Internal Audit in the Federal Government Organizations of Malaysia: The Good, The Bad and The Very Ugly?

Theoretically, the internal audit function exists to help members of an organization to improve the performance of their activities. But the findings from in-depth interviews conducted in the middle of 2004 with internal auditors from a total of 40 federal government ministries, departments and agencies in Malaysia revealed a number of serious shortcomings that far outweigh the few virtues identified during these interviews. These shortcomings are that many internal audit units face staff shortages, and staff lacking in internal audit competence. In addition, a majority of the audit units, most of which operate in outdated audit modes, have failed to get the right level of support and assistance from the Treasury and other parties. Worse, their effectiveness and efficiency are further threatened by the high-handed actions of the National Audit Department which shifts its cadre staff in and out of the internal audit units at will. Despite all these problems, these internal auditors are quite optimistic about the future of internal audit in Malaysia. But, according to the politics of accountability theory and the fact that Malaysian social context is replete with cases of the lack of transparency and public accountability from its major actors, the internal audit’s future does appear bleak. Keywords - internal audit, federal government organizations, indepth interviews, Malaysia

Download Full-text

Internal Audit in the Statutory Bodies and Government-linked Companies of Malaysia: The Never Ending Saga!

Journal of Public Administration and Governance ◽

10.5296/jpag.v1i2.1502 ◽

2011 ◽

Vol 1 (2) ◽

pp. 256 ◽

Cited By ~ 1

Author(s):

Azham Md. Ali ◽

Ram Al Jaffri Saad, Aryati Juliana Suleman, Ahmad Zamil Abd Khalid ◽

Juergen Dieter Gloeck

Keyword(s):

Federal Government ◽

Local Governments ◽

Internal Audit ◽

Peninsular Malaysia ◽

The State ◽

Internal Auditors ◽

The Public ◽

Internal Audit Function ◽

The Face ◽

State And Local

This paper is part of the third and final study conducted on the state of internal audit in the public sector of Malaysia. The first study was concerned with the internal audit operations in the state and local governments found in Peninsular Malaysia (Azham et al 2007a), while the second study was concerned with internal audit in the nation’s federal government ministries, departments and agencies (Azham et al 2007b). This third study covers 47 organizations at the federal government level, comprising 27 statutory bodies and 20 government-linked companies. From the face-to-face interviews conducted with internal auditors over the three year period 2005 to 2007, several notable audit features emerged as common to all 47 organizations. Some are depressing, while a few others are encouraging. All in all, however, the internal audit function in a majority of the organizations still leaves much to be desired. Also, it is notable that these findings are very much like those of the previous two internal audit studies (Azham et al 2007a; 2007b), and to make sense of the dismal state of the internal audit function in the public organizations, there is perhaps a need to look at the bigger context within which the internal audit function is found.

Download Full-text

The Risk-based Role of Internal Audit within Albania, Public Organizations

International Journal of Business & Technology ◽

10.33107/ijbte.2012.1.1.02 ◽

2012 ◽

Vol 1 (1) ◽

pp. 11-19

Author(s):

Holtjana Bello ◽

Vjollca Karapici

Keyword(s):

