COSO-based internal control: efforts towards good university governance

Purpose The purposes of this study are to determine the implementation of internal control, to determine the application of good university governance, and to determine the effect of internal control on good university governance. Method The research design is a survey with a quantitative approach. The object of research is UIN Walisongo that has carried out an institutional transformation. The population in this study is all structural officials at UIN Walisongo with 184 people in total. From the distribution of questionnaires, 106 questionnaires were obtained. The analysis technique used is descriptive analysis and Structural Equation Modeling (SEM) analysis with the AMOS program. Result The results showed that the application of internal control was carried out in the good category, the application of university governance was in the very good category, and internal control had a significant effect on good university governance. Implication The result of the study provide further confirmation of internal control with good university governance. This study, carried out in one educational institutions, therefore more educational institutions are needed to be examined so that the result can be generalized. Originality The research focuses on educational institutions that specialize in teaching, research and community service. Especially the dimensions of risk analysis are generally discussed in profit organizations.


Introduction
The challenge in the implementation of Islamic Religious Higher Education (PTKI) faces various complex problems related to globalization, so that it requires good and effective governance in order to achieve the mission and vision of PTKI ideally indicated by the characteristics of good governance. In line with the direction of development strategy of Islamic Religious Higher Education (PTKI) capable of producing Islamic and superior graduates in integrating scientific with Islamic values, the implementation of PTKI in the Ministry of Religious Affairs which has reached 618 institutions-53 in the form of state PTKI (STAIN, IAIN and UIN) and 565 Private Islamic Religious Universities (PTKIS)-must be based on the implementation of education in line with the principles of good governance that is integrated in personality development and academic network development supported by the availability of qualified educators. It is expected to achieve the implementation of PTKI that upholds the values of trust, tafaqquhfi'l-dīn, professional, transparent, accountable and qualified. One of efforts to improve the quality of PTKI can be done with the application of good university governance.
The strategic issues of Islamic education in 2015-2019 are among others (1) increasing equitable access to Islamic Education; improving the quality of Islamic Education; increasing the relevance and competitiveness of Islamic Education; and good governance of Islamic Education. However, several problems are still faced in its implementation such as the occurrence of corruption cases in many campuses. It becomes a serious blow to the system of organizing higher education in Indonesia. Based on the results of the Supreme Audit Agency (BPK) examination of financial statements at the Ministry of Religious Affairs and Ministry of Research, Technology and Higher Education, there was a decrease in the opinion level, from unqualified opinion to fair with the exception (WDP) which means a decrease in accountability and transparency. Based on the findings of Indonesian Corruption Watch (ICW), in the education sector, corruption cases occupy the second position in the period 2003-2013. These data indicate that the educational environment is also not free from the practice of corruption. There are at least 12 modes of corruption in the education sector including: procurement of goods and services; education grants and CSR; internal budgets of higher education; research funding; scholarship funding; and the sale of assets owned by the Higher Education Fund, Education Contribution Fund (SPP), as well as other patterns such as bribery in admission of new students; bribery in the election of officials in the internal of Higher Education; bribery or sale of grades; bribery related to accreditation (study program/university); and gratuities of students to lecturers.
