Search results

This article deals with internal auditors’ use of and compliance with the Standards for the Professional Practice of Internal Auditing, as well as the Practice Advisories, issued by the Institute of Internal Auditors (IIA). The results reported here form part of a global research project, the 2006 Common Body of Knowledge in Internal Auditing (CBOK) study. The research shows that internal auditors worldwide believe that overall, their organisations comply with the Standards. Reasons for not using the Standards relate to organisational attributes such as management’s perceptions that these do not add value and are too time‐consuming to comply with.

To present the results of a survey of internal auditors worldwide to determine the scope of the topics to be included in The IIA's Global Common Body of Knowledge Study (CBOK) 2006.

The researchers developed a prescope questionnaire and surveyed a small sample of experienced internal auditors worldwide. All three CBOK 2006 teams (Americas, Asia Pacific and Europe/Africa) participated in data gathering from internal auditors in their regions. The questionnaire contained topics that were adapted from The IIA Practice Standards, past CBOKs ands other relevant prior research. The questionnaire also provided space for inclusion of “Other” topics by respondents.

The respondents agreed with the inclusion of a majority of the topics listed in the prescope questionnaire in the global CBOK 2006 survey. Many “Other” topical areas were also suggested for inclusion.

The survey results are providing invaluable information to the researchers in their efforts to develop the questionnaire for global CBOK 2006.

The purpose of this paper is to investigate whether the internal audit quality was maintained in relation to the rapid growth in Institute of Internal Auditors (IIA) membership in South Africa. As The IIA in South Africa (SA) has seen more than double the membership growth (59 per cent) than the IIA (25 per cent) over the period 2006 to 2010, the change in internal audit quality indicators for these two are compared.

The responses from SA respondents and all “Other” respondents are analysed from the 2006 and 2010 Common Body of Knowledge studies on specific questions addressing internal audit quality, to determine whether there is a growth in quality-related indicators and whether the growth is in relation to the membership growth. The chi-square test is used to look for change in response frequencies.

The paper finds that the SA respondents have a greater increase of internal audit quality indicators than “Other” respondents, suggesting that the increase in membership could also result in improved internal audit quality.

This study links the increase in membership with improved internal audit quality. This could assist the IIA in determining the feasibility of developing key indicators of internal audit quality. The IIA-SA will obtain an understanding whether the exceptional growth in membership is in line with the internal audit excellence as prescribed by SA guidance and legislation. Last, individual internal audit activities could benchmark their growth statistics against the SA and “Other” respondents’ growth pattern – both in numbers and quality indicators.

The purpose of the study is to explore the factors associated with the extent of security/cybersecurity audit by the internal audit function (IAF) of the firm. Specifically, the authors focused on whether IAF/CAE (certified audit executive [CAE]) characteristics, board involvement related to governance, role of the audit committee (or equivalent) and the chief risk officer (CRO) and IAF tasked with enterprise risk management (ERM) are associated with the extent to which the firm engages in security/cybersecurity audit.

For analysis, the paper uses responses of 970 CAEs as compiled in the Common Body of Knowledge database (CBOK, 2015) developed by the Institute of Internal Auditors Research Foundation (IIARF).

The results of the study suggest that the extent of security/cybersecurity audit by IAF is significantly and positively associated with IAF competence related to governance, risk and control. Board support regarding governance is also significant and positive. However, the Audit Committee (AC) or equivalent and the CRO role are not significant across the regions studied. Comprehensive risk assessment done by IAF and IAF quality have a significant and positive effect on security/cybersecurity audit. Unexpectedly, CAEs with security certification and IAFs tasked with ERM do not have a significant effect on security/cybersecurity audit; however, other certifications such as CISA or CPA have a marginal or mixed effect on the extent of security/cybersecurity audit.

This study is the first to describe IAF involvement in security/cybersecurity audit. It provides insights into the specific IAF/CAE characteristics and corporate governance characteristics that can lead IAF to contribute significantly to security/cybersecurity audit. The findings add to the results of prior studies on the IAF involvement in different IT-related aspects such as IT audit and XBRL implementation and on the role of the board and the audit committee (or its equivalent) in ERM and the detection and correction of security breaches.

