Internal audit: from effectiveness to organizational significance

Purpose From the perspective of two groups of governance actors, this paper aims to understand how internal audit (IA) achieves and consolidates organizational significance. Design/methodology/approach Interviews were conducted with audit committee chairs and chief audit executives from multinational corporations, and the participating corporations’ registration documents were analyzed. Findings The data indicate that IA achieves and consolidates organizational significance by activating the IA effectiveness “building blocks” (Lenz et al., 2014) all together so as to generate organizational learning and positive change. New IA effectiveness drivers also emerged from the field. Research limitations/implications This research contributes to the IA literature by establishing a connection, through the IA impact on organizational learning, between the constructs of IA effectiveness and organizational significance. It also contributes to the IA literature by identifying new drivers and illustrating the complementarity and interconnections between the IA effectiveness building blocks. Practical implications This paper encourages internal auditors to keep their eyes on the prize (i.e. organizational significance) instead of simply being focused on the mean (i.e IA effectiveness), in order to fight stakeholder disappointment. Originality/value The paper proposes a conceptual model of IA organizational significance and gives key insights for setting up effective IA to stimulate organizational learning and fostering positive change in the whole organization.

Download Full-text

Corporate governance and internal audit: an institutional theory perspective

Corporate Governance ◽

10.1108/cg-07-2019-0215 ◽

2019 ◽

Vol 20 (1) ◽

pp. 175-190 ◽

Cited By ~ 1

Author(s):

Christina Vadasi ◽

Michalis Bekiaris ◽

Andreas Andrikopoulos

Keyword(s):

Corporate Governance ◽

Institutional Theory ◽

Audit Committee ◽

Internal Audit ◽

Annual Reports ◽

Substantial Impact ◽

Content Type ◽

Internal Auditors ◽

The Impact ◽

Audit Effectiveness

Purpose This paper aims to explore internal audit effectiveness through its contribution to corporate governance. Namely, the authors attempt to investigate the impact of internal audit professionalization on internal audit’s contribution to corporate governance. Design/methodology/approach Using a research framework informed by institutional theory, the authors predict that internal audit’s contribution to corporate governance is associated with factors related to internal audit professionalization. To investigate the arguments, the authors combine data from a survey of 49 listed companies in the Athens Stock Exchange with publicly available information from annual reports. Findings Empirical results indicate that internal audit professionalization affects internal audit effectiveness, as internal audit’s contribution to corporate governance is improved for organizations where internal audit function complies with internal auditing standards and internal auditors hold professional certifications. The findings also suggest that internal audit’s contribution to corporate governance is shaped by some company-specific characteristics, namely, CEO duality and audit committee quality. Practical implications The results have implications for internal auditors who wish to increase the efficiency of their work, corporate governance mechanisms such as the board of directors and the audit committee, which can use the findings of this study to better respond to their responsibilities concerning internal audit and regulators who can also benefit to strengthen areas with substantial impact on internal audit’s contribution to corporate governance. Originality/value This paper contributes to the academic discussion on the role of internal audit in corporate governance and complements the work of other researchers in the field of internal audit professionalization. This study tries to fill a gap in the literature on the effect of internal audit professionalization elements on internal audit’s contribution to corporate governance.

Download Full-text

Factors associated with security/cybersecurity audit by internal audit function

Managerial Auditing Journal ◽

10.1108/maj-07-2017-1595 ◽

2018 ◽

Vol 33 (4) ◽

pp. 377-409 ◽

Cited By ~ 5

Author(s):

Md. Shariful Islam ◽

Nusrat Farah ◽

Thomas F. Stafford

Keyword(s):