The phenomenon of corruption in universities not only happens in Indonesia, but also appears in a number of countries. As reported by Channel News Asia, in 2013, a law professor from a top university in Singapore, TeyTsun Hang, was found guilty on charges of accepting sex gratification and luxury items from students. Gratification received by TeyTsun is in return for the good grade he gave to the students.
According to Jobplanet (2016), the rise of corruption in universities has been triggered, among others, by the lack of transparency of the campus on finance management, weak internal control and administrative system, and the absence of monitoring mechanism involving the community. Another trigger is the welfare of lecturers and staff. The average salary of lecturers in Indonesia is Rp 3,326,700 per month. This small salary makes lecturers force JIAFR | 30 themselves to work elsewhere to meet their needs or take shortcuts by seeking profits from the authority they possess.
To prevent the occurrence of models of corruption practices in universities, one policy is required by strengthening the internal control system. The internal controller of COSO 1992 and SAS 78 is a process influenced by the board of commissioners, management and other business unit personnel designed to gain reasonable assurance about the achievement of objectives in the following matters: (1) Reliability of financial reporting (2) Compliance with applicable laws and regulations (3) Effectiveness and efficiency of operation (Daniela & Attila, 2013;Rae et al., 2017). The internal control component of COSO (Committee of Sponsoring Organization) consists of five components: control environment, risk assessment, control activities, information and communication, monitoring (Mosteller & Poddar, 2017) Researches on the implementation of COSO-based internal control and good university governance refer to studies by Sawalqa & Qtish (2012), Agyei-Mensah (2016), Ghozali & Achmad (2017), and Ansori (2018). Sawalqa & Qtish's (2012) research aims to examine the role of internal control elements: control environment, risk assessment, control activities, information and communication, and monitoring, in improving the pillars of corporate governance: accountability, fairness, responsibility answer, and transparency in the insurance company. These results suggest that internal control plays an important role in improving the pillars of corporate governance in Jordanian insurance companies, and the success of corporate governance requires compliance with all elements of internal control.
Agyei-Mensah (2016) found empirical evidence in Ghana that effective internal controls improve good governance practices and reduce corruption. Similar to these findings, Sawalqa & Qtish (2012) show that internal control has an important role in improving corporate governance, and the success of corporate governance requires compliance with all elements of internal control. Research by Ghozali & Achmad (2017) shows that the internal control system influences in increasing university accountability, while accountability can create good university governance. According to research JIAFR | 31 results by Ansori (2018), there is a negative and significant influence of good university governance and the effectiveness of the internal control system on the tendency of accounting fraud. It shows that good governance and internal control can prevent fraud behavior in the state Islamic higher education.
The research was conducted at UIN Walisongo considering that since 2015 IAIN transformed into UIN Walisongo. The transformation demands development, structure, governance, work culture, resources and internal control system by increasing the role of internal supervisory unit (SPI) as the front guard in implementing internal control system which is one of its duties to prevent corruption. Based on the Decree of the Minister of Religious Affairs of the Republic of Indonesia Number 106 of 2016 on the Establishment of Working Units as the Pilot Project of Intergrity Zone Development (ZI) to the Free Zone of Corruption (WBK) and the Bureaucratic Area of Clean and Serve (WBBM) at the Ministry of Religious Affairs, UIN Walisongo is one of the works selected as the pilot project of the program. Therefore, the research problems are: (1) how is the implementation of internal control at UIN Walisongo carried out in the good category? (2) how is the implementation of good university governance at UIN Walisongo? and (3) does internal control affect good university governance?

