Search results

This paper aims to investigate how the internal audit function (IAF) modifies its activities and practices in relation to the digitalisation the organisation. This paper specifically examines the use of data analytics and the performance of consulting activities by internal auditors.

This paper is based on a survey conducted with 82 chief audit executives based in the USA and members of the institute of internal auditors.

Results indicate a positive relation between the organisation’s level of digitalisation and the use of data analytics by internal auditors during their missions. Results also indicate that the organisation’s level of digitalisation has an indirect effect on the proportion of the internal audit planning dedicated to consulting activities. Specifically, the use of data analytics mediates the relationship between the organisation’s level of digitalisation and the proportion of the internal audit planning dedicated to consulting activities.

This research was conducted amongst internal auditors based in the US Future research could investigate the insights of other internal audit stakeholders and investigate different legal contexts.

Results show that digitalisation increases the use of data analytics by internal auditors and the performance of consulting activities. The results, therefore, highlight the importance of these two aspects for the IAF to continue to bring value to organisations.

This research provides more insights on internal audit working practices. The digitalisation of the organisation leads the IAF to use more data analytics and perform more consulting activities.

Information system projects often go awry and when they do internal auditors are often in a position to bring the problems to management’s attention. However, managers are not always receptive to risk warnings, even when internal auditors who are role prescribed to carry out this function deliver such warnings. This phenomenon is known as the deaf effect. This paper aims to examine the actions that internal auditors take to resolve the deaf effect and how these actions affect the auditor–manager relationship.

Based on a multiple case study approach, the authors conducted in-depth interviews with auditors and examined ten cases of the deaf effect from the auditor’s perspective.

The findings revealed three categories of actions that auditors took in response to the deaf effect and how these actions immediately affected the auditor–manager relationship. Further, by analyzing the subsequent sequence of actions taken by the auditor in each case, the authors identified three distinct patterns that capture the dynamics of the auditor–manager relationship over time until the deaf effect was, ultimately, resolved.

Several practitioner studies have shown that internal auditors and managers struggle to build effective relationships, even under the most favorable circumstances and the authors suggest that deaf effect situations are likely to pose an even greater challenge to the auditor–manager relationship. The study contributes to the discourse on internal audit effectiveness in several ways. First, the authors identified three categories of actions that internal auditors took in response to the deaf effect. The authors found that two of these categories of action are related to the two distinct roles that internal auditors can play (inspector or consultant). Second, the authors examined how these categories of actions played out over time, influencing the auditor–manager relationship dynamics.

This paper aims to gain an in-depth understanding of how the internal audit function evolves in an increasingly digitalised business environment.

This paper is based on 29 semi-structured interviews with members of management committees and internal auditors based in Belgium.

The analysis reveals that a digitalised business environment affects the internal audit function in three respects. First, it impacts its scope. The agility of the internal audit planning and the required digital knowledge are expected to increase and information technology (IT) risks gain importance, especially cybersecurity threats. Second, the demand for consulting activities performed by internal auditors is higher and third, digitalisation modifies the working practices of internal auditors in their day-to-day tasks. New technologies such as data analytics tools are being implemented progressively in internal audit departments and digital skills are considered a critical asset.

This research was conducted in the European Union and gathers opinions of members of management committees and internal auditors. Future research could focus on other internal auditing stakeholders in other legal contexts.

The internal audit function needs to integrate IT and data analytics skills. In addition, the internal audit function should develop consulting activities to help organisations deal with the digitalisation of the business environment.

The impact of digitalisation on the internal audit function and its effect on internal audit practices is an underexplored area.

The purpose of this paper is to investigate several variables that are theoretically associated with the internal audit function (IAF) having an active role in corporate governance.

The paper uses responses from 782 US Chief Audit Executives (CAEs) in the CBOK (2006) database for the investigation. The paper makes the assumption that an IAF has only one CAE, thus the dataset represents 782 US IAFs.

It is found that an IAF having an active role in corporate governance is significantly and positively associated with the use of a risk‐based audit plan, existence of a quality assurance and improvement program, and audit committee input to the audit plan. Control variables such as stock exchange listing, firm size, the existence of an internal control framework, and a CAE with an internal auditing qualification also are positively associated with the IAF having an active role in corporate governance.

A limitation of this study is that CAE perceptions may deviate from actual practice. Also, the sample is limited to the US CAEs who are also IIA members, thus it may not reflect the views of non‐members and the CAEs from other countries.

The results have implications for CAEs who wish to increase the chance for their IAFs to play an active role in corporate governance. The IIA may benefit from these results in its supporting role for the internal auditing profession.

The study is complementary to the literature on the existence and size of the IAF and reveals several avenues for further research.

