Keywords

Control Environment, Risk Assessment, Information and Communications, Control Activities, Supervision, and Control.

Introduction

Internal control is one of the most significant issues related to accounting and financial and economic thought. It aims to protect funds and calls for the optimal utilization of economic resources to achieve growth and stability to guarantee the accomplishment of the institution's financial and non-financial goals.

Today, companies are witnessing an increasing interest in internal auditing, as most of the major companies have established an independent internal audit department or division to carry out assurance services besides various consulting activities. This department was established to improve the institution's activities and add value to their performance. Besides, it helps the company achieve its goals by adopting a systematic and structured approach to improve risk management, control, and governance (Hayat, 2015).

Furthermore, the external auditor's internal control is also considered one of the most important domains through which the audit, evaluation, and reliability activities are the core subject of interest (Al-Husseini & Al-Sa'abary, 2017). Various laws and organizational systems have been introduced to support this argument to achieve progress in work and control activities appropriately. Therefore, the internal control systems emerged as a reference for stakeholders in these systems, including the Committee of Sponsoring Organizations (COSO), which established the basic components or components of internal control/ monitoring systems (Al-Bawab, 2015). These systems focused on finding out the coefficients that could be behind fraudulent or false financial reports relating to corporations' business and the stakeholders submitted their recommendations to public institutions, independent auditors, education institutions, Securities and Futures Commission (SFC) and other organizational agencies or commissions (COSO, 1985).

As a result, some audit firms and bureaus became interested in focusing on internal control systems to protect funds, issue reliable financial reports to help external auditors perform their tasks and mission appropriately and inform the board of directors with their reports efficiently and effectively. (Abu Mayaleh, 2017). So, this study sheds light on the role of internal control components and stresses the need to follow COSO's resolutions in seeking to develop and upgrade the performance of external auditors. The study addresses a case study of certified accountants in Gaza Strip.

Problem of the Study

Palestinian accountants depend on international auditing and accounting standards in formulating their financial statements, and they face many professional developments and experiences around the world. Therefore, external auditors must prove this in their reports in accordance with international auditing standards. However, the audit profession in Gaza Strip has been negatively affected by the political situation and the siege, which has affected the economic situation. Accordingly, this status influences audit bureaus' performance, which is reflected in the auditors' professional performance quality. Nonetheless, there are some obstacles related to poor accounting awareness and the lack of commitment to the internal control system. The performance of the external auditors will improve if they abide by these regulations and systems.

Hence, the study's problem lies in identifying the role of internal control in accordance with the decisions of the COSO in developing the performance of the external auditor in the audit offices in Gaza Strip. Thus, the problem of the study focuses on answering the following question: To what extent the degree of commitment of audit offices in Gaza Strip to the structures of internal control systems is in accordance with the COSO model in all domains (Control Environment, Risk Assessment, Control Activities, Information and Communications, Monitoring and Follow-up)? This question is divided into the following sub-questions:

1. What is the role of the internal control environment in the development of external auditor performance?

2. What is the role of risk assessment in the development of external auditor performance?

3. What is the role of control activities in the development of external auditor performance?

4. What is the role of information and communications in the development of external auditor performance?

5. What is the role of control and supervision in the development of external auditor performance?

Significance of the Study

The study's significance is represented in the importance of any company's internal control system, as it is considered the mainline of defense that protects the interests of the shareholders and all stakeholders. Moreover, the internal control of the company prevents issuing fraudulent or fake financial reports. However, we have to bear in mind that these components have a major role in improving the quality of the external auditor's performance. This study is one of the rare and important studies that aim to shed light on the audit offices' performance in Gaza Strip.

Objectives of the Study

The main objective of the study is to identify the role of the internal control components according to the decisions of COSO including its domains: (Control Environment, Risk Assessment, Control Activities, Information and Communications, Monitoring and Follow-up) in developing the performance of the external auditor in Gaza Strip. To achieve this objective, the study seeks to accomplish the following sub-objectives:

• Recognize the role of the internal control environment in developing the performance of the external auditor.

• Detect the role of internal control risks in developing the performance of the external auditor.

• Identify the role of the nature of internal control activities and procedures in developing the external auditor's performance.

• Determine the role of information and Communications in developing the performance of the external auditor.

The Variables of the Study are Identified as follows:

Independent Variables

They consist of internal control components in line with COSO 2013 framework: (Control Environment, Risk Assessment, Information and Communications, Control Activities, Supervision, and Control).

External Auditor performance

External auditor performance incorporates: (professional competence and education qualifications, auditor's experience, objectivity and independence, related to the audit bureau, and coefficients associated with the audit team).

Study Hypotheses

The main hypothesis HO: There is no statistically significant impact at the level of significance (α ( ...0 ≥ for the combined internal control components (Internal Control Environment, Risk Assessment, Control Processes, Information and Communications, Control and Supervision) on developing the performance of the external auditor in Gaza Strip.

The first sub-hypothesis (H01): There is no statistically significant impact at the level of significance (α>0.0) of the internal control component (Internal Control Environment) on developing the performance of the external auditor in Gaza Strip.

The second sub-hypothesis (H02): There is no statistically significant impact at the significance level (α>0.05) of the internal control component (Risk Assessment) on developing the performance of the external auditor in Gaza Strip.

