads to To obtain the same results or consistent results every time the scale is repeated, and the greater the degree of reliability and stability of the tool, the greater confidence in it. To test the availability of stability and internal consistency between the answers to the questions, the Alpha-Cronbach credibility coefficient was calculated, and the value is considered The Cronbach’s alpha coefficient was statistically acceptable at 60%. A credibility test was conducted on the respondents’ answers to all axes of the questionnaire, and the estimation results were as shown in the following table:

Tables of results of the reliability analysis of the research standards, showing the values of the Cronbach coefficient for the research concepts:

Table (4) Stability test :

Source: Preparation of the researcher, based on the questionnaire data, 2023.

Note from the above table that the results of the stability test for research hypotheses is greater than 60%. These values mean that there is a high degree of internal stability for all axes The first hypothesis (69%), the second hypothesis (61%), the third hypothesis (84%) The overall stability of the hypotheses (68%) is explained by the fact that the level of stability is high for all hypotheses and that the parameters used by the researcher to measure hypotheses have the internal stability of their terms. This enables the researcher to rely on these answers in achieving the research objectives.

Distributed and returned questionnaires:

(120) questionnaires were distributed to a small sample of employees, cashiers, department heads, and auditors, of which (120) questionnaires were retrieved, representing 100%, which is a percentage that represents the research sample and is reasonable for generalizing the results of the study.

Statistical methods used in the research:

The following statistical methods were used to analyze field research data:

1. The arithmetic mean: The arithmetic mean scale was used to reflect the average answers to the search phrases, where a weight of 5 was given to the phrase “strongly agree,” a weight of 4 to the phrase “agree,” a weight of 3 to the phrase “neutral,” a weight of 2 to the phrase “I disagree,” and a weight of 1 to the phrase “strongly disagree.”
2. Standard deviation: It was used to measure the homogeneity of the answers of the surveyed units and to measure the relative importance of the questionnaire’s axis statements.
3. Regression analysis: It was used to test the effect of each independent variable on the dependent variable to test the research hypotheses.
4. Cronbach’s alpha test: It was used to measure the internal consistency of the research phrases to verify the validity of the performance. The measure is considered good and appropriate if the Cronbach’s alpha value exceeds (60%).

Frequency distribution of basic data:

Table(5)Frequency distribution of the statements of the first hypothesis: The lack of clarity of the authority and responsibility of the internal auditor limits the efficiency of measuring and identifying operational risks in banks.

Source: Preparation of the researcher, based on the questionnaire data, 2023.

It is clear from Table (5) that:

1. The majority of the sample members agree with the first statement: The limited internal audit authority in banks affects their ability to detect operational risks, as their percentage reached (82)%, while the percentage of those who disagreed with that amounted to (9)%. As for the sample members who did not provide specific answers, Their percentage reached (9)%.
2. The majority of the sample members agree with the second statement: Internal audit in banks can access all information related to administrative expenses. Internal audit in banks can access all information related to administrative expenses, as their percentage reached (77)%, while the percentage of those who did not agree with that reached (10). As for the sample members who did not provide specific answers, their percentage reached (13)%.
3. The majority of the sample members agree with the third statement: Internal audit finds support from the banks’ senior management in reviewing operating expenses, as their percentage reached (77)%, while the percentage of those who disagreed with that amounted to (9)%. As for the sample members who did not provide specific answers, they Their percentage reached (14)%.
4. The majority of the sample members agree with the fourth statement: Banks lack an internal audit charter that explicitly defines their authority and ability to review the details of operational costs, as their percentage reached (70)%, while the percentage of those who did not agree to this amounted to (12)%. As for the sample members who They did not provide specific answers, as their percentage reached (18)%.
5. The majority of the sample members agree with the fifth statement: The senior management of banks works to limit the authority of internal audit in accessing some items of operating costs due to their confidentiality, as their percentage reached (81)%, while the percentage of those who disagree with that reached (11)%. As for the sample members who They did not provide specific answers, as their percentage reached (8)%.

Table (6)The descriptive statistics of the first hypotheses: The lack of clarity of the authority and responsibility of the internal auditor limits the efficiency of measuring and identifying operational risks in banks.

Source: Preparation of the researcher, based on the questionnaire data, 2023.