Audit Committee ◽

Internal Audit ◽

Mixed Effect ◽

Content Type ◽

Internal Auditors ◽

Factors Associated ◽

Security Breaches ◽

Internal Audit Function ◽

Enterprise Risk

Purpose The purpose of the study is to explore the factors associated with the extent of security/cybersecurity audit by the internal audit function (IAF) of the firm. Specifically, the authors focused on whether IAF/CAE (certified audit executive [CAE]) characteristics, board involvement related to governance, role of the audit committee (or equivalent) and the chief risk officer (CRO) and IAF tasked with enterprise risk management (ERM) are associated with the extent to which the firm engages in security/cybersecurity audit. Design/methodology/approach For analysis, the paper uses responses of 970 CAEs as compiled in the Common Body of Knowledge database (CBOK, 2015) developed by the Institute of Internal Auditors Research Foundation (IIARF). Findings The results of the study suggest that the extent of security/cybersecurity audit by IAF is significantly and positively associated with IAF competence related to governance, risk and control. Board support regarding governance is also significant and positive. However, the Audit Committee (AC) or equivalent and the CRO role are not significant across the regions studied. Comprehensive risk assessment done by IAF and IAF quality have a significant and positive effect on security/cybersecurity audit. Unexpectedly, CAEs with security certification and IAFs tasked with ERM do not have a significant effect on security/cybersecurity audit; however, other certifications such as CISA or CPA have a marginal or mixed effect on the extent of security/cybersecurity audit. Originality/value This study is the first to describe IAF involvement in security/cybersecurity audit. It provides insights into the specific IAF/CAE characteristics and corporate governance characteristics that can lead IAF to contribute significantly to security/cybersecurity audit. The findings add to the results of prior studies on the IAF involvement in different IT-related aspects such as IT audit and XBRL implementation and on the role of the board and the audit committee (or its equivalent) in ERM and the detection and correction of security breaches.

Download Full-text

Internal audit function, audit committee effectiveness and accountability in the Ugandan statutory corporations

Journal of Financial Reporting and Accounting ◽

10.1108/jfra-07-2016-0062 ◽

2018 ◽

Vol 16 (1) ◽

pp. 138-157 ◽

Cited By ~ 12

Author(s):

Juma Bananuka ◽

Stephen Korutaro Nkundabanyanga ◽

Irene Nalukenge ◽

Twaha Kaawaase

Keyword(s):

Audit Committee ◽

Sampling Error ◽

Internal Audit ◽

Hierarchical Regression ◽

Cross Sectional ◽

Content Type ◽

Internal Auditors ◽

Internal Audit Function ◽

Correlational Data ◽

Finance Officers

Purpose The purpose of this study is to investigate the contribution of internal audit function and audit committee effectiveness on accountability in statutory corporations (SCs). Design/methodology/approach This study is cross sectional and correlational. Data have been collected through a questionnaire survey of 52 SCs in Uganda through their Chief Internal Auditors and Chief Finance Officers. Data have been analysed using Statistical Package for Social Sciences. Findings The internal audit function significantly contributes to accountability of SCs in Uganda and audit committee effectiveness is not where effective internal audit is present in such organisations. However, audit committee effectiveness significantly contributes to accountability when an internal audit function is not present. Research limitations/implications The use of hierarchical regression is prone to problems associated with sampling error. However, the likelihood of these problems is mitigated by the interface with data. Originality/value Whereas hitherto both internal audit function and audit committee effectiveness had been viewed as explanations of accountability, this study only confirms the internal audit function as a significant predictor of SCs’ accountability relative to audit committee effectiveness.

Download Full-text

Influence of audit committees on internal audit conformance with internal audit standards

Managerial Auditing Journal ◽

10.1108/maj-12-2014-1132 ◽

2015 ◽

Vol 30 (6/7) ◽

pp. 539-559 ◽

Cited By ~ 22

Author(s):

Abdulaziz Alzeban

Keyword(s):