Risk Management ◽

Public Sector ◽

Internal Control ◽

Internal Audit ◽

Management Control ◽

Main Question ◽

Internal Auditors ◽

Government Organizations ◽

Internal Audit Function

The aspiration of Albania for European integration has added mandatory requirements for public sector to modernize the internal audit function in adherence with International Internal Auditing Standards. According to such Standards supported by Picket (2005) and CIPFA (2003) the internal audit is an assurance function that provides independent opinion on the effectiveness of internal controls that support the achievement of the organizations objectives. Internal auditors can provide consultancy service, in particular to aid management to improve the organization control environment. Meanwhile, Diamond (2002) explains that the internal audit role, remit, scope and activities are driven by the macroeconomic objectives and political stabilization. For those countries with governance problems the first objective is to ensure compliance with financial laws and regulations. Therefore, the most suitable approach for the internal audit is the compliance auditing to attain macroeconomic stabilization objectives. Therefore, the main question around which this paper is based is whether the public sector in Albania is ready to adopt the modern model of internal audit moving beyond the traditional compliance and financial remit to comply with recognized International Internal Audit Standards. This paper finds that although changes in Albanian normative framework since 2007, internal audit within government organizations are still adopting traditional approach of internal audit involving financial inspections rather than performance auditing activities aiming to provide opinion on risk management, control and governance. This paper analyzes that the embryonic risk culture of Albanian public sector, the lack of skilled internal audit resources and a little understanding of both managers and internal auditors with regard to the contribution of internal audit in risk management and corporate governance system aimed at achieving the government organizations objectives are the main reasons why the risk based model and consultancy role of internal auditors is not yet applied. Therefore, this paper recommends the internal auditors to perform additional consultancy tasks to enhance the internal control system and build the risk management methodologies and structures due to the management lack of knowledge. As soon as the organizations become risk mature the internal auditors can provide assurance appraisal service based on risks. The Practice Advisory Standard 1000 recommends principles which should be used as guidance for regulatory framework of internal audit function within Albania, public sector, guiding internal auditors in order for them to maintain their independence, objectivity and due professional care while conducting consulting service.

Download Full-text

External Auditors' Involvement in the Internal Audit Function's Work Plan and Subsequent Reliance Before and After a Negative Audit Discovery

Auditing A Journal of Practice & Theory ◽

10.2308/ajpt-51486 ◽

2016 ◽

Vol 35 (4) ◽

pp. 159-173 ◽

Cited By ~ 4

Author(s):

Byron J. Pike ◽

Lawrence Chui ◽

Kasey A. Martin ◽

Renee M. Olvera

Keyword(s):

Internal Control ◽

Internal Audit ◽

Internal Controls ◽

Professional Standards ◽

Data Availability ◽

Internal Auditors ◽

External Auditors ◽

Internal Audit Function ◽

Anchoring Bias ◽

Before And After

SUMMARY To reduce redundancies and increase efficiency in the evaluation of internal controls (PCAOB 2007, 402–403), professional standards encourage coordination between external auditors and their clients' internal audit function (IAF). Recent surveys of internal auditors find that a component of this coordination is external auditors' involvement in developing the IAF's audit plans. Nevertheless, it is not known how such involvement affects external auditors' reliance on the internal control test work of the IAF, either before or after a negative audit discovery. Based on an experiment with 107 experienced auditors, we find that external auditors involved in the development of the IAF's audit plan perceive the IAF as more objective and that both objectivity and involvement contribute to these auditors' placing more reliance on the IAF as compared to external auditors with no involvement. This initial reliance results in the involved auditors' proposing reductions to the audit budget and re-performing less of the IAF's work. Consistent with an anchoring bias, we find that involvement leads to external auditors' continuing to place greater reliance on the IAF's work, even after they become aware of a negative audit discovery that should not have occurred had the client's controls been effective. Data Availability: Data are available from the authors on request.

Download Full-text

Adherence to the Internal Audit Core Principles and Threats to Internal Audit Function Effectiveness

Auditing A Journal of Practice & Theory ◽

10.2308/ajpt-19-072 ◽

2021 ◽

Author(s):

Christopher G Calvin

Keyword(s):

Corporate Governance ◽

Future Development ◽

Internal Audit ◽

Internal Auditors ◽

The Core ◽

Body Of Knowledge ◽

Internal Audit Function ◽

Lower Likelihood ◽

Practitioner Survey ◽

The Impact

I investigate the impact that adherence to the Institute of Internal Auditors' Core Principles has on the likelihood that an internal auditor's effectiveness is threatened through pressure to modify valid audit findings. I use responses from the Institute of Internal Auditors' 2015 Common Body of Knowledge Practitioner Survey to show that higher adherence to the Core Principles by both internal audit staff and CAEs is associated with a lower likelihood of being pressured to modify audit findings. I also explore which of the ten Core Principles are dominant in explaining these associations to inform the future development of the internal audit profession. Finally, I investigate the sources of pressure to modify audit findings and explore the effect the Core Principles have in mitigating pressure from each source. My findings are relevant to the Institute of Internal Auditors, internal audit practitioners, and academics interested in internal audit or corporate governance.