The third sub-hypothesis (H03): There is no statistically significant impact at the significance level (α> 0.05(of the internal control component (Control Activities) on developing the performance of the external auditor in Gaza Strip.

The fourth sub-hypothesis (H04): There is no statistically significant impact at the level of significance (α >0.05) of the internal control component (Information and Communications) on developing the performance of the external auditor in Gaza Strip.

The fifth sub-hypothesis (H05): There is no statistically significant effect at the level of significance (α>0.05) of the internal control component (Control and Supervision) on developing the performance of the external auditor in Gaza Strip.

Theoretical Framework

Role of Internal Control Components According to COSO decisions

Development of the concept of Internal Control

After the emergence of the global economic crisis, the issue of internal control was introduced first in 1929 in the United States of America because of the willingness of American institutions to reduce the costs of external auditing, which was applied for the endorsement of budget accounts and financial statements (Renad, 2010).

Moreover, there is a need for introducing control systems to improve workflow and boost commitment to the policies and instructions of senior management authorities and run the large size of projects and face new challenges represented in the emergence of voluminous multi-national and international companies with multiple owners, as well as the complexity of their activities and activities.

In 1992, the American Institute of Certified Public Accountants (AICPA) and the Treadway Commission established a committee concerned with internal control known as the Committee of Sponsoring Organizations (COSO), which has adopted an integrated framework for internal control. In 2013, the committee identified the basic internal control components: (Control Environment, Control Activities, Risk Assessment, Information and Communications, Supervision, and Follow-up) (COSO, 2013).

Sharma & Senan (2019) said that "Internal control depends and interrelated to five components viz control environment, risk assessment, management information system and communication system, control activities and self-monitoring."

Characteristics/Features of Internal control

The internal control system is characterized by a set of features and advantages through which it is possible to estimate its capacity, efficiency, effectiveness, and the degree of its implementation in the company. These characteristics and features include the following (Majlakh & Waleed, 2018):

• Relevance: The institution must use a new supervisory system that suits its business's nature and size, mainly for the small enterprise. Its management should choose a simple control system that is not complicated and vice-a-versa for large enterprises.

• Comparing Revenue against Costs: Any business of the company or enterprise depends on comparing returns with costs. The greater difference between them is greater profit percentage will be accomplished.

• Flexibility: The method of the applied control style must be flexible to meet the company's needs; so that these methods can be modified and developed in order to adapt to any expected changes.

• Effectiveness: It is a sound and well-developed control system capable of finding out errors and detecting any nonconformity before they occur and handling them in a logical way that ensures that they will not happen again in the future.

Objectivity: The control system is designed to help attain correct, thorough, and accurate information about the company's performance in the appropriate time and validating their sources through records and documents on the one hand. On the other hand, stakeholders in charge of the various control activities have to consider the time issue into account, most specifically those who make financial reports or statements, by delivering them at the fixed time.

Objectives of Internal Control

Every system has a goal or a set of objectives to be achieved. Internal control purposes can be derived from the definitions mentioned earlier, especially the definitions identified by AICPA (Turner & Weickgenannt, 2009). The main objectives of internal control include the following components:

1. Protect the company assets from fraud and manipulation: for example, allocating a digital safe to insure the company against risks, theft and fraud, and assign closed places for stores and use modern means to open and close these stores (Al-Husseini & Al-Sabry, 2017).

2. Verify the accuracy of data and the accounting reports and make sure to use them to design and develop administrative policies and decisions: This is based on the accuracy of registration and operating processes that require specific effort and verifying each process in terms of documents or records. Thus, this process involves establishing an independent internal audit department, which plays a key role in this regard (Gourari, 2015).

3. Upgrade the level of productive proficiency: through the effective exploitation of resources and avoiding practices of overindulgence and wasting the utilization of available resources, i.e., adhering to the lowest costs.

4. Evaluate the levels of implementation in various departments of the company.

5. Enhance commitment to internal policies and decisions.

Internal Control must be Addressed through Three Domains to Achieve the Following Objectives:

1. Administrative Control: This includes the organizational plan, procedures, documents, and records aimed at achieving the highest level of productive efficiency while encouraging commitment to administrative policies and decisions. This control's objectives can be achieved by issuing statistical statements, reports on performance and quality assurance, and submitting estimated budgets (Al- Saberi, 2016).

2. Accounting Control: It represents the organizational plan and all procedures targeted at validating the accuracy of the accounting data included in the account books, invoices, bills, and accounts (Al- Shuhnah, 2015).

3. Internal control: Involves all methods, means, and procedures targeted at protecting the project assets from fraud and loss. In order to achieve its objectives, internal control depends on dividing work together with self-monitoring. So, every employee's performance is subject to review by another employee who also participates in implementing this process (Al-Saberi, 2016).

Basic Components of Sound Internal Control Systems

Sound internal control system consist of an administrative, organizational structure, an accounting system, detailed procedures for implementing tasks, selecting competent employees and placing them in appropriate positions, an accurate performance monitoring system, and the utilization of all automated methods.

