Internal Controls in NHS

Chapter 1.0: Introduction

1.1 Background of the Study

The study of internal controls in NHS is important becuase of the rapidly changing economic conditions, shift in the demand of the public health care needs, competitive landscape pressure to deliver high quality services and public pressure for scrutiny of the funds (tax payer’s money) has increased the need for transparency and effective financial control systems. The performance measurement in the public sector based on 3E which are Economy, efficiency and effectiveness requires greater control of resources of the organisation. (Flynn, 2012)

Therefore, internal financial control helps the organisation to achieve the resource efficiency and adapt to a continuous changing environment of the organisation. (Bergmann, 2009)

Consequently, in the public sector needs the risk management to provide assurance that organisation mission is achieved in the safe manner and public money is used with greater efficiency. (Vanzanella, et al., 2015) The review and evaluation of the effectiveness of internal financial control mean reviewing the structure and creditability of the organisation control systems. Organisation with effective and efficient financial control systems ensures assets are safe as well as the integrity of financial reporting of the organisation. (Stiglitz, 2000)

1.2 Control Sytems  in NHS

Financial control systems help to eliminate the fraud, protect assets, the accuracy of the financial statements and attainment of the corporate goals. Internal financial controls are methods and procedures to safeguard the assets of the organization; ensure integrity and reliability of the financial and accounting data, encourage compliance and adherence to standards and policies as well as promote the operational efficiency of an organisation. (Hoitash, et al., 2009)

Internal financial controls are design methods and procedure-based system which result in effective operations, avoid fraud, ensure compliance as well as produce reliable financial reporting. (Doyle, et al., 2007)

1.3 Research Problem Statement

According to recent report publishes by BBC states “NHS fraud and errors are costing the UK £7bn a year”. (BBC, 2015) It is estimated that fraud cost NHS £ 5 billion a year and the £ 2 billion is lost due to financial errors. Moreover, NHS service model follow the policy of not measuring the losses which provide further opportunities to commit the fraud.  The range of fraud in the NHS includes no payment for the prescriptions, medical professionals claiming false expenses as well as overcharging by the contractors. (Bakertilly, 2014)

According to the recommendation made by the NHS ex-director for counter fraud services, NHS needs to address the problem of lost money due to fraud and error’s. Therefore, NHS continues to widen its fraud and error losses due to lack of effectiveness and transparency in financial control systems. (Journalista, 2014)

1.4 Purpose of the Study

The purpose of the study is to hypothesize the existence of internal control in the NHS and how effectively these control system are compiled in the NHS. Moreover, based on the hypothesis recommendation will be made to improve the control system. NHS need to develop strong financial to develop as well as evaluation the financial regulations.  Consequently, the opportunity exists in the system to reduce cost through controlling the fraud and errors without compromising the quality of care services. (Ball, 2012; Meikle, 2014)

NHS need strong and effective components such control environment and activities, risk assessment and monitoring of the accounting activities will help to reduce fraud and error. NHS need to integration procedures and method to increased fairness and integrity of the operations. (Kutz, 2003)

1.5 Research Question

NHS is faced with a large amount of financial fraud and error which result in financial and reputation loss due to lack of effectiveness and transparency in financial controls. That is why, research question is determine to seek the following questions (Leary, 2013)

  1. What kind of internal control system NHS expose to?
  2. What kind of internal control systems exist in the NHS?
  3. To determine the composition of the internal control and effectiveness in NHS

1.5.1 Research Objectives

This dissertation aims to achieve following objectives

  1. To identify and establish the existence of current internal control system.
  2. To find out the impact of management internal control on financial performance
  3. To find out the internal financial control place by the NHS
  4. To determine the short coming in design and implementation of internal financial controls.
  5. To make recommendation to improve financial control design and implementation

1.6 Significance of the Research

In public sector especially the hospital the accounting demand is not as strict as they are in private sector. (Bandy, 2014) In case of the NHS, the annual budget of £ 115 billion based (tax payer money and national insurance money) is being injected by government and therefore, scrutiny of money is fundamental. The demand for better efficiency and greater scrutiny has increased the need of the effective internal control systems in the NHS. Each of the NHS unit (hospital) publish its own statement of internal financial controls but still there is greater need for better financial control because according to recent report publish by BBC states “NHS fraud and error ‘costing the UK £7bn a year”. (BBC, 2015)

The review of existing control systems, as well as evaluation of the design of systems, can help to minimize the financial loss and increase the creditability and integrity of the NHS. (Prowle & Harradine, 2014)

1.7 Scope of Research

To hypotheses the financial control system in NHS three hospitals are selected. The three hospitals selected for study are York teaching hospital, Boothham park hospital and Leeds Teaching Hospitals. The target departments selected for study are finance and accounts department, auditing department, Local Counter Fraud Specialist (LCFS) as well as medical personnel in the public hospital. The finding of the dissertation is expected to help the departments through providing the insight and overcome the problems and increase efficiency and effectiveness of the system (Vijayakumar & Nagaraja, 2012)

Internal Controls in NHS

Figure 1: Scope of the Study

1.8 Limitation of the study

The total of three hospitals is selected for study along with four target departments selected for study in the public hospital. (Hall, 2012) However, the selection of three hospitals represents limited view of the control system compare to large network of the health care system. The fundamental limitation is time and cost attached to the project as it would be difficult to examine the large network of the NHS Hospital in short time. (Hightower, 2008)

1.9 Structure of the Dissertation

  • The chapter 1 of the dissertation includes an overview of the topic, problem statement, research questions and objectives along with the importance of the study.
  • The chapter 2 of the dissertation has detailed review of literature, highlighting financial control importance, control framework, design of control systems, problems associated with control system as well as effectiveness’s of the strong financial control system.
  • Chapter 3 discusses the research methodologies, the design of the research as well as mention the methodology used in this paper.
  • The chapter 4 analyses the data and presents the results to ensure the objectives of the dissertation are achieved
  • At last, not least, chapter 5 have conclusion and recommendation based on the data analysis to ensure dissertation provide useful insight for academic and professionals.

