Auditing Section Research Summaries Space

A Database of Auditing Research - Building Bridges with Practice

This is a public Custom Hive  public

Posts

  • The Auditing Section
    Internal Audit Reporting Lines, Fraud Risk Decomposition,...
    research summary posted May 4, 2012 by The Auditing Section, tagged 06.0 Risk and Risk Management, Including Fraud Risk, 06.01 Fraud Risk Assessment, 08.0 Auditing Procedures – Nature, Timing and Extent, 08.11 Reliance on Internal Auditors, 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting 
    Title:
    Internal Audit Reporting Lines, Fraud Risk Decomposition, and Assessments of Fraud Risk
    Practical Implications:

    The results of this study are important for audit firms to consider when determining the extent of reliance on internal auditor’s fraud risk assessments.  Internal auditor judgments may be influenced by pressures to decrease risk assessments when reporting to the audit committee.  Thus, the recent suggested improvements for improving audit practice and risk assessment processes by reporting to the audit committee may have adverse and unexpected consequences.  Additionally, internal auditor judgments may be influenced by an over-reliance on attitude cues, even when decomposing fraud risk assessments.  Thus, decomposition may amplify the problem that prompted its use.

    Citation:

    Norman, C.S., A.M. Rose, and J.M. Rose. 2010. Internal audit reporting lines, fraud risk decomposition, and assessments of fraud risk. Accounting, Organizations and Society 35: 546-557.

    Keywords:
    internal audit, fraud risk assessment, audit committee
    Purpose of the Study:

    The internal auditor function is one of the four cornerstones of corporate governance along with senior management, the board, and external auditors.  External auditors frequently rely on the work of internal auditors, including firm risk assessments per AS5, An Audit of Internal Control over Financial Reporting that is Integrated with an Audit of Financial Statements.  Internal auditors may report to management or to the audit committee.  Many investors and regulators have suggested that internal auditors should report directly to the audit committee to minimize the threats to independence and objectivity that may potentially occur when internal auditors report to management.  However, if the audit committee is given power over the internal audit function, this may create potential new threats to internal auditor independence not previously considered.  For example, many audit committees now have the authority to hire or fire the Chief Audit Executive.  This paper addresses the effects of internal audit reporting lines on the fraud risk assessment judgments of internal auditors.  Below are two objectives that the authors address in their study: 

    • Examine the extent that internal auditors may be subconsciously motivated to avoid reporting higher levels of fraud risk to the audit committee, relative to when the risks are reported to management.
    • Examine whether decomposition of fraud risk into the components of the fraud triangle (management attitude, incentives, and opportunities) improves the internal auditor’s sensitivity to opportunity and incentive cues.
    Design/Method/ Approach:

    The authors collected their evidence from highly experienced internal auditors (mean experience of 15.3 years) via survey instruments. The authors then collected additional evidence using an experiment where participants were asked to complete a simulated task. Experiment participants were experienced internal auditors with mean experience of 9.6 years.  Survey participants were asked five questions about risk assessment discussions, reporting lines, and reactions.  In the simulated task participants were asked to assess the level of fraud risk in a hypothetical firm.  Participants were assigned to either a higher or lower level of fraud risk and to a reporting line of either audit committee or management.  The research was conducted in the mid- to late-2000s time period.

    Findings:
    • The authors find that internal auditors perceive greater personal threats when reporting high levels of fraud risk to the audit committee than when reporting to management.  Internal auditors fear overreaction from the audit committee, potentially leading to increased workload and management reprisals.   
    • The perception of greater perceived threats leads internal auditors to reduce assessed levels of fraud risk when reporting to the audit committee relative to reporting to management.  This finding is contrary to expectations and reveals additional unexpected threats created by having internal audit report to the audit committee.
    • Internal auditors increase attention to management attitude when risk assessments are decomposed, without a corresponding increase to incentive or opportunity cues.  Thus, unlike external auditors, fraud decomposition does not appear to mitigate perceived problems associated with insensitivity to incentive and opportunity cues.    
    Category:
    Risk & Risk Management - Including Fraud Risk, Auditing Procedures - Nature - Timing and Extent, Governance
    Sub-category:
    Fraud Risk Assessment, Reliance on Internal Auditors, Internal auditor role and involvement in controls and reporting
    Home:
    home button
  • The Auditing Section
    Internal Audit Sourcing Arrangement and the External...
    research summary posted May 7, 2012 by The Auditing Section, tagged 07.0 Internal Control, 07.01 Scope of Testing, 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting 
    Title:
    Internal Audit Sourcing Arrangement and the External Auditor’s Reliance Decision
    Practical Implications:

    The results of this study suggests that external auditors place more reliance on “outsourced” internal audit work, especially under high inherent risk conditions, than on “in-house” internal audit work due to the external auditors’ assessment of higher objectivity on the part of the “outsourced” internal auditor. The authors suggest this may have implications for external audit teams’ planning and assessment of internal audit work, in that whether or not the work is outsourced might need to be considered in the assessment. Also, audit clients might consider a need to outsource more internal audit work or try to make changes to increase the external auditors’ perception of their “in-house” internal audit team, in terms of objectivity.

