Search results

Internal auditors are struggling to maintain their identity and purpose as the organizations they audit undergo drastic changes. Total quality management, business process reengineering, globalization, and self‐directed teams are dismantling hierarchical command and control structures. Advances in information technology continuously render control procedures obsolete. The ‘value’ of traditional internal audit is seriously questioned from the board room to the show room. CoActive audit is an internal audit model designed for team/technology based organization cultures, where the focus is on process enhancement rather than assessment and reporting. It provides synergistic solutions to real problems, rather than a quasi‐independent appraisal offering recommendations of potentially marginal value. Auditing has its origins in antiquity, apparently when rulers with wealth had the objective of maintaining their wealth by detecting fraud on the part of their servants. While external auditing was originally formulated with the same objective, through the years it changed its primary objective to emphasize the ‘professional review of financial statements by an independent expert, so that a professional opinion indicating that financial condition and results of operation have been fairly presented can be given.’ While internal auditing formulated its objective to ‘assist members of the organization in the effective discharge of their responsibilities,’ it continued the basic doctrine that auditing is an expert, independent, appraisal function. While many internal auditors today keep auditing as they have in the past, the organizations they are auditing are undergoing drastic changes. Total Quality Management, Self Directed Teams, and Business Process Reengineering are dismantling the old hierarchical command and control systems that depended on auditors to verify compliance. Advances in Information Technology have rendered manual control procedures obsolete. While most internal auditors have successfully made the transition from a reactive audit process that basically reported on history to a proactive approach based on risk assessment and focused on the present, the changes occurring within our organizations demand even more fundamental changes. Contemporary internal auditors openly acknowledge that they feel change must occur within the internal auditing community, and these leaders are venturing forward trying new philosophies and approaches. CoActive Audit is a combination of these new philosophies and methodologies, with its roots in the teachings of the primary management visionaries of the times. It is a vehicle to help internal audit grow, to re‐energize, to expand both its reach and grasp. It is about change, about recognizing the world has drastically changed, about realizing that some of our most basic assumptions are no longer valid, about understanding that some of our codified standards may hinder rather than help, and about replacing the old that is no longer appropriate with a new that is. It is time to focus on enhancing internal control, not merely reporting on it. It is time to build control into business processes, not simply assessing compliance with policies and procedures. It is time to recognize that the traditional internal audit methodology may be counterproductive to the goal of ensuring a reliable internal control system. It is time for CoActive Audit: the next critical step for internal audit. CoActive Audit enhances management control processes using today's management philosophies and methodologies. It represents a fundamental transformation of traditional internal audit philosophy, a 180 shift in mental models and paradigms. The essential components are an audit approach that is: Concurrent — rather than historical; Collaborative — rather than autonomous; Consultative — rather than judgmental; Client‐based — rather than standards‐based; A Catalyst — rather than an inhibitor.

There have been new interests in internal control and the COSO report represents a milestone in the evolution of internal control. The business community and accounting profession reactions to the COSO report have been positive in the USA. The provisions of the COSO report help organizations to understand and appreciate better the value and importance of internal control; they also expand the elements and components of internal control, and provide guidelines for establishing criteria against which all entities can assess the adequacy and effectiveness of their internal control systems. The COSO report should provide a great implication for organizations′ internal audit functions and have a significant positive impact on the better recognition of the proactive role of internal auditors.

There is an increased emphasis on internal control in the governmental sector. We compare finance officer assessments of internal control to auditor assessments for a sample of Michigan municipalities. On average, the finance officers' assessments of their control systems were more favorable than the assessments made by auditors from a regional CPA firm with a large governmental practice, suggesting that auditor reports on internal control may result in a more conservative evaluation of the control system than reports provided by management. One measure of the effectiveness of the internal control system is its ability to prevent errors. We compare the finance officer and auditor assessments of internal control to the number of audit adjustments as an objective measure of the accuracy of the control assessments. The internal control assessments made by auditors were significantly more highly correlated with the number of audit adjustments than those made by finance officers. This suggests that the accuracy of internal control reports may be improved if the reports are prepared by auditors.

Describes how systems theory, and in particular “hard” and “soft” systems modelling, can provide a framework for the study of internal control and auditing inside organizations. Concludes that useful empirical research and case study work can be carried out using “hard” and “soft” systems modelling. Such research should make a positive contribution to the body of knowledge concerning the nature of the internal control and the practice of internal audit in organizations.

The purpose of this paper is to analyze an ongoing fraud case in the US Navy involving the procurement of ship-husbanding services. The fraud acts will be analyzed from three perspectives–contract life cycle, internal controls and fraud schemes.

A data search was conducted to collect publicly available documents issued by the US Department of Justice (DOJ). A content analysis was used to analyze the fraud acts by aligning them with the contracting phase, internal control component and fraud scheme category.

The majority of the fraud occurred in the contracting phases of contract administration, followed by procurement planning and then source selection. The majority of the fraud occurred because of internal control component weaknesses in the control environment followed by information and communications. The majority of the fraud was aligned with the fraud scheme of collusion, followed by billing, cost and pricing.