Chapter 2.0 Literature Review

2.1 What is Internal Control?

Moeller (2011) stated that internal control systems are defined as processes which are design to provide the reassurance to achieve the objectives of the organisation. The framework is design to ensure effectiveness as well as efficiency of the company operations, compliance with financial reregulation and laws as well as creditability and reliability of the reporting. Moreover, internal controls are useful to integrate and plan activities along with attitude and policies of the organisation to provide the assurance that company achieve its mission and objectives.

According to Tarantino (2012) internal control systems are manual and computerized to detect and prevent the errors along with irregularities of the organisation system and consequently impact upon the financial reporting and statement of the organisation.

2.2 Importance of Internal Control

According to Drennan et al (2014) Risk management is a process to analyse the factors that could affect the objectives of the company and hinder the company to achieve these objectives. To control and minimize the risk, it is important that must careful identify and evaluate and risk in order to minimize the disruption and financial loss for organisation. Organisational procedures codes and principles based on risk management are important to help organisation to manage the activities and reduce the fraud and accounting error.

Moreover, Power (2004) added that Influential internal controls are vital for assurance that the responsibility put on managers is completed adequate and effective by avoiding loss through fraud; accurate accounting data; securing integrity of activities; and assessing the level of implementation in every single activity of the organisation.

2.3 Internal control and Internal Control System

Dorf & Bishop (2011) highlighted that internal control enclosed the whole system of the control such as financial and management to ensure that reasonable assurance of the internal financial control, compliance of the policy and procedures as well as efficient operations compliance with laws and regulations. Internal control assists the management in ensuring organisational objectives are achieved, efficient and effective operations of the business, safeguard of the assets, accuracy and completeness of the record as well as dectection and preventation of the fraud.

Friedland (2012) argued The strong financial control will defend against the failure as well as improve the performance of the business. COSO framework has presented effective description of the internal control which is applicable all over the world. The COSO framework is based around three important categories which are; 1) efficiency and effectiveness of business, 2) reliability of the financial reporting as well as compliance with law and regulations. (Tessier & Otley, 2012)

2.3.1 COSO framework and internal control system

The changing management practices and technological advancement has chnaged the working practcies of the organisations. This has resulted in the employment of the fewer staff to perform the accounting function through cross checking, a layer of authoirzation as well as segregation of the duties. This has incrased the need of effective internal control system in the organsiation. (El-Mahdy & Thiruvadi, 2013)

To fulfil this objective, (diagram below) COSO framework has stated three objectives which are operations (resources), financial reporting (financial statement) as well as compliance (law and regulation). Internal financial controls in an organisation is based on five components (see diagram below) which are interrelated and these components are basic to develop an internal control system in an organisation. The combination of these control system helps to set procedures and methods to effectively control the operational of organisation. (Ramos, 2004) (Moeller, 2014)

Figure 2: COSO – Internal Control

2.4 COSO framework and Internal control

Andres & Theissen (2008) highlighted that internal control systems are effective when they are tailored and customized to meet the need of the organisations. The business environment and role of technology in the UK public organisations is significantly different and therefore, development and implementation elaborate different context for the internal control system.

The large corporate scandals in the recent years has raised the need to evaluate and reformulate the effective and customized control systems in order to guide the executive for the decision making as well as maintain the check and balance. The organisation should evaluate the effectiveness of the internal control system and implement the control system to meet the needs of the organisation. (Gelinas, et al., 2011)

The objectives of the internal control systems are to detect and deter the fraud or error and increase the economy and efficiency of the organisation operations. The important of the internal control system in the public organisation even become critical because complex structure and public fund. (McKinney, 2015)

The NHS in the UK provide health service to public and the complex structure and size of the organisation has required to devise and implement control structure which maximise the resource efficiency as well as eliminate the fraud and error. Moreover, Management of the organisation is responsible for designing and implementing the internal control to achieve the desired results through safeguarding the assets and records. (Dorf & Bishop, 2011)

2.4.1 Application of COSO internal control – Object and components in UK context

2.4.1.1 Control Environment

Janvrin et al (2012) assessed that the control environment includes a range of factors such as values, integrity as well as a philosophy of management within an organisation. It is an important component of the control environment and provides the foundation for the other components to design an effective control system.

Shapiro (2014) added that the working practices and business environment in UK is different and i.e. control system must set the tone in terms its people value and concern for the control system. The control environment of the NHS is affected by the history of the organisation, its management, structure, and operations.

2.4.1.2 Risk Assessment

Graham (2015) evaluated that risk assessment is the part which is used for identification of risks as a part of the framework. For risk assessment to be powerful, control measures are set up by stating clear objectives. This part of the framework recognizes and investigates possible risks surrounding the organisation.

Premuroso & Houmes (2012) stated that management must focus the level of risk precisely to be understood and determined, and attempt to keep up such risk inside determined levels. The need of the efficient and effective control system in critical in public organisation such as NHS, and i.e. manager needs to design and deploy effective controls to assure efficiency and effectiveness, quality of budgetary reporting and also agreeability with laws and regulations.

2.4.1.3 Control Activities

D’Aquila & Houmes (2014) assessed that control activities are the procedures and policies set by the management to ensure that directives of the management are properly deployed and managed. The document and manuals enclosed procedures, policies and practices to carry out the activities and minimize the risks.

Singleton et al (2006) evaluated that this enclosed how control will be carried out in an organisation through setting policies and procedures. The control activities ensure the all necessary actions to aim the risk of the organisation and ensure objectives of the organisation are achieved. The design of the control systems is usually set with the internal audit department.

2.4.1.4 Information & communication

The relevant information capture and communicate is achieved through this component of the framework. This component allows the timely and effective communication with the employee so that they can carry out their activities effectively. The information can be communicated internally and externally to ensure the coordination of the control activities and role and responsibilities of the employees. (Wilkins & Haun, 2014)

2.4.1.5 Monitoring

Cendrowski and Mair (2009) appraised that monitoring ensures that the investigation of the internal control structure over time. Since internal controls are procedures, it is generally acknowledged that they should be enough observed so as to evaluate the quality and the viability of the frameworks implementation after some time.

Collier and Agyei-Ampomah (2008) added that they can bring an orderly and trained methodology for the assessment and change of risk management activities and good administration handled by analysing of the internal controls and assessing how satisfactory and powerful the controls systems are for an organisation.