We note from table (6) :

1. The average of the majority of statements that express the statements of the first hypothesis exceeds the hypothesized mean (3). This result indicates that the sample members agree on the majority of statements that express the first hypothesis.
2. The most important statement of the first hypothesis is the statement (The limited internal audit authority in banks reduces their ability to detect operational risks), as the average of the sample members’ answers to the statement was (4.24) with a standard deviation of (0.67).
3. The lowest statement in terms of agreement among the statements of the first hypothesis was the statement (banks lack an internal audit charter that explicitly defines their authority and ability to review the details of operational costs), as the average of the sample members’ answers to the statement was (4.05) with a standard deviation of (0.70).
4. The average of all statements was (4.17), and this indicates that the sample members agree with the majority of all statements that measure the statements of the first hypothesis, with a standard deviation of (0.84), which indicates that the values are centered around their arithmetic mean.

Table(7)Frequency distribution of the statements of the second hypothesis: The lack of independence and objectivity of the internal auditor limits the measurement and identification of market risks in banks.

Source: Preparation of the researcher, based on the questionnaire data, 2023.

It is clear from Table (7) that:

1. The majority of the sample members agree with the first statement: The limited independence of internal auditing in banks affects their ability to detect market risks, as their percentage reached (78)%, while the percentage of those who disagreed with that amounted to (12)%. As for the sample members who did not provide specific answers, they Their percentage reached (10)%.
2. The majority of the sample members agree with the second statement: The weak organizational position of the internal audit department in banks weakens its ability to predict market risks, as their percentage reached (74)%, while the percentage of those who disagreed with that amounted to (14)%, as for the sample members who did not provide answers. Specific, their percentage reached (12)%.
3. The majority of the sample members agree with the third statement: The lack of regulatory protection for internal auditing has reduced its ability to detect market risks to which banks are exposed, as their percentage reached (77)%, while the percentage of those who disagree with that reached (9)%. As for the sample members who They did not provide specific answers, as their percentage reached (14)%.
4. The majority of the sample members agree with the fourth statement: The weak support of the banks’ senior management for internal audit weakens their ability to deal with the market risks to which the banks are exposed, as their percentage reached (71)%, while the percentage of those who did not agree to that amounted to (14)%. The sample who did not provide specific answers amounted to (15)%.
5. The majority of the sample members agree with the fifth statement: Defining the scope of internal audit work in the field of accounting work reduced its ability to detect market risks to which banks are exposed, as their percentage reached (79)%, while the percentage of those who did not agree to that amounted to (11)%. The percentage of sample members who did not provide specific answers reached (10)%.

Table (8)The descriptive statistics of the second hypotheses: The lack of independence and objectivity of the internal auditor limits the measurement and identification of market risks in banks.

Source: Preparation of the researcher, based on the questionnaire data, 2023.

We note from table (8) :

1. The average of the majority of the statements that express the statements of the second hypothesis is greater than the mean of the hypothesis (3). This result indicates that the sample members do not express specific opinions on the majority of the statements that express the focus of the second hypothesis.
2. The most important statement of the second hypothesis is the statement (Defining the scope of internal audit work in the field of accounting work reduces its ability to detect market risks to which banks are exposed), as the average of the sample members’ answers to the statement was (4.19) with a standard deviation of (0.65).
3. The lowest statement in terms of agreement is the statement (The weak support of the banks’ senior management for internal audit weakens their ability to deal with the market risks to which the banks are exposed), where the average of the statement was (4.08) with a standard deviation of (0.63).
4. The average of all the statements was (4.11), and this indicates that the sample members did not provide specific answers to the majority of the statements that measure the statements of the second hypothesis, with a standard deviation of (0.91), which indicates that the values are centered around their arithmetic mean.

Table(9)Frequency distribution of the statements of the third hypothesis: The weak level of professional development of the internal auditor limits the ability to measure and determine credit risks in banks.

Source: Preparation of the researcher, based on the questionnaire data, 2023.