Audit Committee ◽

Stock Exchange ◽

Middle Eastern ◽

Internal Audit ◽

International Standards ◽

Audit Committees ◽

Content Type ◽

Internal Auditors ◽

The Impact ◽

Audit Standards

Purpose – This study aims to provide empirical evidence of the association between audit committee characteristics and internal audit conformance with the International Standards for the Professional Practice of Internal Auditing (ISPPIA). Design/methodology/approach – Seventy-four usable responses were received from a survey of chief internal auditors (CIAs) from Saudi companies listed on the Saudi Stock Exchange. Findings – The results indicate that audit committee characteristics (the presence of independent members on the committee, members’ expertise in auditing and accounting and meeting with the CIA) influence internal audit conformance with the ISPPIA. Additionally, they demonstrate that such conformance is also influenced by CIA tenure. Practical implications – The findings of this study also have significant implications for audit committees wishing to improve their overall effectiveness, by identifying the impact of the committee’s characteristics on internal audit conformance with the ISPPIA. Originality/value – The results add to the literature on internal audit standards by introducing a Middle Eastern perspective and simultaneously providing insights for companies in their attempts to adhere to the international standards, hence, supporting efforts towards good corporate governance.

Download Full-text

Risk-based internal audit: factors related to its implementation

Corporate Governance ◽

10.1108/cg-08-2020-0316 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Petros Lois ◽

George Drogalas ◽

Michail Nerantzidis ◽

Ifigenia Georgiou ◽

Eleni Gkampeta

Keyword(s):

Risk Management ◽

Chief Executive Officers ◽

Audit Committee ◽

Empirical Studies ◽

Relevant Literature ◽

Internal Audit ◽

Chief Executive ◽

Management Training ◽

Content Type ◽

Internal Auditors

Purpose This study aims to investigate the factors associated with the implementation of risk-based internal audit (RBIA). Design/methodology/approach As a first step, a literature review of the relevant literature is performed and five potential factors related to the implementation of RBIA are identified. Based on that, this paper constructs a questionnaire survey sent out to 185 internal auditors, executives and accountants in Greece to receive 90 responses during the period of November 2019–January 2020. Multiple regression analysis is conducted to identify the factors related to the implementation of RBIA. Findings This paper shows that there is a statistically significant positive relationship between the implementation of RBIA and: the provision of risk management training, an active audit committee role and the establishment of a formalized risk management system. Practical implications The results have important implications for internal auditors, chief executive officers and accountants who wish to enhance internal audit effectiveness and the accuracy and quality of financial information. Originality/value Empirical studies on the factors related to the implementation of RBIA are rare. This is the first study to create empirical variables based on a thorough review of the relevant literature to empirically investigate the factors that are related to the implementation of RBIA in an emerging economy. By focusing on the Greek context, this study also sheds light to other countries with similar corporate governance systems, thus providing insights to settings where the Type II agency problem exists (La Porta et al., 1999).

Download Full-text

Internal audit quality: a polysemous notion?

Accounting Auditing & Accountability Journal ◽

10.1108/aaaj-10-2014-1843 ◽

2016 ◽

Vol 29 (5) ◽

pp. 714-738 ◽

Cited By ~ 17

Author(s):

Melanie Roussy ◽

Marion Brivot

Keyword(s):

Audit Committee ◽

Audit Quality ◽

Meta Analysis ◽

Internal Audit ◽

Content Type ◽

Internal Auditors ◽

External Auditors ◽

Extant Literature ◽

Public Sector Organizations ◽

Archival Documents

Purpose – The purpose of this paper is to characterize how those who perform (internal auditors), mandate (audit committee (AC) members), use (AC members and external auditors) and normalize (the Institute of Internal Auditors (IIA)) internal audit work, respectively make sense of the notion of “internal audit quality” (IAQ). Design/methodology/approach – This study is predicated on the meta-analysis of extant literature on IAQ, 56 interviews with internal auditors and AC members of public or para-public sector organizations in Canada, and archival documents published by the IIA, analyzed in the light of framing theory. Findings – Four interpretative schemes (or frames) emerge from the analysis, called “manager,” “éminence grise,” “professional” and “watchdog.” They respectively correspond to internal auditors’, AC members’, the IIA’s and external auditors’ viewpoints and suggest radically different perspectives on how IAQ should be defined and controlled (via input, throughput, output or professional controls). Research limitations/implications – Empirically, the authors focus on rare research data. Theoretically, the authors delineate four previously undocumented competing frames of IAQ. Practical implications – Practically, the various governance actors involved in assessing IAQ can learn from the study that they should confront their views to better coordinate their quality control efforts. Originality/value – Highlighting the contrast between these frames is important because, so far, extant literature has predominantly focussed on only one perspective on IAQ, that of external auditors. The authors suggest that IAQ is more polysemous and complex than previously acknowledged, which justifies the qualitative and interpretive approach.

