Search results

This study challenges the conventional theoretical approach of the ‘Three Lines of Defence’ Model adopted by most of the Maltese credit institutions. The authors propose a paradigm shifting conceptualised framework that would alter the corporate governance structures of banks. The objective is to test the feasibility and willingness of credit institutions to adopt such an approach.

This study challenges the current practices of the internal auditing profession and organisations and invites them to evaluate their structures whilst recognising the benefits of adopting a combined assurance function.

In order to test this hypothesis, the authors sought out semi-structured interviews with controllers (Internal Auditors, Risk Managers and Compliance Officers) within Maltese Credit Institutions, varying in size from significant, medium-sized and small institutions; personal from the Malta Financial Services Authority – The regulator, the Big four audit firms and members of the Malta Forum of Internal Auditors, and practitioners working both within and outside the financial industry.

There were two contrasting opinions regarding the suggested proposition. On the one hand, those operating within the credit institutions, as well as the regulator and the external auditors, do not believe that the proposition of integrating risk, compliance and internal audit functions (IAF) in one team would be possible; the reason being that independence, which is the cornerstone of every IAF, would be severely impacted. On the other hand, there were those practitioners working outside the banking industry but with sufficient experience and knowledge in the field, who challenged the traditional concept of independence. They argue that the functions should not be separate from each other because they have much in common.

Four themes emerged from the study: (1) challenges as a concept, (2) benefits, (3) risks and (4) condition for successful implementation. All interviewees, from risk departments, boards, external auditors and regulators agree that a strong, knowledgeable and independent IAF is fundamental to every organisation but more so within the financial industry. Nevertheless, this study revealed two schools of thought that emerged from the findings in relation to the IAF and its regulation, and specifically, when the authors presented the proposition of an integrated function.

Purpose – The purpose of the study is to investigate the role of the internal audit function in the public sector entities in Ghana and the factors limiting the effectiveness of internal audit in the sector.

Design/Methodology/Approach – The study collected the data from 120 internal auditors in 40 ministries, departments and agencies (MDAs) through a self-administered questionnaire. A semi-structured interview with a senior manager of the Internal Audit Agency, the oversight body was also carried out as a follow up.

Findings – The scope of internal audit services in the sector is limited to regular audit activities, mainly pre-audit of payment vouchers which take estimated 74% of the average productive audit time. The effectiveness of internal audit in the Ghanaian public sector is hampered by several factors: low professional proficiency of internal auditors; lack of management ownership and support for internal audit activities, lack of budget authority of the internal audit units and weak functioning of audit committees, among others. Some remedial programmes are ongoing.

Research limitations – Inherent in the study result is the limitation associated with non-probability sampling methods because of the use of purposive sampling technique to select the internal auditors and the organisations.

Practical implication – The result of the study may have policy implication for government in the design of programmes for improving the effectiveness of internal audit as an element of public financial management reforms.

Originality/Value – Despite several studies on internal audit effectiveness in the public sector organisations, none relates to Ghana. This study fills the gap.

This chapter adopts Porter’s ‘audit trinity’ approach comprising internal audit, external audit and audit committee to discuss the role auditing can play in the management of corporate fraud.

The chapter maps the historical background of and the developments in external audit as an assurance service, the internal audit function and the audit committee. Based on this, it explains the nature, types and possible causes of corporate fraud within the context of business risk with a view to establishing how auditing can help in managing such frauds.

The chapter highlights the relationships that should exist between the three audit types in order to support a sound internal control system as a tool for preventing and detecting corporate fraud.

The chapter identifies cost, opportunity, connivance and managerial override as factors that could limit the ability of auditing to manage corporate fraud. It also suggests ways of addressing these limitations.

As the current upward trend in IT adoption for corporate operations continue to open new sets of corporate fraud windows, this chapter examines how an entity’s internal controls can be used to prevent and detect these growing fraud schemes.

The chapter’s unique strength is its adoption of a holistic approach to auditing to suggest ways of managing corporate fraud – a novelty in the corporate fraud literature. It is hoped that future research in the area will bring empirical insights to the issues raised and perspectives covered in the chapter.

This chapter aims to enhance understanding of the main drivers of internal auditors' moral courage to speak up about sensitive information and their cause-and-effect relationships. We use cognitive mapping method to analyze 20 chief audit executives' cognitive maps in Tunisia. A collective map was grounded through assembling the full individual maps. Using the Decision Explorer software for our analysis, we find that the state hope, whistle-blowing policy, self-efficacy, perceived supervisor support and independence of internal audit function are the main drivers for internal auditors' moral courage. Our findings are also supplemented by semi-structured interviews. Our chapter offers a novel methodological contribution to auditing literature as well as new empirical evidence (contribution to knowledge) on the drivers of internal auditors' moral courage.

Section 404 of the Sarbanes–Oxley Act (SOX) altered the relationship between auditors and their clients by requiring an external audit of companies’ internal controls. Regulatory guidance is interpreted and applied by external auditors to comply with SOX. The purpose of this paper is to apply service operations management theories and techniques to the internal control audit process to better understand the role regulatory guidance plays in audit services. We discuss service operations management theories that apply to the production of audit services and employ the operations management technique of simulation to examine the effects of a historical relationship between the client and the auditor, information sharing between the client and the auditor, and the auditor’s perceived risk of the client on the internal control audit process. The application of service operations management theories and the simulation results illustrate that risk and information sharing are key factors for the audit process. The results suggest the updated Public Company Accounting Oversight Board guidance from Auditing Standard 2 to Auditing Standard 5 appropriately increased audit effectiveness by encouraging risk-based judgments and information sharing. This paper merges accounting and service operations management research to examine the effects of regulatory guidance on the internal control audit process. The paper uses simulation to illustrate the importance of interpreting regulatory guidance and the specific effects of risk and information sharing on the internal control audit process.

