Posts

Posts

  • Jennifer M Mueller-Phillips
    Chief Audit Executives Assessment of Internal Auditors’ P...
    research summary posted February 17, 2015 by Jennifer M Mueller-Phillips, tagged 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting, 14.0 Corporate Matters, 14.11 Audit Committee Effectiveness in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    Chief Audit Executives Assessment of Internal Auditors’ Performance Attributes by Professional Rank and Cultural Cluster
    Practical Implications:

    These results suggest that a generic profile for internal auditors, regardless of industry, may be in order. However, for a small minority of the attributes for which industry may have effects, industry-specific guidance may be appropriate. This conclusion suggests future studies of industry-specific effects for the purpose of developing industry-specific guidance. The IIA’s (2009) Internal Auditor Competency Framework has no industry-specific guidance, and it has indicated that such information will be added when available.

    An interesting finding in the study is that attributes such as financial analysis, research skills, and statistical sampling that have theoretical appeal to the practice of internal auditing were not selected by the CAEs as most important attributes. This result may be an artifact of limiting the selection of the attributes to the top five from each category of behavioral, technical, and competencies. The differences may also be due to the effects of culture.

    For more information on this study, please contact Mohammad J. Abdolmohammadi

    Citation:

    Abdolmohammadi, M.J. 2012. Chief Audit Executives Assessment of Internal Auditors’ Performance Attributes by Professional Rank and Cultural Cluster. Behavioral Research in Accounting 24(1): 1-23.

    Keywords:
    internal auditor attributes; professional rank; culture
    Purpose of the Study:

    This study explores chief audit executives’ perceptions of the most important performance attributes of internal auditors by professional rank and cultural cluster. Specifically, I investigated the following research questions:

    1. What are the most important performance attributes of internal auditors?
    2. Does the importance of performance attributes differ by internal auditors’ professional rank?
    3. Does the importance of performance attributes of internal auditors differ by cultural cluster?
    Design/Method/ Approach:

    The source of data for this study is the IIA’s CBOK (2006) database. This database contains responses from internal auditors of varying ranks practicing in over 100 countries. The IIARF developed this database in 2006 as a comprehensive study of the current state of the internal auditing profession worldwide. The data collected range from personal attributes of internal auditors (e.g., education), to the characteristics of their organizations (e.g., number of employees), to the internal and external quality assessment of the internal audit function. Included are data on 43 performance attributes of internal auditors.

    I identified 19 countries that could be classified into five distinct cultural clusters for investigation. Specifically, two criteria were used to select countries for the current study. First, the country to be selected had to be clearly identifiable with a specific cultural cluster. Second, to be included, a cultural cluster had to be represented by at least ten observations in the CBOK (2006) database so as to have sufficient data for statistical analysis. The resulting sample used in this study consists of 1,497 responses from CAEs in 19 countries classified into five distinct cultural clusters. The Anglo-Saxon cluster has the largest number of CAE responses with 913 observations, while the East-European cluster has only 58 responses. Within various clusters, Venezuela, with seven responses, has the smallest sample size, and the U.S., with 760 responses, has the largest sample size.

    Findings:

    The results show that while leadership attributes increase in importance by professional rank, technical skills generally decrease in importance by professional rank. The results also indicate that importance of performance attributes differs by cultural cluster. Robustness of the main results were confirmed through various multivariate analyses, where significant interaction effects between cultural cluster and professional rank were found. However, industry-specific analysis indicated no pattern of industry differences for the vast majority of performance attributes.

    Category:
    Corporate Matters, Governance
    Sub-category:
    Audit Committee Effectiveness, Internal auditor role and involvement in controls and reporting
  • Jennifer M Mueller-Phillips
    Whistleblowing in Audit Firms: Organizational Response and...
    research summary posted December 1, 2014 by Jennifer M Mueller-Phillips, tagged 04.0 Independence and Ethics, 04.06 Reporting Ethics Breaches – Self & Others, 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    Whistleblowing in Audit Firms: Organizational Response and Power Distance
    Practical Implications:

    The results of this study are important for audit firms to consider when designing their ethics and whistleblowing policies. The evidence indicates that auditors’ are sensitive to power distance, and while no main effect for prior organizational response was found, prior research suggests that there are other costs associated with the perception that a firm does not respond to reports of ethical violations. Furthermore, it indicates that gender plays a role in an auditor’s sensitivity to power distance, and that the perceived moral intensity of the violation, which influences reporting likelihood, is moderated by the position of the observer, relative to the perpetrator. The study highlights the importance of firm culture and the implementation and enforcement of effective whistleblowing and ethical polices on the likelihood of employees to report observed ethical violations. 