Background of the Formation of the COSO

The breakdown of large American companies in 1985 resulted in an obvious failure and setback in auditing their accounts. Hence, the US Congress and the US Securities Commission launched a campaign to reform the Foreign Corrupt Practices Act of 1987, which led to creating a National Committee to handle the fraudulent financial reports (Treadway Commission). This committee consists of several associations and accounting institutes in the United States of America (Thabit et al., 2017), including:

1. Financial Executives International (FEI).

2. American Accounting Association (AAA)

3. Institute of Internal Auditors (IIA)

Treadway Commission conducted a study on financial statements in the time between 1985 and 1987. It then issued a report, including the findings and recommendations under the title "Report of the National Committee on the preparation of fraudulent financial reports" (COSO, 1987). After that preliminary report was submitted, COSO was formed and made its report on the reasons behind the risks related to internal control issues that also led to the failure to prepare financial reports. COSO urged the management to submit reports on the effectiveness of internal control systems and stressed the need to focus on some main issues, including the creation of effective internal control systems, a sound control environment, codes of conduct, specialized audit committees, effective management, and project risk management, (Länsiluoto et al., 2016).

In September 1992, as one of the Treadway Committee committees, COSO submitted a report stressing developing a comprehensive definition of internal control. In addition to establishing an internal control structure and its five components, setting standards that help internal auditors evaluate this structure's effectiveness and prepare reports on the results to provide reasonable confirmation for building up confidence in financial statements (Al-Shahawi, 2012).

The reports issued by COSO defined the internal control structure as; A process designed to get reasonable affirmation of achieving three main objectives: the efficiency and effectiveness of activities and operations, reliability of financial statements and confirmation of their conformity to generally accepted accounting principles, and ensuring their compliance with the companys' laws and regulations (Safi, 2019).

COSO framework in 1992 is considered a turning point and a fundamental stage of transformation in the development of the internal control structure, which was updated in 2013 when the enterprise or the company risk management has become a highly essential requirement. This framework consists of five components representing the internal control structure (Control Environment, Control Activities, Risk Assessment, Monitoring, Information, and Communications) (Safi, 2019).

(Sarhan, 2017) argued that most of the 1992 framework fundamentals were maintained or even slightly modified within the framework of 2013. There were no changes in the definition of internal control, and no change has been made on the number of components of the internal control structure. In addition, the internal control structure of the enterprise is still based on defining goals and the need to restructure a sound system to accomplish those goals.

Components of an Integrated Framework for Internal Control According to COSO Concept

In 1992, a committee called the COSO was established to give more focus on internal control. This committee has approved and adopted an integrated framework for internal control, which was accredited around the world. On May 14, 2013, the committee identified the basic components of internal control, which are according to (Khalidi, 2015): (Control Environment, Risk Assessment, Control Activities, Information and Communications, Monitoring and Follow-up).

(COSO,2007):

1. Control Environment: It includes the functions of management and persons who are in charge of the institutional control, in addition to their attitudes, positions, and actions towards the company's internal control and its importance. The control environment also defines the general framework of the company and the other control components, and the auditor has to perceive and understand the control environment because the result of his/her evaluation is reflected on the design and effectiveness of applying the components of the internal control (Al-Thunaibat, 2015).

2. Risk Assessment: The risk assessment in the financial statement management's analysis of risks is represented in preparing the financial statements in accordance with approved and accredited accounting principles. It is not restricted to the financial statements and the perils associated with them. Still, it also involves all activities that are supposed to determine activities, market and credit risks, threats of technology, and disasters (Ezz El-Deen, 2015).

3. Control Activities: They represent the rules and procedures set by the institution or the company to ensure their implementation and the management directives that includes the company's control activities, the workflow, the process of comparing actual performance against budgets and performance expectations for the previous periods (Al-Samarra'i, 2016).

4. Information and Communications: An effective internal control system involves reliable information structures and entails all the economic unit activities and effective Communications channels to ensure that all employees understand and fully abide by organizational policies and measures related to their work and responsibilities within the system. Furthermore, effective Communications must be open in all directions, which applies to the institution through its components and structure. Also, workers communicate important information to the highest levels and maintain an open Communications with external parties and stakeholders. Therefore, when any danger hiders achieve the enterprise's objective, all necessary measures and actions can be taken appropriately (Lathan, 2016).

5. Monitoring and Follow-up: This component refers to the management's continuous evaluation or assessment over periods of internal control performance quality to achieve the desired and planned level of control implementation, which will also help determine the possibility of modifying it inline with any expected changes. The information related to any amendment can be obtained by examining the current internal control methods and the assessment of banking regulatory bodies, feedback from employees and customer complaints, most specifically, those regarding numbers or figures in the invoices, etc. (Helmy, 2015).

Definition of the External Audit

The external audit ensures the efficiency of an unbiased assessment that determines if the economic and administrative situation of the company activities complies with the set goals. So, the concerned authorities and stakeholders will be informed in time with the results of the review or assessment (Sha'ath, 2016).

Previous Studies

Study of (Nashwan, 2018), which aimed to identify the impact of the internal control systems on construction companies' operational performance in Gaza Strip according to the COSO five components (Control Environment, Risk Assessment, Control Activities, Information and Communications, and Monitoring and Follow-up). The study examined the extent of construction companies' commitment in Gaza Strip to the internal control system structures according to COSO model. To achieve the objectives of the study, (49) items were distributed to the sample consisting of (460) persons, and (415) questionnaires were retrieved for analysis, i.e., a ratio of 90.2. %. The descriptive-analytical method was applied. The study concluded that there was a commitment from those companies towards internal control structures. There was a statistically significant positive impact on every control component on their operational performance. The recommendations urge construction companies to strengthen efficient and internal operative control systems and conduct more studies on other sectors such as commerce, industry, and services.

