Internal controls and credit risk relationship among banks in Europe

Purpose: The study purport to investigate the effectiveness of internal control mechanisms, investigate whether evidence of agency problem is found among banks in Europe and determine how internal controls affect credit risk. Design/methodology: Panel data from 91 banks from 23 European Union countries were studied from 2008-2014. Hausman’s specification test suggest the use of fixed effects estimation technique of GLS. Quantitatively modelled data on 15 variables covering elements of internal controls, objectives of internal controls, agency problem, bank and country specific variables were used. Findings: There is still high credit risk in spite of measures being implemented by the European Central Bank. Banks have individual entity factors that increase or decrease credit risk. The study finds effective internal control systems because objectives of internal controls are achieved and significantly determine credit risk. Agency problem is confirmed due to significant positive relation with credit risk. There is significant effect of internal controls on credit risk with specific variables as risk assessment, return on average risk weighted assets, institutional ownership, bank size, inflation, interest rate and GDP.


Introduction
Stakeholders in the financial system have revised their risk preferences, perceptions and consciousness after the global financial crisis.Much awareness, attention and concern have been shown in the operations of banks following lessons the global financial crisis in 2007 (Shin & Kim, 2015).Specifically, participants in the banking industry have demonstrated keen interest in the activities of banks especially their asset, liquidity and risk transformation functions.In the credit granting process, banks officials may exhibit opportunistic tendencies which could lead to the risk of default.Management at times exploit their informational economies to the disadvantage of the organization thus deepening the agency problem.The consequences of such misbehaviour could surface initially in the form of rising non-performing loans, financial distress, insolvency, bankruptcy and failure.The aggregate result of such unpleasant situations at the firm, country and international levels could bring about financial crisis globally.This is because investments could be lost at each point of these trajectory of difficulties banks go through.Bank systemic risks are interconnected and their effect extend beyond the industry to the domestic and international economies.The failure of a single financial institution creates failure in other parts of the financial system (Rötheli, 2010).The global financial crisis is a typical case in point.
Within the financial services industry, there are many identifiable risks.Doerig (2003) stated that almost all activities of financial institutions have human interface thus exposing the institution to various human-related risks.
There have been several developments in the banking industry emanating from policies from the European Central Bank which have affected the demand and supply of credit within the region.Credit rationing of various forms have surfaced in the post-crisis era in attempt to control the devastating effect of credit losses which occurred during the crisis (Balcerowicz, Rzoca, Kalina & Łaszek, 2013).
The writers report that the credit risk of companies increase whenever it becomes too risky to lend to government.This is exactly the situation in the European Union area because some countries are not attractive to seek credit from banks thus compelling the European Central Bank to put in place series of measures and monetary policies to hold them in check.Banks within the EU region are deleveraging than derisking until between 2013 and 2014 which has seen upsurge in the total risk weighted assets (European Banking Authority Risk Assessment Report, 2015).There are some impeccable results being achieved in some portions of asset quality of banks within the region, some critical areas still need to be tightened to ensure full recovery from credit losses.From the year 2009-2014, the EBA Risk Assessment report reveal that impairments on financial assets to total operating income reduced from a weighted average of 26.6% to 17.5%.Other ratios like impaired loans and past due to total loans and advances and impaired financial assets to total assets saw marginal increases from 5.1 to 6.6 and 1.6 to 2.0 respectively from 2009-2014.Mesnard, Margerit, Power and Magnus (2016) reported that at the end of September 2015, the two countries which had to implement strict capital controls, Greece and Cyprus, reported NPL ratio of more than 40%.Bulgaria, Croatia, Hungary, Ireland, Italy, Portugal, and Romania all report gross NPL ratio between 10% and 20%.These developments makes it necessary to enforce measures to minimize credit risk exposure of banks of member countries.In a related postcrisis study in Europe, Caselli, Gatti and Querci (2016) were concerned about how bank capitalization decisions affect their risk behaviour.This study follows the same line but shows interest in how internal controls affect credit risk.It is always the goal of management to maximize its risk-adjusted rate of return by maintaining credit risk within acceptable limits or parameters.Apart from the traditional loan granting activity banks engage in some off-balance sheet transactions that increases their credit risk exposure.Regulatory approaches to credit risk management have not always been exhaustive in their use hence the need to enforce self-regulatory practices used by management.One of such managerial tools is internal controls.