It is clear from Table (9) that:

1. The majority of the sample members agree with the first statement: The lack of skill of the banks’ internal auditor affects his ability to detect credit risks in the bank, as their percentage reached (70)%, while the percentage of those who disagreed with that reached (17)%. As for the sample members who did not provide answers, Specific, their percentage reached (13)%.
2. The majority of the sample members agree with the second statement: The lack of interest in training and qualifying the auditor on the part of the banks’ senior management reduces the auditor’s ability to evaluate bank credit risks, as their percentage reached (71)%, while the percentage of those who did not agree to that reached (14)%. The sample who did not provide specific answers was 15%.
3. The majority of the sample members agree with the third statement: The internal auditor’s lack of practical experience reduces his ability to deal with credit risks, as their percentage reached (79)%, while the percentage of those who disagreed with that amounted to (13)%, as for the sample members who did not provide answers. Specific, their percentage reached (8)%.
4. The majority of the sample members agree with the fourth statement: The decrease in skill in applying internal auditing standards in banks affects their ability to deal with credit risks, as their percentage reached (75)%, while the percentage of those who disagreed with that reached (15)%. As for the sample members who did not They gave specific answers, as their percentage reached (10)%.
5. The majority of the sample members agree with the fifth statement: The internal auditor’s weak knowledge and familiarity with internal audit procedures reduces his ability to predict credit risks, as their percentage reached (78)%, while the percentage of those who disagreed with this amounted to (8)%. As for the sample members who did not express Specific answers, their percentage reached (14)%.

Table (10)The descriptive statistics of the third hypotheses: The weak level of professional development of the internal auditor limits the ability to measure and determine credit risks in banks.

Source: Preparation of the researcher, based on the questionnaire data, 2023.

We note from table (10) :

1. The average of the majority of statements that express the statements of the third hypothesis exceeds the hypothesized mean (3). This result indicates that the sample members agree on the majority of statements that express the third hypothesis.
2. The most important statement of the third hypothesis is the statement (The internal auditor’s lack of practical experience reduces his ability to deal with credit risks), as the average of the sample members’ answers to the statement was (4.24) with a standard deviation of (0.36).
3. The lowest statement in terms of agreement is the statement (The lack of skill of the internal auditor in banks affects his ability to detect credit risks in the bank), where the average of the statement was (4.02) with a standard deviation of (0.49).
4. The average of all statements was (4.07), and this indicates that the sample members agree with the majority of the statements that measure the third hypothesis, with a standard deviation of (0.78), which indicates that the values are centered around their arithmetic mean.

Testing research hypotheses:

Testing the first hypothesis:

The validity of the first hypothesis is tested and proven using linear regression analysis as follows:

Table (11)The result of a simple linear regression analysis of the relationship between the lack of clarity of the authority and responsibility of the internal auditor and the efficiency of measuring and identifying operational risks in banks.

Source: Preparation of the researcher, based on the questionnaire data, 2023.

We note from table (11) :

There is a (very strong) connection between the lack of clarity of the authority and responsibility of the internal auditor and the efficiency of measuring and identifying operational risks in banks. This is evident through the value of the correlation coefficient (R) of (0.76), which is an absolute value that does not determine the form of the relationship between the dependent and independent variables, and by reference to the value of the regression coefficient (B) (0.77), which indicates the existence of a relationship between the lack of clarity of the authority and responsibility of the internal auditor and the efficiency Measuring and identifying operational risks in banks. The value of the coefficient of determination (explanatory powers) shows that 65% of the changes occurring in the dependent variable (the efficiency of measuring and identifying operational risks in banks) are caused by the independent variable (the authority and responsibility of the internal auditor). As is evident from the results of the analysis, there is a statistically significant relationship between the dependent variable (the efficiency Measuring and determining operational risks in banks) and the independent variable (the authority and responsibility of the internal auditor) according to the (t) test at a significance level (5%), where the calculated (t) value reached (24.32) with a moral significance level (0.000), which is a value less than the level The significance is 5%. Therefore, the null hypothesis is rejected and the alternative hypothesis is accepted, which indicates the existence of a statistically significant relationship between the lack of clarity of the authority and responsibility of the internal auditor and the efficiency of measuring and identifying operational risks in banks.

Testing the second hypothesis:

The validity of the second hypothesis is tested and proven using linear regression analysis as follows:

Table(12) The result of a simple linear regression analysis of the relationship between the lack of independence and objectivity of the internal auditor and measuring and determining market risks in banks.

