This study offers insights into why internal auditing is experiencing a shortage of qualified job candidates and offers a potential solution to the problem. The authors find that external auditors have negative perceptions about internal auditing, and these negative perceptions are associated with a (1) decreased desire to apply for internal auditing positions, (2) lower likelihood of recommending an in-house internal auditing career to high-performing students, and (3) higher likelihood of recommending an in-house internal auditing career to mediocre students. Internal auditors can try solving this problem by improving perceptions about internal auditing via a media campaign that raises awareness about the true internal audit career path.

Bartlett, G.D., J. Kremin, K.K. Saunders, and D.A. Wood. 2016. Attracting Applicants for In-House and Outsourced Internal Audit Positions: Views from External Auditors. Accounting Horizons 30 (1): 143-156.

The internal audit function can help organizations strengthen their risk management and corporate governance, yet the demand for qualified candidates to fill internal audit job openings exceeds the supply of interested applicants. Consequently, the internal audit function may find itself short-staffed and/or staffed with lower quality candidates, which may limit its ability to add value to the organization. In order to correct this problem, it is important to fully understand its scope and its root cause(s). Prior research attempting to gain this understanding has focused on investigating how accounting students’ beliefs about internal audit impact their interest to pursue an internal audit career. The authors of this paper extend this research by:

• Investigating how external auditors’ beliefs about internal audit impact (1) their interest to pursue an internal audit career and (2) their recommendations to students about pursuing an internal audit career,  
• Investigating differences in external auditor’s perceptions of in-sourced versus out-sourced internal audit, and
• Asking external auditors to suggest what needs to be done to improve their perceptions of internal audit.

The authors use data from three sources. First, the authors performed an experiment using experienced external auditors—mostly seniors or associates—who were asked whether they would apply for a job described as either an accounting, in-house internal audit, or outsourced internal audit position. Second, the authors performed another experiment using experienced external auditors—mostly managers or directors—who were asked whether they would recommend that a high-performing (mediocre performer) student pursue an external audit, in-house internal audit, or outsourced internal audit career. Third, the authors surveyed high-ranking former/current external auditors who never worked in internal audit about what would make internal auditing a more appealing career for them.

• When the same job opening is labeled as either accounting, in-house internal auditing, or outsourced internal auditing, the accounting label is likely to attract two times as many external auditor applicants as the other two labels.
• External auditors are equally willing to apply for in-house internal auditing or outsourced internal auditing positions.
• External auditors have more negative perceptions of in-house internal auditors than outsourced internal auditors.
• External auditors have negative perceptions of the internal auditing profession. They believe that (1) others have negative stereotypes about the profession, (2) business professionals do not respect internal auditors, and (3) internal auditors do boring work.
• Those less interested in applying for internal audit jobs have negative perceptions of internal auditing.
• The average external auditor willing (unwilling) to apply for an internal audit position would want to receive at least 124% (149%) of his current salary before being willing to switch from his current external audit job to an internal audit job.  
• External auditors will be most likely to recommend that top-performing students work in external audit and mediocre students work in in-house internal audit.
• External auditors will equally recommend that top-performing students and mediocre students should consider outsourced internal audit as a second best career path.
• External auditors have more negative perceptions of outsourced internal auditing than external auditing on most dimensions, except in regards to work-life balance. They believe that work-life balance is better for outsourced internal auditors.
• Current and former external auditors believe that internal auditing could become more appealing if internal auditors do more interesting work, receive more respect, perform value-added tasks, receive better compensation, and have better promotion opportunities. Because internal auditors appear to already be following these suggestions, internal auditors may benefit from giving others a better understanding of internal audit careers.

http://www.auditingresearchsummaries.org

This study’s results are important to regulators thinking about requiring issuance of an internal audit report and practitioners planning how to respond to such proposals. The authors suggest that the assurance internal audit report, which leads to more conservative risk assessment when internal auditors mainly report to the audit committee, may prove rather costly and unpopular among internal auditors. Meanwhile, the descriptive internal audit report, which prior research found to be useful to investors, does not make internal auditors more conservative, but it may prove less costly and more popular among internal auditors. Ultimately, these findings suggest that regulators need to discuss any internal audit report proposals with key stakeholders, including internal auditors, before getting too far into the rule making process. 