    For more information on this study, please contact Eileen Z. Taylor.

    Citation:

    Taylor, E. Z., and M. B. Curtis. 2013. Whistleblowing in Audit Firms: Organizational Response and Power Distance. Behavioral Research in Accounting 25 (2): 21-43

    Keywords:
    Whistleblowing; ethical dilemma; power distance; gender
    Purpose of the Study:

    Employee fraud is a threat to all organizations, and whistleblowing is the most common way these frauds are detected. This paper investigates whether two factors, prior organizational response and power distance, affect auditors’ likelihood to report observations of colleagues’ unethical behavior. Prior organizational response (to whistleblowing reports) should result in a greater reporting likelihood, since evidence from practice and research indicates that a whistleblower’s primary goal is to stop the unethical behavior from continuing. Organizations that historically pay attention to whistleblowing reports should give potential whistleblowers the confidence that their report will be effective. Power distance, the level of the perpetrator in relation to the level of the potential whistleblower (peer or superior), is also likely important, as employees may be reluctant to whistleblow on someone of higher rank.

    The authors hypothesize that whistleblowing likelihood will be positively associated organization responsiveness to prior reports and that such likelihood is also associated with the relative position of the observer—individuals are more likely to report on peers than on superiors. They also investigate whether gender of the observer (potential whistleblower) matters, in relation to power distance, hypothesizing that females are more sensitive to power distance than are males.    

    Design/Method/ Approach:

    One hundred and eight audit seniors from Big-4 firms completed an experimental survey in Fall 2009. All participants read the same vignette of an ethical dilemma they observed within their firm, with modifications made for the different treatments. In the “responsive organization treatment”, participants were told that in the past, when the organization received a whistleblower report, they had taken appropriate action, whereas in the “nonresponsive treatment”, participants were told that in the past, when the organization received a whistleblower report, they had not taken appropriate action. To examine power distance, in the vignette, the perpetrator was referred to either as a “manager” (superior) or as a “fellow in-charge” (peer). The unethical behavior entailed observing the perpetrator destroy a page of review comments without addressing them.

    After reading the vignette, participants rated the seriousness of the unethical behavior and their responsibility to report it, as a measure of moral intensity. In order to assess whistleblowing likelihood, participants also rated how likely they were to report the violation to the employee hotline, using a scale of 0 to 100, if (1) your identity could be protected, and (2) your report could be anonymous

    Findings:
    • The authors find that auditors in this study were sensitive to power distance, such that they were significantly more likely to whistleblow on their peers than on their superiors. 
    • Additionally, the authors find that power distance and prior organizational response interact, such that auditors are were more likely to report on their peers when the organization’s prior response was weak or negative, than when it was responsive. However, auditors were less likely to report superiors when the organization’s prior response was weak or negative, than when it was responsive.
    • The authors find that men appear relatively less sensitive to power distance than do women.
    • The authors find that the perceived moral intensity of the case is significantly related to reporting likelihood, and that power distance moderates the effect such that those with a lower perception of moral intensity are much more influenced by power distance.
    Category:
    Governance, Independence & Ethics
    Sub-category:
    Internal auditor role and involvement in controls and reporting, Reporting Ethics Breaches - Self & Others
  • Jennifer M Mueller-Phillips
    Chief Audit Executives’ Evaluations of Whistle-Blowing A...
    research summary posted October 24, 2013 by Jennifer M Mueller-Phillips, tagged 01.0 Standard Setting, 01.05 Impact of SOX, 12.0 Accountants’ Reports and Reporting, 12.04 Investigations, 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    Chief Audit Executives’ Evaluations of Whistle-Blowing Allegations
    Practical Implications:

    The findings of this study should be of interest to boards of directors, audit committees, and senior management who are accountable to investors and other parties for the timely and unbiased examination of whistle-blowing allegations. Prior research has shown that audit committee members can be biased in their evaluations of whistle-blower allegations and in the allocation of resources to investigate those allegations. However, the results of this study show that CAEs do not exhibit the same bias as audit committee members for allocating resources to investigate whistle-blower allegations. The audit committee often relies on the CAE to investigate whistle-blowing reports, and this study suggests that CAEs may be a better choice for managing the evaluation of whistle-blowing allegations relative to members of the audit committee. CAEs’ decisions are not shrouded in secrecy, and CAEs report to both management and the audit committee, creating multiple levels of accountability. They are less able to ignore allegations that pose personal threats than are directors.

    Citation:

    Guthrie, C. P., C. S. Norman, and J. M. Rose. 2012. Chief Audit Executives’ Evaluations of Whistle-Blowing Allegations. Behavioral Research in Accounting 24(2): 87-99.

    Keywords:
    Chief audit executive; internal controls; whistle-blowing.
    Purpose of the Study:

    Section 301(4) of the Sarbanes-Oxley Act of 2002 (SOX) requires that public companies establish procedures for receiving and reviewing complaints regarding accounting and controls, and SOX requires firms to establish a confidential and anonymous channel for reporting such complaints. Prior research has shown that audit committee members evaluate anonymous whistle-blower allegations as less credible than non-anonymous allegations. Additionally, prior research has shown that when whistle-blowing allegations threaten the reputations of corporate directors, the directors justify decisions to limit the investigation of allegations by ascribing low levels of credibility to the allegation. Therefore, the purpose of this study was to evaluate how Chief Audit Executives (CAE) evaluate whistle-blowing allegations and whether CAEs are subject to the same judgment biases that audit committee members exhibit. The authors studied CAE credibility assessments of:

    • Anonymous vs. non-anonymous whistle-blower allegations.
    • Whistle-blower allegations that threaten the reputations of the CAE.

    The authors also evaluated the amount of resources that CAEs planned to allocate to investigate these whistle-blower allegation reports.
     

    Design/Method/ Approach:

    The authors conducted an experiment that took place sometime before March 2012 with CAEs and deputy CAEs from both public and private companies. The participants had an average of 12.76 years of internal audit experience. About 60 percent of the participants were CPAs and about 50 percent of the participants were CIAs. The participants read a case in which they were informed of a whistle-blower allegation that management of the organization had committed fraud, and the participants then assessed the credibility of the allegation and allocated resources to investigate the claim. 

    Findings:
    • The CAEs ascribed a lower level of credibility to anonymous whistle-blowing reports relative to non-anonymous reports.
    • When the allegations threatened their reputations (meaning that the whistle-blowing reports suggested the wrongdoing was perpetrated by the exploitation of weaknesses in previously evaluated internal controls rather than by the circumvention of internal controls) CAEs further lowered their assessed credibility of the allegations.
    • CAE perceptions of lower credibility for allegations that threatened their reputations did not lead the CAEs to make smaller allocations of resources to investigating these allegations. In fact, the CAEs allocated more resources to allegations for which they would be held more responsible.
       
    Category:
    Accountants' Reporting, Governance, Standard Setting
    Sub-category:
    Impact of SOX, Internal auditor role and involvement in controls and reporting, Investigations
  • Jennifer M Mueller-Phillips
    Internal Auditors’ Fraud Judgments: The Benefits of B...
    research summary posted October 22, 2013 by Jennifer M Mueller-Phillips, tagged 06.0 Risk and Risk Management, Including Fraud Risk, 06.01 Fraud Risk Assessment, 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    Internal Auditors’ Fraud Judgments: The Benefits of Brainstorming in Groups
    Practical Implications:

    Internal auditors frequently work alone, but the findings from this research indicate that brainstorming in groups produces higher quality fraud risk assessments.  Additionally, this research has practical implications because qualitative risk assessment scales have been shown to result in higher assessed fraud risks than quantitative risk assessment scales, but brainstorming in groups appears to alleviate this response mode bias.