The study of (Alslihat et al., 2018) aimed to identify the effect of the internal control system's components on reducing cloud computing risks in Jordanian public shareholding companies per COSO framework: A case study of accountants in Jordan. A questionnaire was developed as a tool to collect data, and the sample comprised 190 accountants. The questionnaires were distributed to all sample members, and the SPSS software was used to analyze the data of 154 questionnaires (i.e. represent 81.1%). The study concluded that COSO framework provides internal control activities that reduce the risk of adopting information systems in general and accounting information systems in particular. The Association of Accountants and Auditors and the Supervisory Authority recommended developing educational programs and strengthening training for auditors on the usage of computers and motivating the audit bureaus to conduct local and international research related to these programs. It is worth noting that information and cloud computing techniques are among the most important COSO framework developments.

The study aimed to examine internal control systems' role, including their five components (Control Environment, Risk Assessment, Control Activities, Information and Communications, Monitoring, and Follow-up) play in reducing risks from a future stock prices' crash distinguished data from China conducted by (Chen Jun, 2017). This study reached that internal control systems are negatively related to the risk of stock prices' crash, most specifically the control environment, information, and Communications that are negatively related to the risk of a breakdown in stock prices in the future. The recommendations call for continuous improvement of the structure of internal control systems and adherence to companies' governance principles.

(Lagat et al., 2016) tried to determine the impact of internal control systems on financial management in Baringo County government in Kenya, depending on the (COSO) framework to analyze the internal control systems. The study concluded that the monitoring activities and follow-up of the information and communications technology greatly affect financial management. However, the control environment, information, and communications do not significantly affect changes in financial management. The study recommended strengthening internal control systems to enhance accountability and improve financial management.

Methodology of the Study

This study is a descriptive-analytical study that aims to answer an important question related to the role of internal control components in developing the external auditor's performance in accordance with the decisions of the COSO. It is a field study on audit bureaus in Gaza Strip based on two data types, including the secondary data and the primary data. It can also be classified as a descriptive study aimed at determining the coefficients addressed by previous studies reviewed in the theoretical framework.

Population and Sample of the Study

The study population includes employees in external accounting audit bureaus in Gaza Strip, regardless of their different positions and job titles. The study sample consisted of (81) workers in these bureaus selected by a simple random sample method, and (89) questionnaires were distributed. In contrast (81), questionnaires were retrieved and were valid for analysis. The following table shows the demographic characteristics of the study sample(Table 1).

Table 1 Distribution of The Study Sample
Variable	Category	Number	Percentage
Gender	Male	56	69.1
	Female	25	30.9
Age group	Below 25 years	8	9.8
	From 25 to less than 35	40	49.4
	From 35 to less than 45	22	27.3
	45 and more than 45	11	13.5
Job Description	Senior auditor	27	33.3
	Assistant auditor	44	54.3
	Audit Manager	4	5.0
	Owner or partner of an audit bureau	6	7.4
Education Degree	Bachelor	57	70.3
	MA	21	26.0
	PhD	3	3.7
Major	Accounting	73	90.2
	Business Administration	5	6.2
	Economics	1	1.2
	Financial and Banking Sciences	2	2.4
Experience	Less than 5 years	14	17.0
	From 5 to less than 10	31	38.0
	From 10 to less than 15	15	19.0
	15 and more than 15	21	26.0
Place of study	Palestinian University	60	74.0
	Arab University	20	25.0
	Foreign University	1	1.0
Total		81	100%

Data Collection Tools

The study's essential tool was a questionnaire prepared to collect preliminary data and developed for this purpose by referring to previous studies and identifying the theoretical framework before collecting and analyzing the data. The questionnaire consisted of two main parts: the first section is the introduction, personal and demographic data, while the second section consisted of 57 items to measure the independent and dependent variables. The study also relied on other sources by reviewing the literature, periodicals, journals, books, and websites related to its subject.

Statistical Analysis Tool

The Statistical Package for Social Sciences (SPSS) was applied. Descriptive statistics and frequencies were used to illustrate the study sample's characteristics and apply the regression analysis to test the study hypotheses.

Validity of the Study Tool

The questionnaire was submitted to a group of well-known professors and academic experts and specialties to recognize their views and attitudes relating to the questionnaire's consistency, clarity, and inclusiveness. The questions were modified and formulated according to the recommendations of the arbitrators.

Analysis of Measurement Tool Reliability

The reliability coefficient was calculated by applying Cronbach Alpha equation to confirm the reliability of the questionnaire. The following table shows the results of Cronbach Alpha reliability test.

Table 2 Cronbach Alpha Reliability Coefficients Of The Study Tool
Reliability Coefficient	Dimension	Variable
91.2	Internal Control Environment	Independent
83.6	Risk Assessment
77.4	Control Activities
89.3	Information and Communications
90.4	Control and Supervision
76.5	Performance of External Auditor	Dependent
90.6	Total

The above table 2 shows the Cronbach Alpha test results for the study independent and dependent variables, where all values were higher than the standard value (0.60), which are acceptable values according to (Sekaran & Bougie, 2016).