2.5 Corporate Governance and Internal control

In The UK, financial reporting council (FRC) has issued code for the corporate governance in 2010, to regulate the companies’ environment. The codes are principle based that provide guidelines and provisions for the companies in order to effectively managed the operations. (Duska, et al., 2011)

The ‘comply or explain’ approach helps the management to adopt the flexibility and board can perform their duties in the best interest of organisation and shareholders. The code explains responsibilities and role of the board in identifying the risk enclosed in the operations and consequently designing control system to achieve strategic objective of organisation. Therefore, it encloses procedures through which board can establish and apply transparent arrangement to safeguard assets and resources of the organisation. (Beasley, 2012)

2.5.1 Corporate governance in UK public sector

The government department in the UK is not the same when compared with profit making corporation. However, these face the similar challenges along with business like needs. The composition and merit in the public sector involve balance board based on civil servants and non-executives outside the government. (Borisova, et al., 2012)

Board provide advisory on range of issues to the departments and usually chaired by the secretary of the state. Policy and regulation are based on the advice from board and officials who devise and support the operational matter and implications along with the effectiveness of the policy proposals.

Corporate governance in the UK public sector is based on the on following criteria which are; 1) leadership (give vision and clarity about policy), 2) effectiveness (experiences and rigorous challenges as well as scrutinising performance), 3) accountability (transparency and fair reporting), 4) sustainability (long-term perspective on department). (Soin & Collier, 2013) (Newell, et al., 2012)

2.6 Internal Audit and Audit committee

Internal audit and audit committee are important to effectively manage the operations of the organisation along with corporate governance. The objective of the internal audit is to ensure that weakness and deficiencies are eliminated from the system and operations become more efficient. The internal control reports to the audit committee and it ensures the system have proper check and balances. (Bierstaker, et al., 2012)

In the UK, Combine code highlight and enclose the role and responsibility as well as important of the audit committee. The role of the internal auditor is to ensure that internal control practices, processes and protocols are followed to increase transparency, efficiency as well as the effectiveness of the system. (De Zwaan, et al., 2011)

2.6.1 UK – Public Sector Internal Audit

The objective and independent internal audit service is recognised through the UK public sector through adopting the public sector internal audit standard setters (PSIAS). The purpose of the PSIAS is to define the standards and nature of internal auditing in UK, set the principles to explain how to carry out internal audit as well as provide the framework to carry out the internal audit which add value to the organisation. The principles are applicable to all government bodies.

The aims of the internal auditing is to deliver an independent as well as objective assessment which for assurance and value addition to improve organisation operations. The PSIAS bring systematic and disciplined approach to evaluate the effectiveness and control of the processes. (gov.uk, 2013)

2.7 Management Control System

Flamholtz (2012) argued that control function includes things such as organisation and people which symbolize the activities of the organisation based on the human behaviour and socio-economic systems. Therefore, control function detail wide range of organisation activities.

Anthony & Govindarajan (2014) highlighted that management control system (MCS) enables the management to gather as well as use the information and analyse the performance of the various function of the organisation such as financial, physical and human. The management function in an organisation involves defining the goals and set the timetable to achieve these goals. The three important component of the management is setting the standards, measurement of the performance as well as taking the corrective actions.

Reichmann (2012) debated that the management control highlight three important areas which comparing the planned performance against the actual performance, analysing and evaluating the difference, determining the causes of these differences and taking the corrective actions to eliminate the differences. The theoretical framework used for MCS this dissertation discussed three areas which are process control, cultural and administrative control.

2.7.1 Process Controls

Kaplan & Atkinson (2015) mentioned that the processes control involves the operational and routine activities of the organisation whereas administrative and cultural control is concerned with structure and governance system of the organisation.  The process control is based on the integrated group of activities which are used to achieve specific goals such as material element and people management. The process control mechanism involves planning, budgeting as well as performance management of the organisation.

Zimmerman & Yahya-Zadeh (2011) indicated that the planning is defined as the determination of the course of action to achieve specific objective and it is important that organisation plans to fulfil the need of five stakeholders which are employees, customer, suppliers as well as community. The plans are set to meet the need of the customer in efficient and cost manner. NHS has effectively planning system in order to meet the need of its stakeholders and their customers are patients who required quality healthcare services.

Hofstede (2012) emphasized that the objective of the planning is to control the behaviour of its employee within an organisation to achieve its goals. The budget refers to the forecasting the financial performance of the organisation in future which facilitate the strategies implementation. Moreover, budget translate of the strategies and plans into measurable actions based on the accounting information. In the management control system, budgeting refers to allocation of the financial resources based on the planned activities. In NHS, budgets are used to measure performance of the organisation and control the financial resources. (Abraham, et al., 2008)

2.7.2 Administrative control

Administrative control is concerned with governance and structure of the organisation. This involves setting the administrative matter such as organisational structure, responsibilities as well as defining the governance mechanism. Administrative control is useful to ensure that operations of the organisation are carried out effectively. The objective of the administrative control is to achieve goals of an organisation as well as ensure that authorizations are obtained in accordance with management hierarchy and policies. (Macintosh & Quattrone, 2010)

Administrative control focuses on ensuring that transactions are recorded in accordance with financial accounting principles and reflect true and fair view in the financial statements. The organisational structure plays important role to define and explain the roles and responsibilities to meet the organisation need and comply with social environment. Moreover, governance determines the relationship between the stakeholders and management of an organisation. (Otley & Soin, 2014)

In NHS, board and management committees control and manage the operations which high the horizontal and vertical responsibilities. In other words, it defines the relationship among the stakeholders with different interest. (Gov.uk, 2013)

Figure 4: NHS structure

2.7.3 Cultural control

The cultural value in planning and control are implication and according to Hofstede culture and norms plays an important role when design and implementing management control system (MCS) in an organisation. The culture, sub-culture and structure shape up the management control system and goal congruence in an organisation.

There are three cultures which control the organisation and they include value control, clan control and symbol based control. The relationship between employee and sub-ordinate is known as clan control; belief and value control manage the communication and align behaviour of the employee with organisation. The symbol culture reflects the physical expression of the organisation. The culture in the NHS is based on the rigid hierarchies and manager follows the direction, supervision and punish in the organisation.