This study examines the effects of incentive compensation and guanxi, a type of informal personal relationship between people, on the objectivity of Chinese internal auditors. Given that the objectivity of internal auditors is essential for promoting financial reporting quality, it is important to investigate the effectiveness of internal audit functions, especially in emerging markets where the corporate governance mechanisms designed to promote objectivity are less mature.

The research employs a 2 × 2 between participants experiment with 116 graduate accounting student participants.

After controlling for internal auditors’ ethicality, we find that close-guanxi between management and internal auditors and incentive compensation in the form of bonuses based upon meeting earnings targets both have the capacity to impair the objectivity of Chinese internal auditors. Participants were more tolerant of management’s attempts to manage earnings when there was close guanxi or bonus compensation. Further, compensation structure only influenced internal auditors’ support of management when guanxi was distant, but when there was close guanxi between internal auditors and management, internal auditors were unlikely to challenge management regardless of the compensation structure.

Purpose: The study is designed to investigate internal audit functions in banks’ cyber security governance processes by assessing the pros and cons of blockchain technology through swot analysis.

Need of the Study: The study is needed to clarify the complexities in internal audit fields integrated into cyber security governance and explore the blockchain application opportunities.

Methodology: Blockchain technology is explored from the point of technical concepts and policy framework by swot analysis to propose a set of solutions for continuous audit methods in cyber security governance.

Limitations: The sample of this study is limited to the personal ideas and evaluations of academicians, experts in the banking sector and legal regulators of Türkiye, with the data received between March and December 2021.

Findings: Blockchain technology can be applied as an alternative to conventional risk control methods as a mechanism of continuous audit methods to reduce human mistakes and special causes.

Practical Implications: The control of risk management operations for cyber security processes should be performed with the support of audit units of the banks. Therefore, innovations are being implemented to cyber-risk controls to drop the defects that cause technical and ethical issues with blockchain technology as a way of using automation. So, this advancement can be applied in audit operations practically for unanticipated events which can emerge in cyberspace to mitigate inherent risk to residual levels. However, there is ample room to adapt this technology for cyber security management and audit practices from the point of view of the labour force, regulations and environmental issues.

Country and company bankruptcies at international level have put the economies of the world and countries in a difficult position. As a result of these negative developments, the measurement of the effectiveness of internal audits system together with accounting and audits have become important. The unit that plays a key role in measuring the effectiveness of internal control, whether in the private or public sector, is internal audit. In this respect, the purpose of the present study was to outline the criteria that increase the effectiveness of internal audit in public institutions. For this purpose, the SWARA Method was used. The SWARA Method is a multi-criterion decision-making method that is employed by decision-makers to determine the weights of the criteria and to sort them out. The Questionnaire of the study was applied to a participant group that consisted of 11 experts. According to the findings, the criteria that had the highest importance were “the presence of an independent internal audit activity and impartial internal auditors,” “Performing internal audit activities in line with ethical rules, standards, and relevant regulations,” and “Determining the risks regarding the objectives and the purpose of the institution, and measuring the effects of these risks.”

Most non-financial companies in Greece do not have an ERM function nor present one in their organizational charts. The enterprise risk management is still more theory than practice even for companies that have embraced it so far, and in general the enterprise risk management seems to be at its infancy in Greece with only some prominent and mature organizations showing the way forward. The aim of this study is to provide some reflections about risk disclosure in annual reports and accounting practices in Greece. Although companies in Greece do seem reluctant to apply ERM, during last years, non-financial information demonstrated to emerge within financial statements and annual reports, giving a broader perspective to risk.

The Public Sector is usually assumed to have a risk avoidance culture, with a reactive rather than proactive approach towards the management. However, an improved holistic approach seems to be required, especially when considering the complexity and size of the Public Sector, and the challenges it faces to connect the services, clients and the different levels of governance.

Within this chapter, the authors lay out a maturity level evaluation of Governance, Risk Management and Compliance (GRC) within the Maltese Public Sector. Through documentation analysis of the available literature on the subject, the authors determine the principal themes required to develop an effective GRC practice across the Public Sector. The authors then design statements based on the identified GRC themes and administer it using an online survey tool to Public employees across different Ministries, Departments, Agencies and Entities, in order to obtain their perception. This is in order to determine gaps, weaknesses or limiting factors towards the implementation of an effective GRC.

The results show that, although, there is a substantial percentage of scepticism and few disagreements towards some of the statements, especially those which related to Risk Management (RM) and Internal Auditing (IA), the majority of Public Sector bodies do in fact show high standards of GRC practices integrated and present in their day-to-day operations and internal environment, showing that there is a well-developed Governance, Compliance and Control structure and Internal Audit function across the Sector.

However, the perception of participants is that the RM function is the least developed area. IA needs some improvement especially where trust on advice is involved.