Results

Testing of the Hypothesis

Before applying the regression analysis to test the study hypotheses, some tests were made in order to ensure that the data fit the assumptions of the regression analysis; this can be summarized as follows: It was confirmed that there was no high correlation between the independent variables (Multicollinearity) by using the Variance Inflation Coefficient (VIC) and the Tolerance test for every variable, taking into account that the VIC does not exceed the value (10) and that the Tolerance test is higher than (0.05). Table (3) shows the results of these tests.

Table 3 Variance Inflation Coefficient (Vic), Tolerance And Skewness Tests
Coefficient	VIC	Tolerance
Internal Control Environment	1.595	.627
Risk Assessment	1.416	.706
Control Activities	1.895	.528
Information and Communications	3.679	.272
Control and Supervision	3.667	.273

The above table shows that the VIC test values for all variables are less than (10) and that the Tolerance test values are higher than (0.05), which indicates that there is no high correlation between the independent variables (Multicollinearity). In addition, the validity of the model was confirmed to test the hypotheses of the study by testing the variance, as shown in the following table 4.

Table 4 Results Of Regression Variance Analysis To Confirm The Validity Of The Model For Testing Study Hypotheses
Dependent Variable	Degrees of Freedom	Coefficient of Determination R2	Calculated value F	Significance level F
Performance of external auditor	(75?5)	0.234	*4.268	0.002

*Statistically significant at (α ≤ 0.05)

The above table 4 shows the strength of the study hypothesis testing model and the calculated (F) value, which was higher than its tabulated value at the significance level of (α≤0.05) and the degrees of freedom (75?5( . The internal control components explain (23.4%) of the variance in the variable (development of the external auditor performance). Accordingly, the study hypotheses can be tested as follows:

• The main hypothesis: There is no statistically significant effect at the level of significance (α> 0.05( for the combined internal control components (Internal Control Environment, Risk Assessment, Control Activities, Information and Communications, Control and Supervision) in developing the external auditor performance in Gaza Strip.

The Multiple Regression analysis was applied to test this hypothesis, and the following table illustrates this:

Table 5 Results Of The Multiple Regression Analysis To Test The First Main Hypothesis
Independent Variable	B	Standard Error	Beta	Calculated t Value	t Significance level
Constant Regression	3.580	0.656		5.457
Internal Control Environment	-0.115	0.105	-0.144	1.093	0.278
Risk Assessment	0.095	0.069	0.170	1.365	0.177
Control Activities	125	0.097	0.185	1.287	0.202
Information and Communications	0.205	0.134	-0.307	1.528	0.131
Control and Supervision	270	0.126	0.429	2.142	0.036

It is clear from the above-mentioned statistical results and from checking the (t) test values that four combined coefficients (Internal Control Environment, Risk Assessment, Control Activities, Information, and Communications) do not affect the developing the external auditor performance in Gaza Strip in accordance with (Beta) coefficients for these variables and at the significance level of (α≥0.05). However, one coefficient had an impact on developing the external auditor performance in Gaza Strip, which is the Control and Supervision coefficient.

Accordingly, we reject the null hypothesis and accept the alternative hypothesis, which states that: "there is no statistically significant effect at the level of significance (α ≥0.05) for the combined independent coefficients (Internal Control Environment, Risk Assessment, Control Activities, Information, and Communications) on developing the external auditor performance in Gaza Strip, but there is an impact of one coefficient of them, which is Control and Supervision".

For determining the effect of the independent coefficients separately on the dependent coefficient, the Simple Regression analysis was applied to test sub-hypotheses as follows:

• The first sub-hypothesis: There is no statistically significant impact at the significance level (α≥ 0.05) of the Internal Control component (Internal Control Environment) on developing the external auditor performance in Gaza Strip.

The (Simple Regression) analysis was applied to test the sub-hypothesis, and the following table shows the details:

Table 6 Regression Analysis of Internal Control Coefficient
Source	Coefficient of Determination R2	Sum of Squares	Degrees of Freedom	Mean of Squares	F Value	Significance Level F
Regression		1.742	1	1.742
Standard error	0.110	14.045	79	0.190	9.178	0.003
Total		15.787	80

The data of the following table 7 reveal that there is a statistically significant effect at the level of significance (α≤0.05) of the Internal Control Environment coefficient on developing the external auditor performance in Gaza Strip based on (F) calculated value of (9.178) at the level of significance (0.000) which is at a coefficient level of (0.05). The table also shows that the independent variable explains (11.0%) of the variance in the dependent variable, and the following table illustrates the coefficients of the regression equation:

Table 7 Regression Analysis Of Internal Control Environment Coefficient
Source	B	Standard Error	Beta	t Calculated Value	t Significance Level
Constant	4.063	0.228		15.627	0.000
Internal Control Environment	0.185	0.061	0.332	3.030	0.003

The above table 7 results indicate the possibility of predicting the development of the external auditor performance in Gaza Strip through the Control Activities coefficient, as the value of (t) was=2.442, which is statistically significant at the level of (α≤0.05). Therefore, we reject the null hypothesis and accept the alternative hypothesis, which states that "there is a statistically significant effect at the significance level of (α≤ 0.05) for the independent coefficient (Control Activities) on developing the external auditor performance in Gaza Strip."

• The second sub-hypothesis: There is no statistically significant effect at the significance level (a≥0.05) of the Internal Control component (Risk Assessment) on developing the external auditor performance in Gaza Strip.