Source: Preparation of the researcher, based on the questionnaire data, 2023.

We note from table (12) :

There is a (strong) connection between the lack of independence and objectivity of the internal auditor and measuring and determining market risks in banks. This is evident through the value of the correlation coefficient (R) of (0.66), which is an absolute value that does not determine the form of the relationship between the dependent and independent variables, and by reference to the value of the regression coefficient (B) (0.66), which indicates the existence of a relationship between the lack of independence and objectivity of the internal auditor and measuring and determining Market risks in banks. The value of the coefficient of determination (explanatory powers) shows that 72% of the changes occurring in the dependent variable (measuring and determining market risks in banks) are caused by the independent variable (lack of independence and objectivity of the internal auditor). As is evident from the results of the analysis, there is a statistically significant relationship between the dependent variable (measuring… Determining market risks in banks) and the independent variable (lack of independence and objectivity of the internal auditor) according to the “t” test at a significance level of (5%), where the calculated value of “t” reached (18.33) with a significance level of (0.000), which is a value less than the level of The significance is 5%. Therefore, the null hypothesis is rejected and the alternative hypothesis is accepted, which indicates the existence of a statistically significant relationship between the lack of independence and objectivity of the internal auditor and measuring and determining market risks in banks.

Testing the third hypothesis:

The validity of the third hypothesis is tested and proven using linear regression analysis as follows:

Table(13): The result of a simple linear regression analysis of the relationship between the poor level of professional development of the internal auditor limits the ability to measure and determine credit risks in banks.

Source: Preparation of the researcher, based on the questionnaire data, 2023.

We note from table (13) :

There is a (strong) correlation between the weak level of professional development of the internal auditor and the ability to measure and determine credit risks in banks. This is evident through the value of the correlation coefficient (R) of (0.70), which is an absolute value that does not determine the form of the relationship between the dependent and independent variables, and by reference to the value of the regression coefficient (B) (0.71), which indicates the existence of a relationship between the weak level of professional development of the internal auditor and the ability To measure and determine credit risks in banks. The value of the coefficient of determination (explanatory powers) shows that 82% of the changes occurring in the dependent variable (the ability to measure and determine credit risks in banks) are caused by the independent variable (weak level of professional development of the internal auditor). As evidenced by the results of the analysis, there is a statistically significant relationship between the dependent variable. (The ability to measure and determine credit risks in banks) and the independent variable (twice the level of professional development of the internal auditor) according to the (t) test at a significance level (5%), where the calculated (t) value reached (20.17) with a moral significance level (0.000), which is A value less than the level of significance of 5%. Therefore, the null hypothesis is rejected and the alternative hypothesis is accepted, which indicates the existence of a statistically significant relationship between the weak level of professional development of the internal auditor and the ability to measure and determine credit risks in banks.

fourth Axis

Conclusion

First: results

Below, the researcher discusses the results reached:

1. The study hypotheses have been proven correct
2. The limited internal audit authority of banks affects their ability to detect operational risks
3. The senior management of banks works to limit the authority of internal audit to access some items of operating costs due to their confidentiality
4. Weak cooperation of bank employees with internal audit reduces access to information that enables them to predict market risks
5. Defining the scope of internal audit work in the field of accounting business reduced its ability to detect market risks to which banks are exposed
6. The internal auditor’s weak knowledge and familiarity with internal audit procedures reduces his ability to predict credit risks
7. The lack of interest in seminars and workshops in the field of internal auditing in banks affects the ability of the internal auditor to deal with credit risks

Second: Recommendations

Below, the researcher discusses the recommendations that were reached:

1. Issuing appropriate legislation to enable the Internal Audit Department to carry out its work more broadly.
2. Senior management in banks must support the internal audit units and give them the necessary powers to assume their responsibilities.
3. The necessity of activating all efforts and capabilities, professionally and academically, with the aim of developing the auditing profession.
4. Working to increase disclosure and transparency in banks.
5. The need to adhere to international auditing principles and standards and amend the legislation related to the duties of these bodies. Holding continuous training courses for all administrative levels to familiarize them with the pillars of institutional control. High and their role in risk management.
6. The study recommends the need to pay attention to the issue of risk management and translate it into practice to help add more confidence and reassurance by publishing technology RER is independent of risk management within the published annual report.

