Metrics of internal audit effectiveness in banking sector

This article attempts to analyze the metrics of internal audit function effectiveness. The authors review and discuss the metrics perceived as most relevant and appropriate to the banking sector. The literature review is supported by an attempt to introduce an additional metric of the internal audit function effectiveness. The methodology adopted in this paper bases strongly on the qualitative approach. The article involves an analysis of available literature and own studies, as well as authors’ professional experience in auditing. The metrics of internal audit function effectiveness presented in modern studies strongly favor qualitative approach, focused on assessing the input, process and output of internal auditors, and most notably recommendations issued and their implementation by organizations’ management. The authors suggest supplementing the list of available metrics with an additional method, strongly connected to financial performance of the banks employing the internal audit function. This article introduces an additional possible way of measuring the effectiveness of the internal audit function. This metric can be considered by the banks and can be further empirically verified for appropriateness by entities from other industries, from both private and public sector.

Download Full-text

A qualitative analysis of the internal audit function in the banking sector

Banks and Bank Systems ◽

10.21511/bbs.11(4-1).2016.07 ◽

2016 ◽

Vol 11 (4) ◽

pp. 161-168 ◽

Cited By ~ 1

Author(s):

Rasoava Rijamampianina

Keyword(s):

Capital Markets ◽

Audit Committee ◽

Success Factors ◽

Banking Sector ◽

Global Financial Crisis ◽

Internal Audit ◽

Financial Sector ◽

Jel Classification ◽

Internal Auditors ◽

Internal Audit Function

In South Africa, the financial sector contributes approximately 10.5% to the country’s gross domestic product (GDP). Although the 2007-2009 global financial crisis did not directly impact the domestic market, it threatened the profitability of the financial sector and triggered changes that affected the role of the internal audit function. In particular, stakeholders’ expectations from the function have significantly increased. Against this background, the study seeks to identify the key success factors of performing internal audit reviews of capital markets business areas within the big four South African banks. For this purpose, in-depth interviews with experienced internal auditors, risk managers and traders were carried out. The study suggests several implications and recommendations for the risk management, internal audit and audit committee functions that can also be adopted by interested parties from non-financial institutions. Keywords: internal audit, value creation, skills, stakeholders, capital markets. JEL Classification: G31, M42

Download Full-text

External Auditors' Involvement in the Internal Audit Function's Work Plan and Subsequent Reliance Before and After a Negative Audit Discovery

Auditing A Journal of Practice & Theory ◽

10.2308/ajpt-51486 ◽

2016 ◽

Vol 35 (4) ◽

pp. 159-173 ◽

Cited By ~ 4

Author(s):

Byron J. Pike ◽

Lawrence Chui ◽

Kasey A. Martin ◽

Renee M. Olvera

Keyword(s):

Internal Control ◽

Internal Audit ◽

Internal Controls ◽

Professional Standards ◽

Data Availability ◽

Internal Auditors ◽

External Auditors ◽

Internal Audit Function ◽

Anchoring Bias ◽

Before And After

SUMMARY To reduce redundancies and increase efficiency in the evaluation of internal controls (PCAOB 2007, 402–403), professional standards encourage coordination between external auditors and their clients' internal audit function (IAF). Recent surveys of internal auditors find that a component of this coordination is external auditors' involvement in developing the IAF's audit plans. Nevertheless, it is not known how such involvement affects external auditors' reliance on the internal control test work of the IAF, either before or after a negative audit discovery. Based on an experiment with 107 experienced auditors, we find that external auditors involved in the development of the IAF's audit plan perceive the IAF as more objective and that both objectivity and involvement contribute to these auditors' placing more reliance on the IAF as compared to external auditors with no involvement. This initial reliance results in the involved auditors' proposing reductions to the audit budget and re-performing less of the IAF's work. Consistent with an anchoring bias, we find that involvement leads to external auditors' continuing to place greater reliance on the IAF's work, even after they become aware of a negative audit discovery that should not have occurred had the client's controls been effective. Data Availability: Data are available from the authors on request.

