Professional Documents
Culture Documents
Michael B. Adams, (1994),"Agency Theory and the Internal Audit", Managerial Auditing Journal, Vol. 9 Iss 8 pp. 8-12 http://
dx.doi.org/10.1108/02686909410071133
Dominic S.B. Soh, Nonna Martinov-Bennie, (2011),"The internal audit function: Perceptions of internal
audit roles, effectiveness and evaluation", Managerial Auditing Journal, Vol. 26 Iss 7 pp. 605-622 http://
dx.doi.org/10.1108/02686901111151332
Access to this document was granted through an Emerald subscription provided by 198285 []
For Authors
If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service
information about how to choose which publication to write for and submission guidelines are available for all. Please
visit www.emeraldinsight.com/authors for more information.
About Emerald www.emeraldinsight.com
Emerald is a global publisher linking research and practice to the benefit of society. The company manages a portfolio of
more than 290 journals and over 2,350 books and book series volumes, as well as providing an extensive range of online
products and additional customer resources and services.
Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the Committee on Publication
Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive preservation.
Albert L. Nagy
Department of Accountancy, John Carroll University, Cleveland, Ohio, USA
William J. Cenker
Department of Accountancy, John Carroll University, Cleveland, Ohio, USA
Question: do you agree with the changing be completely abandoned in favor of the new
definition/role of the internal audit ``consulting'' directive.
function? The few directors who disagree with the
The directors interviewed generally agree new definition believe that any effort exerted
that the changed internal audit definition by professional organizations to define
focusing on value-added activities is the function of internal audit is fruitless.
appropriate. Those directors in support While commending the IIA and other
generally believe that ``there are no cost- organizations for offering useful guidance to
savings for departments focusing on the profession, one director notes that it is
financials,'' and that the ``responsibility of ``foolish for the profession to stand up and
financial reporting `watchdog' falls mainly say, this is what you have to be.'' Another
on the external auditor.'' Although these echoes this belief by suggesting that ``the
directors agree with the new definition, the definition of internal audit should not fall
impact it has on their department's scope and into generalities because every company is
activities is minimal. A recurring different. Our current chairman does not feel
observation from the directors was that their that operational auditing has significant
respective internal auditing departments value, certainly not as much as traditional
have been focusing on value-added activities financial statement auditing does.
for years, and that ``the definition has finally Management does, and should, dictate what
caught up with practice.'' we do, not the profession.''
Interestingly, several directors take
exception to the use of the term ``consultants'' Questions: given the new definition of the
to describe their internal auditors and are internal audit function, have the objectives
careful to distinguish between operational of your department shifted to focus on
auditing and consulting. For example, one value added activities? If so, who initiated
director defines operational auditing as the change?
``assessing business processes and controls Most managers opine that the focus had
against established criteria. Value-adding shifted several years prior to the definitional
recommendations may or may not result change and that the new definition simply
from such audits.'' In other words, better reflects existing practice. However,
operational auditing involves the assessment only two managers indicate that the
of the effectiveness of internal controls and initiative for the change originated with the
systems in place, and is clearly a function of internal audit department. A consistent
internal audit. Being a consultant, on the theme in the responses is that management,
other hand, was viewed as ``having a level of not the profession, ultimately determines
knowledge and expertise that most internal the orientation of the internal audit
auditors do not possess.'' Consultants are department of a company. One comment
hired to solve problems or recommend perhaps best illustrates the actual status,
solutions, which is a different function than even though the manager agrees with the
assessing controls or procedures against changed definition: ``We [internal auditors]
established criteria. are trying to dictate what we are; but
Along with questioning the capabilities actually it is dictated by management
of internal auditors as consultants, expectations.''
[ 131 ]
Albert L. Nagy and Question: assuming a shift in your Questions: based on your experience, what
William J. Cenker department's focus, has there been a is the relative input from the following
An assessment of the newly
defined internal audit function satisfactory coordination with the sources in determining what subject
Managerial Auditing Journal
activities of the external auditor? matter to audit: line manager, top
17/3 [2002] 130±137 The responses to this question fell on a management, audit committee, internal
spectrum from ``total coordination'' to audit director, and other? Has this
``coordination just not being there.'' Not changed over the past ten years?