Literature Review Stewardship Theory
Stewardship theory is not a new concept in financial management literatures or in organizational theory. Contrafatto (2014) describes stewardship that has motivated organizations whose mission is to maintain, preserve and enhance natural, social, cultural and economic resources for the benefit of community interests. Stewardship theory is agreed to be a strong concept that has some resonance with the current policy agenda, at the macro and many more levels agreed on organizations, solving global problems such as corporate responsibility and social accountability. The concepts of corporate social responsibility and (social) accountability, stewardship leadership have not been substantially developed in literature management,
Gaps exist in the resolution of conceptualizations about the role and nature of stewardship. According to Hernandez (2012), "Many theorize about the theory of stewardship, but no one gives an appropriate resolution of stewardship". Most theoretical work makes a difference, and in some alternative cases, perspectives with a focus either on the normative foundation of management (Hernandez, 2012) or on organizational and managerial implications (van Puyvelde, Caers, du Bois, & Jegers, 2012).
Stewardship theory views management as a trustworthy party to act best for the public interest in general as well as shareholders in particular. The implication of Stewardship's theory in this research is that steward (in this case is college management) will work best for the interest of principal (Puspitarini, 2012;Contrafatto, 2014).

Internal Control
COSO defines internal control as follows: "Internal control is a process, affected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding to the achievement of objectives relating to operations, reporting, and compliance" (COSO, 2013). The internal control system consists of policies and procedures designed to provide reasonable assurance management that the company has achieved its goals and objectives. These policies and procedures are often called controls, and collectively establish the entity's internal control. The purpose of internal control, according to COSO cited by Sawyer et al., is to provide reasonable assurance about achievements in terms of effectiveness and efficiency of operations, reliability of financial information, and compliance with applicable laws and regulations (COSO, 2013;Philip L. Foster, 2019).
In this study, researchers used the COSO-based internal control model in which the internal control system was designed to provide guarantees on the achievement of the following objectives: (1) effectiveness and efficiency of JIAFR | 33 operations, (2) reliability of financial information, and (3) compliance with applicable laws and the rules. The COSO-based internal control model consists of five components: (1) control environment; (2) risk assessment; (3) control activities (4) information and communication, and (5) Monitoring (COSO, 2013).
First, the Control Environment. According to INTOSAI (2016), control environment is the environmental conditions of the organization that sets the style of an organization that affects awareness of control. According to COSO, the control environment component is the initial foundation for the development of internal controls system by providing fundamental disciplines and structures. These include: ethical integrity and values, commitment to competence, auditor functioning, management philosophy and leadership style, organizational structure, authorization and responsibility, human resource policy and practices (HR). This control environment comprises actions, policies and procedures that reflect the overall attitude of top management, directors, and owners of an entity concerning internal control and its significance to that entity (INTOSAI, 2016).
Second, Risk Assessment. Risk assessment is a process that includes the identification, analysis, and management of risks faced by management, which can hinder the achievement of organizational goals. According to COSO in Philip L. Foster (2019), the determination of risk is the identification and analysis of risks that disrupt the achievement of internal control objectives. So, it can be concluded that assessment or risk assessment is a process that includes identification, analysis, and management of risks faced by management which disrupts the achievement of internal control objectives.
Thirdly, control activities are control policies and procedures to be addressed. The statement states that control activities are defined and implemented control policies and procedures to help ensure that actions identified by management are required to address risks to achieving effective entity objectives. Components of control activities take place throughout the organization, all levels and on all existing functions. This activity covers a range of activities ranging from authorization, authority, verification, JIAFR | 34 reconciliation, performance review, asset security, and job separation. Control activities that can be done include performance improvement, information processing, physical control and segregation of functions (DeLoach & Thomson, 2014).
Fourth, Information and Communication. The information needed is not only internal but also external. Effective communication should be widespread throughout the organization in which all parties must receive a clear message from the top management responsible for monitoring. All staff must understand their role in the internal control system as well as the relationships between individuals (Rae et al., 2017).
Fifth, Monitoring. This component provides adequate assurance that an organization's objectives can be achieved, management must monitor the internal controls system to determine whether the system operates as desired and modified to suit changes in conditions. It includes the right personnel to assess the design and operation of the control on a timely basis in taking the necessary corrective action (Philip L. Foster, 2019;COSO, 2013).