Download Full-text

Effects of reporting relationship and type of internal control deficiency on internal auditors’ internal control evaluations

Managerial Auditing Journal ◽

10.1108/maj-07-2017-1606 ◽

2018 ◽

Vol 33 (3) ◽

pp. 318-335 ◽

Cited By ~ 3

Author(s):

Audrey Gramling ◽

Arnold Schneider

Keyword(s):

Internal Control ◽

Audit Committee ◽

Internal Audit ◽

Internal Controls ◽

Material Weakness ◽

Content Type ◽

Internal Auditors ◽

Tone At The Top ◽

Internal Audit Function ◽

Professional Guidance

Purpose This paper aims to explore whether an internal auditor’s evaluation of internal control deficiencies are influenced by the party with primary influence over the internal audit function and by the type of internal control deficiency. Design/methodology/approach A behavioral experiment is conducted with internal auditors as participants in a 2 × 2 between-subjects factorial design. Findings Results indicate that internal auditors are less likely to evaluate a pervasive control deficiency related to “tone at the top” as a material weakness than a process-specific control deficiency. Furthermore, internal auditors are somewhat less likely to evaluate a process-specific internal control deficiency as a material weakness when management has primary influence over the internal audit function than when the audit committee has primary influence. It is also found that the best practice of internal audit oversight (i.e., primary oversight of internal auditors by the audit committee) may lead to potential internal under-reporting of instances where the audit committee represents a material weakness in internal control. Research limitations/implications Limitations of this research include lack of economic consequences (e.g. future pay and job loss) associated with the internal control decisions made by the participants; less concise information provided to the participants than would generally be available to them; and lack of generalizability of the findings beyond the specific company setting and internal control scenario portrayed in the case materials. Practical implications Not evaluating a pervasive control deficiency related to “tone at the top” as a material weakness seems to not fully align with relevant professional guidance and can possibly result in inaccurate internal information about the quality of internal controls. Furthermore, having an internal auditor’s evaluation of a process-specific internal control deficiency influenced by the party with primary influence over the internal audit function would not appear to align with relevant professional guidance. Finally, primary oversight by the audit committee of the internal auditors may lead to potential internal under-reporting of instances where the audit committee represents a material weakness in internal controls and, thus, possible communication of inaccurate internal control information. Originality/value This study is the first to address whether the party with primary influence over the internal audit function influences an internal auditor’s evaluation of internal control deficiencies.

Download Full-text

New perspective on the black box of internal auditing and organisational change

Managerial Auditing Journal ◽

10.1108/maj-07-2015-1220 ◽

2016 ◽

Vol 31 (8/9) ◽

pp. 804-820 ◽

Cited By ~ 5

Author(s):

Aviv Kidron ◽

Yuval Ofek ◽

Herztel Cohen

Keyword(s):

Public Sector ◽

Quantitative Methods ◽

Internal Audit ◽

Organisational Change ◽

Internal Auditing ◽

Content Type ◽

Internal Auditors ◽

The Public ◽

Innovative Model ◽

Audit Information

Purpose The shift from the traditional audit towards performance audit implies that internal auditors in the public sector function as change agents who underpin the fundamental change process. This paper aims to propose a model that identifies the determinants of organisational change in the public sector that result from internal auditing and the way internal auditors facilitate it. Design/methodology/approach The conceptual discussion of this paper is based on a review of relevant literature, both practical and academic. Findings This paper develops an innovative model that describes the factors leading to auditees’ change readiness after undergoing internal audit processes. The independent variable is audit information quality and the dependent variable, organisational change. Auditees’ perceptions is the mediator variable, and accessibility to audit information is the moderator variable. Practical implications The proposed model suggests the advantages that can be gained by audit-related services, which in turn will add value to the organisation. The relationships between the variables inform practitioners on how to support effective audits as a means of increasing performance and influencing organisational change. Originality/value As the paper offers an innovative model, it may open up new research areas in internal auditing that can be studied by using both qualitative and quantitative methods.