Download Full-text

Adherence to the Internal Audit Core Principles and Threats to Internal Audit Function Effectiveness

Auditing A Journal of Practice & Theory ◽

10.2308/ajpt-19-072 ◽

2021 ◽

Author(s):

Christopher G Calvin

Keyword(s):

Corporate Governance ◽

Future Development ◽

Internal Audit ◽

Internal Auditors ◽

The Core ◽

Body Of Knowledge ◽

Internal Audit Function ◽

Lower Likelihood ◽

Practitioner Survey ◽

The Impact

I investigate the impact that adherence to the Institute of Internal Auditors' Core Principles has on the likelihood that an internal auditor's effectiveness is threatened through pressure to modify valid audit findings. I use responses from the Institute of Internal Auditors' 2015 Common Body of Knowledge Practitioner Survey to show that higher adherence to the Core Principles by both internal audit staff and CAEs is associated with a lower likelihood of being pressured to modify audit findings. I also explore which of the ten Core Principles are dominant in explaining these associations to inform the future development of the internal audit profession. Finally, I investigate the sources of pressure to modify audit findings and explore the effect the Core Principles have in mitigating pressure from each source. My findings are relevant to the Institute of Internal Auditors, internal audit practitioners, and academics interested in internal audit or corporate governance.

Download Full-text

Fraud Reporting within an Organization and the Use of the Internal Audit Function as a Training Ground for Management

Behavioral Research in Accounting ◽

10.2308/bria-2020-015 ◽

2021 ◽

Author(s):

Alisa G. Brink ◽

C. Kevin Eller ◽

Karen Y. Green

Keyword(s):

Internal Audit ◽

Management Training ◽

Third Party ◽

Internal Auditors ◽

Internal Audit Function ◽

Management Accountants ◽

Reporting Behaviors ◽

Reporting Decisions ◽

Willingness To Report ◽

Sense Of Urgency

This study examines the effects of using the internal audit function as a management training ground (MTG) and fraud magnitude on internal fraud reporting decisions. Two experiments examine (1) internal auditors’ reporting behaviors, and (2) other employees’ willingness to report directly to internal audit. In the first experiment, experienced internal auditors indicate that the use of internal audit as a MTG may negatively impact fraud reporting likelihood by internal auditors to the Chief Audit Executive (CAE). Further, using the internal audit function as a MTG inhibits the sense of urgency internal auditors feel to report large fraudulent acts. The second experiment compares management accountants’ preferences for reporting to an anonymous third-party hotline versus reporting directly to internal audit. The results indicate a preference for the hotline that increases with a MTG. This preference is fully mediated by the perceived trustworthiness of internal audit, which is negatively impacted by a MTG.

Download Full-text

A versenyképesség és a társaságok belső ellenőrzése (Competitiveness and corporate internal audit)

Vezetéstudomány / Budapest Management Review ◽

10.14267/veztud.2012.11.02 ◽

2012 ◽

pp. 19-33

Author(s):

Mária Bordáné Rabóczki

Keyword(s):

Corporate Governance ◽

Audit Committee ◽

Supervisory Board ◽

Internal Audit ◽

Senior Management ◽

Internal Auditors ◽

Mutual Dependency ◽

Internal Audit Function ◽

External Auditor ◽

The Impact

A cikk a belső ellenőrzésnek a hatékony társaságirányításhoz való hozzájárulását és ennek a versenyképességre gyakorolt hatását vizsgálja. A belső ellenőrzés és a társaságirányítás kölcsönös összefüggésben áll egymással. Nemcsak a belső ellenőrzés hat a társaságirányításra, hanem a releváns társaságirányítási struktúrák, emberi kapcsolatok és magatartásformák jelentős hatást gyakorolnak a belső ellenőrzés színvonalára és hatékonyságára. A cikk ezért különös figyelmet szentel a belső ellenőröknek az igazgatósággal, az auditbizottsággal/felügyelőbizottsággal, a menedzsmenttel és a könyvvizsgálóval való kapcsolatainak vizsgálatára. Rávilágít a belső ellenőrzés legfőbb funkciójára, amely objektív bizonyosságot nyújt az igazgatóság és a felső vezetők számára a kockázatok azonosítására, kezelésére és elfogadható szintre történő csökkentésére szolgáló kontrollfolyamatok megfelelőségéről és hatékonyságáról. A bemutatott belső ellenőrzési modell azt a szemléletet közvetíti, hogy a belső ellenőrzés által nyújtott objektív bizonyosság megszerzése nemcsak a jogszabályoknak vagy az ajánlásoknak való megfelelés, hanem a társaságok versenyképessége szempontjából is kiemelkedő jelentőségű. _________ The purpose of this paper is to consider the contribution of internal audit to the sound corporate governance and the impact of that on the competitiveness of the companies. There is a mutual dependency between internal audit and corporate governance. Not only the internal audit has impact on the corporate governance but the relevant governance structures, relationships and behaviour influence the level and effectiveness of the internal audit. Therefore the present paper is highly concerned with the internal auditors` relationships with the board, audit committee/supervisory board, senior management and the external auditor. It highlights the internal audit function, that provides objective assurance to the board and senior management about the adequacy and effectiveness of the processes by which risks are identified, managed, controlled and mitigated to acceptable levels. The internal audit model demonstrated represents an approach, according to that getting objective assurance provided by internal audit is important not only to be in line with laws and recommendations but to facilitate the corporate competitiveness.