Modern day firms find themselves in a dispensation where so much focus is on cooperative behaviour or relationship between the owners (principal) and management (agent) to ensure maximization of firm value.This connotes that the two parties should share common goals to the extent that the individual personal interests are not significantly different between the principal and the agent.The rationality theory enshrines the probability of individuals exploiting their opportunistic tendencies by substituting the goals of the organization for their personal ones.The existence of partial rationality and cognitive limitations on the part of individuals call for systemic coordination of divergent visions and goals in order to establish congruence in the goals.Internal controls systems have been widely used by most organizations to bring the divergent goals of management and owners to a point of convergence.Most of the studies on bank credit risk focus on managing credit risk with various models rather than the use of internal control mechanisms.The work of Olatunji (2009) in Nigeria centred on the impact of internal control system in the banking sector.The focus of that paper was internal controls and fraud which is found under operational risk.Lakis and Giriunas (2012) did a similar study and concluded that internal controls is a measure to deal with fraud.Our present study builds on already existing works to provide a wider view of internal controls covering all the elements globally accepted and used like COSO and Basel Committee on Banking Supervision.Bedard and Graham (2011) used the US Sox internal controls which focus on financial reporting.Using internal governance for internal controls, it was found that bank internal governance determined its performance and risk reduction (Dedu & Chitan, 2013).Ji, Lu and Qu (2015) did a study on Chinese Sox internal controls which added among others organizational structure and human resource management.In a study on bank internal control weakness and loan loss provision (a measure of credit risk), it was found that banks with internal controls weakness but with sound policies reduced their loan loss provisions with time (Cho & Chung, 2016).Their study did not use the elements of internal controls even though a relationship between internal controls and credit risk was studied.This work is an extension of the study by Akwaa-Sekyi and Moreno (2016) whose work was limited to Spain and elements of internal controls in geographical and theoretical scopes respectively.This particular study extends the scope geographically to the European Union countries and theoretically covers the elements and objectives of internal controls using the revised COSO framework.The variables used in the model have all been quantitatively measured, a situation which is a deviation from the usual primary data approach to studying internal controls.The current study touches hardly-researched area in risk analysis and challenges the notion that internal controls is only seen to relate to operational risk and not credit risk.Jin, Kanagaretnam, Lobo and Mathieu (2013) found that if banks comply with internal controls, they reduce their risk taking behaviour and are less likely to experience failure.The paper examines the effectiveness of internal control systems, investigates whether evidence of the agency problem exist among banks within the European Union countries and establishes a relationship between internal controls and operational risk.The existence of the agency problem or otherwise will be confirmed.
The study will go a long way to make new revelations and confirm or contrast previous research on the relationship between internal controls and credit risk.It will also reveal how European Union banks have learnt lessons from the crisis through the enforcement of effective internal control systems.The structure and effectiveness of internal controls is evident in the reporting of banks and this is explored to unveil its relationship with credit risk.Thus the study reinforces prudence and cautiousness on the part of management even though the profit maximizing objective cannot be shirked in the process of discharging bank critical functions.This study opens a grey area in the use of quantitative variables to study an area which hitherto has been studied with the use of primary data.The rest of the paper covers literature review, hypotheses and variables, design/methodology/approach, findings and conclusion.