2.8 Internal control Activities – System and People Management

2.8.1 Management Control

It is the duty of the management to ensure all control systems are sound and implement. Management must ensure that controls are exercised, review of management accounts, internal audit, budget and review procedure are followed and working effectively. (Beneish, Billings and Hodder, 2008)

2.8.2 Segregation of Duties

The duties, as well as authorities, should be clearly divided between the manager and employees. The purpose is that no single individual control to exercise unlimited power and unrestricted access. (Gelinas and Dull, 2009) The range of functions such as transaction recording, authorization, execution as well as the development of procedures should be separated. Nevertheless, this control element usually evaded by the collusion of the employees. (Zhang, Zhou and Zhou, 2007)

2.8.3 Physical Control

Physical control involves the supervision of the asset and resources of an organisation. Moreover, it encloses the policies and procedures which limit the access of the unauthorized individuals through a deploying range of measures. (Cascarino, 2012) The physical controls are important when resources are valuable as well as portable assets.

2.8.4 Authorization and approval

The authorization and approval should not be given to single individual and for financial transaction signatures of more than one person should be required. Moreover, it is appropriate to set the approval hierarchy in an organisation. (Biegelman and Bartow, 2012)

Authorization and approval is an important element to implement the financial control in an organization. Nevertheless, a large amount of money should be approved and authorized by the responsible and trusted. (Marley and Mooney, 2014)

2.8.5 Arithmetical and accounting control

It is important that financial transactions should be recorded and processes in accurate and timely manner. The arithmetic accuracy of the record is important such as reconciliation, control of accounts, checking the totals as well as trails balance. (Mock and Turner, 2013)

2.8.6 Organization Control

Organisation activities should define the responsibilities of the employee and managers as well as allocate the responsibilities to ensure the objective of the organisation. It is important that communication and coordination activities are important to ensure the effectiveness of organisation processes. (Pfister, 2009) The organisation control helps to improve the coordination and efficiency of processes and control the risk of fraud. (Frey, Homberg and Osterloh, 2011)

2.8.7 Personnel

Employees are key resources to perform the operations of an organisation and assigning responsibilities based on the capabilities is fundamental for effective control in an organisation. (Prawitt, 2013)The selection of qualified and capable employees along with training can help the organisation to minimize the error. (Hammersley, Myers and Zhou, 2012)

2.9 Benefits of Management control system

The benefits offered by the management control are to help to deter the fraud and detect errors. Management controls are designed to improve the control environment, minimizing the possibilities of errors and eliminate the error and fraud. (Drury, 2007)

Moreover, management controls are useful to identify illegal activities and financial misconduct which result a loss for the organisation. It is useful to minimizing the illegal conduct and mal-practice in an organisation. Strong and efficient management controls helps to increased efficiency and effectiveness which improve the competitiveness of service provision. (Moeller, 2011)

Management controls helps to carry out the operations in efficient manner which result in increased competitiveness of organisation because of resource utilization and increased throughput. The integrity of financial statements and information and deploy operational infrastructure in an organisation. Management controls reduces the compliance and failure cost and organisation can deploy resources in more efficient manner. (Leitch, 2012)

2.10 Flaws and shortcoming in control system

Financial Control systems are designed based on the operations and structure of an organisation to ensure it mitigates the risk and deter the fraud.  However, some time management adopts the short to design a control system which is inadequate in the current environment which present risk for the organisation. The weak design of internal financial control system is a compromise with the safeguarding of the resources and assets as well as it increases risk and make operations inefficient. (Arwinge, 2012)

Therefore, internal financial control helps the organisation to achieve the resource efficiency and adapt to continuous changing environment of the organisation. Therefore, management in public sector needs the risk management to provide assurance that organisation mission is achieved in safe manner and public money is used with greater efficiency. (Stiglitz, 2000)

2.10.1 Dishonest employees and fraudulent act

Fraud is defined as the dishonest act of employee either through misrepresenting false information or taking the personal advantage. The number of fraud activities could involve manipulation of financial information, using assets for personal advantage, the omission of defect in the records as well as ironing the policies and procedures. The fraud could be committed either at the management level or at the employee level. (Watts & McNair‐Connolly, 2012)

2.10.2 Poor control environment and monitoring

Organisation with the weak management controls system may fail to identify the fraud and consequently result in the financial loss for an organisation. The number of fraud which can be incurred in an organisation includes forged cheques, unauthorized disbursement, ghost employees, petty cash stolen as well as unauthorized and fraudulent transfers. (Simons, 2013)

2.11 Conclusion

Organisation objectives, as well as operating environment, are constantly evolving and consequently there is pressure from a range of stakeholders to achieve efficiency and effectiveness for resources of the organisation. The situation is even complicated in the public sector because of different objectives and range of risk encompasses in the public sector. Moreover, the effective management controls system helps the organisation to respond to changing operating environment as well as safeguard assets of the organisation.

Internal controls are components on which organisation operations are based to achieve the objectives of the organisation. Management controls are design by the management to increase the efficiency and effectiveness of organisation resources, reduce the risk of fraud and dishonest activities as well as ensure the continuity of business through achieving its strategic goals.

Chapter 3.0 Research Methodology

3.1 Introduction

Research methodology, design of research, research instrument and method of data collection as well as sampling procedures are discussed. The research design is referred to conditions and arrangement used to collect the data and analyse the data in such manner that it combines the relevance and research purpose. The success of the research is directly linked with the design of the research.

The purpose of the research is to analyse the effectiveness of management and financial control system in NHS. The objectives is to determine and develop hypotheses on the NHS control using the research question

  1. What kind of internal control system NHS expose to?
  2. What kind of internal control systems exist in the NHS?
  3. To determine the composition of the internal control and effectiveness in NHS

3.2 Research Approach

There are three approaches to research which are exploratory, descriptive and explanatory research. The descriptive research is useful to explore and explain the problem. It is useful to describe what happened in more detail through expanding the current understanding. This approach is useful to answer question such as how and what rather why scenario. (Silverman, 2013)

Explanatory research is useful to connect an idea, affect and causes to develop meaning on the scenario in order to understand what is happening and going on. The explanatory research is only useful when basic ground and understanding are developed and the emphasis is to investigate from a deeper perspective. (Rothenberger, 2013)

Exploratory research is useful to develop initial hypotheses or theoretical perspective on the subject. This helps the researcher to develop an idea and observe something and seeks to understand it. The exploratory research is useful to develop ground for the future research through observing the actual practices in the light of the theory. The nature of the study is descriptive because it is useful in the situation when data is gathered to identify and examine the current state of the subject. (Blaikie, 2009)

3.2.1 Exploratory Research and NHS

The objective of this dissertation is to develop hypotheses on the existing financial and management control system in NHS. The purpose is to develop the understanding of the existing control in the NHS and how they are complied. To identify the existing control system, management control system and impact of the financial control system can be better explored using the exploratory research approach. The actual control system would be identified and understanding will be developed which further evaluated against the theory to examine and evaluate the control system composition and effectiveness.