Simple Regression Analysis tested the sub-hypothesis, and the following table illustrates this shown in Table 8:

Table 8 Regression Analysis of Risk Assessment Coefficient
Source	Coefficient of Determination R2	Sum of Squares	Degrees of Freedom	Mean of Squares	F Value	Significance Level F
Regression		1.278	1	1.278
Standard Error	0.213	14.509	79	0.196	6.518	0.013
Total		15.787	80

It is evident from the data of the previous table that there is a statistically significant effect at the significance level of (α≤0.05) for the Control Activities coefficient in developing the external auditor performance in Gaza Strip. This result was reached because of (F) calculated value was (6.518) at significance level of (0.000). Moreover, the table reveals that the independent variable explains (7%) of the variance in the dependent variable, and the following table 9 shows the coefficients of the regression equation:

Table 9 Regression Coefficients to Predict Improvement in Performance Through Risk Assessment
Source	B	Standard Error	Beta	t Calculated Value	t Significance Level
Constant	5.124	0.351		14.617	0.000
Risk Assessment	0.227	0.089	0.285	2.553	0.013

The above table 9 results indicate the possibility of predicting the development of the external auditor performance in Gaza Strip through the Risk assessment coefficient, as the value of (t)=2.553, which is statistically significant at the level of (α≤0.05). Therefore, we reject the null hypothesis and accept the alternative hypothesis, which states that "there is a statistically significant effect at the level of significance (α≤ 0.05) for the independent coefficient (Risk Assessment) on developing the external auditor performance in Gaza Strip".

• The third sub-hypothesis: There is no statistically significant effect at the level of significance (a>.. .05) of the Internal Control component (Control Activities) on developing the performance of the external auditor in Gaza Strip.

This hypothesis was tested by Simple regression analysis, which illustrated in the following table 10:

Table 10 Regression Analysis of Control Activities Coefficient
Source	Coefficient of determination R2	Sum of Squares	Degrees of Freedom	Mean of Squares	F Value	Significance Level F
Regression		1.177	1	1.177
Standard Error	0.07	14.610	79	0.197	5.963	0.017
Total		15.787	80

It is evident that "there is a statistically significant effect at the level of significance (α≤0.05) of the information and communication factor on developing the performance of the external auditor in Gaza Strip" based on the calculated value of (F) of (5.708) at the level of significance (0.000). It is also clear that the independent variable explains a percentage of (8%) of the variance in the dependent variable, and table 11 shows the coefficients of the regression equation to predict the development of performance through Information and Communication.

The data of the previous table reveal that there is a statistically significant effect at the level of significance (α≤0.05) for the Control Activities coefficient in developing the performance of the external auditor in Gaza Strip based on the calculated value of (F) of (5.963) at the level of significance (0.000). It has also appeared that the independent variable explains (7%) of the variance in the dependent variable, and the following table shows the coefficients of the regression equation.

Table 11 Regression Coefficients to Predict Improvement in Performance Through Control Activities
Source	B	Standard Error	Beta	t Calculated Value	t Significance Level
Constant	3.517	0.300		11.730	0.000
Control Activities	0.184	0.075	0.374	2.442	0.017

The above table 11 results indicate the possibility of predicting the development of the external auditor's performance in Gaza Strip through the Control Activities coefficient, as the value of (t)=2.442, which is a statistically significant at the level of significance (α≤0.05). Therefore, we reject the null hypothesis and accept the alternative hypothesis, which states that "there is a statistically significant effect at the level of significance (α≤ 0.05) for the independent coefficient (Control Activities) on developing the external auditor performance in Gaza Strip.

• The Fourth Sub-Hypothesis: There is no statistically significant effect at the significance level of (a> . .05) the internal control component (Information and Communications) on developing the performance of the external auditor in Gaza Strip.

This hypothesis was tested through using the simple regression analysis as illustrated in the following table 12:

Table 12 Regression Analysis Of Information And Communications Coefficient
Source	Coefficient of Determination R2	Sum of Squares	Degrees of Freedom	Mean of Squares	F Value	Significance Level F
Regression		1.131	1	1.131
Standard error	0.08	14.656	79	.198	5.708	0.019
Total		15.787	80

Based on the calculated value of (P) of (5.708) at the level of significance (0.000) which is significant at the level of significance (0.05), there is a statistically significant effect at the level of significance (α≤0.05) of the Information and Communication coefficient on developing the performance of the external auditor in Gaza Strip. It is also obvious that the independent variable explains (8%) of the variance in the dependent variable, and table 13 shows the coefficients of the regression equation to predict the development of performance through Information and Communication components.

Table 13 Regression Equation Coefficients to Predict Performance Development Through Information and Communication
Source	B	Standard Error	Beta	t Calculated Value	t Significance Level
Constant	3.433	0.341		10.061	0.000
Information and Communications	0.179	0.075	0.362	2.389	0.019

The above table 13 results indicate the possibility of predicting the development of the external auditor's performance in Gaza Strip through the Information and Communication coefficient, as the value of (t)=2.389, which is statistically significant at the level of (α≤0.05). Therefore, we reject the null hypothesis and accept the alternative hypothesis. Which states that "there is a statistically significant effect at the level of significance (α≤ 0.05) for the independent coefficient (Information and Communications) on developing the external auditor performance in Gaza Strip".

