A Descriptive Study of Factors Associated with the Internal Audit Function Having an Impact: Comparisons between Organizations in a Developed and an Emerging Economy

2011 ◽  
Author(s):  
Audrey A. Gramling ◽  
Irem Nuhoglu ◽  
David A. Wood
Keyword(s):  
Internal Audit ◽  
Descriptive Study ◽  
Emerging Economy ◽  
Factors Associated ◽  
Internal Audit Function

Factors associated with security/cybersecurity audit by internal audit function

2018 ◽  
Vol 33 (4) ◽  
pp. 377-409 ◽  
Author(s):  
Md. Shariful Islam ◽  
Nusrat Farah ◽  
Thomas F. Stafford
Keyword(s):  
Audit Committee ◽  
Internal Audit ◽  
Mixed Effect ◽  
Content Type ◽  
Internal Auditors ◽  
Factors Associated ◽  
Security Breaches ◽  
Internal Audit Function ◽  
Enterprise Risk

Purpose The purpose of the study is to explore the factors associated with the extent of security/cybersecurity audit by the internal audit function (IAF) of the firm. Specifically, the authors focused on whether IAF/CAE (certified audit executive [CAE]) characteristics, board involvement related to governance, role of the audit committee (or equivalent) and the chief risk officer (CRO) and IAF tasked with enterprise risk management (ERM) are associated with the extent to which the firm engages in security/cybersecurity audit. Design/methodology/approach For analysis, the paper uses responses of 970 CAEs as compiled in the Common Body of Knowledge database (CBOK, 2015) developed by the Institute of Internal Auditors Research Foundation (IIARF). Findings The results of the study suggest that the extent of security/cybersecurity audit by IAF is significantly and positively associated with IAF competence related to governance, risk and control. Board support regarding governance is also significant and positive. However, the Audit Committee (AC) or equivalent and the CRO role are not significant across the regions studied. Comprehensive risk assessment done by IAF and IAF quality have a significant and positive effect on security/cybersecurity audit. Unexpectedly, CAEs with security certification and IAFs tasked with ERM do not have a significant effect on security/cybersecurity audit; however, other certifications such as CISA or CPA have a marginal or mixed effect on the extent of security/cybersecurity audit. Originality/value This study is the first to describe IAF involvement in security/cybersecurity audit. It provides insights into the specific IAF/CAE characteristics and corporate governance characteristics that can lead IAF to contribute significantly to security/cybersecurity audit. The findings add to the results of prior studies on the IAF involvement in different IT-related aspects such as IT audit and XBRL implementation and on the role of the board and the audit committee (or its equivalent) in ERM and the detection and correction of security breaches.

A Post-SOX Examination of Factors Associated with the Size of Internal Audit Functions

2012 ◽  
Vol 26 (2) ◽  
pp. 167-191 ◽  
Author(s):  
Urton L. Anderson ◽  
Margaret H. Christ ◽  
Karla M. Johnstone ◽  
Larry E. Rittenberg
Keyword(s):  
Leadership Development ◽  
Audit Committee ◽  
Internal Audit ◽  
Data Availability ◽  
Private Companies ◽  
Public And Private ◽  
Internal Auditors ◽  
Factors Associated ◽  
Internal Audit Function ◽  
Prior Literature

SYNOPSIS This study develops and tests a conceptual model articulating factors associated with internal audit function size in the post-SOX era. These factors include audit committee characteristics, internal audit characteristics and mission, internal audit activities performed by others (including outsourced providers and other divisions within the organization), and organization characteristics. Results from a survey of 173 public and private companies reveal that internal audit function size is positively associated with: (1) better audit committee governance, (2) greater organizational experience of the chief audit executive, (3) missions involving IT auditing, (4) the use of sophisticated audit technologies, (5) the use of a staffing model in which internal audit is used for rotational leadership development, (6) organization size, and (7) the number of foreign subsidiaries that the organization possesses. Further, internal audit function size is inversely associated with: (1) the percentage of internal audit employees that are Certified Internal Auditors, and (2) the extent of assurance and compliance activities outsourced to outsiders. These results contribute to prior literature on internal audit function size by considering a variety of factors that are associated with internal audit function size in the contemporary era. Data Availability: Contact the authors.

scholarly journals An Examination of Internal Audit Function Size: Evidence from U.S. Government and Nonprofit Sectors

2020 ◽  
Author(s):  
Sarah A. Garven ◽  
Audrey N. Scarlata
Keyword(s):  
Nonprofit Organizations ◽  
Internal Audit ◽  
Organizational Characteristics ◽  
Educational Institutions ◽  
Organization Size ◽  
Factors Associated ◽  
Small Organizations ◽  
Staffing Model ◽  
Internal Audit Function ◽  
To Receive

We examine factors associated with internal audit function (IAF) size in U.S. government and nonprofit (GNP) entities. Our results, based on responses from 345 GNP participants, indicate several factors related to organizational characteristics, IAF characteristics, IAF responsibilities, and information technology (IT) tools and audit activities that are associated with IAF size. Specifically, we find IAF size is positively associated with: (1) mandated IAFs, (2) activity related to audits of general IT risks, (3) use of a rotational staffing model, (4) degree of fraud detection responsibility, (5) conduct of performance audits, (6) extent of sophisticated audit technologies, (7) organization size, (8) opportunity to receive a bonus, and (9) age of the IAF. IAF size is negatively related to (1) extent of access to records and property appropriate for the performance of audits, (2) nonprofit organizations, (3) healthcare institutions, and (4) educational institutions. Additional analysis reveals variation between large and small organizations.

Factors Associated with U.S. Public Companies' Investment in Internal Auditing

2005 ◽  
Vol 19 (2) ◽  
pp. 69-84 ◽  
Author(s):  
Joseph V. Carcello ◽  
Dana R. Hermanson ◽  
K. Raghunandan
Keyword(s):  
Audit Committee ◽  
Internal Audit ◽  
Cash Flows ◽  
Financial Service ◽  
Company Size ◽  
Internal Auditing ◽  
Public Companies ◽  
Ability To Pay ◽  
Factors Associated ◽  
Operating Cash Flows

Internal auditing has been the focus of much attention in recent years. This study examines factors associated with U.S. public companies' investment in internal auditing. Data from a survey administered to Chief Audit Executives of midsized U.S. public companies were supplemented with publicly available data. Based on data from 217 companies, the results indicate that total internal audit budgets (inhouse plus outsourced portions) are related to several factors associated with company risk, ability to pay for monitoring, and auditing characteristics. Specifically, we find evidence that internal audit budgets are positively related to company size, leverage, financial, service, and utility industries, relative amount of inventory, operating cash flows, and audit committee review of the internal audit budget. Total internal audit budgets are negatively related to the percentage of internal auditing that is outsourced. This study contributes to our understanding of internal audit services, and it allows companies to benchmark their investment in internal auditing.

Sign in / Sign up

Export Citation Format

Share Document