3.3 Research strategy

The case study is most useful and flexible research design which allows the researcher to understand and retain the holistic characteristic attached to the real life event. A case study is useful to understand the contemporary phenomenon in the real life context, the boundaries of the event is blurred as well as there is multiple sources of evidence is available to study the problem. (Stake, 2013)

The case study is a useful way of the doing social research based on the survey, observation or experiments. A case study takes the principle subject of the social entity in its normal context and basic role of the study is that it provides a descriptive account of the social scenario in the real life situation.

The case study approach is useful to analyse the problem in wider context based on the flexibility it offers. The descriptive study is useful to portray a number of variables to answer a range of questions such as what, how and who. (Yin, 2013)

3.3.1 Purpose of Case study and NHS

According to Yin (2013) there are three conditions which determine whether the case study research is useful. The first factor is the type of the research question, second is the investigator control of the situation and the last is the degree of the contemporary events.  Moreover, a descriptive case study is appropriate where preliminary research is necessary and surveys are appropriate for the descriptive phase. The current in term of a control system in the NHS lacks the information. (Yin, 2013)

There is not enough information available on the existence, effectiveness and composition of the control system in the NHS. Moreover, the research question is set to determine ‘what scenario’ which could be effectively elaborated through surveys. Selection of the case study allows to maximum the learning from the case through deploying the unit case as a critical factor. The focus of the case study is to examine the issues to develop a rigorous understanding of the NHS control system. (David & Sutton, 2004)

3.1.1.1 Descriptive case studies

The descriptive case study approach will be useful to overcome the inconsistencies of the research finding along with  it will allow to examine the situation the light of the theory. The case study approach is helpful to answer the range of question such as ‘how’ and ‘what’ situation which will provide better understanding of the problem in the control system and its weakness.

The case study approach will be used to analyse the effectiveness of the internal controls as well as questionnaire will be used to collect the data. The descriptive approach case study would allow the flexibility to identify and study the situation at NHS.  (Sreejesh, et al., 2013)

The descriptive study usually involves a range of variables and useful to organize, tabulates and describe the data. The advantage of the descriptive study is that data is collected which without changing the environment and it is useful to highlight the relationship between the variables. (Miles, et al., 2013)

3.4 Design of Research

3.4.1 Qualitative vs. Quantitative Approach

The quantitative approach is useful to identify the reason and the problem. The quantitative approach is based on the numeric data along with subjective nature which provide better insight of the problem through analysing human behaviour and attitude. Qualitative research highlights the social event and highlight relationship between the variables gets to be clearer when the issue is examined directly.

It highlights the relationship between the variables based on the social construct in nature and relationship between the variables become clearer. Qualitative research is useful to study the problem and understand the human actions to exist in the situation. (Vogt, et al., 2012)

3.4.2 Quantitative approach and NHS

To hypothesise the control system in the NHS and how they complied as well as their effectiveness is studied through the quantitative approach. The data collected using the survey and quantitative approach is helpful to develop and analyse the social event whereas descriptive study helps to explore the issue without changing or control the environment. Creswell, 2013 )

The flexibility of the quantitative research in terms studying the variable in the social context has made it most useful for examining the control system practices in the NHS. The quantitative research will help to analyse and evaluate the control system practices and relevant variables in the NHS. The application of the questionnaire will examine the implicit phenomena present in the environment. (Sapsford & Jupp, 2006)

3.5 NHS and Primary data Collection

3.5.1 Survey

According to Saunders et al (2009) survey method is useful to gather primary data directly from the sample population. The surveys are associated with the quantitative approach and are very effective when stratified sampling is used. Moreover, when sample population is small it is effective to gather data from all possible individuals.

On the other hand, when population size is large, then data is collected from a sample of the population to save time and cost. The important element of the survey is a collection of data from the selected sample. In order to ensure the validity as well as reliability of the data, it is critical to select the sample population which is unbiased and represent large sample of the population.  (Flick, 2014)

3.5.2 Questionaire

According to Gerring (2006) survey usually involves questionnaire which enlist the range of questions for the respondent to read and answer. The questionnaire is useful to collect data when there are time and cost problem. The important factor is reliability, design as well as the validity of the questionnaire.

The three important element of the questionnaire is are the low error of response, motivate and involve the reader as well as respond can understand the questions and design of questionnaire to answer the problem.. (Flick, 2014)

3.5.3 Survey population and Sampling

According to Brace (2013) questionnaire design based on the Likert scale and therefore, it is important to keep the questionnaire design simple and control to keep the reader involved and motivated to answer the question. Stratified sampling was used to select specific subgroup in the population. This techniques is useful when researcher wants to select the specific group within the subgroup. The total number of cases which is used to select the sample is known as a population.

From the table below, the selected sample size to study at three hospitals includes 9 people from audit department, 14 people from the accounting department, 7 people from procurement department, 7 people from administration department, 1 local counter fraud specialist and a total of 12 medical staff. (Saunders, et al., 2009)

Table 1: Study Population and Sampling Technique

3.5.4 Questionaire Management

The questionnaire is based on the close-end questions for the hospital staff who working in the different department. The questionnaire was design based on the literature review in order to examine the internal control environment of the department. The respondent was e-mailed the questionnaires along with details for the purpose and objective of the study.

