Search results

Internal auditors are struggling to maintain their identity and purpose as the organizations they audit undergo drastic changes. Total quality management, business process reengineering, globalization, and self‐directed teams are dismantling hierarchical command and control structures. Advances in information technology continuously render control procedures obsolete. The ‘value’ of traditional internal audit is seriously questioned from the board room to the show room. CoActive audit is an internal audit model designed for team/technology based organization cultures, where the focus is on process enhancement rather than assessment and reporting. It provides synergistic solutions to real problems, rather than a quasi‐independent appraisal offering recommendations of potentially marginal value. Auditing has its origins in antiquity, apparently when rulers with wealth had the objective of maintaining their wealth by detecting fraud on the part of their servants. While external auditing was originally formulated with the same objective, through the years it changed its primary objective to emphasize the ‘professional review of financial statements by an independent expert, so that a professional opinion indicating that financial condition and results of operation have been fairly presented can be given.’ While internal auditing formulated its objective to ‘assist members of the organization in the effective discharge of their responsibilities,’ it continued the basic doctrine that auditing is an expert, independent, appraisal function. While many internal auditors today keep auditing as they have in the past, the organizations they are auditing are undergoing drastic changes. Total Quality Management, Self Directed Teams, and Business Process Reengineering are dismantling the old hierarchical command and control systems that depended on auditors to verify compliance. Advances in Information Technology have rendered manual control procedures obsolete. While most internal auditors have successfully made the transition from a reactive audit process that basically reported on history to a proactive approach based on risk assessment and focused on the present, the changes occurring within our organizations demand even more fundamental changes. Contemporary internal auditors openly acknowledge that they feel change must occur within the internal auditing community, and these leaders are venturing forward trying new philosophies and approaches. CoActive Audit is a combination of these new philosophies and methodologies, with its roots in the teachings of the primary management visionaries of the times. It is a vehicle to help internal audit grow, to re‐energize, to expand both its reach and grasp. It is about change, about recognizing the world has drastically changed, about realizing that some of our most basic assumptions are no longer valid, about understanding that some of our codified standards may hinder rather than help, and about replacing the old that is no longer appropriate with a new that is. It is time to focus on enhancing internal control, not merely reporting on it. It is time to build control into business processes, not simply assessing compliance with policies and procedures. It is time to recognize that the traditional internal audit methodology may be counterproductive to the goal of ensuring a reliable internal control system. It is time for CoActive Audit: the next critical step for internal audit. CoActive Audit enhances management control processes using today's management philosophies and methodologies. It represents a fundamental transformation of traditional internal audit philosophy, a 180 shift in mental models and paradigms. The essential components are an audit approach that is: Concurrent — rather than historical; Collaborative — rather than autonomous; Consultative — rather than judgmental; Client‐based — rather than standards‐based; A Catalyst — rather than an inhibitor.

This study aims to investigate the effectiveness of integrated audit management and its impact on business sustainability for an emerging economy.

Drawing on the dynamic capability and contingency theory, the authors investigated the factors on integrated audit management implementation using a sample of 104 certified Malaysian manufacturing firms. The collected data has been analysed using the partial least squares through the structural equation modelling technique.

The findings have revealed that human resource capability, technological capability and quality capability have a robust influence on the importance of the internal audit process, which, in turn, leads to integrated audit management effectiveness towards the outcome of business sustainability. The results have also indicated the mediating effect of the internal audit process on the research model.

The contribution from the empirical findings will provide productive insights to help manufacturing firms devise an effective integrated internal audit management system to ensure business sustainability and increase competitiveness advantages for an emerging economy.

Internal auditing assumes an increased responsibility for the evaluation of entity operations as a service to management and the board of directors. Quality assurance review is the process through which assurance is obtained that the internal auditing department’s work is done in accordance with the Standards for the Professional Practice of Internal Auditing. This study examines the current practices of quality assurance review in South Africa. Although not all organisations surveyed do perform internal auditing quality assurance reviews, the organisations that do, benefit from them. Various methods are used in practice to perform internal and external quality assurance reviews. This study provides information on the processes and procedures used in quality assurance review programmes.

Section 404 of the Sarbanes–Oxley Act (SOX) altered the relationship between auditors and their clients by requiring an external audit of companies’ internal controls. Regulatory guidance is interpreted and applied by external auditors to comply with SOX. The purpose of this paper is to apply service operations management theories and techniques to the internal control audit process to better understand the role regulatory guidance plays in audit services. We discuss service operations management theories that apply to the production of audit services and employ the operations management technique of simulation to examine the effects of a historical relationship between the client and the auditor, information sharing between the client and the auditor, and the auditor’s perceived risk of the client on the internal control audit process. The application of service operations management theories and the simulation results illustrate that risk and information sharing are key factors for the audit process. The results suggest the updated Public Company Accounting Oversight Board guidance from Auditing Standard 2 to Auditing Standard 5 appropriately increased audit effectiveness by encouraging risk-based judgments and information sharing. This paper merges accounting and service operations management research to examine the effects of regulatory guidance on the internal control audit process. The paper uses simulation to illustrate the importance of interpreting regulatory guidance and the specific effects of risk and information sharing on the internal control audit process.

This study aims to examine how the legitimacy of internal auditing is reconstructed during enterprise resource planning (ERP)-driven technological change.

The study is based on the comparative analysis of internal auditing and its transformation due to ERP implementations at two case firms operating in the food sector in Egypt – one a major Egyptian multinational corporation (MNC) and the other a major domestic company (DC).