surprisingly, the level of coordination with Consistent with internal audit departments
the external auditor seems to be dependent moving toward an operational/consulting
upon the focus of the internal audit orientation, the directors interviewed
department. That is, directors of departments indicate that the relative input from the
with a significant orientation towards department's ``customers'' (i.e. line managers
the traditional assurance/compliance and top management) has increased over the
services indicate far more extensive last ten years. The internal audit directors
coordination with the external auditor. The still possess significant input in determining
directors whose departments have an what should be audited, but not nearly as
operational focus generally consider their much as ten years ago. One director, who
role (that of improving operational labels his department of ten years past as a
efficiency) quite different than that of the ``graveyard'' where ``nothing was being
Downloaded by New York University At 09:17 10 May 2015 (PT)
external auditor (assuring the financials), done,'' asserts that the department was run
and thus believe that less coordination is by a director who dictated 100 percent of the
necessary. department's activities without input of any
A director from a ``pure operational shop'' kind from line managers or top management.
indicates that the communication between An interesting, and perhaps disturbing,
the internal and external auditors is as if ``the observation from the responses is that the
Great Wall of China exists between the two. audit committee has minimal-to-no input in
We've got a long way to go and I am not sure determining the audit plan.
that we will ever get there [coordination]. Another observation consistent with
External auditors perform, at best, only a internal audit departments moving toward
cursory review of the suggested internal an operational/consulting orientation is that
audit plans.'' On the other end of the directors are allotting significant amounts of
spectrum, a director of a company that budget time for unanticipated requests from
requires extensive compliance audits, customers. Arguably, consulting and value-
because of many overseas divisions, added activities are more reactionary than
indicates that total coordination exists traditional assurance activities and thus are
between external and internal auditors. more difficult to plan. One director from a
For this company, the external auditor ``purely operational'' shop sets aside
``performs an extensive review of the internal approximately one-half of his department's
audit program so that work will not be time for unanticipated requests, and justifies
duplicated.'' this act by stating ``in the 1980s our activities
Several directors of departments focusing were driven internally. In the 2000s, I don't
primarily on operational auditing express a do it if someone doesn't want it done.''
general concern about the level of review
being conducted on the quarterly reports
(10-Qs). These directors note that the shift Organizational structure
in focus toward operations coincides
with a reduction of traditional attestation Some interesting organizational structure
testing, and that the external auditors issues arise from the newly defined internal
``had not increased their level of detailed audit role. One such issue is how does
testing to compensate.'' When asked if the management evaluate the activities of
quarterly statements are being reviewed at internal audit? That is, the traditional
an adequate level, many of the directors assurance function of internal audit, often
simply did not know. These responses perceived as a ``necessary evil,'' had a clear
raise additional questions that may be and distinct role within the organization and
worthy of future empirical research. the value of these services often went
For example, has the shift towards unquestioned. However, by migrating toward
operational auditing by the internal auditors a consulting role within the organization,
created a gap in the attestation review internal audit departments may lose the
function? Are important accounts receiving safety net of being labeled as a ``necessary
adequate attestation review? Are quarterly evil'' and may now have to justify the value of
results receiving adequate attestation their activities to top management on a
review? continuous basis. By reaching an
[ 132 ]
Albert L. Nagy and understanding with management of what quantifying and reporting the value-added
William J. Cenker makes internal audit services value-added, amount is a positive process that can be
An assessment of the newly internal audit ensures that their services will measured objectively. Annual cost savings
defined internal audit function
be fully utilized and that their captured by internal audit is the basis for
Managerial Auditing Journal
17/3 [2002] 130±137 recommendations will be respected (Flesher this measurement. These directors view the
and Zanzig, 2000). The following is a process as ``job security,'' that helps promote
summarization of the responses to selected a company-wide attitude of perceiving
questions in this section of the interview. internal audit as a ``resource.'' Only one of
the directors is required to formally establish
Question: do you feel an increased need to a target goal as part of the operating budget
justify the services of internal auditing to (the one director subject to VBM). Reviews of
top management? fleet leasing arrangements (number of
Surprisingly, only one of the directors vendors, evaluating lease/purchase options),
interviewed found it important to justify the and healthcare (improved Medicare
services of internal audit to top management integration, use of generic drugs), were given
on a continuous basis. In general, the as examples where ``real dollar'' savings were
directors believe that their services are generated by the departments.
perceived within their organization as
important and have never felt the threat of Question: do you survey your customers to
Downloaded by New York University At 09:17 10 May 2015 (PT)
the effectiveness of audit committees. These Question: has your role in assisting the
rules were in response to the audit committee in their function of
recommendations from the Blue Ribbon overseeing the company's financial
Committee and generally increase the reporting changed in the past few years?