The questionnaire was design based on the COSO framework to examine the financial and management control. The outline of control framework was emailed to the respondent and the advantage of the survey was that most the staff holds the formal education. It was assumed that the staff in the accounting and audit department have high literacy rate as further evaluate through the questionnaire. (Miller & Holstein, 2009)

3.6 Confidentilaty of the respondent

The questionaire was design in such such way that does not collect personal information of the respodent as well as email and data collect is kept in secure manner. Staff were askec to respond to the questions to determine the financial and management control system compation and efefctiveness in the NHS. The privacy and confidecntlaty is taken top prority before, during and after data collection. The selected sample from the population was informed about the data collection and their consent was asked to use the data for research purposes. (Stebbins, 2011)

3.7 Ethical considerations

The particiapnts were asked about there informed consent before data was collected and analysed. The survey did not colelcted any personal information as well as the e-mail data is kept in stricit confidenltiy. The particiapnt were asked to give their consent befiore data colelction was proceed hrough prinitng their name and after the completion of the research all data will be destryed in secure manner. (Blaikie, 2009)

3.8 Question selection and contribution to research

The questionnaire was based on two sections to find demographics as well as hypotheses the control system in the NHS. The section enclosed five questions which were asked to find the demographics of the respondents. The range of questions was asked with following objectives;

The first question was asked with the objective to find out the number of years of each candidate. The question was designed with class boundaries of 5 years which help to understand how effectively respondent understand the important of the control and they’re familiar with organisation practices. The second question was asked to find out for how many years respondent has been working with NHS. This allowed to understand the exposure of the respondents with NHS working practices.

The two question helped to understand overall thoughtful understanding of the employee skills and the ability of the employees to interpret the control system. The next question was asked about the education level of the employees. The highlighted that most of the people have attended some college (certification or diploma) with 15 respondent holds the university degree.

Therefore, the first three questions developed better understanding on the knowledge and skills of the employee and this affirms that respondent has better understanding of the working environment from academic and commercial perspective. The next question allowed to distribute the candidates based on their department and skills. This allowed to picked the most experienced and educated people from each of the department.

The second stage of the questionnaire was based on the COSO framework in order to determine and hypotheses the control systems in the NHS. The first question was designed to examine and understand the overall control environment in the NHS. This allowed understand the culture, administrative as well as processes control in the NHS. This was helped to develop the perspective how management control system is designed in the NHS.

The next question was asked to identify the employees perspective on the risk faced by the NHS and how well the organisation is to tackle the risk in the organisation. These two question understanding on the design of the management control system and employees attitude to counter the threats posed to the system. The next important question was designed to determine the control activities performed in the organisation. The control activities helped to understand the various factors discussed in the literature such as internal audit, SOP, Process control and financial aspect o the control system.

The fourth question was designed with objective to determine the information and communication processing to highlight the red-tape and inefficiency of the process. The co-ordination and stakeholder management are hypotheses. The last question was based on the internal audit and corporate governance and objective of the question was to determine the role on management in implementing the control systems.

Chapter no 4.0: Data Analysis and Discussion

This chapter presents data analysis, finding and evaluation results of control system based on the objectives of the research. Moreover, chapter highlights the data collection and analysis procedures as well as finding in terms of effectiveness of financial controls in NHS. In addition, response from the population sample is explained and analysed which is collected through using the questionnaire.

4.1 Questionnaire Overview

This chapter presents data analysis, finding and evaluation results of the control system based on the objectives of the research. Moreover, chapter highlights the data collection and analysis procedures as well as finding in terms of effectiveness of financial controls in NHS. In addition, the response from the population sample is explained and analysed which is collected through using the questionnaire

4.2 Demographic of the population

4.2.1 Total Experience of Each employee – number of years

The first question was asked the respondent was that the number of years of experience. From the response of the staff, it was evident that 10 respondents had 1-3 years’ experience, 15 respondents had 4-7 years, as well as 12 respondents, have 8-10 years’ experience. Moreover, there were 8 employees have 15-20 years’ experience as well as 5 employees has 20-25 years’ experience.

Nevertheless, the respondent has not been arranged in the groups based on the experience they have to the category the response. As it is evident from the table below the respondent has experience distributed over a number of years. Based on the good experience it will be possible to understand the view of the respondent on current practices and control system at NHS. The graph below presents summary of the respondent and number of years’ experience of each employee.

Figure 5: Total Years of Experience of Each employee

4.2.2 Total Experience with hospital

The next question were asked to the employees of NHS was the number of years of experience they have with NHS. From the response of the employees it is evident that 10 employees have working with NHS for 1-3 years, large number of 21 employees out of 50 have been for NHS for 4-7 years as well as 8 employees working with NHS for 7-12 years. The results show that almost 20% of the survey population 9 employees working for NHS.

The purpose of the question was to find how well employees are familiar with existing control system of the NHS and how effectively they have understanding and ability to compare the NHS control with their other experiences. Employee ability to analyse existing system through their work experience will useful to benchmark the current efficiency and effectiveness of control system.

Figure 6: Total Experience with hospital

4.2.3 Employees — Level of Education

The table below summarizes the level of education of each employee involved in the survey. The results show that 17 employees out of the total 50 have had a formal college education (certificate or diploma). Moreover, 15 employees had had a degree as well as 12 employees have other qualifications such as professional qualification in accounting and finance. The survey reveals that 27 of the employee have a degree or professional qualification and 17 employees have a college education.

The purpose of this question was to understanding the competence of the employees on the financial control in an organization as well as their ability to adopt and understand the design of the control framework. Overall, the result shows that large numbers of employees have proper college education or degrees which represent that respondent have the competence and a high level of education.

Figure 7: Employees — Level of Education

4.2.4 Department and Job Type

The purpose of studying the variable is that ability contribution and role in the hospital. The result shows that 14 employees of population sample were associated with the accounting function. Moreover, 9 of the employees were from the audits department. One of the important components was 7 employees from the procurement who were involved in purchasing and ordering either internally or externally. Nevertheless, 7 employees were from the operations which help to validate the processes through benchmarking the input against output.

The procurement department was selected to highlight the payment issues associated with suppliers whereas administration department role is to identify false claims as well as payment for the daily expenses of the hospital. The selection of diverse population is useful to understand the problem exist in each of department of the hospital. The graph below shows the sample representation from each of the department from each hospital.

Figure 8: Department and Job Type

4.2.5 Job designation and position

The last question selected to understand the background information of the respondent was the position of the employee. The purpose of selection is to the question to understand the position and power of the employee in each hospital. The question will help to understand the position in the hierarchy and structure importance of the organisation. The results show that 11 individual of the survey were accountants by professional.

