Search results

This study aims to identify the factors that lead non-financial companies listed in the UK to use an internal audit function (IAF) as a monitoring mechanism. Although the use of an IAF in the UK is voluntary, no prior research has examined the drivers for using one.

Financial and non-financial data were collected from the annual reports of 332 UK non-financial companies listed on the London Stock Exchange (LSE) Main Market. Univariate tests and multivariate logistic regression tests were used to test the research hypotheses. A theoretical framework based on both agency theory and transaction cost economics (TCE) theory was used to explain the economic factors affecting the use of an IAF.

The study provides evidence that firm size, level of internal risks, agency problem between owners and managers and existence of an effective audit committee are associated with the existence of an IAF. Thus, the need to have strong internal control and risk management systems and to reduce both internal and external agency costs drives companies to have an IAF. These results suggest the importance of IAF as an internal corporate governance tool and the effectiveness of UK governance regulations in monitoring the effectiveness of internal control systems.

Given the importance of the IAF’s corporate governance role, the study provides some policy implications. Regulators should pay more attention to the issue of maintaining an IAF, especially by large companies, the relationship between the IAF and other governance parties, especially the audit committee, and the disclosure of more relevant information about the IAF’s characteristics and practices.

This is the first study to examine the factors affecting the existence of the IAF within the UK’s distinctive regulatory approach of “comply or disclose reasons”. Furthermore, it provides a theoretical framework that explains how both the agency theory and TCE theory can interpret the adoption of internal audit.

While the three lines model (TLM) provides an organizational structure to execute risk and control duties, research and practice show limitations in the model's implementation. These limitations result in governance issues. Such issues, together with control weaknesses, could be addressed by leveraging properties of distribution, transparency, and immutability of blockchain technology. To this end, in this paper the authors propose a conceptual control framework based on blockchain technology to augment control practice.

The design of the resulting blockchain-based control framework (BBCF) and its prototype, based on the design science research methodology (DSRM), is presented and discussed in terms of the potential impact in the context of the identified problems within the TLM.

One potential outcome of BBCF could be to redefine the scope and boundaries of some of the activities in audit and control practices from a more static to a more dynamic and prospective role. In a larger context of improving governance practices, the BBCF could set the path for a more inclusive and participatory interaction between the different governance actors of an organization.

However, this assumes that blockchain is more widely adopted despite its complexity and rigidity.

BBCF covering both a conceptual model design and a reference implementation provides an innovation in audit and control. BBCF could include all relevant stakeholders who have an interest in corporate governance and control activities, including the regulators.

The contribution intends to serve both as a starting point for discussing the evolution of audit and control practice based on blockchain technology, as well as an initial actionable prototype for experimentation and further development.

This study is aimed at assessing the information security management practice with a focus on banking card security in selected financial institutions in Ethiopia, using an international information security standard as a benchmark. It is to identify the gaps and recommend best security practices to help financial institutions meet the required security compliance.

Two financial sectors were purposively selected. A total of twenty-five respondents (IT executives and IT staff) were included in the study. Quantitative data was collected using the PCI-DSS (Payment Card Industry Data Security Standard) security standard questionnaire. In addition, observation and document analysis were made.

The result shows that most of the essential security management activities in the financial sectors do not comply with the international security standard. Similarly, the level of most of the indispensable security requirements that should be in place is found to be below the acceptable level. The study also revealed major security factors that prohibit the financial sectors from PCI-DSS security standard compliance.

This study assessed the information security management practice with a focus on banking card security and tried to figure out the limitations of security practices of the organizations surveyed based on the standard adopted. The topic has not been well explored especially in the Ethiopia context. Hence, the result can positively influence security policies, particularly in the banking sector.