Literature Review
Individuals are limited by their cognitive abilities hence cannot act beyond their levels of cognition.
Earlier research which believed in human relation theories discouraged the control of individuals.
When individuals from various backgrounds with their differences find themselves in an organization, the need o ensure congruence of the various individual goals to the organizational goals call for a system that moderate lifestyles.The situation calls for controlling behaviour at a micro level (individuals) and then at a macro level (institution).Thus two contrasting but complementary theories provide foundations for this research.These are the agency theory (micro and individual level) and institutional theory (macro level of organizational behaviour).The agency theory is accredited to Jensen and Meckling (1976) and later by Fama and Jensen (1983).The core of the theory is the aligning of conflicting interests through separation of ownership from control within the organization.Jensen and Meckling explains the agency relationship as a contract where one party (principal) engages the services of another (agent) to perform a service on the former's behalf.The trade-off between incentives and risk sharing is confirmed by Hart (1995).The cost associated with possible conflict of interest between agents and principals are known as agency costs.A managerial tool put in place to check management and employee misbehaviour through auditing, budgeting, compensation and other forms of control have proven successful in minimizing the agency costs.
According to Letza, Kirkbride, Sun and Small (2008), the argument underlying the agency theory is that, managers will only act to maximize shareholder value if only it is not in conflict with their own personal self-interest.The agency problem can be linked to bank credit risk instances.Bank managers in their effort to originate, fund, service and monitor credit supply may engage in certain actions or inactions that will impair the loan portfolio leading to the loss of assets.It is to avert such occurrences that effective internal control systems that minimizes such losses should be in place and effectively enforced.The institutional theory dates back in the 1970s.It is a complex view of the organization and how it responds to normative pressures from the internal and external environment that compels the organization to take legitimate stance to respond to such pressures.The theory is popular in economics, sociology and political studies (Lynne, 1987).Institutional theories emphasizes standard systems and procedures for the conduct of business to ensure survival of the organization.Seeing individuals as actors and creatures of behaviour, they produce and influence social change whenever they come together (Meyer, 2006).Hence it is not enough to control behaviour in an individualistic approach (Jepperson & Meyer, 2007).Realist institutionalism believes that some fundamental institutional principles must be in place for organizations to function effectively.This is what we ascribe to, and propose internal controls as a key fundamental practice that all organizations especially banks must have in place and follow the provisions thereof.The study draws theoretical support from the agency and institutional theories maintaining that, if there are measures put in place to neutralize the entrenchment of managerial self-interest, control group behaviour at institutional level through effective internal control systems, credit risk could be minimized.
Stakeholders seem to have some level of confidence in firm transparency through reporting, accountability and reliable information which is enforced through effective internal control systems (Rittenberg & Schwieger, 2001).The Committee on Sponsoring Organizations (COSO) (1992) defines internal controls as the process affected by the entity's board of directors, management and other personnel designed to provide reasonable assurance regarding achievement of effectiveness and efficiency of operations, reliable financial reporting and compliance with applicable laws and regulations.Cases of numerous corporate scandals compelled the US Congress passed a law which gave birth to the Sarbenes-Oxley Act 2002.This law was seen as an improvement upon the COSO framework thus giving emphasis to monitoring and reporting.It is therefore not surprising to find most internal control research directed towards financial reporting.The SOX Act requires that management reports material internal control weakness to the board and external auditors.The adequacy of internal control systems and the attestation by independent auditors on the report by management is provided in the Act.
Basel Committee on Banking Supervision (2010) defined internal controls as ensuring that senior management establishes and maintains an adequate and effective internal control system and processes.
The systems and processes should be designed to provide assurance in areas including reporting (financial and operational), monitoring compliance with laws, regulations and internal policies, efficiency and effectiveness of operations and safeguarding of assets.After an extensive theoretical study of internal controls, (Lakis & Giriunas, 2012) defined internal controls as that part of enterprise management system ensuring the implementation of goals, effective economic-commercial performance of the enterprise, observation of accounting principles and effective control of work risks that enables the organization minimize the number of intentional and unintentional mistakes, to avoid frauds in the process of enterprise performance made by authority or employees.Their definition emphasizes effective risk management just as the Basel Committee on Banking Supervision definition.
International Auditing Standards define internal control as a drafted process implemented by people in governance, management and other persons in authority in order to give reasonable assurance that objectives of the organization regarding credible financial reporting, efficiency and efficacy of operations and are in compliance with existing laws and regulations (Briciu, Dănescu, Dănescu & Prozan, 2014).The definition focuses on the micro level of viewing the organization and limits the definition to control of the individuals within the organization.Internal control is a managerial tool which covers all set of daily activities in all areas of the organization, at all levels towards safe guarding the assets, ensuring compliance and transparency, communicating material weakness, protecting stake holder interest in order to achieve the long-term goals of the organizational (Akwaa-Sekyi & Moreno,