Moreover, 13 people involve in the survey were associated with finance function of the hospital. The various activities carried out by the involve assistance, supervisors, department managers as well as procure in charge and officers. The large population of respondent was associated with accounting and finance function. The graph below shows the number of respondents associated with hospitals based on the role and function.

Figure 9: Job designation and position

4.3 Integrated Control Framework at three hospitals

4.3.1 Control Environment

The table below enclosed the response of the employee which shows that York teaching hospital have a most effective control system. The result has a highlight that 75% respondent believe that there is good existence of control environment in the hospital. The high percentage represent that York teaching hospitals have an effective strong system based on the small population of 25% don’t believe that there is effective control system in the hospital.

Moreover, the respondent of the Boothham park hospital represent that 66% of the respondents believe that hospital have effective control system whereas 34% of the employee were seen dissatisfied from the control system in the hospital. The respondents believe that operating style of the hospital has least effective in order to implement control at the hospital. At last, not least, the result analysis shows that 69% of the employees at Lead teaching believe there is effective control environment in the hospital with 31% believe that control environment is not very much effective at the hospital. The detail of the assessment is enclosed in the table below.

Table 2: Control Environment

Moreover, result shows that management philosophy have a low score at Boothham park hospitals as well as Leeds teaching hospital. Employees believe that strongest component of the control environment at three hospital was HRM policies and procedures at all three hospital. Moreover, another important and strong component which respondent believe has helped to develop control environment is structure and hierarchy in the hospitals.

Nevertheless, the employee believes that training facilities at Boothham and Leeds hospital is much more useful and contribute toward strong internal control systems compare to York teaching hospital. One of the interest fact found from the analysis that employee have confidence in the ethical value and operating style at three of the hospital. Respondents at three hospitals believe that degree of autonomy is a hindering factor to in order to develop a strong control environment. The graph below compares the degree of the contribution made by each of the components to develop a strong control environment at each of the three hospitals. (D’Aquila and Houmes, 2014)

Figure 10: Control Environment Existence

In the light of the finding, it is evident that as mentioned by Dorf and Bishop (2011), it is responsibility of the management to design and deploy an effective control system to prevent and control fraud and error. The analysis shows that management actions have been successful to deploy the control system in the hospital. However, the problems exist in the operating style as well as autonomy given to employees to perform such action.

To summarize, the three selected hospitals have effective and efficient control system in place but the weakest exist in the area of the management style and degree of autonomy given to the employees. The low degree of autonomy rise concern for collusion and segregation of duties. (Shapiro, 2014)

4.3.2 Risk Management

The below summarize the risk assessment practices at three of the hospital. The data analysis shows that 64% of the respondent agreed to the fact the hospital have risk assessment practices in place. Whereas as, 36% of respondent believe that risk assessment is not effective at the hospitals.

Based on the results, it can be concluded that York hospital have a reasonable risk management system. The two weakest areas are fraud management as well as change management at the hospitals. Moreover, the result shows that Boothham hospital have high confident in terms of the existence of risk assessment. 69% of the respondents believe that hospital have a strong risk management system in place.

The weakest element is alignment off the company strategic objective and assessment of risk to ensure objective are achieved. At last, not least, the data analysis shows that 61% of respondent at Leeds hospital believed that risk assessment activities exist at the hospital.

Table 4: Risk Management

The results show that the two weakest activities at the three hospitals are fraud management and change management. The low score for the two area shows that respondent believe that poor response to fraud and anticipation and adaption to changing business environment and business needs has resulted in power risk assessment at the hospitals. The graph below summarizes the contribution of the each action and activities in terms of deploying effective risk assessment at three hospitals. (Ramos, 2004)

Figure 11: Existence of Risk Assessment

According to Graham (2015) Risk management oversees chance by creating exact techniques to accomplish objectives. The reason behind such low score might fewer activities in case of fraud assessment and documentation at three hospitals. The results show that lack of re-assessment of existing control system as well as possible policies and procedures are lacking to eliminate the risk and control the fraud. It is important to have procedure and policies to assessment the weakness of the system and re-design the control activities. (Tarantino, 2010)

4.3.3 Control Activities

The results show that York teaching hospital has effective control activities among the three hospitals. The data analysis shows that 73% of the respondents believe that there are stronger control activities in the hospital. Therefore, it is evident from the result that 66% and 69% of respondent respectively for Boothham part hospital as well as Leeds teaching hospital.

It is evident that strong control activities are performed at three of the hospitals. Once of the element which is consistent to add the weakness in the control environment was degree of autonomy. The data analysis shows that segregation of the duties is one the weakest area at three hospitals. The lack of power distribution could result in dishonest practices and errors. Moreover, lack of control framework or employee lack of understanding on control procedure has resulted in lower level effectiveness of control activities.

Table 5: Control Activities

The control activities are very important in terms of policies and procedure to manage the operation of the organisation. Lack of processes may result in fraud such loss of cash and approval of payment which are not verified. The management control shows a weak control over the activities and management should focus to improve the organisation control.

According to Frey, Homberg and Osterloh, (2011) organisation control helps to improve the coordination and efficiency of processes and control the risk of fraud. Therefore, the organisation should clearly defined roles and responsibility, approval hierarchy, reporting lines and structure based on the need of organisation.

Therefore, it is important that management focus on the segregation the duties as well as increased the degree of autonomy to prevent fraud and error. The graph below summarize the Internal control Activities – System and People Management at three hospital.  (Premuroso and Houmes, 2012)

Figure 12: Presence of Control Activities

4.3.4 Information and communication

The results shows that the control environment in there hospitals are operated the different level when to guidelines enclosed in the UK combine code. From the data analysis only 61% of the respondents believe that York teaching hospital has effective information and communication system. On the other hand, nearly 40% of the employees believe that hospital has ineffective communication and information availability.

Moreover, 67% of the respondent at Boothham park hospital responded as yes and 33% of the responded said no. this represent an average information and communication at three hospitals. Nevertheless, only 59% of the employees responded as yes at lead teaching hospital which is weakest among the three hospitals. Therefore, information and communication represent much average situation at three of the selected hospital.