    Citation:

    Glover, S. M., Prawitt, D. F., and D. A. Wood. 2008. Internal Audit Sourcing Arrangement and the External Auditor’s Reliance Decision. Contemporary Accounting Research 25 (1) 193-213.

    Keywords:
    assessment of internal audit work; internal audit outsourcing; auditor judgment
    Purpose of the Study:

    Under Section 404 of the Sarbanes-Oxley Act (SOX), client management must evaluate the effectiveness of internal controls over financial reporting (ICOFR). In order to meet new regulations, many firms outsourced internal audit functions to third-parties. Auditing standards state that external auditors are required to evaluate the objectivity, competence, and work performed by internal auditors. Since third-party internal audit teams likely have different incentive and motives, compared to in-house internal audit teams, the external auditor may have different perceptions of each team’s objectivity. This study examines whether external auditors’ reliance on the work of outsourced internal auditors differs from the reliance of “in-house” internal auditors.

    Design/Method/ Approach:

    The authors collected their evidence via experimental cases administered to auditors from one of the Big 4 accounting firms. Approximately 21 percent were staff-level; 59 percent were senior staff, the other 20 percent were manager-level or higher. Data was collected prior to 2007.  Participants were provided background information about the hypothetical company, the internal audit team, and the audit procedures performed by the internal audit team. Participants were asked to evaluate the internal audit team’s competency and objectivity, as well as the amount of reliance to place on the internal audit team’s work.

    Findings:
    • When inherent risk is low, external auditors are just as likely to rely on “outsourced” internal audit work as “in-house” internal audit work. 
    • External auditors perceive “outsourced” internal audit work to be more objective than “in-house” internal audit work. 
    • When inherent risk is high, external auditors are more likely to rely on “outsourced” internal audit work as “in-house” internal audit work. 
    • External auditors are more willing to rely on internal auditors’ work when they perceive the internal auditors to be performing objective tasks, versus subjective tasks. (This is for both “in-house” and “outsourced” internal audit teams.) This difference in reliance between objective and subjective tasks is magnified when inherent risk is high.
    • However, when the task is subjective, the auditor relies less on the internal audit team’s work when inherent risk is high.
    Category:
    Internal Control, Governance
    Sub-category:
    Scope of Testing, Internal auditor role and involvement in controls and reporting
    Home:
    home button
  • Jennifer M Mueller-Phillips
    Internal Audit Sourcing Arrangements and Reliance by...
    research summary posted September 26, 2013 by Jennifer M Mueller-Phillips, tagged 07.0 Internal Control, 07.01 Scope of Testing, 08.0 Auditing Procedures – Nature, Timing and Extent, 08.11 Reliance on Internal Auditors, 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting 
    Title:
    Internal Audit Sourcing Arrangements and Reliance by External Auditors
    Practical Implications:

    The authors note a couple of implications for practitioners resulting from this study.  First, given the fact that external auditors assess internal audit quality and rely upon the work similarly for outsourced and cosourced internal audit functions, it may be worthwhile for companies to consider engaging some level of independent outside service provider to work along with their in-house internal auditors for high risk areas. 
        Second, having the same 3rd party internal audit service provider also provide tax services results in less reliance upon the work performed by internal audit, even though those services are approved by the audit committee and performed by different individuals.  Therefore, external audit increases their audit effort, thereby implying that external audit must see this additional service provision to be detrimental to the internal audit service provider’s objectivity. 
     
    For more information on this study, please contact Naman K. Desai.
     

    Citation:

    Desai, N. K., G. J. Gerard, and A. Tripathy. 2011. Internal Audit Sourcing Arrangements and Reliance by External Auditors. Auditing: A Journal of Practice & Theory 30 (1):149-171.