Download Full-text

Fraud Reporting within an Organization and the Use of the Internal Audit Function as a Training Ground for Management

Behavioral Research in Accounting ◽

10.2308/bria-2020-015 ◽

2021 ◽

Author(s):

Alisa G. Brink ◽

C. Kevin Eller ◽

Karen Y. Green

Keyword(s):

Internal Audit ◽

Management Training ◽

Third Party ◽

Internal Auditors ◽

Internal Audit Function ◽

Management Accountants ◽

Reporting Behaviors ◽

Reporting Decisions ◽

Willingness To Report ◽

Sense Of Urgency

This study examines the effects of using the internal audit function as a management training ground (MTG) and fraud magnitude on internal fraud reporting decisions. Two experiments examine (1) internal auditors’ reporting behaviors, and (2) other employees’ willingness to report directly to internal audit. In the first experiment, experienced internal auditors indicate that the use of internal audit as a MTG may negatively impact fraud reporting likelihood by internal auditors to the Chief Audit Executive (CAE). Further, using the internal audit function as a MTG inhibits the sense of urgency internal auditors feel to report large fraudulent acts. The second experiment compares management accountants’ preferences for reporting to an anonymous third-party hotline versus reporting directly to internal audit. The results indicate a preference for the hotline that increases with a MTG. This preference is fully mediated by the perceived trustworthiness of internal audit, which is negatively impacted by a MTG.

Download Full-text

A versenyképesség és a társaságok belső ellenőrzése (Competitiveness and corporate internal audit)

Vezetéstudomány / Budapest Management Review ◽

10.14267/veztud.2012.11.02 ◽

2012 ◽

pp. 19-33

Author(s):

Mária Bordáné Rabóczki

Keyword(s):

Corporate Governance ◽

Audit Committee ◽

Supervisory Board ◽

Internal Audit ◽

Senior Management ◽

Internal Auditors ◽

Mutual Dependency ◽

Internal Audit Function ◽

External Auditor ◽

The Impact

A cikk a belső ellenőrzésnek a hatékony társaságirányításhoz való hozzájárulását és ennek a versenyképességre gyakorolt hatását vizsgálja. A belső ellenőrzés és a társaságirányítás kölcsönös összefüggésben áll egymással. Nemcsak a belső ellenőrzés hat a társaságirányításra, hanem a releváns társaságirányítási struktúrák, emberi kapcsolatok és magatartásformák jelentős hatást gyakorolnak a belső ellenőrzés színvonalára és hatékonyságára. A cikk ezért különös figyelmet szentel a belső ellenőröknek az igazgatósággal, az auditbizottsággal/felügyelőbizottsággal, a menedzsmenttel és a könyvvizsgálóval való kapcsolatainak vizsgálatára. Rávilágít a belső ellenőrzés legfőbb funkciójára, amely objektív bizonyosságot nyújt az igazgatóság és a felső vezetők számára a kockázatok azonosítására, kezelésére és elfogadható szintre történő csökkentésére szolgáló kontrollfolyamatok megfelelőségéről és hatékonyságáról. A bemutatott belső ellenőrzési modell azt a szemléletet közvetíti, hogy a belső ellenőrzés által nyújtott objektív bizonyosság megszerzése nemcsak a jogszabályoknak vagy az ajánlásoknak való megfelelés, hanem a társaságok versenyképessége szempontjából is kiemelkedő jelentőségű. _________ The purpose of this paper is to consider the contribution of internal audit to the sound corporate governance and the impact of that on the competitiveness of the companies. There is a mutual dependency between internal audit and corporate governance. Not only the internal audit has impact on the corporate governance but the relevant governance structures, relationships and behaviour influence the level and effectiveness of the internal audit. Therefore the present paper is highly concerned with the internal auditors` relationships with the board, audit committee/supervisory board, senior management and the external auditor. It highlights the internal audit function, that provides objective assurance to the board and senior management about the adequacy and effectiveness of the processes by which risks are identified, managed, controlled and mitigated to acceptable levels. The internal audit model demonstrated represents an approach, according to that getting objective assurance provided by internal audit is important not only to be in line with laws and recommendations but to facilitate the corporate competitiveness.