2016).
The business environment is dynamic hence changes, reviews and reengineering in policies to reflect the changing trends are necessary.It is for no reason that the COSO framework for internal controls has been revised in the year 2013 which pays attention to some of the SOX Act provisions.The new framework which was represented in a cubic shape covers the five elements (control environment, risk assessment, control activities, information and communication and monitoring), the objectives (operations, reporting and compliance) and level (entity, division, operating unit and function) (McNally, 2013).The revised framework identifies seventeen principles under the five broad elements.This new framework is a combination of the SOX provision of communicating material internal control weakness.The other dimension of internal controls in the revised framework is the objectives.
The three objectives of internal control systems are performance and operational, reporting and compliance objectives (McNally, 2013).The last dimension of internal control system is the level at which the control systems are being applied or enforced.
Generally, internal controls minimizes the loss of revenues, wastage of resources and unanticipated losses (Abbas & Iqbal, 2012).Internal controls reduces information asymmetry, promote best practices in transparency and protect shareholders against the power of rulers (Salhi & Boujelbene, 2012).The observation of sound and effective internal controls is a major driver to investor confidence and earns the institution significant amount of reputational capital.Jin, Kanagoretnam, Lobo and Mathieu (2013) found that banks without proper internal controls could grow temporarily but they have higher likelihood of failing in the near future.This defeats the going concern concept of organizations of which banks are no exception.When banks fail, there is a greater disincentive to depositors, investors and the externalities on other banks.
The effectiveness of internal controls have been studied along the dimensions of the efficiency and effectiveness of activities, reliability of information and compliance with laws and regulations (Jokipii, 2006).The ability of internal control systems to achieve its objectives implies its effectiveness.If internal controls are unable to ensure operational efficiencies, report appropriately to internal and external stakeholders and comply with regulatory demands, it cannot be said to be effective.Internal control systems were developed by the Basel Committee on Banking Supervision to ensure prudence and stability in the financial system.Anecdotal evidence from numerous bank failures and even the quite recent financial crisis gives support to the fact that credit is a major contributory factor to these failures (Doerig, 2003).There is the human element of the credit granting process and that is what internal controls seek to ameliorate.Banks benefit from transforming their liabilities into assets thus an incentive for optimal risk benefit behaviour is pursued but bank managers owe their principals a duty of care (fiduciary relationship).Moral hazards and adverse selection emanates from the exploitation of informational economies by counter parties and can best be minimized if management is extra careful in its asset creation function.Ellul and Yerramilli (2013) reported that financial institutions with strong internal risk controls are able to survive financial crises and refute the claim that the financial crisis did not affect all institutions the same way as speculated by some experts in finance.It is not uncommon to find bank managers over-ambitiously creating very risky assets (credit facilities) in the name of higher return expectation.Although there are myriad of factors that contribute to credit risk, the most avoidable ones could be dealt with if there are sound and religiously-adhered-to internal controls within the institutions.

Hypotheses and variables
The explanatory variables for the study have been classified under internal control elements, objectives, agency problem, bank-specific and country specific variables.These classification are meant to holistically deal with all the objectives of the study.The outcome variable of interest to this study is credit risk.

Dependent variable
The dependent variable for the study is credit risk.

Credit risk
Banks for International Settlement (BIS) provide a set of principles to enable banks manage credit risk.
The areas covered in the set of principles include establishing appropriate credit risk environment; operating under a sound credit granting process; maintaining an appropriate credit administration, measurement and monitoring process; and ensuring adequate controls over credit risk.These principles have semblance with the elements of internal controls which comprises control environment, risk assessment, control activities, information and communication and monitoring.There are overlaps in ensuring that principles of credit risk management and internal control practices are fully implemented by bank management.Credit risk has been identified as the major deficiency to bank management and among the three major risks facing banks (Al Tamimi & Al Mazrooei, 2007;Maltritz & Molchanov, --2014).Credit risk is defined as the likelihood that a borrower or counter party will default in the conditions of a loan agreement, contractor in denture either in part or in full (Sobehart & Keenan, 2001).Banks stand to enjoy benefits of enjoying reputation capital, attracting more investments and being more profitable if they take credit risk management very serious.Banks have had unpleasant experiences with rising default rates and impairment to entire loan portfolio (Fukuda, Kasuya & Akashi, 2009).The writers reported of the warning from the Japanese government on the need for banks to reduce non-performing loans since it has seriously affected the financial health of the banking industry.In the Spanish banking industry, it was found that lenient credit terms among other factors determines non-performing loans (Saurina & Jimenez, 2006).The cases of rapid credit expansion and lenient credit terms are traceable to weak internal control structures.The reputation of banks is impaired by credit risk and translate into other risks especially in situations where internal governance mechanisms are very weak (Haq, Faff, Seth & Mohanty, 2014).It is not for no reason that the European Central Bank has put in place series policies and regulatory mechanisms to keep credit risk very minimal among member countries.This makes credit risk an important issue for banks to deal with and we therefore use it as the dependent (outcome) variable around which internal controls and other bank specific factors revolve.From the discussions above, we conjecture a relationship between internal controls and credit risk and therefore hypothesize that: H1: Internal controls significantly reduce credit risk