The purpose of this study is to identify the competencies required of Shari’ah auditor (SAR) in the Islamic banking environment.

A qualitative approach using a multiple-case study through the semi-structured interview was used. Data was gathered from a representative of Central Bank of Malaysia, and 30 other respondents consist of the Head of Shari’ah audit (HSA) and SAR from four types of banking institutions. A focus group discussion was later conducted to validate the model of competency proposed.

Results show a mixed practice on the recruitment of SAR. Most banking institutions prefer to use their existing internal auditors as opposed to recruiting fresh graduates or acquire experienced SAR from other financial institutions. Knowledge in Shari’ah, Islamic banking and Fiqh Muamalat is considered as the essential knowledge component for SAR, while auditing is revealed as the core skill that SAR should have to perform the Shari’ah audit effectively. The study also found that personal skills such as willingness to learn and teamwork as the complementing characteristics to the knowledge and skill components, as a package required for a competent SAR.

The results of this study would have both theoretical and practical contributions to the regulatory bodies, academicians and professionals. Theoretically, this study made a concerted effort to enhance prior studies on the qualification aspect of Shari’ah audit literature, emphasizing the elements necessary to recruit competent SARs in the Islamic financial institutions (IFIs). The element of “time” has been infused to the existing effective job performance theory add dynamics to the model, recognizing the need for years of experience as part of elements necessary to become competent SAR. In practice, the competency model is recommended to the industry players in pooling competent talents in the Islamic finance industry (R4) and (B5). In spite of its limitation to confine only to the IFIs, it sheds light on human resource management within the Islamic organizations.

The study would contribute to the practitioners as a guideline to the Human Resource Department in recruiting their SAR and also for succession planning purposes.

A competency model for SAR was proposed focusing on building knowledge, core and personal skills that can be used as guidance in determining the criteria needed for a competent SAR, which is a new dimension for Islamic auditing literature. The sub-objective of determining the elements of competency, as well as understanding the current practice of recruiting the SAR became the input in the building of the competency model.

Based on the theoretical development by House et al. (2004), the purpose of this paper is to investigate the cross-cultural differences of internal auditors’ perceptions on the importance of internal auditor skills.

The authors developed a survey based on the competency framework for internal auditing and collected data from the UK (Anglo cultural cluster) and Korea (Confucian cultural cluster). In total, 231 internal auditors participated in the study.

The results showed that UK auditors perceived behavioral skills as more important than cognitive skills, while Korean auditors had an opposite perception. Not surprisingly, UK auditors rated each sub-category of behavioral skills higher than Korean auditors; Korean auditors gave higher scores than UK auditors for each sub-category of cognitive skills.

One limitation of the study is that two different data collection methods were used for the study: online for the UK and paper-based for Korean auditors. Another limitation of the study is that the authors did not analyze the possible impact of each participating auditor’s background knowledge.

The findings of the study contributes to professional practice by providing culturally adaptive criteria for regulators’ policy-making, organizations’ employee hiring and training, and educators’ curriculum design across various cultural environments.

The findings of the study can provide some insights on cultural impacts to help academic researchers develop models regarding the internal auditor selection and training in different nations.

The 2006 global common body of knowledge (CBOK) study is part of an ongoing research program that will broaden the understanding of how internal auditing is practised throughout the world. At the core of the 2006 CBOK study are three surveys of internal auditors worldwide regarding their professional activities. This paper reviews past CBOK studies and introduces the 2006 CBOK research project.

The findings of prior CBOK studies are reviewed, and additional topics are identified to develop the topical areas to be covered in CBOK 2006.

Past CBOK studies covered many of the same topical areas. Recent changes in The Institute of Internal Auditors Professional Standards, introduction of new technology, and the expanding complexity of business operations require new knowledge and skills for internal auditors. CBOK 2006 will be designed to address these issues.