    Keywords:
    cosourcing; external auditor reliance; internal audit; sourcing
    Purpose of the Study:

      The purpose of this study is to investigate potential internal audit (IA) sourcing arrangements (in-house, outsource, and cosource) and to determine how that impacts an external auditor’s evaluation of the IA function’s competency, objectivity, and technical skills. The extent to which the audit team will rely upon work performed by the internal auditors can also be determined this way.  This study also looks at whether tax services provided by the IA service provider impacts the extent of reliance for outsourced or cosourced IA.
    This study is important because the Institute of Internal Auditors makes no preference between any of these sourcing arrangements.  Prior research has shown that outsourcing the IA function results in higher ratings of objectivity and more reliance upon their work when inherent risk is high (but no differences when inherent risk is low).  However, no studies test how cosourcing arrangements are evaluated.  This question is important to answer since a cosourced arrangement is a blend of in-house and outsourced internal auditors, which indicates that results could go either way. 
     

    Design/Method/ Approach:

    The authors conducted an experiment including experienced CPAs from Big 4 and regional firms prior to October 2007.  The design results in only 5 groups – in-house, outsource, or cosource without mention of tax services and outsource or cosource with the service firm also providing tax services.  External auditors were asked to provide ratings related to internal audit’s quality, reliance on internal audit work, audit risk, planned external audit effort, and likelihood that IA would give in to management regarding potential findings.

    Findings:
    • The authors find that in high risk areas, external auditors’ rate outsourced and cosourced internal auditors as having higher levels of quality than in-house internal audit.
    • They similarly find that external audit is more likely to rely upon the internal audit work performed if it is performed by outsourced or cosourced IA.
    • Further, the authors find no differences in quality or reliance ratings between outsourced and cosourced IA. 
    • However, when outsourced or cosourced internal audit service providers also provide tax services (which are performed by individuals other than those who perform the internal audit work) external auditors perceive the quality of the internal audit work to be lower.  As a consequence, they rely less upon the internal auditor’s work and instead increase their own external audit efforts. 
       
    Category:
    Auditing Procedures - Nature - Timing and Extent, Governance, Internal Control
    Sub-category:
    Internal auditor role and involvement in controls and reporting, Reliance on Internal Auditors, Scope of Testing
  • Jennifer M Mueller-Phillips
    Internal Auditors’ Fraud Judgments: The Benefits of B...
    research summary posted October 22, 2013 by Jennifer M Mueller-Phillips, tagged 06.0 Risk and Risk Management, Including Fraud Risk, 06.01 Fraud Risk Assessment, 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting 
    Title:
    Internal Auditors’ Fraud Judgments: The Benefits of Brainstorming in Groups
    Practical Implications:

    Internal auditors frequently work alone, but the findings from this research indicate that brainstorming in groups produces higher quality fraud risk assessments.  Additionally, this research has practical implications because qualitative risk assessment scales have been shown to result in higher assessed fraud risks than quantitative risk assessment scales, but brainstorming in groups appears to alleviate this response mode bias.

    For more information on this study, please contact Tina Carpenter.
     

    Citation:

    Carpenter, T.D., J.L. Reimers, and P.Z. Fretwell. 2011 Internal Auditors’ Fraud Judgments: The Benefits of Brainstorming in Groups. Auditing: A Journal of Practice and Theory 30 (3): 211-224.

    Keywords:
    fraud risk assessments; brainstorming; response mode bias; group interaction; internal audit.
    Purpose of the Study:

    Although not required by internal auditing standards, the role of internal auditors in the fraud detection and prevention process has gained attention from many parties in the auditing process including external auditors and standard setters.  This study examines the following:

    • How type of brainstorming (group versus alone) affects internal auditors’ fraud risk assessments by examining whether the internal auditors produce a high number of assessed risks, or higher quality risk assessments.
    • How group interaction decreases response mode bias caused by making risk assessments quantitatively versus qualitatively.
       
    Design/Method/ Approach:

    To conduct the study, 162 internal auditors participated in an experiment that required the internal auditors to brainstorm potential fraud risks from a case which was adapted from an actual fraud that had been examined by the SEC.  Participants were randomly assigned to conditions where they were asked to make fraud risk assessments using on quantitative scale or a qualitative scale.  Subjects were then instructed to brainstorm either individually or in a group setting.  Quantity of assessed risks is determined by the number of risks identified and quality of risk assessment is determined by whether the identified fraud risk was actually present in the case.  Data for the experiment was collected prior to September 2008. 