Good University Governance
According to Khanna (2017), governance is power, relationships, and accountability, who has influence, who decides, and how people and stakeholders express their opinions, and how decisions are made accountably. In the context of educational organizations, good governance is considered as the most important factor in improving the overall reputation of the organization, which is related to achieving the goals set by the organization. In the 1990s, there was recognition of the importance of governance in higher education (Shattock, 2013).
The concept of good university governance is derived from a more general concept of governance, that is, good governance. Good governance requires eight general/basic characteristics, namely, participation, consensus orientation, accountability, transparency, responsiveness, effectiveness and efficiency, equality and inclusiveness, and law enforcement/supremacy. Simply put, a good university can be seen as the application of the basic JIAFR | 35 principles of "good governance" concepts in the system and process of governance in higher education institutions, through various adjustments made based on values that must be upheld in the administration of higher education. This is based on the aim of developing academic and scientific education and developing whole people (Munawir et al., 2019).
Good university governance is a concept that applies the principles of good governance such as transparency, accountability, responsibility, independence, and fairness that need to be applied by each university to realize a qualified university (Puspitarini, 2012). According to Wijayanto (2015), good university governance can be seen simply as applying the basic principles of good governance in the system and process of governance at the institution of universities through various adjustments made based on the values that must be upheld in the implementation of universities in particular and education in general. Meanwhile, according to Qorib (2018), values considered suitable to be applied in universities are: transparency, organizing, participation, responsiveness, efficiency and effectiveness, accountability and leadership.
The implementation of good governance is still relevant to be applied in the concept of good university governance in which a college institution must meet the principles of participation, orientation on consensus, accountability, transparency, responsiveness, effective and efficient, equity and inclusiveness, and law enforcement. The difference is in the value and purpose that animates it. These managerial principles should be applied to support the basic functions and principles of higher education (Khanna, 2017).
In this study, researchers tried to apply the principles of both experts as a foothold and reference. The following principles of good university governance, according to Wijayanto (2015), are considered suitable to be applied in a modified college, among others: (1) Transparency. Openness is built on the freedom of information. Information directly related to the public interest can be obtained adequately, accurately and timely by those in need as well as other important information in accordance with the laws and JIAFR | 36 regulations; (2) Accountability is clarity of function, implementation and accountability of the organs so that the management of the organization is implemented effectively. Universities should have a clear (written) job description and responsibility from the structural officials; (3) Responsibility. Responsibility is the extent to which policy, regulation, and budget allocation get support and positive response from academic society. There is compliance within the organization's management of the prevailing laws and regulations. Responsibility on the basic principle is companies (including universities) must comply with legislation and carry out responsibility for society and the environment so as to maintain long-term business continuity and be recognized as a good corporate citizen; (4) Independence. According to Taufiq, Suharman, Zarkasyi, & Sueb (2017), independence is the circumstances in which the organization is managed professionally without conflict of interest and the influence of pressure from any party that is not in accordance with applicable legislation and applies the principles of healthy organization. Independence is a basic principle to smooth the implementation of the principle of good corporate governance. Universities must be managed independently so that each college organ does not dominate each other and cannot be intervened by