By presenting an overview of past CBOK studies and discussing the rationale for the 2006 CBOK study, the researchers hope to motivate future research and to encourage internal auditors to participate in this global study.

The 2006 global Common Body of Knowledge (CBOK) study is part of an ongoing research program designed to document how internal auditing is practiced. The purpose of this paper is to summarize responses to three global surveys of internal auditors.

Based on literature reviews and a pre‐scope questionnaire, the researchers develop three questionnaires that are answered by internal auditors world wide. Topics in the questionnaires, which are translated from English into 16 languages, include the attributes of an effective internal audit activity (IAA); compliance with The Institute of Internal Auditor (IIA) Standards; internal auditor skills, competencies, and knowledge; internal audit tools and techniques; and emerging roles of the IAA.

The profession of internal auditing is a rich resource for organizations as the IAA monitors the adequacy and effectiveness of management's internal control framework and contributes to the integrity of corporate governance; risk assessment; and financial, operating, and IT systems.

The participation of IIA members from 91 countries and 9,366 usable responses provides information about the evolving role of internal auditing as a value‐added activity that helps an organization manage its risks and take advantage of opportunities. The CBOK 2006 database can be used to improve the understanding of the current state of internal auditing practices; anticipate the use of new skills, tools, and technologies; and promote the enhancement of standardization and performance of internal auditing world wide.

This paper summarizes information in the most comprehensive database ever to capture a current view of the global state of the internal audit profession.

The purpose of this study is to analyze how internal audit function (IAF) activities differ, depending on the impact of executive boards (EBs) and audit committees (ACs).

This study is based on data collected from the Common Body of Knowledge (CBOK) study conducted by the Institute of Internal Auditors Research Foundation in 2010. Using 524 responses from US Chief audit executives the authors examine the direct and interaction effects of ACs and EBs on the probability to perform specific activities with a logistic regression model.

This manuscript shows that ACs and EBs have different direct and interaction effects on the portfolio of activities performed by the IAF. Furthermore, a varying prevalence among activities was identified, which pinpoints to the maturity of IAFs. All findings contribute to the prior and recent discussion about the position of IAFs between the stakeholders’ AC and EB.

When the CBOK study was designed by the Institute of Internal Auditors, the investigators did not have the research questions in mind. The authors are therefore limited to those variables that have been collected as part of a larger questionnaire. Nevertheless, the new approach tries to open a new research direction, analyzing different activities performed by IAFs.

The identified portfolio of IAF activities can help practitioners to double-check their own work and to evaluate the impact of the EB and the AC on their activities.

This study provides the first empirical evidence of the influence of ACs and EBs on IAF activities.

The purpose of this study is to explore whether various organizational, internal audit function and audit committee factors are associated with internal audit investment in audit technology.

The responses from 213 public and private company chief audit executives (CAEs) from seven Anglo-culture countries are analyzed from the Common Body of Knowledge (CBOK) 2015 Global Internal Auditor Practitioner Survey on specific questions addressing internal audit use of audit technology.

The results indicate that several of the studied factors are associated with investment in internal auditing technology, and taken together, suggest that CAE power may be the key driver in the technology investment decision. Furthermore, the data show that internal audit functions are not fully embracing the use of information technology (IT) tools and techniques, with average usage of ten of the eleven tools and techniques examined below moderate levels.

The results have implications for CAEs, boards and management when making resource allocation decisions. For example, the findings can be used in benchmarking an appropriate investment in internal audit technology, as well as identifying specific internal audit technology areas where further investment may be warranted. Additionally, insights provided by this study can facilitate a discussion about the value internal audit can add by increasing its investment in audit technology.

This study contributes to prior literature on internal auditing by filling a gap related to internal audit investment in audit technology, examining countries that are similar in culture rather than limiting the study to one country, and using several factors that have not been previously examined in prior internal audit investment-related literature. Additionally, the findings pointing to the important role CAE power appears to play in the internal audit technology investment decision provide several interesting new research avenues.