    For more information on this study, please contact Tina Carpenter.
     

    Citation:

    Carpenter, T.D., J.L. Reimers, and P.Z. Fretwell. 2011 Internal Auditors’ Fraud Judgments: The Benefits of Brainstorming in Groups. Auditing: A Journal of Practice and Theory 30 (3): 211-224.

    Keywords:
    fraud risk assessments; brainstorming; response mode bias; group interaction; internal audit.
    Purpose of the Study:

    Although not required by internal auditing standards, the role of internal auditors in the fraud detection and prevention process has gained attention from many parties in the auditing process including external auditors and standard setters.  This study examines the following:

    • How type of brainstorming (group versus alone) affects internal auditors’ fraud risk assessments by examining whether the internal auditors produce a high number of assessed risks, or higher quality risk assessments.
    • How group interaction decreases response mode bias caused by making risk assessments quantitatively versus qualitatively.
       
    Design/Method/ Approach:

    To conduct the study, 162 internal auditors participated in an experiment that required the internal auditors to brainstorm potential fraud risks from a case which was adapted from an actual fraud that had been examined by the SEC.  Participants were randomly assigned to conditions where they were asked to make fraud risk assessments using on quantitative scale or a qualitative scale.  Subjects were then instructed to brainstorm either individually or in a group setting.  Quantity of assessed risks is determined by the number of risks identified and quality of risk assessment is determined by whether the identified fraud risk was actually present in the case.  Data for the experiment was collected prior to September 2008. 

    Findings:
    • Internal auditors who assessed fraud risk using a qualitative scale (for example, assessing fraud risk as low, moderate, high, very high) assessed fraud risk higher than internal auditors who assessed fraud risk on a quantitative scale (for example, assessing fraud risk on a scale from 1 to 5).
    • Internal auditors brainstorming individually (alone) identified a higher number of fraud risks than internal auditors brainstorming in groups.
    • Internal auditors brainstorming in groups identified higher quality fraud risks than internal auditors brainstorming alone.  However, they collectively identified fewer fraud risks than the aggregation of internal auditors brainstorming alone.
    • Brainstorming in groups reduces response mode bias.  That is, internal auditors who assessed risk using a qualitative scale assessed fraud risk as being higher than internal auditors who assessed fraud risk using a quantitative scale.  However, the brainstorming process removed this bias so that there was no significant difference in the internal auditors’ risk assessments after the group interaction.
       
    Category:
    Governance, Risk & Risk Management - Including Fraud Risk
    Sub-category:
    Fraud Risk Assessment, Internal auditor role and involvement in controls and reporting
  • Jennifer M Mueller-Phillips
    Corporate Managers’ Reliance on Internal Auditor R...
    research summary last edited October 15, 2013 by Jennifer M Mueller-Phillips, tagged 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    Corporate Managers’ Reliance on Internal Auditor Recommendations
    Practical Implications:

    One of the main implications of the study is that the internal audit function does add value to an organization because their recommendations can significantly impact managers’ operational decisions. The study also finds that in-house internal auditors can improve their influence on management by quantifying their recommendations.

    For more information on this study, please contact F. Greg Burton.
     

    Citation:

    Burton, F. G., S. A. Emett, C. A. Simon, and D. A. Wood. 2012. Corporate Managers’ Reliance on Internal Auditor Recommendations. Auditing: A Journal of Practice and Theory 31(2): 151-166.

    Keywords:
    Internal audit; in-house; outsourcing; competence; objectivity
    Purpose of the Study:

    Internal auditors provide both assurance and consulting services to add value and improve the operations of an organization. In order to add value through consulting services, internal auditors must make credible recommendations and effectively communicate those recommendations to management. Therefore, the purpose of the study was to understand the factors that influence managers’ perceptions of and reliance on internal audit consulting recommendations. The factors that the authors studied included:

    • Whether internal auditor recommendations are consistent or not with managers’ initial preferences
    • Whether the internal audit function is performed in-house or outsourced
    • Whether the recommendations are quantified or non-quantified.
       