others; (5) Fairness. According to Taufiq, Suharman, Zarkasyi, & Sueb (2017), justice, fairness and equality in fulfilling the rights of stakeholders arise under applicable agreements and laws and regulations. When carrying out its activities, universities should always pay attention to the interests of students and other interest holders based on the principle of fairness and equality. Equality and fairness are the basic principles: in conducting their activities, universities should always pay attention to the interests of stakeholders (government and society) based on the principle of equality and fairness; (6) Participation. According to Pratiwi (2016), participation is a principle that everyone has the right to be involved in any decision-making and administering government either directly or indirectly.
Research on this topic is still relevant to study, especially in non-profit service organizations. Existing research is more dominated by manufacturing companies and service companies that have profit motives. The difference with previous research is the object of research is nonprofit service companies (public sector organizations), namely state Islamic tertiary institutions and research designs. Research by Rymarzak, den Heijer, Curvelo Magdaniel, & Arkesteijn (2019) illustrates the effects of university governance in the Netherlands and Poland, with five dimensions (autonomy, management, participation, accountability and transparency) into an innovative and coherent analytic framework. The results show that university governance from five dimensions has consequences for university governance. This shows that every university governance reform must consider resources and facilities. Ignoring them can cause universities to make sub-optimal decisions and consequently affect accountability, productivity and competitive advantage. An understanding of the conceptions presented is crucial for the development of appropriate tertiary education policies and improvement of university performance. Sawalqa & Qtish's (2012) research shows that internal control plays an important role in improving the pillars of corporate governance in Jordanian insurance companies, and the success of corporate governance requires compliance with all elements of internal control. Research by Puspitarini (2012) shows that the effectiveness of government internal control affects the quality of financial reporting. Components of the effectiveness of the internal control government consists of: (1) the control environment; (2) risk assessment; (3) activity control; (4) information and communication); (5) monitoring. The results support the theories stated by COSO (2013).
While research by Nurhayati et al. (2014) shows that: (1) Simultaneously, there is significant influence of good university governance, effectiveness of internal audit, and organizational commitment to budgetary participation. Partially, it is only good university governance and organizational commitment that have a significant influence on the participation of budgeting; while the effectiveness of internal audit does not have a significant influence on budgetary participation; (2) There is a significant influence on good university governance, internal audit effectiveness, organizational commitment, budgetary participation on managerial performance either JIAFR | 38 simultaneously or partially. Research by Suyono & Hariyanto (2012) pointed out that internal control, internal audit, and organizational commitment have a significant positive relationship with good governance. While Agyei-mensah (2018) found empirical evidence in Ghana that effective internal controls improve good governance practices and reduce corruption.
Theoretically, an effective internal control improves good governance as it is a part of the management process (i.e., planning, managing, directing, and controlling). The internal control keeps an organization moving toward goals and achievements. The internal control encourages the effectiveness and efficiency of operations, reduces the risk of loss of assets, and helps ensure compliance with laws and regulations. The internal control also ensures the reliability of financial reporting (all transactions are recorded and all recorded transactions are real, rated correctly, recorded in a timely manner, correctly classified, and properly summarized and posted). Therefore, theoretically, an organization with an effective internal control is expected to achieve its goals efficiently and effectively so that the governance is good, while the organization with a weak internal control will experience bad governance.