Internal auditors (IAs) at MNC saw ERP implementation as an opportunity to reconstruct the legitimacy of internal auditing work by engaging and partnering with actors involved with the ERP change. In doing so, the IAs acquired system certifications and provided line functions and external auditors with data-driven business insights. The “practical coping mechanism” adopted by the IAs led to the acceptance (and legitimacy) of their work. In contrast, IAs at DC adopted a purposeful strategy of disengaging, blaming and rejecting since they were skeptical of the top management team's (TMT's) sincerity. The “disinterestedness” led to the loss of legitimacy in the eyes of the stakeholders.

The article offers two contributions. First, it extends the literature by highlighting a spectrum of behavior displayed by IAs (coping with impending issues vs strategic purposefulness) during ERP-driven technological change. Second, the article contributes to the literature on legitimacy by highlighting four intertwined micro-processes – participating, socializing, learning and role-forging – that contribute to reconstructing the legitimacy of internal auditing.

One of the three areas to which internal auditing is targeted is effectiveness. Yet we do not often determine whether the internal auditing function is itself operating effectively. We must identify the basic objective of internal auditing, define the goals to be accomplished, establish measures relative to achieving those goals, and finally evaluate the overall internal auditing process. We must separate the usual measures of output from the overall measures of outcome to determine the cost effectiveness and operational improvement aspects of the internal audit process. The former, the time‐honored internal audit output measures must be supplanted by internal audit effectiveness achievements.

Purpose: The study is designed to investigate internal audit functions in banks’ cyber security governance processes by assessing the pros and cons of blockchain technology through swot analysis.

Need of the Study: The study is needed to clarify the complexities in internal audit fields integrated into cyber security governance and explore the blockchain application opportunities.

Methodology: Blockchain technology is explored from the point of technical concepts and policy framework by swot analysis to propose a set of solutions for continuous audit methods in cyber security governance.

Limitations: The sample of this study is limited to the personal ideas and evaluations of academicians, experts in the banking sector and legal regulators of Türkiye, with the data received between March and December 2021.

Findings: Blockchain technology can be applied as an alternative to conventional risk control methods as a mechanism of continuous audit methods to reduce human mistakes and special causes.

Practical Implications: The control of risk management operations for cyber security processes should be performed with the support of audit units of the banks. Therefore, innovations are being implemented to cyber-risk controls to drop the defects that cause technical and ethical issues with blockchain technology as a way of using automation. So, this advancement can be applied in audit operations practically for unanticipated events which can emerge in cyberspace to mitigate inherent risk to residual levels. However, there is ample room to adapt this technology for cyber security management and audit practices from the point of view of the labour force, regulations and environmental issues.

The purpose of this paper is to analyse the maintenance of the process‐based quality assurance system in a higher education institution.

The paper introduces the process management as the essential element of quality assurance in higher education and discusses the external quality audit of the quality assurance agency, extends the study to the quality management between the external audits and presents the procedure of internal quality audits. Finally, the results of the study are discussed and summarised. Action research methodology was adopted in this study. The paper shows that the process‐based quality assurance system makes the organisation responsive, agile and enables the achievement of strategic objectives.

The audit group must first evaluate the necessary improvements in the process. If no improvements are found, the quality deviations must be reported. The audit helps the institution take corrective actions to amend the process descriptions or maintain the processes.

The paper shows that the necessary processes of a higher education institution can be systematically described and audited.

This paper aims to analyse the implementation challenges faced by internal audit departments of public sector organisations and central banks when implementing continuous auditing (CA) systems. CA aims to monitor internal control systems and risk levels on a continuous basis to support the audit process. This study identifies the implementation challenges of CA systems and proposes adequate countermeasures.

This study employs the design science information system research and the design science research process methodologies to ensure the rigor of this analysis. These research methodologies are adopted to tackle identified organisational problems and propose solutions. This methodological approach consists in the following phases: identification of the problems and motivation; definition of the objectives of the solution; research design and development; evaluation; communication.

This study detects several implementation challenges for public sector organisations and central banks and proposes adequate solutions. This study finds that these challenges are related to organisations’ complexity, institutional rigidity, potential threats to internal auditors’ independence and the issue of considering CA system as a “real time error correction” mechanism. The solutions involve the development of a business process focussed audit approach to enable internal auditors to analyse CA indicators, and the use of CA systems to support each phase of the audit process.

This study contributes to the scant strand of literature on internal auditing in central banks. Given the exceptional demand for guidance concerning internal auditing in the public sector and in central banks, this paper provides guidelines for these organisations to implement CA systems and to tackle implementation challenges. The analysis allows internal audit departments within central banks to better support their organisations in the achievement of their important regulatory and policy objectives.

To investigate and understand the reasons why internal auditing is often perceived to not add value. This paper describes the development of a new process model and approach that will improve the actual and perceived value of auditing.

Process analysis, identified areas of potential inefficiency and conflict. The literature review identified the standards and guidance that influence the way internal auditing is managed and its current trends. A questionnaire was sent to auditors and auditees at AWE Plc., to gain their views on audit effectiveness and quantify their perception of value.

Questionnaire results show variations in the perceived value of internal auditing, particularly of some key stages in the process. The management of internal auditing is too focused on programme achievement, not the resulting value from improvement action.

The new process model has yet to be tried in practice, and this identifies an area of future research. It is envisaged that some additional audit preparation would be required, and the time taken to conduct an audit may also increase slightly. The financial benefits quoted by applying the new model would be estimated and may require some justification.

The new model should improve audit effectiveness and its perceived value as the focus changes from simply undertaking an audit, to demonstrating its actual financial value. It has the potential to significantly influence the way both internal and external auditing is conducted in the future.

The improved process model and cost‐benefit audit methodology approach was found to be unique within the scope of the literature review.