Boyle, D. M., F. T. DeZoort, and D. R. Hermanson. 2015. The Effects of Internal Audit Report Type and Reporting Relationship on Internal Auditors' Risk Judgments. Accounting Horizons 29 (3): 695-718.

External stakeholders want information to help them better understand corporate governance at the companies they follow. Although disclosure about many elements of corporate governance is currently available, little is known about the internal audit function. Such information asymmetry may be decreased via the issuance of an internal audit report. In fact, a few organizations have voluntary started issuing internal audit reports to external stakeholders. However, nothing is known about whether and how different forms of these reports impact internal auditors’ judgments. These judgments may also be impacted by whether the internal auditors mainly report to management or the audit committee. The purpose of this study is to discover:

• How do descriptive internal audit reports (i.e., reports describing the “composition, responsibilities, accountability, activities, and resources” of the internal audit function) impact internal auditors’ fraud risk and control risk assessments?
• How do assurance internal audit reports (i.e., reports containing the internal auditors’ opinion of the organization’s “internal control effectiveness”) impact internal auditors’ fraud risk and control risk assessments?
• How do different types of reporting structure (e.g., reporting directly to management vs. the audit committee) impact internal auditors’ fraud risk and control risk assessments?

The authors hope to find answers to these questions in order to provide regulators with insights that can be used when considering potential regulation of the internal audit function.
 

The authors collected their evidence prior to August 2013 via a case emailed to highly experienced IIA members working at public and nonpublic companies. In this case, the authors manipulated the presence of a descriptive internal audit report, presence of an assurance internal audit report, and whether the internal auditor reported to management or the audit committee. Participants were asked to make fraud risk and control risk assessments, as well as explain whether and why they support or do not support the issuance of descriptive and assurance internal audit reports.

• Compared to their non-reporting peers, internal auditors who provide descriptive internal audit reports do not make more conservative fraud risk or control risk assessments.
• Compared to their non-reporting peers, internal auditors providing assurance internal audit reports make (do not make) more conservative fraud (control) risk assessments.
• Internal auditors providing assurance internal audit reports do not make more conservative fraud risk or controls risk assessments than peers providing descriptive internal audit reports.
• Internal auditors reporting mainly to the audit committee make more conservative fraud risk or control risk assessments than peers reporting mainly to management.
• Internal auditors providing assurance internal audit reports who report mainly to management (the audit committee) have the least (most) conservative control risk assessments. 
• Of internal auditors not providing assurance internal audit reports, those reporting mainly to management or mainly to the audit committee make equally conservative control risk assessments.
• Both public and nonpublic internal auditors show moderate support for descriptive internal audit reports, with support from nonpublic internal auditors marginally higher than from public internal auditors. Participants believe that while descriptive internal audit reports may enhance the prestige of the internal audit function and enhance corporate governance, they not be relevant to external stakeholders and may interfere with internal audits’ true role.
• Compared to support for descriptive internal audit reports, support for assurance internal audit reports is lower. Participants believe that although assurance internal audit reports may enhance corporate governance, they may open internal audit to scapegoating, interfere with internal audits’ true role, lead to replication of external auditors’ work, and take away the flexibility that lets internal audit focus on important areas that the external auditors consider out of scope.
• Internal auditors expect descriptive (assurance) internal audit reports to cost about 17.5% (59.3%) of an internal audit department’s current budget.

http://www.auditingresearchsummaries.org

The results suggest that internal auditors contribute to decreased reliability of disclosed amounts. It appears that the incentives of external auditors and internal auditors are closely aligned on this issue. In general, both of these parties seem to feel less responsibility for disclosed, relative to recognized amounts. The results indicate that financial reporting location has significant effects on internal auditors’ decisions to correct misstatements. Specifically, internal auditors are more willing to waive disclosed misstatements relative to recognized misstatements. Contrary to expectations, the results do not indicate that increased audit committee expertise and associated increases in audit committee members’ perceived powers cause internal auditors to be less willing to waive misstatements.