    Findings:
    • Internal auditors who assessed fraud risk using a qualitative scale (for example, assessing fraud risk as low, moderate, high, very high) assessed fraud risk higher than internal auditors who assessed fraud risk on a quantitative scale (for example, assessing fraud risk on a scale from 1 to 5).
    • Internal auditors brainstorming individually (alone) identified a higher number of fraud risks than internal auditors brainstorming in groups.
    • Internal auditors brainstorming in groups identified higher quality fraud risks than internal auditors brainstorming alone.  However, they collectively identified fewer fraud risks than the aggregation of internal auditors brainstorming alone.
    • Brainstorming in groups reduces response mode bias.  That is, internal auditors who assessed risk using a qualitative scale assessed fraud risk as being higher than internal auditors who assessed fraud risk using a quantitative scale.  However, the brainstorming process removed this bias so that there was no significant difference in the internal auditors’ risk assessments after the group interaction.
       
    Category:
    Governance, Risk & Risk Management - Including Fraud Risk
    Sub-category:
    Fraud Risk Assessment, Internal auditor role and involvement in controls and reporting
  • Jennifer M Mueller-Phillips
    Rotational internal audit programs and financial reporting...
    research summary posted October 21, 2015 by Jennifer M Mueller-Phillips, tagged 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting, 14.0 Corporate Matters, 14.11 Audit Committee Effectiveness 
    Title:
    Rotational internal audit programs and financial reporting quality: Do compensating controls help?
    Practical Implications:

    Results from this study suggest that rotating internal auditors into operational management programs reduces financial reporting quality. Companies that utilize a rotational internal audit program should be aware of these possible unintended consequences. Companies utilizing these programs should consider implementing several compensating controls (listed in the findings section), as the authors have found that these controls can reduce or even eliminate (if used together) the negative consequences of rotational internal audit programs.  

    Citation:

    Christ, M.H., A. Masli, N.Y. Sharp, and D.A. Wood. 2015. Rotational internal audit programs and financial reporting quality: Do compensating controls help? Accounting, Organizations and Society 44: 37-59.

    Keywords:
    internal auditing, financial reporting quality, audit committee oversight, controls
    Purpose of the Study:

    The purpose of this study is to examine unintended consequences of rotational internal audit programs. Specifically, the authors inspect how moving internal auditors out of the internal audit function and into operational management can impact financial reporting quality. In addition, the authors examine how compensating controls can mitigate the unintended consequences.

    Design/Method/ Approach:

    The authors initially utilize semi-structured interviews with audit executives and audit committee chairmen to identify how the rotational internal audit programs impact financial reporting quality. Using the information gathered, the authors test hypotheses utilizing archival data from various firms for the years 2000 to 2005.

    Findings:

    Overall, the authors find that the practice of rotating internal auditors into operational management positions is related to lower financial reporting quality. Specifically, it increases Accounting Risk (that evaluates the risk of misreporting by identifying suspicious patterns in accounting data). However, the authors find that several compensating controls can reduce this negative effect. Specifically, the authors find the effect is reduced when companies only rotate staff internal audit positions, have a more effective audit committee, and when management asks the internal audit function to have a greater role in the financial reporting process. Findings also demonstrate that including all three of these compensating controls can eliminate the unintended consequences.

    Category:
    Corporate Matters, Governance
    Sub-category:
    Audit Committee Effectiveness, Internal auditor role and involvement in controls and reporting
  • Jennifer M Mueller-Phillips
    Serving Two Masters: The Association between Audit Committee...
    research summary posted October 19, 2015 by Jennifer M Mueller-Phillips, tagged 13.0 Governance, 13.05 Board/Audit Committee Oversight, 13.06 Board/Audit Committee Processes, 13.07 Internal auditor role and involvement in controls and reporting 
    Title:
    Serving Two Masters: The Association between Audit Committee Internal Audit Oversight and Internal Audit Activities.
    Practical Implications:

    The results speak to the need for regulators to consider the incentives of the various stakeholders when determining policy. Should policy makers consider expanding or restricting specific oversight roles, they should consider the concomitant effects on the internal audit function, and the differential incentives faced by the audit committee and executive management. In addition, as audit committees and managers jointly work or oversee the work of internal auditors, the results suggest that these two oversight participants should consider how their respective incentives potentially bias the focus of the internal audit department away from a mix of activities that optimally address the greater business risks of the company. Likewise, as external auditors assess the organizational status of the internal audit department, they may also wish to consider the apparent focus of internal audit as a potential indication of oversight control.

    Citation:

    Abbott, L. J., S. Parker, and G. F. Peters. 2010. Serving Two Masters: The Association between Audit Committee Internal Audit Oversight and Internal Audit Activities. Accounting Horizons 24 (1): 1-24.