Because this is an ongoing investigation, additional DOJ information will become available and provide additional insight on the contracting phase, internal control component and fraud scheme.

The analysis suggests that the Navy’s lack of trained personnel, capable processes and effective internal controls result in the increased vulnerability to procurement fraud in its husbanding support services program.

To the best of the authors’ knowledge, this study is the first to analyze fraud through the lens of auditability theory, specifically by the contracting phase and internal control component. Public agencies can enhance fraud detection and deterrence efforts by understanding how weaknesses in contracting processes and internal controls may increase an organization’s vulnerabilities for fraudulent activities.

This study’s purpose is to examine whether providing prior consulting services influences internal auditors’ subsequent assessments when providing assurance services to assist management in its assessment of internal control over financial reporting. A behavioral experiment is used, with internal auditors as participants. We provide some evidence that internal auditors who perform prior consulting services are less likely than others to conclude that an identified control deficiency is a material weakness, but only when the deficiency is directly related to the prior consulting services performed. Limitations include relatively small sample sizes and manipulation check failure rates that, although consistent with several prior studies, are somewhat high. If internal auditors have provided consulting services, they may want to consider limiting the assurance services provided to management that are more directly related to their consulting services. While prior studies have examined the effects of internal auditors’ role in designing internal controls on subsequent services, this is the first study to focus on the impact of providing internal audit consulting services on subsequent assurance services.

Internal control mechanisms are fundamental to organizational governance; particularly, to the agency relationship associated with decentralization of decision rights. Management accounting and organizational literatures provide conflicting predictions on the association between decentralization and internal controls, with some research arguing that internal controls be tightened to mitigate the risks associated with greater decentralization of decision rights while other work avers that tighter internal controls defeat the purposes of decentralization. In this chapter, we argue that managers choose these two organizational design variables jointly. Capitalizing on a unique database of control practices in the purchasing and payment process within the procurement function, this chapter examines the relationship between control tightness – a critical characteristic of internal controls – and decentralization. Using a simultaneous equation model, the study finds that decentralization and internal control design are endogenously determined. Tight control is negatively associated with the level of decentralization, while decentralization has a positive effect on the tightness of control. These results reconcile the apparently contradictory results relating these two variables. The chapter also finds that decentralization and tight control mechanisms operate both independently and synergistically to improve performance.

The Public Sector is usually assumed to have a risk avoidance culture, with a reactive rather than proactive approach towards the management. However, an improved holistic approach seems to be required, especially when considering the complexity and size of the Public Sector, and the challenges it faces to connect the services, clients and the different levels of governance.

Within this chapter, the authors lay out a maturity level evaluation of Governance, Risk Management and Compliance (GRC) within the Maltese Public Sector. Through documentation analysis of the available literature on the subject, the authors determine the principal themes required to develop an effective GRC practice across the Public Sector. The authors then design statements based on the identified GRC themes and administer it using an online survey tool to Public employees across different Ministries, Departments, Agencies and Entities, in order to obtain their perception. This is in order to determine gaps, weaknesses or limiting factors towards the implementation of an effective GRC.

The results show that, although, there is a substantial percentage of scepticism and few disagreements towards some of the statements, especially those which related to Risk Management (RM) and Internal Auditing (IA), the majority of Public Sector bodies do in fact show high standards of GRC practices integrated and present in their day-to-day operations and internal environment, showing that there is a well-developed Governance, Compliance and Control structure and Internal Audit function across the Sector.

However, the perception of participants is that the RM function is the least developed area. IA needs some improvement especially where trust on advice is involved.

This paper aims to examine whether increasing the salience of the internal auditor’s professional identity, defined by the expectations of their professional group, increases internal auditors’ judgments of the severity of internal control concerns when their organizational identity is high.

This paper tests the hypothesis using a laboratory experiment with internal auditors as participants.

The results support the hypothesis that professional identity salience moderates the relation between organizational identity and the assessed severity of identified internal control weaknesses. Increasing the salience of professional identity results in a more severe assessment of identified internal control weaknesses when organizational identity is high than when it is low.

Prior research in the lab and in the field provides mixed results about the impact of organizational identity on internal auditors’ judgments of the severity of identified internal control concerns. This paper contributes to the discussion on this issue. In addition, the results have implications for the debate about the benefits and costs of in-house versus out-sourced internal audit functions.

This study aims to investigate the relationship between information technology and internal controls of state agencies in Iran.

The research population includes all auditors and managers working in public sector. Data collection instrument is a questionnaire designed by the researcher and administrated during March 5, 2016. The collected data are analyzed through descriptive and inferential statistics (binomial test).

The findings of the research show that there is a significant relationship between information technology and internal controls (administrative, financial and accounting controls, risk assessment, information and communication, control activities and monitoring). Moreover, the alteration of data collection methods (from traditional to modern) and the written instructions (in information technology) have a positive effect on the internal control and its subscales.

With regard to the emphasis on the development of computer application and the use of new processing facilities and the exchange of information and its specific controlling consequences, this is an innovative research.