Norman, C. S., J. M. Rose, and I. S. Suh. 2011. The effects of disclosure type and audit committee expertise on Chief Audit Executives’ tolerance for financial misstatements. Accounting, Organizations & Society 36 (2): 102-108.

External audit partners are more willing to waive misstatement corrections for disclosed than for recognized amounts. This willingness to allow misstatements may increase management’s incentives to manipulate disclosed amounts and increase the levels of error and bias in disclosed information. While external auditors are more willing to waive disclosed amounts, relative to recognized amounts, internal auditors may require management to adjust misstatements regardless of their reporting locations. If internal auditors do not tolerate misstatements that are disclosed, this will increase the reliability (i.e., decrease the random error and bias) of disclosed amounts and decrease the likelihood of management manipulation of disclosed amounts. As a result, the impact to practice of external auditors’ willingness to waive misstated disclosures could be mitigated or even eliminated by internal audit oversight.

The authors examine Chief Audit Executives’ and deputy Chief Audit Executives’ decisions to require adjustments of misstatements that are either recognized or disclosed. Chief Audit Executives (CAEs) may require equivalent adjustments for recognized and disclosed amounts, and act to counter the actions of management and external auditors. Understanding the decision processes of CAEs will help to inform regulators and standard setters of the underlying factors that drive financial statement reliability.

The participants are 73 Chief Audit Executives (CAEs) and deputy CAEs. CAEs and deputy CAEs are the ultimate decision makers in internal audit. None of these participants are from outsourced internal audit departments. The average number of years of internal audit experience is 13.71. The study was completed on paper and provided to participants in sealed envelopes by one of the study’s authors. All participants completed the materials in their professional offices under controlled conditions in the presence of one of the authors. The evidence was gathered prior to 2011.

The results of this study indicate that reporting location has a significant effect on internal auditors’ decisions. Specifically, CAEs and their deputies require lesser amounts of misstatement correction of disclosed amounts relative to recognized amounts. While increased audit committee expertise increases audit committee members’ perceived power over management, the authors do not find that CAEs require greater misstatement corrections when the audit committee has more financial expertise, relative to less expertise. It appears that internal auditors may not have enough concern about disclosed misstatements to warrant a decision to exercise the power they derive from audit committee expertise. The results suggest that internal auditors, like external auditors and managers, act to decrease the perceived and actual reliability of disclosed information. Further, increasing the power of the internal audit function does not mitigate this problem. The authors find reason for serious concerns about the accuracy of disclosed amounts, relative to recognized amounts.

http://www.auditingresearchsummaries.org

This study makes an original contribution to the development of new knowledge on internal auditing. It concludes that internal auditors tend to lack independence and audit committee members often exercise disturbingly weak power (on the internal audit function), as compared to the top managers. This points to the difficulty of applying an idealized conception of independence and purist governance principles to practice. That is, it encourages auditors to consider the appropriateness of internal auditing as a meaningful independent assurance device in operating the corporate governance "mosaic."

Roussy, M. 2015. Welcome to the day-to-day of internal auditors: How do they cope with conflict? Auditing: A Journal of Practice and Theory 34 (2): 237-264.

The internal audit function (IAF) was made mandatory in both private and public companies in North America in the early 2000s. This paper proposes a ''micro-level'' analysis of the way in which internal auditors express role conflicts in their day-to-day practice and how they perceive, manage, and resolve them. The study seeks to show that the independence of the internal auditor is often not up to the standards that are expected of the internal audit function (IAF), and therefore unlikely to play an effective governance oversight role compatible with the ideal of the new public management governance reform.