• The fifth sub-hypothesis: There is no statistically significant effect at the significance level (a<0.05) of the Internal Control component (Control and Supervision) in developing the performance of the external auditor in Gaza Strip.

For testing the above hypothesis, simple regression analysis was applied, and the following table 14 shows that:

Table 14 Regression Analysis of Control and Supervision Coefficient
Source	Coefficient of determination R2	Sum of Squares	Degrees of Freedom	Mean of Squares	F Value	Significance Level F
Regression		2.406	1	2.406
Standard Error	0.152	13.381	79	.181	13.306	0.000
Total		15.787	80

It is evident from the data of the previous table that "there is a statistically significant impact at the level of significance (α≤0.05) of the Control and Supervision factor on developing the performance of the external auditor in Gaza Strip", based on the (F) calculated value which was (13.306) at the level of significance (0.000). It is clear from the table that the independent variable explains (15.2%) of the variance in the dependent variable, and the following table (15) shows the coefficients of the regression equation:

Table 15 Regression Equation Coefficients to Predict Performance Development Through Control and Supervision
Source	B	Standard Error	Beta	t Calculated Value	t Significance Level
Constant	3.150	0.302		10.422	0.000
Control and Supervision	0.246	0.067	0.390	3.648	0.000

The above table 15 results indicate the possibility of predicting the development of the external auditor performance in Gaza Strip through the Control and Supervision coefficient, as the value of (t)=3.648, which is statistically significant at the significance level of (α≤0.05). Therefore, we reject the null hypothesis and accept the alternative hypothesis, which states that "there is a statistically significant effect at the level of significance (α≤0.05) for the independent coefficient (Control and Supervision) on the development of the external auditor's performance in Gaza Strip".

Results

The study concluded a set of findings, which discussed below in compared with the results of previous studies:

The multiple regression test results show that the Internal Control components (Internal Control Environment, Risk Assessment, Control Activities, Information and Communications, Control and Supervision) had no impact on developing the external auditor performance in Gaza Strip except for one coefficient, which is Control and Supervision. This result supports the importance of Monitoring, Supervision, and Control Activities as they highlight the significance of the role of the components of Internal Control in developing the external auditor performance. It is also evident that increasing the level of Control and Supervision enhances and improves the external audit process's performance in general.

This result agrees with the study's findings (Lagat et al., 2016), which show the importance of Monitoring and Supervision activities in development and accountability. It is also consistent with the study of (Nashwan, 2018) which concluded that the component of Control and Supervision besides other components of Internal Control has a clear and significant impact on improving the operational performance in general.

Furthermore, it is also consistent with what was confirmed by the study (Chen Jun, 2017), which states that Internal Control systems are negatively associated with the risk of a collapse or crash in stock prices, most notably the Control and Information Environment. So, organizations and companies need to improve their structure of Internal Control systems and abide firmly by corporate governance principles.

Recommendations

The study recommendations can be summed up as follows:

• It is imperative to strengthen Internal Control systems because of their vital role in institutions and pay attention to the various control components due to their importance in developing and improving the external auditor performance and upgrading performance in general.

• Working continuously to evaluate and monitor performance to facilitate development and follow-up processes through constant monitoring processes and address and bridge the gaps to take appropriate measures to overcome difficulties and risks.

• Paying more attention to Information, Communications, continuous updating and possible changes facing the company, and providing all technical tools and periodical reports that facilitate the external auditor's mission while adhering to the requirements of reliability and accuracy.

• Raising control awareness at all managerial levels by organizing training courses to help employees recognize the importance of Internal Control, and work continuously on developing the skills of external auditors by the concerned accounting associations to ensure their utmost readiness to perform their tasks appropriately.