Hypothesis Development
Good university governance is simply put as the application of basic concepts of good governance in the system and process of governance at universities through various adjustments based on values that must be upheld in the implementation of universities in particular and education in general. Good university governance is required to achieve transparent, accountable and compliance with university regulations.
The strategic issues of Islamic education in 2015-2019 include (1) increased access to equitable Islamic education; improving the quality of Islamic education; increasing the relevance and competitiveness of Islamic Education; and good governance of Islamic Education. However, the implementation still faces several problems such as the occurrence of JIAFR | 39 corruption cases in many campuses. This becomes a serious blow to the system of organizing higher education in Indonesia.
To prevent the occurrence of models of corruption practices in universities, one policy is required by strengthening the internal control system. The internal control components issued by COSO consist of five components: control environment, risk assessment, control activities, information and communication, and monitoring (COSO, 2013).
Research on the COSO-based internal control is important to be done so that the implementation of universities obtains reasonable assurance that its activities can be achieved in a transparent, accountable, effective, efficient, and comply with applicable laws and regulations. This is in line with the public demand for the management of universities that have good governance (good university governance). Based on the foundation of previous theories and research, the theoretical framework can be explained as follows:

Research Methods
The research was carried out in UIN Walisongo for the following reasons: (1) In 2009, UIN Walisongo from an ordinary working unit became a Public Service Agency (BLU) committed to implement transparent, accountable, efficient and effective university governance; (2) Since 2015, IAIN transformed into UIN Walisongo. The transformation demands development, structure, governance, work culture, resources and internal control system by increasing the role of internal supervisory unit (SPI) as the front guard in implementing internal control system which is one of its duties to prevent corruption.
This study is a population study, in which the researcher examined all the elements that existed within the research area. The population in this study is all structural officers at UIN Walisongo that are 184 people.
Data collection in this study uses survey method by distributing questionnaires to the object of research. The questionnaires were distributed from July to September 2019 directly to each unit of organizations/faculties in UIN Walisongo. Out of the 184 distributed questionnaires, 125 questionnaires were returned. Out of the 125 questionnaires returned there were 19 questionnaires filled out incompletely so that the questionnaires that can be administered and become samples in this study are 106.
The operational definition and measurement of research variables are as follows: (1) The control environment reflects the overall attitude, awareness, and actions of management, staff, and others regarding the importance of control in an entity (Rae et al., 2017;COSO, 2013). This variable is measured by using six indicators: integrity and ethics value, commitment to competence, operation style and management philosophy, organizational structure, responsibility and authority, policy and practice of human resources. Answers are assessed using a 5-point Likert scale; (2) risk assessment is a mechanism for identifying, analyzing and managing various risks in the organization associated with the objectives to be achieved (Rae et al., 2017;COSO, 2013). This variable is measured by three indicators that are JIAFR | 41 risk identification, risk analysis and risk management. Answers are assessed using a 5-point Likert scale; (3) control activities are policies and procedures that help ensure that all actions are carried out in accordance with effective management directives (Rae et al., 2017), (COSO, 2013). This variable consists of six indicators: performance review, information management, physical control of assets, segregation of duties and functions, authorization, recording and documentation. Answers are assessed using a 5-point Likert scale; (4) information and communication allow people within the organization to obtain the necessary information sharing to manage, implement and control operational activities and deliver it through media (Rae et al., 2017;COSO, 2013). This variable consists of three indicators: information, communication and information system. Answers are assessed using a 5-point Likert scale; (5) monitoring is the process of assessing the quality and effectiveness of internal control systems, including modifications and improvements if necessary (Rae et al., 2017;COSO, 2013). This variable consists of three indicators: supervision, evaluation and follow up. (6) Governance is a concept that implements good governance principles such as transparency, accountability, responsibility, independence, and fairness that need to be applied by every university to realize a qualified university (Wijayanto, 2015). This variable consists of six indicators: transparency, accountability, responsibility, independence, fairness and participation. Analytical techniques used are descriptive analysis and causality analysis with structural equation model (SEM).

Implementation of COSO-Based Internal Control
The results of respondents' answers about the implementation of COSObased internal control consisting of five variables, namely: control environment, risk analysis, control activities, information and communication and monitoring are described in table 2.  Table 2 shows that the implementation of the COSO-based internal control with an average total value of 3.939 from the control environment, risk analysis, control activities, information and communication as well as monitoring shows that the implementation of COSO-based internal control is good. Control environment and control activities are variables that have the highest average value while the risk analysis is the variable that has the lowest value.

JIAFR | 42
A good internal control system is built from the control environment as a foundation that is built through the control environment. Internal control activities are actions that are based on policies and procedures, implemented by management, to handle risks appropriately. Activities, information and communication as well as monitoring and evaluation are important parts in building internal control (COSO, 2013). From the tabulated data, it was concluded that COSO-based internal control at UIN Walisongo has become a strong foundation in building a control system. There is a commitment from management and the role of the Internal Supervisory Unit (SPI), so that the internal control is successfully implemented to support the goals of the university.

The Implementation of Good University Governance
Based on the results of respondents' answers to the implementation of good university governance which consists of transparency, accountability, responsibility, independence, fairness and participation are described in table 3.  Table 3 shows that the average score of 4.298 shows that the application of good university governance is very good. Independence and participation are indicators with the highest average values. The goal of good governance is the goal that every university management wants to achieve because it has an impact on university performance. University management, in this case, the chancellor, the vice-chancellor along with the heads of bureaus and deans, is the steward party, while the public and the government are shareholders. In management theory, it is explained that the university management (steward) parties are given the mandate or trust by shareholders to act in the best interests of shareholders (the public and the government). The implication of the stewardship theory in this research is that university management will work best to achieve good university governance that will be accountable to the public and government.

Influence of COSO-Based Internal Control to Good University Governance
To find out the influence of COSO-based internal control on good university governance, structural equation modeling (SEM) analysis technique is used. The SEM analysis with AMOS program resulted model of structural equation showing relationship between latent variable presented in figure 2 below:

Figure 2. The Path Diagram Of COSO-Based Internal Control Influences Good University Governance (revision)
The results of model conformance testing (revision) in this study are presented in table 4.