Download Full-text

Internal auditing and assurance of corporate social responsibility reports and disclosures: perspectives of some internal auditors in Ghana

Social Responsibility Journal ◽

10.1108/srj-09-2015-0134 ◽

2016 ◽

Vol 12 (4) ◽

pp. 706-718 ◽

Cited By ~ 4

Author(s):

Samuel Nana Yaw Simpson ◽

Francis Aboagye-Otchere ◽

Ruby Lovi

Keyword(s):

Corporate Social Responsibility ◽

Social Responsibility ◽

Internal Audit ◽

Structured Interview ◽

Research Approach ◽

Limited Information ◽

Content Type ◽

Internal Auditors ◽

Changing Roles ◽

Corporate Social

Purpose This study aims to examine the nature and extent of internal auditors’ (IAs) involvement in corporate social responsibility (CSR) assurance. It also ascertains the capacity building requirements to legitimise the role of IAs as a credible form of providing CSR assurance. Design/methodology/approach A qualitative research approach was adopted, where data were collected through semi-structured interview of IAs of companies in Ghana that produce CSR reports. Findings Findings suggest that companies appreciate the fact that the internal audit function could provide independent assurance on CSR reports. However, there is limited information on the nature and scope of the assurance procedures. Moreover, most IAs seem to lack the requisite knowledge and skills needed to effectively carry out CSR assurance engagements. These evidences suggest a relatively low level of reliance being placed on CSR assurance services provided internally. Research limitations/implications Findings are purely based on the perceptions of IAs. Future studies may include the views of those who appoint IAs (i.e. management). Practical implications Findings engender discussions on the need for IAs and regulators of IAs (e.g. the Institute of Internal Auditors), particularly those in developing countries to begin to conscientise practitioners on the changing roles of the IA in the areas of CSR and CSR assurance. Originality/value This study is one of the very few studies on CSR assurance from the perspective of IAs and it also based on evidence from an African context. Also, the study provides evidence on the need for a deliberate effort to equip internal audit practitioners to provide at least some minimal assurance on CSR disclosures and reports.

Download Full-text

Organizational identity, professional identity salience and internal auditors’ assessments of the severity of internal control concerns

Managerial Auditing Journal ◽

10.1108/maj-02-2020-2566 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Ian Burt ◽

Theresa Libby

Keyword(s):

Professional Identity ◽

Internal Control ◽

Organizational Identity ◽

Internal Audit ◽

Identity Salience ◽

Content Type ◽

Internal Auditors ◽

Internal Control Weaknesses ◽

The Impact ◽

Benefits And Costs

Purpose This paper aims to examine whether increasing the salience of the internal auditor’s professional identity, defined by the expectations of their professional group, increases internal auditors’ judgments of the severity of internal control concerns when their organizational identity is high. Design/methodology/approach This paper tests the hypothesis using a laboratory experiment with internal auditors as participants. Findings The results support the hypothesis that professional identity salience moderates the relation between organizational identity and the assessed severity of identified internal control weaknesses. Increasing the salience of professional identity results in a more severe assessment of identified internal control weaknesses when organizational identity is high than when it is low. Originality/value Prior research in the lab and in the field provides mixed results about the impact of organizational identity on internal auditors’ judgments of the severity of identified internal control concerns. This paper contributes to the discussion on this issue. In addition, the results have implications for the debate about the benefits and costs of in-house versus out-sourced internal audit functions.

Download Full-text