This is a public auditing article  public

This topic includes articles such as…

  • Jennifer M Mueller-Phillips
    The Effects of Internal Audit Report Type and Reporting...
    research summary posted October 20, 2015 by Jennifer M Mueller-Phillips, tagged 08.0 Auditing Procedures – Nature, Timing and Extent, 08.11 Reliance on Internal Auditors, 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting in Auditing Section Research Summaries Space public
    Title:
    The Effects of Internal Audit Report Type and Reporting Relationship on Internal Auditors' Risk Judgments.
    Practical Implications:

    This study’s results are important to regulators thinking about requiring issuance of an internal audit report and practitioners planning how to respond to such proposals. The authors suggest that the assurance internal audit report, which leads to more conservative risk assessment when internal auditors mainly report to the audit committee, may prove rather costly and unpopular among internal auditors. Meanwhile, the descriptive internal audit report, which prior research found to be useful to investors, does not make internal auditors more conservative, but it may prove less costly and more popular among internal auditors. Ultimately, these findings suggest that regulators need to discuss any internal audit report proposals with key stakeholders, including internal auditors, before getting too far into the rule making process. 

    Citation:

    Boyle, D. M., F. T. DeZoort, and D. R. Hermanson. 2015. The Effects of Internal Audit Report Type and Reporting Relationship on Internal Auditors' Risk Judgments. Accounting Horizons 29 (3): 695-718.

    Keywords:
    internal audit, descriptive report, assurance report, reporting relationship, accountability
    Purpose of the Study:

    External stakeholders want information to help them better understand corporate governance at the companies they follow. Although disclosure about many elements of corporate governance is currently available, little is known about the internal audit function. Such information asymmetry may be decreased via the issuance of an internal audit report. In fact, a few organizations have voluntary started issuing internal audit reports to external stakeholders. However, nothing is known about whether and how different forms of these reports impact internal auditors’ judgments. These judgments may also be impacted by whether the internal auditors mainly report to management or the audit committee. The purpose of this study is to discover:

    • How do descriptive internal audit reports (i.e., reports describing the “composition, responsibilities, accountability, activities, and resources” of the internal audit function) impact internal auditors’ fraud risk and control risk assessments?
    • How do assurance internal audit reports (i.e., reports containing the internal auditors’ opinion of the organization’s “internal control effectiveness”) impact internal auditors’ fraud risk and control risk assessments?
    • How do different types of reporting structure (e.g., reporting directly to management vs. the audit committee) impact internal auditors’ fraud risk and control risk assessments?

    The authors hope to find answers to these questions in order to provide regulators with insights that can be used when considering potential regulation of the internal audit function.
     

    Design/Method/ Approach:

    The authors collected their evidence prior to August 2013 via a case emailed to highly experienced IIA members working at public and nonpublic companies. In this case, the authors manipulated the presence of a descriptive internal audit report, presence of an assurance internal audit report, and whether the internal auditor reported to management or the audit committee. Participants were asked to make fraud risk and control risk assessments, as well as explain whether and why they support or do not support the issuance of descriptive and assurance internal audit reports.

    Findings:
    • Compared to their non-reporting peers, internal auditors who provide descriptive internal audit reports do not make more conservative fraud risk or control risk assessments.
    • Compared to their non-reporting peers, internal auditors providing assurance internal audit reports make (do not make) more conservative fraud (control) risk assessments.
    • Internal auditors providing assurance internal audit reports do not make more conservative fraud risk or controls risk assessments than peers providing descriptive internal audit reports.
    • Internal auditors reporting mainly to the audit committee make more conservative fraud risk or control risk assessments than peers reporting mainly to management.
    • Internal auditors providing assurance internal audit reports who report mainly to management (the audit committee) have the least (most) conservative control risk assessments. 
    • Of internal auditors not providing assurance internal audit reports, those reporting mainly to management or mainly to the audit committee make equally conservative control risk assessments.
    • Both public and nonpublic internal auditors show moderate support for descriptive internal audit reports, with support from nonpublic internal auditors marginally higher than from public internal auditors. Participants believe that while descriptive internal audit reports may enhance the prestige of the internal audit function and enhance corporate governance, they not be relevant to external stakeholders and may interfere with internal audits’ true role.
    • Compared to support for descriptive internal audit reports, support for assurance internal audit reports is lower. Participants believe that although assurance internal audit reports may enhance corporate governance, they may open internal audit to scapegoating, interfere with internal audits’ true role, lead to replication of external auditors’ work, and take away the flexibility that lets internal audit focus on important areas that the external auditors consider out of scope.
    • Internal auditors expect descriptive (assurance) internal audit reports to cost about 17.5% (59.3%) of an internal audit department’s current budget.
    Category:
    Auditing Procedures - Nature - Timing and Extent, Governance
    Sub-category:
    Internal auditor role and involvement in controls and reporting, Reliance on Internal Auditors