    Design/Method/ Approach:

    The authors conducted an experiment with business professionals that held either senior or mid-level manager positions in their companies. The participants had an average of 9.12 years of work experience. Participants were given a case study about a plastics company and were given the role of a supervising manager of the company. Managers made an initial operational decision and then were presented with information from internal audit and asked to make their final decision.

    Findings:

    The authors found the following results:

    • Managers change their initial positions more when presented with preference-inconsistent recommendations.
    • There are no differences in managers’ reliance on the non-quantified, preference-inconsistent recommendations of outsourced versus in-house internal auditors.
    • Managers rely more on the quantified recommendations of in-house internal auditors than the non-quantified recommendations of in-house internal auditors. The authors did not find this same effect for outsourced internal auditors.
       
    Category:
    Governance
    Sub-category:
    Internal auditor role and involvement in controls and reporting
  • Jennifer M Mueller-Phillips
    Internal Audit Sourcing Arrangements and Reliance by...
    research summary posted September 26, 2013 by Jennifer M Mueller-Phillips, tagged 07.0 Internal Control, 07.01 Scope of Testing, 08.0 Auditing Procedures – Nature, Timing and Extent, 08.11 Reliance on Internal Auditors, 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    Internal Audit Sourcing Arrangements and Reliance by External Auditors
    Practical Implications:

    The authors note a couple of implications for practitioners resulting from this study.  First, given the fact that external auditors assess internal audit quality and rely upon the work similarly for outsourced and cosourced internal audit functions, it may be worthwhile for companies to consider engaging some level of independent outside service provider to work along with their in-house internal auditors for high risk areas. 
        Second, having the same 3rd party internal audit service provider also provide tax services results in less reliance upon the work performed by internal audit, even though those services are approved by the audit committee and performed by different individuals.  Therefore, external audit increases their audit effort, thereby implying that external audit must see this additional service provision to be detrimental to the internal audit service provider’s objectivity. 
     
    For more information on this study, please contact Naman K. Desai.
     

    Citation:

    Desai, N. K., G. J. Gerard, and A. Tripathy. 2011. Internal Audit Sourcing Arrangements and Reliance by External Auditors. Auditing: A Journal of Practice & Theory 30 (1):149-171.

    Keywords:
    cosourcing; external auditor reliance; internal audit; sourcing
    Purpose of the Study:

      The purpose of this study is to investigate potential internal audit (IA) sourcing arrangements (in-house, outsource, and cosource) and to determine how that impacts an external auditor’s evaluation of the IA function’s competency, objectivity, and technical skills. The extent to which the audit team will rely upon work performed by the internal auditors can also be determined this way.  This study also looks at whether tax services provided by the IA service provider impacts the extent of reliance for outsourced or cosourced IA.
    This study is important because the Institute of Internal Auditors makes no preference between any of these sourcing arrangements.  Prior research has shown that outsourcing the IA function results in higher ratings of objectivity and more reliance upon their work when inherent risk is high (but no differences when inherent risk is low).  However, no studies test how cosourcing arrangements are evaluated.  This question is important to answer since a cosourced arrangement is a blend of in-house and outsourced internal auditors, which indicates that results could go either way. 
     

    Design/Method/ Approach:

    The authors conducted an experiment including experienced CPAs from Big 4 and regional firms prior to October 2007.  The design results in only 5 groups – in-house, outsource, or cosource without mention of tax services and outsource or cosource with the service firm also providing tax services.  External auditors were asked to provide ratings related to internal audit’s quality, reliance on internal audit work, audit risk, planned external audit effort, and likelihood that IA would give in to management regarding potential findings.

    Findings:
    • The authors find that in high risk areas, external auditors’ rate outsourced and cosourced internal auditors as having higher levels of quality than in-house internal audit.
    • They similarly find that external audit is more likely to rely upon the internal audit work performed if it is performed by outsourced or cosourced IA.
    • Further, the authors find no differences in quality or reliance ratings between outsourced and cosourced IA. 
    • However, when outsourced or cosourced internal audit service providers also provide tax services (which are performed by individuals other than those who perform the internal audit work) external auditors perceive the quality of the internal audit work to be lower.  As a consequence, they rely less upon the internal auditor’s work and instead increase their own external audit efforts. 
       