    Keywords:
    internal auditing, audit committees, best practices, internal auditors
    Purpose of the Study:

    This study examines the association between the activities performed by the internal audit function (hereafter, IAF) and the extent of audit committee oversight of the IAF. Two primary concerns motivate this study. First, relatively little regulatory or best practices guidance relates to the distribution of IAF activities, and virtually no current research has been done about these activities. The authors believe this topic to be important because current New York Stock Exchange listing rules require registrants to maintain an IAF, increasing the pervasiveness of internal audit. The second motivation concerns the relatively incomplete set of audit-committee related regulations. In particular, the Sarbanes-Oxley Act of 2002 (SOX) requires audit committee oversight of internal controls over financial reporting and also mandates reporting on a registrant’s internal controls. However, SOX is silent on internal audit, a key participant in both the financial reporting process and the internal control structure. Moreover, SOX does not address internal audit’s reporting relationship with the audit committee or the audit committee’s duties concerning internal audit resources.

    Design/Method/ Approach:

    The survey questionnaire was mailed to Fortune 1000 companies, after excluding banks. Consistent with much prior internal audit research, the survey was directed to CIAs. The first survey was sent in July 2006 and resulted in a total of 72 usable responses. A follow-up mailing was conducted in September 2006 and produced an additional 62 usable responses. This lead to the final sample size of 134 observations.

    Findings:

    The authors find that the percentage of the IAF budget devoted to internal-controls-based activities is positively related to the measure of the audit committee’s oversight. In particular, audit committees with greater IAF oversight are associated with larger percentages of IAF hours being allocated toward internal controls activities. Moreover, the results suggest that a significant number of Fortune 1000 companies have audit committees that appear to have little oversight of the IAF. This speaks to the relevance and timeliness of the recommendations of numerous parties concerning audit committee internal audit termination/hiring rights and budgetary controls.

    The authors also document significant differences in the allocation of IAF budgets across different activities, an area with very little prior research. They find that the majority of the IAF budget is devoted to internal controls activities, but the remainder, allocated to non-controls activities, is considerable. The evidence indicates that outsourcing arrangements are quite prevalent, but are also quite specific. In particular, the majority of outsourcing hours were spent on Section 404- related activities, with a lesser portion devoted to assisting the external auditor with the financial statement audit. The results suggest that an audit committee’s demand for better internal controls may lead to greater IAF focus on internal controls. 

    Category:
    Governance
    Sub-category:
    Board/Audit Committee Oversight, Board/Audit Committee Processes, Internal auditor role and involvement in controls and reporting
  • Jennifer M Mueller-Phillips
    The effects of disclosure type and audit committee expertise...
    research summary posted October 20, 2015 by Jennifer M Mueller-Phillips, tagged 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting, 14.0 Corporate Matters, 14.05 Earnings Targets and Management Behavior, 14.11 Audit Committee Effectiveness 
    Title:
    The effects of disclosure type and audit committee expertise on Chief Audit Executives’ tolerance for financial misstatements.
    Practical Implications:

    The results suggest that internal auditors contribute to decreased reliability of disclosed amounts. It appears that the incentives of external auditors and internal auditors are closely aligned on this issue. In general, both of these parties seem to feel less responsibility for disclosed, relative to recognized amounts. The results indicate that financial reporting location has significant effects on internal auditors’ decisions to correct misstatements. Specifically, internal auditors are more willing to waive disclosed misstatements relative to recognized misstatements. Contrary to expectations, the results do not indicate that increased audit committee expertise and associated increases in audit committee members’ perceived powers cause internal auditors to be less willing to waive misstatements.

    Citation:

    Norman, C. S., J. M. Rose, and I. S. Suh. 2011. The effects of disclosure type and audit committee expertise on Chief Audit Executives’ tolerance for financial misstatements. Accounting, Organizations & Society 36 (2): 102-108.

    Keywords:
    audit committee expertise, misstatements, Chief Audit Executives, audit committee, financial executives
    Purpose of the Study:

    External audit partners are more willing to waive misstatement corrections for disclosed than for recognized amounts. This willingness to allow misstatements may increase management’s incentives to manipulate disclosed amounts and increase the levels of error and bias in disclosed information. While external auditors are more willing to waive disclosed amounts, relative to recognized amounts, internal auditors may require management to adjust misstatements regardless of their reporting locations. If internal auditors do not tolerate misstatements that are disclosed, this will increase the reliability (i.e., decrease the random error and bias) of disclosed amounts and decrease the likelihood of management manipulation of disclosed amounts. As a result, the impact to practice of external auditors’ willingness to waive misstated disclosures could be mitigated or even eliminated by internal audit oversight.