References :

• Ahlam Jaafar Abdel Majid, The role of internal audit in mitigating operational risks by application to the Saudi Sudanese Bank, PhD thesis, Sudan University of Science and Technology, 2017 AD.
• Ahmed Hilmi Jumaa, The Modern Introduction to Auditing, (Amman: Safaa Publishing House, 2000),
• Essam al-Din Muhammad Metwally, Review (1), (Khartoum: Sudan Open University Publications, 2006), p. 26.
• Ibrahim Ihab Nazmi, Auditing based on business risks, modernity and development, (Amman: Arab Society Library, 2000 AD), p. 32.
• Ihab Adeeb Idris, The Impact of Internal Auditing on Risk Management in Banks (Gaza: Islamic University, unpublished doctoral dissertation in accounting, 2013.
• Mahmoud Ahmed Abdel Moneim, Contemporary Trends in Internal Auditing and Its Role in Reducing Audit Risks in Commercial Banks, (Khartoum: Al-Nilein University, unpublished master’s thesis in accounting, 2013.
• Muhammad Nour Issa Ahmed, The impact of internal audit on risk management and governance in industrial companies, doctoral thesis, Bakht al-Rida University, 2020.
• Sana Kamel Ali, Determinants of internal audit quality and its role in evaluating risk management in government units in Sudan, doctoral dissertation,Sudan University of Science and Technology, 2022.
• Sana Muhammad Badran, Modern Trends in Reviewing, (Cairo: Without a Publisher, 2000) .
• Saudi Accounting Association, Internal Auditing Course, (Riyadh: Association Publications, 1999),
• Saunders –Cornett, Financial Markets And Institutions, an Introduction to the Risk Management Approach, second edition, McGraw-Hill, pp 535 – 536.
• Tariq Ahmed, Risk Management (Analysis of Issues in the Islamic Financial Industry), Islamic Development Bank, Jeddah, 2003), p. 141.
• fibsudan.com/page/6 – 29/3/2022 – 8:00 m

[1] Sana Kamel Ali, Determinants of internal audit quality and its role in evaluating risk management in government units in Sudan, doctoral dissertation, Sudan University of Science and Technology, 2022.

[2] Mahmoud Ahmed Abdel Moneim, Contemporary Trends in Internal Auditing and Its Role in Reducing Audit Risks in Commercial Banks, (Khartoum: Al-Nilein University, unpublished master’s thesis in accounting, 2013.

[3] Ahlam Jaafar Abdel Majid, The role of internal audit in mitigating operational risks by application to the Saudi Sudanese Bank, PhD thesis, Sudan University of Science and Technology, 2017 AD.

[4] Muhammad Nour Issa Ahmed, The impact of internal audit on risk management and governance in industrial companies, doctoral thesis, Bakht al-Rida University, 2020.

[5] Ihab Adeeb Idris, The Impact of Internal Auditing on Risk Management in Banks (Gaza: Islamic University, unpublished doctoral dissertation in accounting, 2013.

[6] Sanaa Muhammad Badran, Modern Trends in Reviewing, (Cairo: Without a Publisher, 2000), p. 21.

[7] Essam al-Din Muhammad Metwally, Review (1), (Khartoum: Sudan Open University Publications, 2006), p. 26.

[8] Saudi Accounting Association, Internal Auditing Course, (Riyadh: Association Publications, 1999), p. 17.

[9] Ahmed Hilmi Jumaa, The Modern Introduction to Auditing, (Amman: Safaa Publishing House, 2000), p. 34.

[10] Ibrahim Ihab Nazmi, Auditing based on business risks, modernity and development, (Amman: Arab Society Library, 2000 AD), p. 32.

[11] Saunders –Cornett, Financial Markets And Institutions, an Introduction to the Risk Management Approach, second edition, McGraw-Hill, pp 535 – 536.

[12] Previous reference, p. 315

[13] Tariq Ahmed, Risk Management (Analysis of Issues in the Islamic Financial Industry), Islamic Development Bank, Jeddah, 2003), p. 141.

[14] Previous reference, p. 72

[15] www.fibsudan.com/page/6 –  29/3/2018 – 8:00 m

[16] www.fibsudan.com/page/6 –  29/3/2018 – 8:00 m