independence and financial literacy This question was derived from the
requirements of audit committee members supposition that the new audit committee
(NYSE, 1999). In addition, the new rules requirements are consistent with the new
require more meaningful communication definition of internal audit, and that the new
between the external auditor and the audit internal audit function will provide greater
committee. It should be noted that all of the assistance to the audit committee in its
interviewed directors consider their audit oversight of reporting and risk management
committees' expertise in financial and control (Bishop et al., 2000). The
accounting matters as either good or responses to this question from the directors
excellent. do not support this supposition, at least in
Given the new requirements of audit regard to internal audit assisting the audit
committees, several issues arise concerning committee in its role of overseeing financial
the newly defined internal audit function. reporting. Most of the directors indicate that
Specifically, how coordinated are the efforts their role in assisting the audit committee of
of the newly defined internal audit function overseeing financial reporting has not
and the apparently more effective audit changed in the past few years, and several
committee? For example, how do these directors indicate having assumed a lesser
apparently improved audit committees view role in regard to this function. None of the
the internal audit function? And, are the directors anticipate this changing anytime in
audit committees' perceptions of internal the near future.
audit consistent with the new definition?
Finally, has the communication and Questions: how often do you communicate
coordination with audit committees changed directly with the audit committee? Has this
as a result of the newly defined internal audit changed in the last ten years?
role and increased audit committee In general, the directors meet with the
requirements? These and other issues are audit committee at every audit committee
addressed in this section of the interview. meeting, which usually occurs three-to-four
times a year. The frequency of direct
Question: what are your perceptions of the meetings has generally stayed the same or
expectations of the audit committee in increased slightly over the past ten years.
regard to your department's oversight of All of the directors have direct access to
financial reporting matters? the chairman of the audit committee, and
The responses to this question were divided. several indicate that they often meet
Most of the directors believe that the audit throughout the year on an informal basis.
committee expects internal audit to either Additionally, all of the directors state that
``improve the efficiency of operations,'' or act they meet, or have the option to meet, with
primarily in an ``operational role,'' and that the audit committee without members of
assuring the integrity of the financial management or the public accountants
statements is the responsibility of the present.
[ 135 ]
Albert L. Nagy and assessment is a key function of internal audit.
William J. Cenker Conclusion Interestingly, however, those directors from
An assessment of the newly companies that have formal risk assessment
defined internal audit function The purpose of this paper is to present some
insight and opinions about the newly defined departments indicate that the level of
Managerial Auditing Journal
17/3 [2002] 130±137 internal audit function and related issues coordination between internal audit and the
from several internal audit directors of large risk assessment department is minimal at
companies. As the above responses reflect, best. The responses also suggest that the
the internal audit function varies internal audit departments are capable and
significantly among companies from a have an adequate level of expertise to carry
traditional assurance orientation to that of a out proper risk assessment procedures. Given
value-added and consulting orientation, with the wide variety of risk assessment techniques
most companies landing somewhere in the employed by the sampled companies, the
middle. Furthermore, the orientation or role directors are apparently still searching for the
of internal auditing appears to be determined most effective risk assessment method. We
primarily by management, and not from the encourage future research to aid the internal
profession, internal audit professionals, or auditing profession in identifying and
the audit committee. assessing effective risk assessment methods
Some of the interviewed directors raise the and techniques.
question of whether the internal audit Consistent with recent SEC rulings to
Downloaded by New York University At 09:17 10 May 2015 (PT)
IIA's Industry Audit Series: Rittenberg, L. (2000), ``The year of the audit Corporate Audit Committees, NYSE, New
Utilities Conference. committee'', Internal Auditor, April, pp. 46-51. York, NY.