    The authors examine Chief Audit Executives’ and deputy Chief Audit Executives’ decisions to require adjustments of misstatements that are either recognized or disclosed. Chief Audit Executives (CAEs) may require equivalent adjustments for recognized and disclosed amounts, and act to counter the actions of management and external auditors. Understanding the decision processes of CAEs will help to inform regulators and standard setters of the underlying factors that drive financial statement reliability.

    Design/Method/ Approach:

    The participants are 73 Chief Audit Executives (CAEs) and deputy CAEs. CAEs and deputy CAEs are the ultimate decision makers in internal audit. None of these participants are from outsourced internal audit departments. The average number of years of internal audit experience is 13.71. The study was completed on paper and provided to participants in sealed envelopes by one of the study’s authors. All participants completed the materials in their professional offices under controlled conditions in the presence of one of the authors. The evidence was gathered prior to 2011.

    Findings:

    The results of this study indicate that reporting location has a significant effect on internal auditors’ decisions. Specifically, CAEs and their deputies require lesser amounts of misstatement correction of disclosed amounts relative to recognized amounts. While increased audit committee expertise increases audit committee members’ perceived power over management, the authors do not find that CAEs require greater misstatement corrections when the audit committee has more financial expertise, relative to less expertise. It appears that internal auditors may not have enough concern about disclosed misstatements to warrant a decision to exercise the power they derive from audit committee expertise. The results suggest that internal auditors, like external auditors and managers, act to decrease the perceived and actual reliability of disclosed information. Further, increasing the power of the internal audit function does not mitigate this problem. The authors find reason for serious concerns about the accuracy of disclosed amounts, relative to recognized amounts.

    Category:
    Corporate Matters, Governance
    Sub-category:
    Audit Committee Effectiveness, Earnings Targets & Management Behavior, Internal auditor role and involvement in controls and reporting
  • Jennifer M Mueller-Phillips
    The Effects of Internal Audit Report Type and Reporting...
    research summary posted October 20, 2015 by Jennifer M Mueller-Phillips, tagged 08.0 Auditing Procedures – Nature, Timing and Extent, 08.11 Reliance on Internal Auditors, 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting 
    Title:
    The Effects of Internal Audit Report Type and Reporting Relationship on Internal Auditors' Risk Judgments.
    Practical Implications:

    This study’s results are important to regulators thinking about requiring issuance of an internal audit report and practitioners planning how to respond to such proposals. The authors suggest that the assurance internal audit report, which leads to more conservative risk assessment when internal auditors mainly report to the audit committee, may prove rather costly and unpopular among internal auditors. Meanwhile, the descriptive internal audit report, which prior research found to be useful to investors, does not make internal auditors more conservative, but it may prove less costly and more popular among internal auditors. Ultimately, these findings suggest that regulators need to discuss any internal audit report proposals with key stakeholders, including internal auditors, before getting too far into the rule making process. 

    Citation:

    Boyle, D. M., F. T. DeZoort, and D. R. Hermanson. 2015. The Effects of Internal Audit Report Type and Reporting Relationship on Internal Auditors' Risk Judgments. Accounting Horizons 29 (3): 695-718.

    Keywords:
    internal audit, descriptive report, assurance report, reporting relationship, accountability
    Purpose of the Study:

    External stakeholders want information to help them better understand corporate governance at the companies they follow. Although disclosure about many elements of corporate governance is currently available, little is known about the internal audit function. Such information asymmetry may be decreased via the issuance of an internal audit report. In fact, a few organizations have voluntary started issuing internal audit reports to external stakeholders. However, nothing is known about whether and how different forms of these reports impact internal auditors’ judgments. These judgments may also be impacted by whether the internal auditors mainly report to management or the audit committee. The purpose of this study is to discover:

    • How do descriptive internal audit reports (i.e., reports describing the “composition, responsibilities, accountability, activities, and resources” of the internal audit function) impact internal auditors’ fraud risk and control risk assessments?
    • How do assurance internal audit reports (i.e., reports containing the internal auditors’ opinion of the organization’s “internal control effectiveness”) impact internal auditors’ fraud risk and control risk assessments?
    • How do different types of reporting structure (e.g., reporting directly to management vs. the audit committee) impact internal auditors’ fraud risk and control risk assessments?

    The authors hope to find answers to these questions in order to provide regulators with insights that can be used when considering potential regulation of the internal audit function.
     

    Design/Method/ Approach:

    The authors collected their evidence prior to August 2013 via a case emailed to highly experienced IIA members working at public and nonpublic companies. In this case, the authors manipulated the presence of a descriptive internal audit report, presence of an assurance internal audit report, and whether the internal auditor reported to management or the audit committee. Participants were asked to make fraud risk and control risk assessments, as well as explain whether and why they support or do not support the issuance of descriptive and assurance internal audit reports.