Elements of internal controls
The elements of internal controls are control environment, risk assessment, control activities, information and communication and monitoring.

Control environment
The control environment covers demonstration of commitment to integrity and ethical values, exercising oversight responsibilities, establishing structures, authority and responsibility, demonstrating commitment to competence and enforcing accountability.The control environment sets the tone to control the consciousness of people within the organization to adhere to best practice, be ethical in the conduct of business and operate within the confines of rules (Coca-Cola Amatil, 2011).We measure the control environment by board size.It was reported that board characteristics improves upon enforcement of internal control mechanisms and helps reduce firm risk behaviour (Ahmad, Abdullah, Jamel & Omar, 2015).Board size influences the effectiveness of supervisory board or senior management with mixed report in favour of large board size (Chen & Al-Najjar, 2012) and others against large board size (Uwuigbe & Fakile, 2012).We hypothesize that: H2: Control environment minimizes credit risk among banks

Risk assessment
Under risk management, companies should specify suitable objectives, identify and analyse risks, assess fraud risk and identify and analyse significant change.Organizations must be familiar with the very risks that hinders it from achieving its objectives (Abbas & Iqbal, 2012).The expertise and experience of management and board members and their ability to identify, measure, monitor and evaluate risks goes a long way to reduce the consequences of bank risks.It was found that risk assessment significantly affected credit risk among banks in Spain (Akwaa-Sekyi & Moreno, 2016).We measure risk assessment by the ratio of risk weighted assets to total assets and hypothesize that: H3: Risk assessment reduces credit risk

Control activities
The control activities comprise selecting and developing control activities in general and over technology and deploying policies and procedures.It concerns taking precautionary measures and determining acceptable risk tolerance levels through policies, checks and balances (Abbas & Iqbal, 2012).Bank control activities was found to significantly minimize credit risk (Akwaa-Sekyi & Moreno, 2016).We measure control activities by staggered board which is a policy to minimize the dilution of board composition and hypothesize that: H4: Control activities has significant negative effect on credit risk

Information and communication
The next internal control element is information and communication and this covers the use of relevant information and communicating internally (to functional areas) and externally (stakeholders) through various reports (Abbas & Iqbal, 2012).Banks earn reputational capital when they are able to provide reliable timely information to internal and external stakeholders (Zhang, Zhou & Zhou, 2007).
We measure this variable with how prompt company annual reports are released.We hypothesize that: H5: Information and communication significantly affects bank credit risk

Monitoring
Monitoring is about conducting on-going and/or separate evaluations and evaluating and communicating deficiencies (McNally, 2013).It is expected that management and board demonstrate capacity to ensure that internal control systems are followed.The managerial tool used to monitor the organization is the reporting of material internal control weakness (Basel Committee on Banking Supervision, 2010).We measure monitoring with bank's ability to report material internal control weakness and hypothesize that: H6: Monitoring significantly reduce bank credit risk