Download Full-text

Factors Affecting the Internal Audit Effectiveness: A Survey of the Polish Private and Public Sectors

Efficiency in Business and Economics - Springer Proceedings in Business and Economics ◽

10.1007/978-3-319-68285-3_1 ◽

2017 ◽

pp. 1-16 ◽

Cited By ~ 1

Author(s):

Piotr Bednarek

Keyword(s):

Internal Audit ◽

Factors Affecting ◽

Private And Public ◽

Public Sectors ◽

Audit Effectiveness

Download Full-text

Understanding the internal audit function in a digitalised business environment

Journal of Accounting & Organizational Change ◽

10.1108/jaoc-11-2019-0114 ◽

2020 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Nathanaël Betti ◽

Gerrit Sarens

Keyword(s):

Data Analytics ◽

New Technologies ◽

Internal Audit ◽

Business Environment ◽

Future Research ◽

The European Union ◽

Content Type ◽

Internal Auditors ◽

Internal Audit Function ◽

The Impact

Purpose This paper aims to gain an in-depth understanding of how the internal audit function evolves in an increasingly digitalised business environment. Design/methodology/approach This paper is based on 29 semi-structured interviews with members of management committees and internal auditors based in Belgium. Findings The analysis reveals that a digitalised business environment affects the internal audit function in three respects. First, it impacts its scope. The agility of the internal audit planning and the required digital knowledge are expected to increase and information technology (IT) risks gain importance, especially cybersecurity threats. Second, the demand for consulting activities performed by internal auditors is higher and third, digitalisation modifies the working practices of internal auditors in their day-to-day tasks. New technologies such as data analytics tools are being implemented progressively in internal audit departments and digital skills are considered a critical asset. Research limitations/implications This research was conducted in the European Union and gathers opinions of members of management committees and internal auditors. Future research could focus on other internal auditing stakeholders in other legal contexts. Practical implications The internal audit function needs to integrate IT and data analytics skills. In addition, the internal audit function should develop consulting activities to help organisations deal with the digitalisation of the business environment. Originality/value The impact of digitalisation on the internal audit function and its effect on internal audit practices is an underexplored area.

Download Full-text

Corporate governance and internal audit: an institutional theory perspective

Corporate Governance ◽

10.1108/cg-07-2019-0215 ◽

2019 ◽

Vol 20 (1) ◽

pp. 175-190 ◽

Cited By ~ 1

Author(s):

Christina Vadasi ◽

Michalis Bekiaris ◽

Andreas Andrikopoulos

Keyword(s):

Corporate Governance ◽

Institutional Theory ◽

Audit Committee ◽

Internal Audit ◽

Annual Reports ◽

Substantial Impact ◽

Content Type ◽

Internal Auditors ◽

The Impact ◽

Audit Effectiveness

Purpose This paper aims to explore internal audit effectiveness through its contribution to corporate governance. Namely, the authors attempt to investigate the impact of internal audit professionalization on internal audit’s contribution to corporate governance. Design/methodology/approach Using a research framework informed by institutional theory, the authors predict that internal audit’s contribution to corporate governance is associated with factors related to internal audit professionalization. To investigate the arguments, the authors combine data from a survey of 49 listed companies in the Athens Stock Exchange with publicly available information from annual reports. Findings Empirical results indicate that internal audit professionalization affects internal audit effectiveness, as internal audit’s contribution to corporate governance is improved for organizations where internal audit function complies with internal auditing standards and internal auditors hold professional certifications. The findings also suggest that internal audit’s contribution to corporate governance is shaped by some company-specific characteristics, namely, CEO duality and audit committee quality. Practical implications The results have implications for internal auditors who wish to increase the efficiency of their work, corporate governance mechanisms such as the board of directors and the audit committee, which can use the findings of this study to better respond to their responsibilities concerning internal audit and regulators who can also benefit to strengthen areas with substantial impact on internal audit’s contribution to corporate governance. Originality/value This paper contributes to the academic discussion on the role of internal audit in corporate governance and complements the work of other researchers in the field of internal audit professionalization. This study tries to fill a gap in the literature on the effect of internal audit professionalization elements on internal audit’s contribution to corporate governance.

