Search results

This study’s purpose is to examine whether providing prior consulting services influences internal auditors’ subsequent assessments when providing assurance services to assist management in its assessment of internal control over financial reporting. A behavioral experiment is used, with internal auditors as participants. We provide some evidence that internal auditors who perform prior consulting services are less likely than others to conclude that an identified control deficiency is a material weakness, but only when the deficiency is directly related to the prior consulting services performed. Limitations include relatively small sample sizes and manipulation check failure rates that, although consistent with several prior studies, are somewhat high. If internal auditors have provided consulting services, they may want to consider limiting the assurance services provided to management that are more directly related to their consulting services. While prior studies have examined the effects of internal auditors’ role in designing internal controls on subsequent services, this is the first study to focus on the impact of providing internal audit consulting services on subsequent assurance services.

Internal control mechanisms are fundamental to organizational governance; particularly, to the agency relationship associated with decentralization of decision rights. Management accounting and organizational literatures provide conflicting predictions on the association between decentralization and internal controls, with some research arguing that internal controls be tightened to mitigate the risks associated with greater decentralization of decision rights while other work avers that tighter internal controls defeat the purposes of decentralization. In this chapter, we argue that managers choose these two organizational design variables jointly. Capitalizing on a unique database of control practices in the purchasing and payment process within the procurement function, this chapter examines the relationship between control tightness – a critical characteristic of internal controls – and decentralization. Using a simultaneous equation model, the study finds that decentralization and internal control design are endogenously determined. Tight control is negatively associated with the level of decentralization, while decentralization has a positive effect on the tightness of control. These results reconcile the apparently contradictory results relating these two variables. The chapter also finds that decentralization and tight control mechanisms operate both independently and synergistically to improve performance.

The Public Sector is usually assumed to have a risk avoidance culture, with a reactive rather than proactive approach towards the management. However, an improved holistic approach seems to be required, especially when considering the complexity and size of the Public Sector, and the challenges it faces to connect the services, clients and the different levels of governance.

Within this chapter, the authors lay out a maturity level evaluation of Governance, Risk Management and Compliance (GRC) within the Maltese Public Sector. Through documentation analysis of the available literature on the subject, the authors determine the principal themes required to develop an effective GRC practice across the Public Sector. The authors then design statements based on the identified GRC themes and administer it using an online survey tool to Public employees across different Ministries, Departments, Agencies and Entities, in order to obtain their perception. This is in order to determine gaps, weaknesses or limiting factors towards the implementation of an effective GRC.

The results show that, although, there is a substantial percentage of scepticism and few disagreements towards some of the statements, especially those which related to Risk Management (RM) and Internal Auditing (IA), the majority of Public Sector bodies do in fact show high standards of GRC practices integrated and present in their day-to-day operations and internal environment, showing that there is a well-developed Governance, Compliance and Control structure and Internal Audit function across the Sector.

However, the perception of participants is that the RM function is the least developed area. IA needs some improvement especially where trust on advice is involved.

In this paper, we investigate whether internal control and whether corporate life cycle would affect firm performance in the emerging markets of China.

We use Chen, Dong, Han, and Zhou’s (2013) internal control index on the effectiveness of internal control and Dickinson’s (2011) definition on firm life cycle. We use multivariate regression analysis.

We find that the internal control improves corporate performance. When dividing firm life cycle into five stages: introduction, growth, mature, shake-out and decline, we find that the impacts of internal control on firm performance vary with different stages. The positive impact of internal control on firm performance is more significant in maturity and shake-out stages than other stages.

Our findings would have implications for the regulators and policy makers with regards to the importance of internal control in corporate governance and the effectiveness of implementing standards and guidelines on internal control in public firms.

In addition, our findings on the various roles of internal control at different stages of firm life cycle would help managers and board of directors find more focus in risk management and board monitoring, respectively.

Although the prior literature have examined the link between internal control, information quality and cost of equity capital (Ashbaugh-Skaife, Collins, Kinney, & LaFond, 2009; Ogneva, Subramanyam, & Raghunandan, 2007), our study would be the first attempt to investigate the link between internal control and firm performance during different stages of firm life cycles.