A field study was conducted involving semi-structured interviews with 42 internal auditors working in 13 public sector organizations. Interviews were conducted between May and October 2010. Each interviewee had 10-15 years of experience in internal auditing, with 20-25 years of professional experience total. Data was interpreted in the light of a theoretical analysis framework designed especially for this study. Organizational and social context was taken into consideration for each interview.

Overall, the results indicate that internal auditors have a relative lack of independence (as compared with the Institute of Internal Auditors’ standards.) More specifically:

• While internal auditors are strategic in managing conflicts, they do not consider the cumulative effect that their coping behavior has on their lack of independence.
• The audit committee does not greatly influence internal auditors’ coping tactics at any stage in the audit process.
• Auditors use “pragmatic” behavior because they are embedded in a specific organizational and social context that they are ‘‘forced’’ to take into account.
• The analysis casts doubt on the audit committee’s ability and commitment to consolidate and ensure internal auditor independence.

Ultimately, the study concludes that internal auditors behave as if the IAF were a means for managerial control, instead of a governance mechanism.

http://www.auditingresearchsummaries.org

The primary result that audit committee involvement is significantly and positively associated with “outsourcing” is an important finding that suggests a need for management to pay close attention to the role that audit committee plays in “outsourcing” internal audit activities. The significance of value-added-activities, missing-skill-set, and audit-staff-vacancies on “outsourcing” also require management attention because collectively these three variables indicate trade-offs between acquiring the expertise in-house or “outsourcing” to external service providers.

For more information on this study, please contact Mohammad Abdolmohammadi

Abdolmohammadi, M. 2013. Correlates of Co-Sourcing/Outsourcing of Internal Audit Activities. Auditing: A Journal of Practice and Theory 32(3): 69-85.

I use responses from 1,059 chief audit executives (CAEs) of organizations located in Australia, Canada, New Zealand, South Africa, the U.K./Ireland, and the U.S. to investigate several correlates of co-sourcing/outsourcing (referred to as simply “outsourcing”) of internal audit activities. 

In 2010 the Institute of Internal Auditors Research Foundation (IIARF) conducted a survey of IIA’s membership world-wide. The long survey had detailed questions about various issues from CAE attributes, organization characteristics, to practice issues such as “outsourcing.” Called the Common Body of Knowledge in Internal Auditing or CBOK (2010), this database has responses from internal auditors of varying experience and professional rank. I only use CAE responses for my study of “outsourcing” because CAEs are presumed to be highly knowledgeable about various issues of internal audit activities, including “outsourcing.” While CBOK (2010) has over 13,500 responses from members of various professional rank (CAEs, audit managers, etc.) in over 100 countries, I limit the data used in my study to only CAEs from Anglo-culture countries. This is to mitigate the possibility of differences due to various languages and cultural dimensions, such as uncertainty avoidance, levels of femininity/masculinity, etc.  

• An important finding of the study is that audit committee involvement is positively and significantly associated with “outsourcing” of internal audit activities. Interactions of audit committee involvement with organization size and location generally indicate that medium and large international/multinational organizations with audit committee involvement “outsource” more than medium and large local/national organizations with no audit committee involvement.
• Other important findings indicate an inverse relationship between “outsourcing” and value-added-activities of the internal audit function, and positive relationships between “outsourcing” and missing skill set and audit staff vacancies.
• Finally, I find no evidence of relationships between CAE age, college degree (graduate/undergraduate), major (accounting versus others), internal audit certification, and regular meetings with the audit committee and “outsourcing.” Also, country of residence (U.S. versus other Anglo-culture countries) is not significant, but for-profit organizations “outsource” significantly more of their internal audit activities than not-for-profit organizations.

http://www.auditingresearchsummaries.org