Objectives of internal controls
The objectives of internal controls are efficiency and operational performance, reporting and compliance objectives.Internal control systems have objectives of ensuring higher performance through sustainable levels of profitability (McNally, 2013).The achievement of performance, reporting and compliance objectives is an indication of effective internal control systems.Managerial efficiency is seen in their ability to manage cost in proportion to income and it is the only way the firm can survive and be sustainable.Within the European Union, it was reported that profitability, capitalization, efficiency and liquidity are inversely and significantly related to bank risk (Balcerowicz et al., 2013).We measure the objectives of internal controls by cost to income ratio, return on risk weighted assets and loan to deposit ratio.Return on risk weighted assets reflect how bank returns are changed through the economic cycle (Papa, 2015).He reports a declining return on risk weighted assets in the European Union between 2005 and 2012 which he attributes to the region's shift from Basel I to Basel II requirements.In other studies, return on risk weighted assets is said to be the single most reliable measure of bank performance (Sinn, D'Acunto & Oldrini, 2013).The desire for higher returns and profitability have incentives for engaging in risky transactions and hence increase bank credit risk whilst efforts to ensure compliance with regulations, internal laws and limits turn to reduce credit risk (Akwaa-Sekyi & Moreno, 2016).We make three hypotheses on the objectives of bank internal control systems: H7: Return on risk weighted assets significantly increase bank credit risk H8: Performance objective increases bank credit risk H9: Compliance objectives reduces bank credit risk

Agency problem
The agency problem is the conflict of interest between the principal (owners) and agent (management).
It is the bedrock for the institution of internal control systems.Better investor protection measures like institutional ownership and insider ownership may lead to taking riskier but value maximizing decisions in the firm (John, Litov & Yeung, 2008).Banks engage in further actions to align the divergent interests of management and shareholders (Lee Weon, 2011).Lee provide further evidence that insider ownership does not only reduce risk taking behaviour but also increases the value of the firm.This they do by having insider ownership so that management will be motivated to profile the company in an enviable way and safeguard the assets of the company (Goncharov & Jochen, 2006).Where there is insider ownership, it is supposed to be inversely correlated to credit risk.Usually when there are institutional owners, the extent of corporate practice, adherence to rules and regulations, ethical behaviour is higher than when there are no institutional owners.Ellul and Yerramilli (2011) did not find institutional ownership to significantly affect bank internal risk control but García-Marco and Robles-Fernández ( 2008) found otherwise.We measure agency problem by the percentage of institutional and insider ownership and state two hypotheses that:

H10: Institutional ownership inversely relate to credit risk H11: Insider ownership reduces bank credit risk
H12: There is no agency problem among banks in the European Union.

Bank-specific factors
Banks have certain characteristics that makes them unique among others in the industry.These unique characteristics determine their exposure to risks and its attendant consequences (Haq, 2010).In his study of fifteen European countries, Haq found that bank characteristics significantly determined their risks especially equity risk and credit risk.In this study, the bank characteristics considered are bank size and bank age.Larger banks have the potential to absorb the shocks of credit risk better than smaller banks.It was reported that larger banks have better internal control systems (Laeven & Levine, 2009), variety of credit products for its clients (Eling & Marek, 2014) whilst smaller firms do not have incentive to improve upon internal control mechanisms (Ashbaugh-Skaife, Collins & Kinney, 2007).It is the same with the age of the bank.Banks that have been in operation for long might engage in some activities that will minimize or increase the effect of credit risk.Experience in the business terrain insulates them from certain risks which new entrants may hardly escape.Banks that have long years of existence have lesser signs of material internal control weakness than new ones (Tang, Tian & Yan, 2014).We therefore hypothesize that: H13: Bank-specific factors significantly reduce credit risk

Country-specific variables
There are country-specific characteristics that affect bank credit risk.Inflation, interest rate and GDP are major factors that affect the demand and supply of credit in the financial system.The gross domestic product of a country has relationship with demand and supply of credit and its attendant risk.It was reported by Darvas, Pisani-Ferry and Wolff (2013) that when credit becomes expensive or decline in supply, it stifles the growth of a country's GDP.There are other views that when a crisis is preceded by a boom in the credit industry, there is almost no correlation between bank credit and recovery of economies (Takáts & Upper, 2013).It was reported that macro-economic factors had significant relation with credit risk of a country (Jakub, 2007).
H14: Gross Domestic Product of a country affect credit risk H15: Rate of inflation in a country affect credit risk H16: Interest rates in a country affect credit risk

