scholarly journals An Examination of Internal Audit Function Size: Evidence from U.S. Government and Nonprofit Sectors

2020 ◽  
Author(s):  
Sarah A. Garven ◽  
Audrey N. Scarlata
Keyword(s):  
Nonprofit Organizations ◽  
Internal Audit ◽  
Organizational Characteristics ◽  
Educational Institutions ◽  
Organization Size ◽  
Factors Associated ◽  
Small Organizations ◽  
Staffing Model ◽  
Internal Audit Function ◽  
To Receive

We examine factors associated with internal audit function (IAF) size in U.S. government and nonprofit (GNP) entities. Our results, based on responses from 345 GNP participants, indicate several factors related to organizational characteristics, IAF characteristics, IAF responsibilities, and information technology (IT) tools and audit activities that are associated with IAF size. Specifically, we find IAF size is positively associated with: (1) mandated IAFs, (2) activity related to audits of general IT risks, (3) use of a rotational staffing model, (4) degree of fraud detection responsibility, (5) conduct of performance audits, (6) extent of sophisticated audit technologies, (7) organization size, (8) opportunity to receive a bonus, and (9) age of the IAF. IAF size is negatively related to (1) extent of access to records and property appropriate for the performance of audits, (2) nonprofit organizations, (3) healthcare institutions, and (4) educational institutions. Additional analysis reveals variation between large and small organizations.

Factors associated with security/cybersecurity audit by internal audit function

2018 ◽  
Vol 33 (4) ◽  
pp. 377-409 ◽  
Author(s):  
Md. Shariful Islam ◽  
Nusrat Farah ◽  
Thomas F. Stafford
Keyword(s):  
Audit Committee ◽  
Internal Audit ◽  
Mixed Effect ◽  
Content Type ◽  
Internal Auditors ◽  
Factors Associated ◽  
Security Breaches ◽  
Internal Audit Function ◽  
Enterprise Risk

Purpose The purpose of the study is to explore the factors associated with the extent of security/cybersecurity audit by the internal audit function (IAF) of the firm. Specifically, the authors focused on whether IAF/CAE (certified audit executive [CAE]) characteristics, board involvement related to governance, role of the audit committee (or equivalent) and the chief risk officer (CRO) and IAF tasked with enterprise risk management (ERM) are associated with the extent to which the firm engages in security/cybersecurity audit. Design/methodology/approach For analysis, the paper uses responses of 970 CAEs as compiled in the Common Body of Knowledge database (CBOK, 2015) developed by the Institute of Internal Auditors Research Foundation (IIARF). Findings The results of the study suggest that the extent of security/cybersecurity audit by IAF is significantly and positively associated with IAF competence related to governance, risk and control. Board support regarding governance is also significant and positive. However, the Audit Committee (AC) or equivalent and the CRO role are not significant across the regions studied. Comprehensive risk assessment done by IAF and IAF quality have a significant and positive effect on security/cybersecurity audit. Unexpectedly, CAEs with security certification and IAFs tasked with ERM do not have a significant effect on security/cybersecurity audit; however, other certifications such as CISA or CPA have a marginal or mixed effect on the extent of security/cybersecurity audit. Originality/value This study is the first to describe IAF involvement in security/cybersecurity audit. It provides insights into the specific IAF/CAE characteristics and corporate governance characteristics that can lead IAF to contribute significantly to security/cybersecurity audit. The findings add to the results of prior studies on the IAF involvement in different IT-related aspects such as IT audit and XBRL implementation and on the role of the board and the audit committee (or its equivalent) in ERM and the detection and correction of security breaches.

scholarly journals Audit Internal Universitas X: Suatu Refleksi

2017 ◽  
Vol 20 (1) ◽  
pp. 23
Author(s):  
David Adechandra Ashedica Pesudo ◽  
Marwata Marwata ◽  
Gustin Tanggulungan
Keyword(s):  
Nonprofit Organizations ◽  
Organizational Context ◽  
Internal Audit ◽  
Private University ◽  
Research Strategy ◽  
Sufficient Information ◽  
Study Approach ◽  
Internal Audit Function ◽  
Management Commitment ◽  
Top Management Commitment