Section 404 of the Sarbanes–Oxley Act (SOX) altered the relationship between auditors and their clients by requiring an external audit of companies’ internal controls. Regulatory guidance is interpreted and applied by external auditors to comply with SOX. The purpose of this paper is to apply service operations management theories and techniques to the internal control audit process to better understand the role regulatory guidance plays in audit services. We discuss service operations management theories that apply to the production of audit services and employ the operations management technique of simulation to examine the effects of a historical relationship between the client and the auditor, information sharing between the client and the auditor, and the auditor’s perceived risk of the client on the internal control audit process. The application of service operations management theories and the simulation results illustrate that risk and information sharing are key factors for the audit process. The results suggest the updated Public Company Accounting Oversight Board guidance from Auditing Standard 2 to Auditing Standard 5 appropriately increased audit effectiveness by encouraging risk-based judgments and information sharing. This paper merges accounting and service operations management research to examine the effects of regulatory guidance on the internal control audit process. The paper uses simulation to illustrate the importance of interpreting regulatory guidance and the specific effects of risk and information sharing on the internal control audit process.

This chapter adopts Porter’s ‘audit trinity’ approach comprising internal audit, external audit and audit committee to discuss the role auditing can play in the management of corporate fraud.

The chapter maps the historical background of and the developments in external audit as an assurance service, the internal audit function and the audit committee. Based on this, it explains the nature, types and possible causes of corporate fraud within the context of business risk with a view to establishing how auditing can help in managing such frauds.

The chapter highlights the relationships that should exist between the three audit types in order to support a sound internal control system as a tool for preventing and detecting corporate fraud.

The chapter identifies cost, opportunity, connivance and managerial override as factors that could limit the ability of auditing to manage corporate fraud. It also suggests ways of addressing these limitations.

As the current upward trend in IT adoption for corporate operations continue to open new sets of corporate fraud windows, this chapter examines how an entity’s internal controls can be used to prevent and detect these growing fraud schemes.

The chapter’s unique strength is its adoption of a holistic approach to auditing to suggest ways of managing corporate fraud – a novelty in the corporate fraud literature. It is hoped that future research in the area will bring empirical insights to the issues raised and perspectives covered in the chapter.

This study contributes to the cognitive processes and expertise research in judgment and decision-making in auditing. It uses the levels-of-processing theory (Craik & Lockhart, 1972) to investigate the amount of auditor attention given to information during internal control documentation procedures, and the effect of this attention on internal control information acquisition and risk assessment. Based on levels-of-processing, the attention required to complete an internal control questionnaire (ICQ) is predicted to result in the acquisition of more internal control information than when a completed ICQ is reviewed. In addition, auditors who complete an ICQ should assess control risk more like experts’ than auditors, who review an ICQ completed by another individual. Results suggest that the audit seniors who completed an ICQ retained significantly more internal control information than audit seniors who reviewed an ICQ completed by another individual. This result held when separately examining the internal control strengths and weaknesses. In addition, audit seniors who completed an ICQ-assessed control risk at a level comparable to the control risk assessments of audit managers in the same firm.

Derivatives are nowadays widely used globally both for speculative and hedging purposes. However, as experience shows, inadequate use of derivatives may cause severe problems and even bankruptcy of firms. Thus, it is essential to help organizations design a robust proactive governance and internal control structure, which will help to prevent new financial debacles and scandals when using derivatives. Taking into account the frequent use and the growing fraud caused by derivatives, the aim of the paper is to identify considerations for internal control important to ensure better governance of firms using derivatives. The main findings are based on an analysis of interviews that were conducted with experts directly or indirectly involved with derivatives from different European countries. The interviews were semistructured following the approach proposed by Patton (1990). An analysis of the data collected from the interviews was carried out using a thematic approach. The paper identifies and analyzes the main “sources” of derivatives misuse, including poor design and mis-categorization of instruments, convenience to blame derivatives, unsophisticated players, insufficient regulatory environment, poorly designed internal controls, inadequate communication, poor firm culture, etc. It also provides an extensive analysis of the main recommendation for internal control concerning awareness of derivatives design, the human aspects, regulations, communication, knowledge, and training. Sound internal controls could avoid new debacles without adding other restrictions to the market. Moreover, it provides recommendations for internal control important to ensure better governance of firms using derivatives.