Download Full-text

Understanding the internal audit function in a digitalised business environment

Journal of Accounting & Organizational Change ◽

10.1108/jaoc-11-2019-0114 ◽

2020 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Nathanaël Betti ◽

Gerrit Sarens

Keyword(s):

Data Analytics ◽

New Technologies ◽

Internal Audit ◽

Business Environment ◽

Future Research ◽

The European Union ◽

Content Type ◽

Internal Auditors ◽

Internal Audit Function ◽

The Impact

Purpose This paper aims to gain an in-depth understanding of how the internal audit function evolves in an increasingly digitalised business environment. Design/methodology/approach This paper is based on 29 semi-structured interviews with members of management committees and internal auditors based in Belgium. Findings The analysis reveals that a digitalised business environment affects the internal audit function in three respects. First, it impacts its scope. The agility of the internal audit planning and the required digital knowledge are expected to increase and information technology (IT) risks gain importance, especially cybersecurity threats. Second, the demand for consulting activities performed by internal auditors is higher and third, digitalisation modifies the working practices of internal auditors in their day-to-day tasks. New technologies such as data analytics tools are being implemented progressively in internal audit departments and digital skills are considered a critical asset. Research limitations/implications This research was conducted in the European Union and gathers opinions of members of management committees and internal auditors. Future research could focus on other internal auditing stakeholders in other legal contexts. Practical implications The internal audit function needs to integrate IT and data analytics skills. In addition, the internal audit function should develop consulting activities to help organisations deal with the digitalisation of the business environment. Originality/value The impact of digitalisation on the internal audit function and its effect on internal audit practices is an underexplored area.

Download Full-text

E-business internal audit: the elephant is still in the room!

Journal of Applied Accounting Research ◽

10.1108/jaar-10-2012-0072 ◽

2014 ◽

Vol 15 (1) ◽

pp. 43-63 ◽

Cited By ~ 1

Author(s):

Amr Kotb ◽

Alan Sangster ◽

David Henderson

Keyword(s):

Resistance To Change ◽

Internal Audit ◽

Business Environment ◽

Content Type ◽

Internal Auditors ◽

Internal Audit Function ◽

The Usa ◽

The Uk ◽

It Audit ◽

The Impact

Purpose – The purpose of this paper is to explore the impact of technological change on the internal audit practices and skills requirements for internal auditors in an e-business environment. Design/methodology/approach – Generalist internal auditors and specialist information technology (IT) internal auditors were surveyed online in ten countries, including the USA and the UK which, together, provided the majority of responses. Findings – The results suggest a need for advanced IT-audit techniques in conducting the internal audit function, thereby increasing IT audit skill demands on generalist internal auditors. However, the results show a low confidence among internal auditors about their IT training and a continuing reliance upon IT audit specialists, rather than their own training/retraining. Research limitations/implications – The responses obtained in this study provide insight into both the status quo of the internal audit function, and to the changes that are needed to prepare generalist internal auditors for work in an e-business environment and, while the scale of the study limits the extent to which the findings may be generalized, they are consistent with the literature concerning the changing business environment and with the literature on resistance to change, suggesting that the issues revealed should be of concern. Practical implications – The results reported in this paper are useful to internal auditing educators and regulators in their consideration of the skills needed by generalist internal auditors in e-business environment. Originality/value – This study sheds light on a significantly growing area which remains relatively unexplored in the auditing-related literature, e-business audit. The study provides empirical evidence on challenges facing internal auditors in an e-business environment, thereby serving as a wake-up call, to both internal auditors and the professional bodies representing them, to defend their jurisdictional space against rival professional groups.