Table 6: Information and Communication

The results have shown that dealing with external stakeholders is the major weakness in terms of poor policies and control system implementation. The weakest score is at the York teaching hospital shows that there material and effectiveness problems at the hospital. This represents lack of ability in terms of policies and framework to effectively deal with external parties. The lack of coordination, procedures and training is because of the poor communication and lack of information availability.

According to Wilkins and Haun (2014) the information can be communicated internally and externally to ensure the coordination of the control activities and role and responsibilities of the employees. Therefore, it responsibility of the management to deploy effective information systems as well as employee should aware of its roles and responsibilities.

Figure 13: Information and Control

The graph shows that the weakest area in all of three hospitals is concerned with dealing with external stakeholders, lack of effective information system as well as ease of communication in all of three hospitals. Information and communication is vital and fundamental in order to effective perform the function and operation of organisation. (Singleton et al., 2006)

4.3.5 Monitoring

The table below shows that 65% of the respondents at York teach hospital believes that monitoring is effective at  York teaching hospital and 35% of the have responded as no. This shows that management response and monitoring is average. Moreover, 69% of employees agree through yes at Boothham hospital in terms of effective of management response and monitoring of the control activities.

Therefore, this represent that Boothham park hospital have better and effective control but evaluation of other function has highlighted that overall monitoring is not as strong as employee believe. At last, not least, 70% of the respondents reply yes and 305 of the employees responded no. This shows that Leeds teaching hospital have much effective and better monitoring system among the three hospitals.

Table 7: Monitoring

The data analysis shows that self-assessment is the weakest area at York teaching hospital. Employees believe that assessment and monitoring of the control is weakest and therefore 55% of them believe that self-assessment is weaker function at hospital. Similarly, self-assessment is weaker among three hospitals.

Figure 14: Response and Monitoring

According to Cendrowski and Mair (2009) monitoring ensures that the investigation of the internal control structure over time. The three hospitals have reasonable monitoring function in place. One of the important areas that have highlighted the weakness of the systems involves much weaker internal audit function. The internal audit function is not strong to conduct re-assessment and improve efficiency of the system.

According to Tarantino (2010) internal audit is an independent review of the organisation records and operations which is carried out in an organisation on continuous basis. Therefore, it is vital internal audit function is very effective and evaluate the effectiveness of the financial control in three hospital.

Chapter 5: Conclusion and Recommendations

5.1 Conclusion

The data analysis and evaluation of the internal control at three NHS hospitals have shown that there are comprehensive as well as systematic controls are implemented. The control environment is well understood and deployed by the management which is further documented and understood from top to bottom in the three hospitals. Moreover, control activities, risk assessment as well as communication and information control systems are in place to ensure the financial integrity of the system.

It is evident that NHS has strong financial control procedures and policies such as strong HRM procedures and policies as well as effective structure to implement the controls system. Nevertheless, despite strong and effective control environment there are inconsistencies and discrepancies in the system.

The range of issues such as segregation of duties, the degree of autonomy, lack of fraud management as well as poor information and communication has resulted in a lack of responsibilities clarity. It is evident from the results that it easy to implement the financial control in hospital based on the number of employees and bureaucracy in an organisation. Despite the implementation of strong control system, the efficiency and effectiveness of the control system does not financial success based on the inherent risk in the system.

The three selected hospitals have range of control activities and environment based on the design proposed by the COSO integrated framework. However, “National Health Service Commissioning Board” (NHS England, 2015) needs to re-assess and evaluate the function such as fraud and risk assessment, communication as well as segregation of duties to ensure that fraud and errors are reduced.

The level of compliance to assess the risk as well as meet the accounting standards is low. For example, despite the lack fraud and error there is a low level of fraud risk assessment and segregation of duties. Moreover, reassessment of the risk and flaws in the design of control system and policies to identify the problems is less effective. The perception is that NHS is concerned with corrective controls rather deploying the preventative control systems. The lack of segregation of the duties has serious possibilities of collusion and a large amount of fraud is evident from such practices. The increased transparency, better communication, assessment of risk, as well as policies and procedures, are an important tool to achieve economy, efficiency and effectiveness of resources.

NHS is not a profit making entity and funded through taxpayer money. That is why, the focus should integrity and objectivity of the system to develop and increase the confidence and trust of stakeholders. The lack of internal audit has added to a large amount of error which is costing large losses. The surprising facts are that employees had little confident in the information system of the organisation. The information and communication are considered as a problem as improve control and co-ordinations.

The internal financial controls are not effectively deployed in the three hospitals and range of design flaws exist in the system. The lack senior management support to the continuously evaluation of system has reduced the effectiveness of the control system. Despite the implementation of the financial controls in three hospitals, no efforts are made to re-assess and re-design the shortcoming in the control systems. The result from data analysis shows that objectives of the dissertations are achieved. The range of objectives of dissertation such was the identification and establishes the existence of current internal financial control system has been achieved.

The results have shown that three hospitals have deployed strong financial controls based on COSO framework but regulation issues was corrective approach rather preventative control systems. The other objectives were to determine the compliance issues in financial management. The results show that there are flaws in the design of control systems. The short coming in terms of weak information system, poor internal audit function are fundamental needs to address.

5.2 Recommendation

One of important objective of the dissertation is to provide the recommendation to make improvements in NHS financial control system through efficiency and effectiveness by achieving the design and implementation improvements.

  • The first improvement is to change the operational and leadership style. The range of measure involves effective use of information systems, servant leadership, effective internal audit system as well as deploy culture to promote ethical values and integrity of the system
  • It is important that existing system should be re-assessment and flaws in the system should be identified. The two important elements require are segregation of the duties and degree of autonomy is an important element required. The lack of segregation of the duties has serious possibilities of collusion and a large amount of fraud is evident from such practices.
  • Senior management should deploy and evaluate the implement new effective information systems as well as policies and procedures should be established to deal with external stakeholders.
  • The perception is that NHS is concerned with corrective controls rather deploying the preventative control systems. The management should work toward deploying preventative control systems in the NHS.

 

Copyright © Assignment-Ease.com 2018

Assignment writing service UK, Cheap assignment writing service, Cheap essay writing service


Assignment-Ease is a renowned academic writing service provider offering academic services in a vast academic fortes. We like to inform our customers that all the content provided by us is only for assistance purpose, which cannot be used likewise.

© 2017. All Rights Reserved