Design/Methodology/Approach
The study design is purely a quantitative approach to establish the relationship between internal controls and credit risk.The statement and statistical test of hypotheses makes our study a deductive approach.Secondary data was obtained from Bankscope, SNL Financials,World Bank Reports, country central bank reports and bank annual and corporate governance reports for 91 banks from 23 countries from the period 2008-2014.Although the data is not a perfectly balanced panel due to data unavailability for some banks in some years for some variables, the data passed reliability and robustness tests thus making the results very reliable.We perform robustness checks in order to deal with heteroskedasticity.Reliability of information and communication was a constant term because all the banks were prompt with the release of their annual reports and other communications.

Empirical models
We propose a general equation for the study that credit risk is a function of internal controls.For panel data analysis, the generalized least squares regression using random or fixed effect model, a general equation that encompasses individual and time-specific effects is proposed.Bank heterogeneity is accounted for by fixed or random effects.Fixed effect models account for time-invariant omitted variables that can affect the dependent variable with the assumption that individual entity (bank) error term correlates with the predictor variables (Torres-Reyna, 2007).The sample of 91 different banks from 23 countries have different unique characteristics such as national and firm policies, severity of impact of global financial crisis, macroeconomic policies and investor protection policies to minimize agency costs.However, fixed effects of time-invariant variables can only be controlled but their coefficients cannot be estimated with fixed effect.Time-invariant characteristics of entities are perfectly collinear with entity's dummies.If individual error terms are correlated, then fixed effect model might not be appropriate but random effect.Random effect model assumes that the variation across entities is random and uncorrelated with the predictors (Green, 2008).Random effect models assume that differences across entities may affect the dependent and allows for the inclusion of time-invariant variables in the model.The controversy over choice is resolved by running a Hausman test to confirm which model is appropriate.This equation is further decomposed to arrive at the overall model that contains all the independent and control variables using their proxies.From equation ( 1) CR ikt = α 0ikt + β 1 ᵡ ik t+Φ 2 ᵡ ikt +λ 3 ᵡ ikt +ψ 4 ᵡ ikt +ε (1) where α,β,Φ,λ,ψ = parameters for the constant, internal control elements and objectives, agency problem, bank-specific factors and country-specific characteristics respectively

Descriptive statistics
The mean non-performing loans for the countries about 10.4% which is comparatively reducing, even though Mesnard et al. (2016) have reported huge figures for some individual countries in Europe.The standard deviation and errors shows relatively smaller variability apart from cost/income (23.6%) institutional ownership (23.9%) and risk weighted assets to total assets (20.5%), the dataset on credit risk is peaked around the mean.It could generally be seen from the dataset that apart from dummy variables, other metric variables shows consistency between the two central tendencies (mean and median).Banks within the region have better investor protection mechanisms through institutional ownership (23.1%), insider ownership (1.2%) and also report material internal control weakness.There is relatively about 1% return on average risk weighted which was reported by (Papa, 2015) as the true measure of bank performance.