Download Full-text

E-business internal audit: the elephant is still in the room!

Journal of Applied Accounting Research ◽

10.1108/jaar-10-2012-0072 ◽

2014 ◽

Vol 15 (1) ◽

pp. 43-63 ◽

Cited By ~ 1

Author(s):

Amr Kotb ◽

Alan Sangster ◽

David Henderson

Keyword(s):

Resistance To Change ◽

Internal Audit ◽

Business Environment ◽

Content Type ◽

Internal Auditors ◽

Internal Audit Function ◽

The Usa ◽

The Uk ◽

It Audit ◽

The Impact

Purpose – The purpose of this paper is to explore the impact of technological change on the internal audit practices and skills requirements for internal auditors in an e-business environment. Design/methodology/approach – Generalist internal auditors and specialist information technology (IT) internal auditors were surveyed online in ten countries, including the USA and the UK which, together, provided the majority of responses. Findings – The results suggest a need for advanced IT-audit techniques in conducting the internal audit function, thereby increasing IT audit skill demands on generalist internal auditors. However, the results show a low confidence among internal auditors about their IT training and a continuing reliance upon IT audit specialists, rather than their own training/retraining. Research limitations/implications – The responses obtained in this study provide insight into both the status quo of the internal audit function, and to the changes that are needed to prepare generalist internal auditors for work in an e-business environment and, while the scale of the study limits the extent to which the findings may be generalized, they are consistent with the literature concerning the changing business environment and with the literature on resistance to change, suggesting that the issues revealed should be of concern. Practical implications – The results reported in this paper are useful to internal auditing educators and regulators in their consideration of the skills needed by generalist internal auditors in e-business environment. Originality/value – This study sheds light on a significantly growing area which remains relatively unexplored in the auditing-related literature, e-business audit. The study provides empirical evidence on challenges facing internal auditors in an e-business environment, thereby serving as a wake-up call, to both internal auditors and the professional bodies representing them, to defend their jurisdictional space against rival professional groups.

Download Full-text

Factors associated with security/cybersecurity audit by internal audit function

Managerial Auditing Journal ◽

10.1108/maj-07-2017-1595 ◽

2018 ◽

Vol 33 (4) ◽

pp. 377-409 ◽

Cited By ~ 5

Author(s):

Md. Shariful Islam ◽

Nusrat Farah ◽

Thomas F. Stafford

Keyword(s):

Audit Committee ◽

Internal Audit ◽

Mixed Effect ◽

Content Type ◽

Internal Auditors ◽

Factors Associated ◽

Security Breaches ◽

Internal Audit Function ◽

Enterprise Risk

Purpose The purpose of the study is to explore the factors associated with the extent of security/cybersecurity audit by the internal audit function (IAF) of the firm. Specifically, the authors focused on whether IAF/CAE (certified audit executive [CAE]) characteristics, board involvement related to governance, role of the audit committee (or equivalent) and the chief risk officer (CRO) and IAF tasked with enterprise risk management (ERM) are associated with the extent to which the firm engages in security/cybersecurity audit. Design/methodology/approach For analysis, the paper uses responses of 970 CAEs as compiled in the Common Body of Knowledge database (CBOK, 2015) developed by the Institute of Internal Auditors Research Foundation (IIARF). Findings The results of the study suggest that the extent of security/cybersecurity audit by IAF is significantly and positively associated with IAF competence related to governance, risk and control. Board support regarding governance is also significant and positive. However, the Audit Committee (AC) or equivalent and the CRO role are not significant across the regions studied. Comprehensive risk assessment done by IAF and IAF quality have a significant and positive effect on security/cybersecurity audit. Unexpectedly, CAEs with security certification and IAFs tasked with ERM do not have a significant effect on security/cybersecurity audit; however, other certifications such as CISA or CPA have a marginal or mixed effect on the extent of security/cybersecurity audit. Originality/value This study is the first to describe IAF involvement in security/cybersecurity audit. It provides insights into the specific IAF/CAE characteristics and corporate governance characteristics that can lead IAF to contribute significantly to security/cybersecurity audit. The findings add to the results of prior studies on the IAF involvement in different IT-related aspects such as IT audit and XBRL implementation and on the role of the board and the audit committee (or its equivalent) in ERM and the detection and correction of security breaches.

Download Full-text