    Findings:
    • Compared to their non-reporting peers, internal auditors who provide descriptive internal audit reports do not make more conservative fraud risk or control risk assessments.
    • Compared to their non-reporting peers, internal auditors providing assurance internal audit reports make (do not make) more conservative fraud (control) risk assessments.
    • Internal auditors providing assurance internal audit reports do not make more conservative fraud risk or controls risk assessments than peers providing descriptive internal audit reports.
    • Internal auditors reporting mainly to the audit committee make more conservative fraud risk or control risk assessments than peers reporting mainly to management.
    • Internal auditors providing assurance internal audit reports who report mainly to management (the audit committee) have the least (most) conservative control risk assessments. 
    • Of internal auditors not providing assurance internal audit reports, those reporting mainly to management or mainly to the audit committee make equally conservative control risk assessments.
    • Both public and nonpublic internal auditors show moderate support for descriptive internal audit reports, with support from nonpublic internal auditors marginally higher than from public internal auditors. Participants believe that while descriptive internal audit reports may enhance the prestige of the internal audit function and enhance corporate governance, they not be relevant to external stakeholders and may interfere with internal audits’ true role.
    • Compared to support for descriptive internal audit reports, support for assurance internal audit reports is lower. Participants believe that although assurance internal audit reports may enhance corporate governance, they may open internal audit to scapegoating, interfere with internal audits’ true role, lead to replication of external auditors’ work, and take away the flexibility that lets internal audit focus on important areas that the external auditors consider out of scope.
    • Internal auditors expect descriptive (assurance) internal audit reports to cost about 17.5% (59.3%) of an internal audit department’s current budget.
    Category:
    Auditing Procedures - Nature - Timing and Extent, Governance
    Sub-category:
    Internal auditor role and involvement in controls and reporting, Reliance on Internal Auditors
  • Jennifer M Mueller-Phillips
    Welcome to the day-to-day of internal auditors: How do they...
    research summary posted July 30, 2015 by Jennifer M Mueller-Phillips, tagged 08.0 Auditing Procedures – Nature, Timing and Extent, 08.11 Reliance on Internal Auditors, 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting 
    Title:
    Welcome to the day-to-day of internal auditors: How do they cope with conflict?
    Practical Implications:

    This study makes an original contribution to the development of new knowledge on internal auditing. It concludes that internal auditors tend to lack independence and audit committee members often exercise disturbingly weak power (on the internal audit function), as compared to the top managers. This points to the difficulty of applying an idealized conception of independence and purist governance principles to practice. That is, it encourages auditors to consider the appropriateness of internal auditing as a meaningful independent assurance device in operating the corporate governance "mosaic."

    Citation:

    Roussy, M. 2015. Welcome to the day-to-day of internal auditors: How do they cope with conflict? Auditing: A Journal of Practice and Theory 34 (2): 237-264.

    Keywords:
    audit committee, conflicts, coping, independence, internal audit
    Purpose of the Study:

    The internal audit function (IAF) was made mandatory in both private and public companies in North America in the early 2000s. This paper proposes a ''micro-level'' analysis of the way in which internal auditors express role conflicts in their day-to-day practice and how they perceive, manage, and resolve them. The study seeks to show that the independence of the internal auditor is often not up to the standards that are expected of the internal audit function (IAF), and therefore unlikely to play an effective governance oversight role compatible with the ideal of the new public management governance reform.

    Design/Method/ Approach:

    A field study was conducted involving semi-structured interviews with 42 internal auditors working in 13 public sector organizations. Interviews were conducted between May and October 2010. Each interviewee had 10-15 years of experience in internal auditing, with 20-25 years of professional experience total. Data was interpreted in the light of a theoretical analysis framework designed especially for this study. Organizational and social context was taken into consideration for each interview.

    Findings:

    Overall, the results indicate that internal auditors have a relative lack of independence (as compared with the Institute of Internal Auditors’ standards.) More specifically:

    • While internal auditors are strategic in managing conflicts, they do not consider the cumulative effect that their coping behavior has on their lack of independence.
    • The audit committee does not greatly influence internal auditors’ coping tactics at any stage in the audit process.
    • Auditors use “pragmatic” behavior because they are embedded in a specific organizational and social context that they are ‘‘forced’’ to take into account.
    • The analysis casts doubt on the audit committee’s ability and commitment to consolidate and ensure internal auditor independence.