JIAFR | 45
Based on table 4 it is known that from the eight criteria used to assess the feasibility of a model, there are six criteria met and two marginal criteria. Thus, it can be said that the model is acceptable because there is suitability between the model and the data. Figure 2 shows that internal control consists of; control environment, risk analysis, control activities information and communication, monitoring affect the good university governance, except risk analysis is not significant.

Conclusion
Based on the results of SEM data analysis, it shows that COSO-based internal control has a significant influence on good university governance. In accordance with research by Rymarzak et al. (2019), good university governance will affect university performance. Good university governance as the application of the basic principles of the concept of "good governance" in the system and process of governance in higher education institutions, through various adjustments made based on values that must be upheld in universal governance. To achieve good university governance, human resources play a very important role in it and for other resources owned by the organization. The study of organizational behavior shows that there are three determinants of behavior in organizations, namely individuals, groups and structures. These three things are studied in organizational influence with the aim of improving organizational performance. Organizations must believe that to achieve excellence, it is necessary to produce university performance.
To ensure sustainable university performance, good university governance is needed. Good university management can ensure the sustainability of a university. The results of the study of Rymarzak et al. (2019) show that the existence of university governance reforms must take into account the resources and facilities, if ignoring this will cause the university to be less than optimal and consequently affect the university's accountability, productivity, performance and competitive advantage. According to Munawir et al. (2019), accountability must be fulfilled by public JIAFR | 46 sector organizations, one of which is accountability for honesty related to avoiding abuse of authority and power. The Financial and Development Supervisory Agency (BPKP) emphasizes the importance of accountability that considers moral and ethical issues. The concept of good governance can be implemented in university management systems and processes through various adjustments made based on university values. Implementation of good university governance is expected to prevent the practice of abuse of authority and power in tertiary institutions. Therefore, a monitoring and accountability scheme for university management that is transparent and accountable through the application of internal control is based on the principles of COSO. An internal control system is needed to assess the accountability, transparency and compliance of university management with policies and regulations that apply to the interests of stakeholders. Therefore, the application of the internal control system is considered to have an important role in order to realize good university governance. Sawalqa & Qtish's (2012) research shows that internal control plays an important role in improving the pillars of corporate governance. Likewise, research by Suyono & Hariyanto (2012) shows that internal control has a significant positive relationship with good governance. Research by Nurhayati et al. (2014) shows that there is a significant influence on good university governance, internal audit effectiveness, organizational commitment, budgetary participation on managerial performance both simultaneously and partially. While Agyei-Mensah's (2016, 2018) study found empirical evidence in Ghana that effective internal control enhances good governance practices and reduces corruption. The results of Ghozali & Achmad's (2017) study show that the internal control system influences productivity improvement, while accountability can create good university governance. Ansori's (2018) research results show that there is a negative and significant influence of good university governance and the effectiveness of the internal control system on the tendency of accounting fraud. It shows good governance and JIAFR | 47 internal control can prevent fraudulent behavior in tertiary education in Islamic religious countries.
Based on the results of the previous research, a generalization was obtained, that COSO-based internal control had a significant effect on good university governance. Likewise in this study, it was found that the application of good university governance at UIN Walisongo consisted of transparency, accountability, independence, responsibility for equality, fairness and participation. These values are needed by UIN Walisongo to ensure the achievement of good university governance. Based on data analysis and discussion of the application of internal control systems at UIN Walisongo with control environment variables, risk analysis, control activities, information and communication and evaluation contribute to creating good university governance, ultimately improving university longterm performance. Other findings indicate that risk assessment has no significant effect on good university governance. It means that the assessment of risks has not been implemented optimally at UIN Walisongo. It is understandable, because in general these findings are in accordance with the reality, where the risk assessment dimension is faced by most universities considering that the university is a public organization oriented service improvement, not oriented to seek profits such as private organizations. These findings can be used as a strategy for university management to improve good university governance by increasing risk assessment. These findings can also be an agenda for future research. Further research on risk management in tertiary institutions has an impact on university performance.