    Category:
    Auditing Procedures - Nature - Timing and Extent, Governance, Internal Control
    Sub-category:
    Internal auditor role and involvement in controls and reporting, Reliance on Internal Auditors, Scope of Testing
  • The Auditing Section
    Internal Audit Quality and Earnings Management
    research summary last edited May 25, 2012 by The Auditing Section, tagged 08.0 Auditing Procedures – Nature, Timing and Extent, 08.11 Reliance on Internal Auditors, 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    Internal Audit Quality and Earnings Management
    Practical Implications:

    This study develops an empirical measure of internal audit quality, and provides evidence supporting companies’ use and  development of an IAF as part of improvements to its overall governance environment.  Regulators and other parties interested in corporate governance may find it helpful to more explicitly consider the role of internal auditor in the evaluation of the firm. 

    Citation:

    Prawitt, D., J. Smith, D. A. Wood 2009. Internal Audit Quality and Earnings Management. The Accounting Review 84 (4): 1255-1280.

    Keywords:
    corporate governance; internal audit function; internal audit quality; earnings management; abnormal accruals; analyst forecasts
    Purpose of the Study:

    Standards promulgated by the AICPA and PCAOB recognize the impact that a high-quality internal audit function (IAF) can have on reducing control risk, and by extension, audit risk.  As such, regulators permit and encourage external auditors to rely on the work of others if that work is deemed to be performed by “competent and objective persons” (PCAOB 2007).  Similarly, the Institute of Internal Auditors (IIA) recognizes the IAF as one of the four cornerstones of corporate governance, along with the audit committee, executive management, and the external auditor.  However, while several prior studies establish a negative association between the quality of firm’s corporate governance mechanisms and management’s tendency and ability to manipulate reported financial results, there is little evidence that relies on archival data concerning the impact of a quality IAF on firms’ earnings manipulation activities.

    The purpose of this study is to examine archival data to determine whether differences in the quality of firms’ IAF impact firms’ earnings management activities.

    Design/Method/ Approach:

    The authors rely on the IIA maintained GAIN database (a proprietary database), that is composed of survey responses from chief audit executives associated with IIA member organizations.  Member organizations responding to the survey include publicly traded and private companies, educational and governmental institutions, as well as individual divisions within companies.  The study covers the fiscal years of 2000-2005. 

    The authors create an index based on six factors that SAS No. 65 suggests external auditors should consider when evaluating whether to rely on the work of the internal auditors, and therefore differentiate IAF quality.  Those factors include the IAF’s professional experience, professional certifications, training, objectivity, relevance of their work to the financial reporting function, and the IAF’s relevance to the organization based on how much resources the corporation invests in the IAF group.  To capture management’s earnings management activities, the authors rely on measures of abnormal accruals and whether the firm just misses or beats analysts’ forecasts.

    Findings:
    • Overall, the results suggest that higher quality IAFs reduce management’s ability to manipulate earnings.
    • Specifically, higher quality IAFs appear to be associated with smaller negative abnormal accruals.
    • Companies with higher quality IAFs appear more likely to just miss analysts’ earnings forecasts, a measure of less earnings management.
    Category:
    Auditing Procedures - Nature - Timing and Extent, Governance
    Sub-category:
    Reliance on Internal Auditors, Internal auditor role and involvement in controls and reporting
    Home:
    home button
  • The Auditing Section
    Internal Audit Reporting Lines, Fraud Risk Decomposition,...
    research summary last edited May 25, 2012 by The Auditing Section, tagged 06.0 Risk and Risk Management, Including Fraud Risk, 06.01 Fraud Risk Assessment, 08.0 Auditing Procedures – Nature, Timing and Extent, 08.11 Reliance on Internal Auditors, 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    Internal Audit Reporting Lines, Fraud Risk Decomposition, and Assessments of Fraud Risk
    Practical Implications:

    The results of this study are important for audit firms to consider when determining the extent of reliance on internal auditor’s fraud risk assessments.  Internal auditor judgments may be influenced by pressures to decrease risk assessments when reporting to the audit committee.  Thus, the recent suggested improvements for improving audit practice and risk assessment processes by reporting to the audit committee may have adverse and unexpected consequences.  Additionally, internal auditor judgments may be influenced by an over-reliance on attitude cues, even when decomposing fraud risk assessments.  Thus, decomposition may amplify the problem that prompted its use.