References

1. Abu Mayaleh, S. (2017). Impact of structuring internal control systems on improving the quality of external auditor performance, in accordance with COSO model. Analytical study on the perceptions of the external auditors in the west bank, Palestine- Palestine university. Technical Research Journal, 5(1), 1-15.
2. Al-Bawab, A. (2015). Role of internal control components in the improvement of external auditor performance in accordance with COSO, a field study on jordan association of certified public accountants. Journal of Adminiastrative Studies, 42(2), 370-398.
3. Al-Husseini, M., & Al-Sa'abary, I. ( 2017). Utilization of internal control components to enhance external audit quality, applied research on a sample of private Iraqi banks, Babel University Journal, 25(4), 1524-1553.
4. Helmy, A. (2015). Introduction to audit and assurance, in accordance with international audit standards (Second Edition), Safa's Publishing and Distribution House, Amman, Jordan.
5. Hayat, W., & Arousi, (2015). Internal control and its impact on the quality of banking and electronic services. Master thesis, the University of Mohammad Bu Dhiyaf, Al Maseelah.
6. Khalidi, N. (2015). Extent of the commitment of higher education institutions in palestine to the internal control components in accordance with COSO framework (A case study on Gaza Strip). Al Azhar University Journal, series of Humanities, 17(1)
7. Al-Thunaibat., & Abdul-Qader, A. (2015). Accounts audit in light of international standards,theory and implementation (fifth edition). Wa'el House for Publishing, Amman, Jordan.
8. Al-Thahabi, & Qassim, N.M. (2007). The effect of the internal control system in reducing the phenomenon of administrative corruption, mission of legal accountability. The Arab Institute for Certified Accountants, Baghdad.
9. Al-Samarra'i, M. (2016). Effect of internal control system on the quality of financial statements, an analytical study on jordanuian phharmaceuticals companies listed at amman stock exchange. Unpublished Master thesis, Middle East Universdity, Jordan.
10. Sarhan, M. (2017). The implications of external outsourcing of information technology activities on the internal control structure. Scientific Journal of Business and Environmental Studies, 460(4), 481-488.
11. Al- Shuhnah, R., & Abu Z. (2015). Auditing of accounts is a contemporary approach according to international auditing standards (first edition). Wa'el House for Publishing, Amman, Jordan.
12. Sha’ath, M. (2016). The impact of the internal control system on the quality of financial reports, an applied study on public shareholding companies listed in palestine exchange. Unpublished Master Thesis, The Islamic University, Gaza.
13. Al-Shahawi, S. (2012). The prospective role of the external auditor to develop internal control methods in the e-commerce environment (a field study). Journal of Trade and Finance, Faculty of Commerce, 3(1), 321-341.
14. Al-Saberi, A. (2016). Internal control in small and medium size enterprises. Master Thesis, Al-Arabi Bin Mahidi University-Umm El Bouaghi-Algeria.
15. Safi, S. (2019). The extent of the compatibility of the internal control system in the private shareholding companies operating in gaza strip with the framework of coso (a case study: siqsic company). Master Thesis, Siqsic Company
16. Ezz El-Deen, O. (2015). The impact of the effectiveness of the internal control system on the performance of the internal auditor, a field study on private jordanian universities. Unpublished Master Thesis, Middle East University, Jordan.
17. Gourari, Nour Al H. (2015). The role of electronic auditing in improving the quality of financial information, a case study on the economic corporation Sidi Arghis Mills - Umm El Bouaghi - Complementary memorandum to attain an academic master’s certificate in commercial sciences Al-Arabi Bin Mahidi University-Um El Bouaghi-Algeria.
18. Lathan, H. (2016). The effectiveness of the role of internal auditing in evaluating risk management, according to the coso framework (an applied study on governmental sectors in gaza strip). Unpublished Master Thesis, Islamic University, Gaza.
19. Majlakh, S., & Waleed, B. (2018). The impact of internal control on the financial profitability of the institution.
20. Alslihat, N., Matarneh, A.J., Moneim, U.A., Alali, H., & Al-Rawashdeh, N. (2018). The impact of internal control system components of the COSO model in reducing the risk of cloud computing: The case of public shareholding companies. Journal of Science and Technology, 33(4), 188-202.
21. Arens, A.A., Randal, J.E., & Mark S.B. (2014). Auditing and Assurance Services, An integrated Approach (15th edition). Pearson Education Inc.
22. Chen, J., Chan, K.C., Dong, W., & Zhang, F. (2017). Internal control and stock price crash risk: Evidence from China. European Accounting Review, 26(1), 125-152.
23. Committee of Sponsoring Organizations of the Tredway Commission (COSO), (2007). Internal control integrated framework: framework guidance on monitoring internal control systems.
24. COSO (1985). Definition of internal control on-line: http://www.coso.org
25. COSO(1992). Internal control-integrated framework, committee of sponsoring organizations of the treadway commission, COSO Report.
26. Iskandar, M.N. (2018). Impact of internal control system structures according to (coso) model on the operational performance of construction companies in gaza strip: An empirical study. International Journal of Business and Management, 13(11).
27. Lagat, C., & Okelo, C. (2016). Effect of internal control systems on financial management in baringo county government, kenya. Journal of Economics, Finance and Accounting, 3(1).
28. Sekaran, U., & Bougie, R. (2016). Research methods for business: A skill building approach. John Wiley & Sons.
29. Thabit, T., Solaimanzadah, A., & Al-abood, M.T. (2017). The effectiveness of COSO framework to evaluate internal control system: the case of kurdistan companies. Cihan International Journal of Social Science, 1(1), 44.
30. The Committee of Sponsoring Organizations of the Treadway Commission (COSO). (2013), Internal Control - Integrated Framework.
31. Turner, L., & Weickgenannt, A.(2009).Accounting information systems. Wiley.
32. Sharma, R.B., & Senan, N.A.M. (2019). A study on effectiveness of internal control system in selected banks in saudi, arabia. Asian Journal of Managerial Science, 8(1), 41-47.
33. Iskandar, M.N. (2018). Impact of internal control system structures according to (COSO) model on the operational performance of construction companies in the Gaza strip: an empirical study. International Journal of Business and Management, 13(11).
34. AICPA: American Institute of Certified Public Accountants. (2002). Consideration of fraud in a financial statement audit, statement on auditing standards No. 99, New York, NY: USA.
35. Nasr, A.A., & Shahata, A.S. (2016). Auditing between theory and practice. Alexandria University, Egypt.
36. Naser A. (2009). The Modern External Audit, Part 1. Alexandria University, Egypt.
37. Alslihat, N., Matarneh, A.J., Moneim, U.A., Alali, H., & Al-Rawashdeh, N. (2018). The impact of internal control system components of the coso model in reducing the risk of cloud computing: the case of public shareholding companies. Journal of Science and Technology, 33(4), 188-202.
38. COSO. (2013). COSO Internal Control-Integrated Framework. KPMG. Committee of sponsoring organizations of the treadway commission.