Download Full-text

Factors associated with security/cybersecurity audit by internal audit function

Managerial Auditing Journal ◽

10.1108/maj-07-2017-1595 ◽

2018 ◽

Vol 33 (4) ◽

pp. 377-409 ◽

Cited By ~ 5

Author(s):

Md. Shariful Islam ◽

Nusrat Farah ◽

Thomas F. Stafford

Keyword(s):

Audit Committee ◽

Internal Audit ◽

Mixed Effect ◽

Content Type ◽

Internal Auditors ◽

Factors Associated ◽

Security Breaches ◽

Internal Audit Function ◽

Enterprise Risk

Purpose The purpose of the study is to explore the factors associated with the extent of security/cybersecurity audit by the internal audit function (IAF) of the firm. Specifically, the authors focused on whether IAF/CAE (certified audit executive [CAE]) characteristics, board involvement related to governance, role of the audit committee (or equivalent) and the chief risk officer (CRO) and IAF tasked with enterprise risk management (ERM) are associated with the extent to which the firm engages in security/cybersecurity audit. Design/methodology/approach For analysis, the paper uses responses of 970 CAEs as compiled in the Common Body of Knowledge database (CBOK, 2015) developed by the Institute of Internal Auditors Research Foundation (IIARF). Findings The results of the study suggest that the extent of security/cybersecurity audit by IAF is significantly and positively associated with IAF competence related to governance, risk and control. Board support regarding governance is also significant and positive. However, the Audit Committee (AC) or equivalent and the CRO role are not significant across the regions studied. Comprehensive risk assessment done by IAF and IAF quality have a significant and positive effect on security/cybersecurity audit. Unexpectedly, CAEs with security certification and IAFs tasked with ERM do not have a significant effect on security/cybersecurity audit; however, other certifications such as CISA or CPA have a marginal or mixed effect on the extent of security/cybersecurity audit. Originality/value This study is the first to describe IAF involvement in security/cybersecurity audit. It provides insights into the specific IAF/CAE characteristics and corporate governance characteristics that can lead IAF to contribute significantly to security/cybersecurity audit. The findings add to the results of prior studies on the IAF involvement in different IT-related aspects such as IT audit and XBRL implementation and on the role of the board and the audit committee (or its equivalent) in ERM and the detection and correction of security breaches.

Download Full-text

Internal audit function, audit committee effectiveness and accountability in the Ugandan statutory corporations

Journal of Financial Reporting and Accounting ◽

10.1108/jfra-07-2016-0062 ◽

2018 ◽

Vol 16 (1) ◽

pp. 138-157 ◽

Cited By ~ 12

Author(s):

Juma Bananuka ◽

Stephen Korutaro Nkundabanyanga ◽

Irene Nalukenge ◽

Twaha Kaawaase

Keyword(s):

Audit Committee ◽

Sampling Error ◽

Internal Audit ◽

Hierarchical Regression ◽

Cross Sectional ◽

Content Type ◽

Internal Auditors ◽

Internal Audit Function ◽

Correlational Data ◽

Finance Officers

Purpose The purpose of this study is to investigate the contribution of internal audit function and audit committee effectiveness on accountability in statutory corporations (SCs). Design/methodology/approach This study is cross sectional and correlational. Data have been collected through a questionnaire survey of 52 SCs in Uganda through their Chief Internal Auditors and Chief Finance Officers. Data have been analysed using Statistical Package for Social Sciences. Findings The internal audit function significantly contributes to accountability of SCs in Uganda and audit committee effectiveness is not where effective internal audit is present in such organisations. However, audit committee effectiveness significantly contributes to accountability when an internal audit function is not present. Research limitations/implications The use of hierarchical regression is prone to problems associated with sampling error. However, the likelihood of these problems is mitigated by the interface with data. Originality/value Whereas hitherto both internal audit function and audit committee effectiveness had been viewed as explanations of accountability, this study only confirms the internal audit function as a significant predictor of SCs’ accountability relative to audit committee effectiveness.

Download Full-text