    Citation:

    Norman, C.S., A.M. Rose, and J.M. Rose. 2010. Internal audit reporting lines, fraud risk decomposition, and assessments of fraud risk. Accounting, Organizations and Society 35: 546-557.

    Keywords:
    internal audit, fraud risk assessment, audit committee
    Purpose of the Study:

    The internal auditor function is one of the four cornerstones of corporate governance along with senior management, the board, and external auditors.  External auditors frequently rely on the work of internal auditors, including firm risk assessments per AS5, An Audit of Internal Control over Financial Reporting that is Integrated with an Audit of Financial Statements.  Internal auditors may report to management or to the audit committee.  Many investors and regulators have suggested that internal auditors should report directly to the audit committee to minimize the threats to independence and objectivity that may potentially occur when internal auditors report to management.  However, if the audit committee is given power over the internal audit function, this may create potential new threats to internal auditor independence not previously considered.  For example, many audit committees now have the authority to hire or fire the Chief Audit Executive.  This paper addresses the effects of internal audit reporting lines on the fraud risk assessment judgments of internal auditors.  Below are two objectives that the authors address in their study: 

    • Examine the extent that internal auditors may be subconsciously motivated to avoid reporting higher levels of fraud risk to the audit committee, relative to when the risks are reported to management.
    • Examine whether decomposition of fraud risk into the components of the fraud triangle (management attitude, incentives, and opportunities) improves the internal auditor’s sensitivity to opportunity and incentive cues.
    Design/Method/ Approach:

    The authors collected their evidence from highly experienced internal auditors (mean experience of 15.3 years) via survey instruments. The authors then collected additional evidence using an experiment where participants were asked to complete a simulated task. Experiment participants were experienced internal auditors with mean experience of 9.6 years.  Survey participants were asked five questions about risk assessment discussions, reporting lines, and reactions.  In the simulated task participants were asked to assess the level of fraud risk in a hypothetical firm.  Participants were assigned to either a higher or lower level of fraud risk and to a reporting line of either audit committee or management.  The research was conducted in the mid- to late-2000s time period.

    Findings:
    • The authors find that internal auditors perceive greater personal threats when reporting high levels of fraud risk to the audit committee than when reporting to management.  Internal auditors fear overreaction from the audit committee, potentially leading to increased workload and management reprisals.   
    • The perception of greater perceived threats leads internal auditors to reduce assessed levels of fraud risk when reporting to the audit committee relative to reporting to management.  This finding is contrary to expectations and reveals additional unexpected threats created by having internal audit report to the audit committee.
    • Internal auditors increase attention to management attitude when risk assessments are decomposed, without a corresponding increase to incentive or opportunity cues.  Thus, unlike external auditors, fraud decomposition does not appear to mitigate perceived problems associated with insensitivity to incentive and opportunity cues.    
    Category:
    Risk & Risk Management - Including Fraud Risk, Auditing Procedures - Nature - Timing and Extent, Governance
    Sub-category:
    Fraud Risk Assessment, Reliance on Internal Auditors, Internal auditor role and involvement in controls and reporting
    Home:
    home button
  • The Auditing Section
    Internal Audit Sourcing Arrangement and the External...
    research summary last edited May 25, 2012 by The Auditing Section, tagged 07.0 Internal Control, 07.01 Scope of Testing, 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    Internal Audit Sourcing Arrangement and the External Auditor’s Reliance Decision
    Practical Implications:

    The results of this study suggests that external auditors place more reliance on “outsourced” internal audit work, especially under high inherent risk conditions, than on “in-house” internal audit work due to the external auditors’ assessment of higher objectivity on the part of the “outsourced” internal auditor. The authors suggest this may have implications for external audit teams’ planning and assessment of internal audit work, in that whether or not the work is outsourced might need to be considered in the assessment. Also, audit clients might consider a need to outsource more internal audit work or try to make changes to increase the external auditors’ perception of their “in-house” internal audit team, in terms of objectivity.