This purpose of this paper is to investigate how to implement a combined assurance program.

This paper uses qualitative data obtained through semi-structured interviews with six multinationals at different stages of combined assurance implementation maturity.

The paper finds that organizations are still learning through combined assurance implementation because no organization seems to have attained a mature combined assurance program. Nevertheless, our descriptive findings reveal that a successful combined assurance implementation follows six important components.

One limitation of this study is that, as the organizations studied are at different stages of combined assurance program implementation, data may have comparability issues. Another limitation is that different interviewees were studied from one case to another.

The results have implications both for organizations that do not yet have a combined assurance program in place and for those currently at the implementation stage. It has also implications for chief audit executives who are good candidates to lead a combined assurance implementation and for regulators, as the study describes combined assurance as an important accountability mechanism that helps boards and audit committees exercise their oversight role properly.

The study is the first to address combined assurance implementation. It complements the study of the Institute of Internal Auditors UK and Ireland (2010), which identifies the reasons for failed attempts to coordinate assurance activities, by illustrating combined assurance implementation through six international case studies of organizations at different combined assurance implementation stages.

This study seeks to analyze and explore whether the organizational profile, the size of the internal audit function (IAF) and internal audit (IA) practices are related to the age of the IAF.

This study is based on data collected from the Common Body of Knowledge study conducted by the Institute of Internal Auditors Research Foundation in 2006. In total, 9,366 practitioners completed the questionnaire, representing 92 countries.

This study has identified three clusters of IAF based on their age. The findings show that: the organizational profile is significantly different between these three clusters; the current size of the IAF is related to the age of the IAF; those IAFs that were set up in the early days of the IIA (established in 1941) are more likely to use the IIA Standards and have more internal auditors with internal auditing qualifications; a quality assurance and improvement program is more common within older IAFs; and older IAFs have a more diversified IA agenda and more frequently perform advanced IA activities.

This paper does not allow conclusions to be reached on causality: the results in this paper are based only on univariate association tests. Given that age of the IAF is not a proxy for its maturity, a multidimensional measure of the maturity of an IAF could be developed.

The results reported in this paper can be useful for practitioners who wish to benchmark their IAF and for the IIA to continue implementing their mission “progress through sharing”.

This is the first large‐scale study focusing on the age of the IAF. The results of this study have resulted in interesting directions for future research.

The aim of this paper is to investigate a number of factors that are theoretically associated with convergence toward best practices in internal auditing.

The paper defines best practices as internal audit tools and techniques that are used by at least 67 percent of the internal audit functions (IAFs) in the USA. A sample of 26 countries and data from 1,708 IAFs were used in this study.

The paper finds evidence of a high degree of de facto convergence of internal auditing practices toward US best practices. It also finds that IAFs in emerging countries converge more rapidly to best practices than IAFs in developed countries. Finally, the use of the Institute of Internal Auditors' (IIA) Standards and an external quality assessment in the past three years are found to be positively and significantly associated with convergence toward US best practices.

The most important limitation of the data used in the study is that they reflect respondents' perceptions, which may deviate from reality. Also, data were only available for one‐half of the emerging countries listed in the MSCI Global Standards Index. Limitations aside, this study has significant implications for future research investigating various factors associated with emerging countries rapidly converging toward US best practices.

The results support the IIA's efforts to unify internal auditing practices around the world via its Standards. However, the additional analysis shows that the impact of the Standards is rather limited. The results also imply that formal assessment of internal auditing practices results in a more substantial change in the adoption of best practices.

The convergence of internal auditing is a part of the convergence of corporate governance practices which has become a topic of interest in academic research. While internal auditing has developed over a relatively long period of time in developed countries, such development must take place over a shorter period of time in emerging countries to catch up with developed countries. The current study's findings indicate that convergence of internal auditing practice is not context‐free.

This study aims to critically analyse the independence of the internal audit function through its relationship with management and the audit committee.

Results are based on a critical comparison of responses from questionnaires sent out to Australian chief audit executives (CAEs) versus existing literature and best practice guidelines.

With respect to the internal audit function's relationship with management, threats identified include: using the internal audit function as a stepping stone to other positions; having the chief executive officer (CEO) or chief finance officer (CFO) approve the internal audit function's budget and provide input for the internal audit plan; and considering the internal auditor to be a “partner”, especially when combined with other indirect threats. With respect to the relationship with the audit committee, significant threats identified include CAEs not reporting functionally to the audit committee; the audit committee not having sole responsibility for appointing, dismissing and evaluating the CAE; and not having all audit committee members or at least one member qualified in accounting.

This study introduces independence threat scores, thereby generating analysis of the internal audit function's independence taking into account a combination of threats.