<p><em>The purpose of this study is to provide empirical evidence on the dynamics of the operation of internal audit function at a private university by describing various factors that influence the operation of internal audit function in universities. More specifically, this study describes the conditions of various factors that influence the effectiveness of internal audit function in nonprofit organizations identified by Ahmad et al., (2009) in a specific organizational context of a private university. We use a qualitative case study approach as our research strategy and analysis. We generate our research data by conducting in-depth interviews with various informants who have sufficient information on the internal audit activities at our case. Our study shows that the dynamics of the operation of internal audit function is affected by various supporting factors, namely the number of internal audit staff, cooperation from auditee, competence/ knowledge of audit techniques, follow-up actions of audit findings, recommendations of auditees/ management, and audit experience. We also identify some factors that do not support the dynamics of the operation of internal audit function, namely top management commitment, training, independence, organizational changes in the internal audit division, auditees’ perception on internal audit function, and human resources.</em></p><p><em><br /></em></p><p align="center"><strong>Abstrak</strong></p><p align="center"><strong> </strong></p><p><em>Penelitian ini bertujuan untuk menyediakan bukti empiris tentang dinamika beroperasinya fungsi audit internal dalam sebuah universitas swasta dengan mendeskripsikan berbagai faktor yang mempengaruhi keefektifan fungsi audit internal di sebuah universitas. Secara khusus, studi ini mendeskripsikan kondisi berbagai faktor yang mempengaruhi keefektifan fungsi audit internal dalam organisasi nirlaba yang diidentifikasi oleh Ahmad <em>et al</em>.., (2009) dalam suatu konteks organisasi sebuah universitas swasta. Studi ini menggunakan strategi penelitian studi kasus dengan menggunakan pendekatan kualitatif untuk menganalisis data. Wawancara mendalam dengan berbagai pihak yang memiliki pengetahuan tentang kegiatan audit internal di universitas yang menjadi studi kasus menjadi sumber utama data untuk studi ini.  Penelitian ini menunjukkan bahwa dinamika beroperasinya fungsi audit internal universitas swasta yang menjadi studi kasus dipengaruhi oleh berbagai faktor. Beroperasinya fungsi audit internal di organisasi dipengaruhi oleh sejumlah faktor yang bersifat mendukung  yaitu jumlah staf audit internal, kerjasama dari <em>auditee</em>, kompetensi/pengetahuan tentang teknik audit, tindakan pada temuan audit dan rekomendasi oleh <em>auditee</em>/manajemen, dan pengalaman audit. Sementara itu, sejumlah faktor bersifat tidak mendukung  bagi beroperasinya fungsi audit internal, yaitu komitmen dari manajemen puncak, pelatihan, independensi, perubahan dalam organisasi divisi audit internal, persepsi dari <em>auditee</em> terhadap fungsi audit internal, dan sumber daya.<br /></em></p>

A Post-SOX Examination of Factors Associated with the Size of Internal Audit Functions

2012 ◽  
Vol 26 (2) ◽  
pp. 167-191 ◽  
Author(s):  
Urton L. Anderson ◽  
Margaret H. Christ ◽  
Karla M. Johnstone ◽  
Larry E. Rittenberg
Keyword(s):  
Leadership Development ◽  
Audit Committee ◽  
Internal Audit ◽  
Data Availability ◽  
Private Companies ◽  
Public And Private ◽  
Internal Auditors ◽  
Factors Associated ◽  
Internal Audit Function ◽  
Prior Literature

SYNOPSIS This study develops and tests a conceptual model articulating factors associated with internal audit function size in the post-SOX era. These factors include audit committee characteristics, internal audit characteristics and mission, internal audit activities performed by others (including outsourced providers and other divisions within the organization), and organization characteristics. Results from a survey of 173 public and private companies reveal that internal audit function size is positively associated with: (1) better audit committee governance, (2) greater organizational experience of the chief audit executive, (3) missions involving IT auditing, (4) the use of sophisticated audit technologies, (5) the use of a staffing model in which internal audit is used for rotational leadership development, (6) organization size, and (7) the number of foreign subsidiaries that the organization possesses. Further, internal audit function size is inversely associated with: (1) the percentage of internal audit employees that are Certified Internal Auditors, and (2) the extent of assurance and compliance activities outsourced to outsiders. These results contribute to prior literature on internal audit function size by considering a variety of factors that are associated with internal audit function size in the contemporary era. Data Availability: Contact the authors.

Sign in / Sign up

Export Citation Format

Share Document