    Citation:

    Glover, S. M., Prawitt, D. F., and D. A. Wood. 2008. Internal Audit Sourcing Arrangement and the External Auditor’s Reliance Decision. Contemporary Accounting Research 25 (1) 193-213.

    Keywords:
    assessment of internal audit work; internal audit outsourcing; auditor judgment
    Purpose of the Study:

    Under Section 404 of the Sarbanes-Oxley Act (SOX), client management must evaluate the effectiveness of internal controls over financial reporting (ICOFR). In order to meet new regulations, many firms outsourced internal audit functions to third-parties. Auditing standards state that external auditors are required to evaluate the objectivity, competence, and work performed by internal auditors. Since third-party internal audit teams likely have different incentive and motives, compared to in-house internal audit teams, the external auditor may have different perceptions of each team’s objectivity. This study examines whether external auditors’ reliance on the work of outsourced internal auditors differs from the reliance of “in-house” internal auditors.

    Design/Method/ Approach:

    The authors collected their evidence via experimental cases administered to auditors from one of the Big 4 accounting firms. Approximately 21 percent were staff-level; 59 percent were senior staff, the other 20 percent were manager-level or higher. Data was collected prior to 2007.  Participants were provided background information about the hypothetical company, the internal audit team, and the audit procedures performed by the internal audit team. Participants were asked to evaluate the internal audit team’s competency and objectivity, as well as the amount of reliance to place on the internal audit team’s work.

    Findings:
    • When inherent risk is low, external auditors are just as likely to rely on “outsourced” internal audit work as “in-house” internal audit work. 
    • External auditors perceive “outsourced” internal audit work to be more objective than “in-house” internal audit work. 
    • When inherent risk is high, external auditors are more likely to rely on “outsourced” internal audit work as “in-house” internal audit work. 
    • External auditors are more willing to rely on internal auditors’ work when they perceive the internal auditors to be performing objective tasks, versus subjective tasks. (This is for both “in-house” and “outsourced” internal audit teams.) This difference in reliance between objective and subjective tasks is magnified when inherent risk is high.
    • However, when the task is subjective, the auditor relies less on the internal audit team’s work when inherent risk is high.
    Category:
    Internal Control, Governance
    Sub-category:
    Scope of Testing, Internal auditor role and involvement in controls and reporting
    Home:
    home button
  • The Auditing Section
    Discussion of “Internal Audit Sourcing Arrangement and the E...
    research summary last edited May 25, 2012 by The Auditing Section, tagged 07.0 Internal Control, 07.01 Scope of Testing, 13.0 Governance, 13.07 Internal auditor role and involvement in controls and reporting in Auditing Section Research Summary Database > Auditing Section Research Summaries Space public
    Title:
    Discussion of “Internal Audit Sourcing Arrangement and the External Auditor’s Reliance Decision”
    Practical Implications:

    The points noted below suggest some limitations in Glover, Prawitt & Wood (2008) article. However, Messier acknowledges that the article provides insight on some factors that might affect the external auditors’ reliance decisions under AS 5.

    Citation:

    Messier, W. F. 2008. Internal Audit Sourcing Arrangement and the External Auditor’s Reliance Decision. Contemporary Accounting Research 25 (1) 215-218.

    Purpose of the Study:

    This is a discussion of the Glover et al. article (2008). The comments are based on Messier’s comments provided during the 2006 Contemporary Accounting Research Conference.

    Findings:
    • Glover, Prawitt, & Wood (2008) used a first-year audit scenario for their experiment. Messier suggests that auditors are more conservative in first-year audits. This conservative nature may have caused the auditors (participants) to assess the internal audit work as relatively low in terms of reliability. 
    • Messier suggests that the evaluation of “task subjectivity” may be confounded with the auditors’ consideration of the type of work performed, in accordance with SAS No. 65. (The “objective task” was control testing; the “subjective task” was inventory valuation.) This may limit the implications for the findings related to task objectivity/subjectivity, noted above.
    Category:
    Internal Control, Governance
    Sub-category:
    Scope of Testing, Internal auditor role and involvement in controls and reporting
    Home:
    home button