[ 137 ]
This article has been cited by:
1. Joe Christopher, Philomena Leung. 2015. Tensions Arising from Imposing NPM in Australian Public Universities: A
Management Perspective. Financial Accountability & Management 31:10.1111/faam.2015.31.issue-2, 171-191. [CrossRef]
2. F. Greg Burton, Matthew W. Starliper, Scott L. Summers, David A. Wood. 2015. The Effects of Using the Internal Audit
Function as a Management Training Ground or as a Consulting Services Provider in Enhancing the Recruitment of Internal
Auditors. Accounting Horizons 29, 115-140. [CrossRef]
3. Hany Elbardan, Maged Ali, Ahmad Ghoneim. 2015. The dilemma of internal audit function adaptation. Journal of Enterprise
Information Management 28:1, 93-106. [Abstract] [Full Text] [PDF]
4. Dessalegn Getie Mihret. 2014. How can we explain internal auditing? The inadequacy of agency theory and a labor process
alternative. Critical Perspectives on Accounting 25, 771-782. [CrossRef]
5. Hussein Issa, Alexander Kogan. 2014. A Predictive Ordered Logistic Regression Model as a Tool for Quality Review of
Control Risk Assessments. Journal of Information Systems 28, 209-229. [CrossRef]
6. Carlo Regoliosi, Alessandro d’Eri. 2014. “Good” corporate governance and the quality of internal auditing departments in
Italian listed firms. An exploratory investigation in Italian listed firms. Journal of Management & Governance 18, 891-920.
[CrossRef]
7. Paul John Steinbart, Robyn L. Raschke, Graham Gal, William N. Dilla. 2013. Information Security Professionals' Perceptions
about the Relationship between the Information Security and Internal Audit Functions. Journal of Information Systems 27,
65-86. [CrossRef]
8. Ester Gras‐Gil, Salvador Marin‐Hernandez, Domingo Garcia‐Perez de Lema. 2012. Internal audit and financial reporting in
Downloaded by New York University At 09:17 10 May 2015 (PT)
the Spanish banking industry. Managerial Auditing Journal 27:8, 728-753. [Abstract] [Full Text] [PDF]
9. Ibrahim El‐Sayed Ebaid. 2011. Internal audit function: an exploratory study from Egyptian listed firms. International Journal
of Law and Management 53:2, 108-128. [Abstract] [Full Text] [PDF]
10. Dessalegn Getie Mihret, Kieran James, Joseph M. Mula. 2010. Antecedents and organisational performance implications of
internal audit effectiveness. Pacific Accounting Review 22:3, 224-252. [Abstract] [Full Text] [PDF]
11. Lois Munro, Jenny Stewart. 2010. External auditors’ reliance on internal audit: the impact of sourcing arrangements and
consulting activities. Accounting & Finance 50:10.1111/acfi.2010.50.issue-2, 371-387. [CrossRef]
12. Jenny Stewart, Nava Subramaniam. 2010. Internal audit independence and objectivity: emerging research opportunities.
Managerial Auditing Journal 25:4, 328-360. [Abstract] [Full Text] [PDF]
13. Nuno Castanheira, Lúcia Lima Rodrigues, Russell Craig. 2009. Factors associated with the adoption of risk‐based internal
auditing. Managerial Auditing Journal 25:1, 79-98. [Abstract] [Full Text] [PDF]
14. Marika Arena, Giovanni Azzone. 2009. Identifying Organizational Drivers of Internal Audit Effectiveness. International
Journal of Auditing 13:10.1111/ijau.2009.13.issue-1, 43-60. [CrossRef]
15. Joe Christopher, Gerrit Sarens, Philomena Leung. 2009. A critical analysis of the independence of the internal audit function:
evidence from Australia. Accounting, Auditing & Accountability Journal 22:2, 200-220. [Abstract] [Full Text] [PDF]
16. Dessalegn Getie Mihret, Getachew Zemenu Woldeyohannis. 2008. Value‐added role of internal audit: an Ethiopian case study.
Managerial Auditing Journal 23:6, 567-595. [Abstract] [Full Text] [PDF]
17. Lara Balzan, Peter J. Baldacchino. 2007. Benchmarking in Maltese internal audit units. Benchmarking: An International Journal
14:6, 750-767. [Abstract] [Full Text] [PDF]
18. Dessalegn Getie Mihret, Aderajew Wondim Yismaw. 2007. Internal audit effectiveness: an Ethiopian public sector case study.
Managerial Auditing Journal 22:5, 470-484. [Abstract] [Full Text] [PDF]
19. Albert L. Nagy, William J. Cenker. 2007. Internal Audit Professionalism and Section 404 Compliance: The View of Chief
Audit Executives from Northeast Ohio. International Journal of Auditing 11:10.1111/ijau.2007.11.issue-1, 41-49. [CrossRef]
20. Abdulrahman A.M. Al‐Twaijry, John A. Brierley, David R. Gwilliam. 2004. An examination of the relationship between
internal and external audit in the Saudi Arabian corporate sector. Managerial Auditing Journal 19:7, 929-944. [Abstract] [Full
Text] [PDF]