Findings
In order to decide on which estimation model to choose between fixed or random effect, Hausman test was run.This specification test basically tests whether unique errors are correlated with the regressors, with the null hypothesis saying they are not (Green, 2008).The test pre-sets a null hypothesis that random effect is preferred over the alternative fixed effect and the criteria is a rejection of the null hypothesis if the probability value is less than the set confidence interval.The hypothesis predicts that random effect is same as fixed effect.To perform the test, fixed effect model is run where the dependent variable (credit risk measured by npl/total loans) is regressed over the set of internal control elements, objectives, agency problem, bank and country characteristics.The result is stored and the random effect model is also run.Hausman specification test is run over fixed and random and the result will which model is appropriate.It can be seen from the result that the test is significant at 1% confidence interval (p=0.0000).This means that we reject the null hypothesis that unique errors are not correlated with the regressors.The result suggest a choice of fixed effect over random effect since the test that the difference in coefficients are not systematic is rejected.The result of the test suggest that fixed effect model will be better than random effect.There are upcoming works that have challenged the Hausman specification test claiming its biasness towards to fixed effect (Bell & Jones, 2015) claiming that what fixed effect can do, random effect can even do better.We seem to agree with such school of thought to some extent.This is because the random effect gives better prediction power and significant levels for key variables of interest in our case but the Hausman test suggest otherwise.Rejecting the use of random effect for fixed effect seem to us like throwing away the water in the pan with the baby.
We control for heterogeneity with fixed effect model by running a robustness check on the standard errors.The result of the fixed effect regression can be found in Table 5.There were 91 banks with 534 observations with average observation per group of 5.9 in the panel.The robust fixed effect model omits two variables (insider ownership and staggered boards).The errors are correlated with the regressors (-0.5933).The F-test shows whether all the coefficients in the model are different from zero.
It could be seen from the significance level (0.000) that the coefficients are different from zero thus confirming a good model.The intra-class correlation measured by 'rho' suggest that 79.2% of the variance is due to differences across panels.The 't-value' test the hypothesis that each coefficient is different from zero and this hypothesis is rejected when the t-value is higher than 1.96 for 95% confidence interval.It is only in this case that the variable can be said to be significant and important in explaining the dependent variable.
This means, the higher the t-value, the better for that particular variable.It could be seen from the result that each of the category of variables in the model significantly affect credit risk.The internal control elements, internal control objectives, agency problem, bank characteristics and country characteristics all have significant effect on credit risk.The internal control element, risk assessment is significance (0.025) and negatively affect credit risk even though the correlation is weak.The result confirms earlier research that good risk assessment reduces risk exposure (Abbas & Iqbal, 2012) but contrary to an earlier study by Akwaa-Sekyi and Moreno (2016) who rather found a positive correlation.
The effectiveness of internal controls is determined by its ability to achieve the objectives.It is found from the study that operational performance objectives of internal controls is significant but inversely related to credit risk which is contrary to our hypothesis.The result is rather in tandem with the claim that profitability and efficiency is inversely related to bank risks (Balcerowicz et al., 2013).Institutional ownership shows high significance to credit risk.It is rather interesting to find that it is positively related to credit risk.It was expected that a significant negative relation exist between agency problem variables and the dependent variable.The result is not different from the situation in Spain when it was found that good board characteristics could not reduce credit risk of banks (Akwaa-Sekyi & Moreno, 2016).The hypothesis that there is no agency problem among banks in Europe cannot sustained.Bank characteristics shows significant negative effect on credit.Measured by bank size, the result shows that larger banks are able to minimize credit risk than smaller banks.The result confirms previous research that bank size significantly reduce bank risk taking behaviour (Haq, 2010).Again, the report that smaller banks have disincentive to enforce internal control mechanisms (Ashbaugh-Skaife et al., 2007) as compared to larger ones is confirmed.All the country-specific variables showed significant negative relation with credit risk apart from GDP which was positive.There is reason to agree that macroeconomic environment has significant relation with credit risk within a country (Jakub, 2007).
The explanatory power of the model provides better results for the within than the overall.The model shows that 30.4% of changes in a bank's credit risk is explained by internal controls.Interesting, the results for between and overall explanatory power of the model is about 1%.This is not strange in regression results and does not suggest the model is not good because necessary assumptions and tests have suggested suitability of the model.

Conclusions
It can be concluded from the study that there are effective internal control systems among banks in Europe because the objectives of operational performance and compliance are achieved.Normally, when internal controls are effective, there should be no evidence of the agency problem.Contrary to this, there is the agency problem existing among banks in Europe and this support our earlier finding about banks in Spain.The study provides no guarantee for effective internal control systems as panacea to the absence of agency problem.There seem to suggest more and subtle conflict of interest among banks within Europe.Significantly, internal control elements, objectives, agency problem, bank and country characteristics affect credit risk.The revised COSO framework for internal controls provides a comprehensive approach to dealing with loss of assets.It is however not exhaustive but could be complemented with specific approaches to minimizing the agency problem.The inclusion of the agency problem in this model gives credence to our assertion.The study has implications for managerial and shareholder decisions regarding how to safeguard assets of banks.The social cost of loss of investments through credit risk and the possible of businesses is worth knowing.

Table 4 .
Hausman specification test results

Table 5 .
Robust GLS fixed effect regression results