    Ultimately, the study concludes that internal auditors behave as if the IAF were a means for managerial control, instead of a governance mechanism.

    Category:
    Auditing Procedures - Nature - Timing and Extent, Governance
    Sub-category:
    Internal auditor role and involvement in controls and reporting, Reliance on Internal Auditors
  • Jennifer M Mueller-Phillips
    Whistleblowing in Audit Firms: Organizational Response and...
    research summary posted December 1, 2014 by Jennifer M Mueller-Phillips, tagged 04.0 Independence and Ethics, 04.06 Reporting Ethics Breaches – Self & Others, 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting 
    Title:
    Whistleblowing in Audit Firms: Organizational Response and Power Distance
    Practical Implications:

    The results of this study are important for audit firms to consider when designing their ethics and whistleblowing policies. The evidence indicates that auditors’ are sensitive to power distance, and while no main effect for prior organizational response was found, prior research suggests that there are other costs associated with the perception that a firm does not respond to reports of ethical violations. Furthermore, it indicates that gender plays a role in an auditor’s sensitivity to power distance, and that the perceived moral intensity of the violation, which influences reporting likelihood, is moderated by the position of the observer, relative to the perpetrator. The study highlights the importance of firm culture and the implementation and enforcement of effective whistleblowing and ethical polices on the likelihood of employees to report observed ethical violations. 

    For more information on this study, please contact Eileen Z. Taylor.

    Citation:

    Taylor, E. Z., and M. B. Curtis. 2013. Whistleblowing in Audit Firms: Organizational Response and Power Distance. Behavioral Research in Accounting 25 (2): 21-43

    Keywords:
    Whistleblowing; ethical dilemma; power distance; gender
    Purpose of the Study:

    Employee fraud is a threat to all organizations, and whistleblowing is the most common way these frauds are detected. This paper investigates whether two factors, prior organizational response and power distance, affect auditors’ likelihood to report observations of colleagues’ unethical behavior. Prior organizational response (to whistleblowing reports) should result in a greater reporting likelihood, since evidence from practice and research indicates that a whistleblower’s primary goal is to stop the unethical behavior from continuing. Organizations that historically pay attention to whistleblowing reports should give potential whistleblowers the confidence that their report will be effective. Power distance, the level of the perpetrator in relation to the level of the potential whistleblower (peer or superior), is also likely important, as employees may be reluctant to whistleblow on someone of higher rank.

    The authors hypothesize that whistleblowing likelihood will be positively associated organization responsiveness to prior reports and that such likelihood is also associated with the relative position of the observer—individuals are more likely to report on peers than on superiors. They also investigate whether gender of the observer (potential whistleblower) matters, in relation to power distance, hypothesizing that females are more sensitive to power distance than are males.    

    Design/Method/ Approach:

    One hundred and eight audit seniors from Big-4 firms completed an experimental survey in Fall 2009. All participants read the same vignette of an ethical dilemma they observed within their firm, with modifications made for the different treatments. In the “responsive organization treatment”, participants were told that in the past, when the organization received a whistleblower report, they had taken appropriate action, whereas in the “nonresponsive treatment”, participants were told that in the past, when the organization received a whistleblower report, they had not taken appropriate action. To examine power distance, in the vignette, the perpetrator was referred to either as a “manager” (superior) or as a “fellow in-charge” (peer). The unethical behavior entailed observing the perpetrator destroy a page of review comments without addressing them.

    After reading the vignette, participants rated the seriousness of the unethical behavior and their responsibility to report it, as a measure of moral intensity. In order to assess whistleblowing likelihood, participants also rated how likely they were to report the violation to the employee hotline, using a scale of 0 to 100, if (1) your identity could be protected, and (2) your report could be anonymous

    Findings:
    • The authors find that auditors in this study were sensitive to power distance, such that they were significantly more likely to whistleblow on their peers than on their superiors. 
    • Additionally, the authors find that power distance and prior organizational response interact, such that auditors are were more likely to report on their peers when the organization’s prior response was weak or negative, than when it was responsive. However, auditors were less likely to report superiors when the organization’s prior response was weak or negative, than when it was responsive.
    • The authors find that men appear relatively less sensitive to power distance than do women.
    • The authors find that the perceived moral intensity of the case is significantly related to reporting likelihood, and that power distance moderates the effect such that those with a lower perception of moral intensity are much more influenced by power distance.
    Category:
    Governance, Independence & Ethics
    Sub-category:
    Internal auditor role and involvement in controls and reporting, Reporting Ethics Breaches - Self & Others

Filter by Type

Filter by Tag