External auditors' evaluation of the internal audit function: An empirical investigation

Evaluation of the strength of the client's internal audit function by the external auditor (EA) has taken on increased significance due to stronger regulation around the evaluation of internal controls after SOX (2002). However, research examining how this evaluation occurs in practice is mixed and inconclusive. In this study, we examine empirically whether the Desai et al. (2010) theoretical model is reflective of how auditors make judgments about the strength of their client's internal audit function in practice. Specifically, we present external auditors with evidence about internal auditor work performance, competence and objectivity in a manner consistent with the structure of evidence evaluation implied by the Desai et al. (2010) model. We then compare the auditors' actual strength judgments to the strength levels predicted by the model and evaluate similarities and differences. Results indicate that no one factor dominates the strength judgment in all cases. In addition, EAs do not weigh negative evidence as heavily as does the model. When the evidence about the three factors is conflicting, external auditors have difficulty incorporating them in a consistent way into the calculation of their overall strength judgment. Finally, we find results consistent with prior research indicating auditors tend to be more sensitive to negative than positive evidence. Also, it is harder to move auditors' beliefs away from a negative position with positive evidence than to move those beliefs away from a positive position with negative evidence. Results suggest that additional training and use of a decision aid structured according to the Desai et al. (2010) model would be especially useful when evidence about internal auditors' work performance, competence and objectivity is conflicting.     

External auditors’ reliance on internal audit: the impact of sourcing arrangements and consulting activities

This study examines the impact of internal audit outsourcing and involvement in consulting on external auditors’ reliance on the work of internal audit. We test whether these factors influence reliance on internal audit work already undertaken and the use of internal auditors as assistants, distinguishing between control evaluation and substantive testing. Involvement in consulting impacts reliance on work undertaken and the use of internal auditors as assistants for control evaluation. External auditors make greater use of internal auditors as assistants for substantive testing when internal audit is provided in‐house. Overall, external auditors use internal audit more for control evaluation tasks.     

The influence of litigation risk and internal audit source on reliance decisions

External auditor reliance on the work of internal auditors in an integrated audit of the financial statements and internal control is an important audit planning procedure that can impact audit efficiency and effectiveness. The purpose of this study is to examine how perceived auditor litigation risk and internal audit source affect external auditors' reliance decisions in an integrated audit environment under varying levels of risk of material misstatement. In an experimental study using 89 practicing Big 4 auditors, this study finds that auditors who perceive low litigation risk from placing reliance on the work of internal auditors will rely more on outsourced internal auditors than in-house internal auditors. The results also show that auditors' reliance decisions are sensitive to the level of account risk consistent with the risk-based approach to the integrated audit encouraged by the PCAOB.     

Evaluating the Work of Internal Audit: A Comparison of Standards and Empirical Evidence

Numerous changes have recently been proposed or made to audit standards providing guidance for external auditors' evaluations of internal audit work. This paper reports the results of a study to compare the UK's Accounting Practices Board Statement of Auditing Standard 500, first, with similar standards promulgated by international, Canadian and US societies, and second, with audit quality factors derived from practising internal auditors. The data for the latter comparison was obtained from a two-phase study that first generated a set of potential quality factors through intensive structured interviews with audit groups from six different and diverse organisations, and then obtained evaluations of these factors from a large sample of internal auditors worldwide. Results first indicate that there are strong similarities between the guidance provided by SAS 500 and that proposed or promulgated by the UK, international, Canadian and US audit groups. Furthermore, the guidance provided by these SASs for items to consider in evaluating the quality of internal audit work are largely in agreement with the factors determined by practising internal auditors. There are, however, several items listed in SAS 500 that are not considered useful by internal auditors and there are other factors considered crucial by internal auditors but not mentioned in the SASs.     

Has SOX Enhanced Non–Big 4 Auditors' Ability to Deal with Client Pressure?

We investigate whether non–Big 4 auditors have enhanced their ability to resist client pressure over accrual reporting following the Sarbanes‐Oxley Act (SOX). Regressing abnormal accruals on proxies for economic bonding, we find that changes in the association, defined as (Post–Pre), are significantly negative, implying an improvement in auditor independence after SOX. Among non–Big 4 auditors, only Tier 3 auditors compromised reporting objectivity before SOX, but neither Tier 2 nor Tier 3 auditors yielded to client pressure after SOX. Evidence that these two groups of non–Big 4 auditors differ in the way they cope with client pressure in a loose regulatory regime highlights the importance of assessing the efficacy of SOX separately for subsets of auditors and contributes to an understanding of the underresearched, but inherently important, segment of the audit market served by non–Big 4 auditors. Further analysis indicates that the low pre‐SOX audit quality observed in the full sample is driven by non–PCAOB registrants.     

The effect of external audits of internal control over financial reporting on financial reporting for clients of Big 4, Second-tier,and small audit firms

The external audit of internal control over financial reporting (ICFR) is a very expensive and contentious aspect of the Sarbanes–Oxley Act (SOX). Larger public firms were first required to file a management report on and have an external audit of ICFR in 2004. Smaller public firms were first required to file a management report on ICFR in 2007 but are exempt from the audit requirement. Whereas most related prior research investigates the combined effect of management and auditor reports on financial reporting, this study examines the distinct effect of auditor reports on reporting quality. For companies audited by small auditors, we find evidence that financial reporting quality improves with an auditor report on ICFR. We find no evidence that auditor ICFR reports improve reporting quality for clients of Big 4 or Second-tier audit firms. Our study adds to the debate on the applicability of SOX Section 404 to smaller firms.     

External auditors' willingness to rely on the work of internal auditors: The influence of work style and barriers to cooperation

The extent to which external auditors rely on the work of internal auditors is an important judgment. Recently, the Public Company Accounting Oversight Board has recommended that external auditors “rely (more) on the work of others” to reduce the greater-than-expected costs associated with compliance with Section 404 of the Sarbanes–Oxley Act. Reliance decisions, however, are complex decision tasks that require professional judgment and may be influenced by a number of factors, both external (environmental) and internal (cognitive and affective), including the auditors' working style and pervious experiences related to barriers to external/internal auditor cooperation (e.g., previously experienced low versus high internal auditor objectivity and/or competence). We experimentally examine these influences in our research reported herein. Consistent with expectations, external auditors' work styles significantly influenced the extent of planned audit testing, internal auditor reliance judgments, and interpretation of analytical procedures results. Auditors' perceptions about internal auditors' competence and objectivity, developed over years of interaction, also influenced these judgments, and interacted with work styles. Inconsistent with expectations, auditor rank (senior versus manager) did not influence judgments.     

The (mis)fit between the profile of internal auditors and internal audit activities

This study investigates whether there is a fit between the profile of internal auditors and the activities of the internal audit department (IAD). It also seeks to discover which type of internal auditors fit which type of internal audit (IA) activities. This is commonly referred to as the person-job (P-J) fit. Furthermore, this study investigates whether this (mis)fit is associated with the outsourcing/co-sourcing of IA activities and turnover within the IAD. Bringing strategic human resource management (SHRM) into IA can be considered as the key contribution of this paper. The results of this study are based on a questionnaire completed by 280 members of the Institute of Internal Auditors in Belgium. The results show that there is a fit between some characteristics of internal auditors working in an IAD and the activities of the IAD. The results also show that certain internal auditor characteristics fit with certain types of IA activities. However, the degree of fit varies. Furthermore, it was found that IADs that co-source/outsource were significantly more associated with a misfit between the profile of the internal auditors and the activities of the IAD, whereas a misfit was not significantly associated with a high turnover of internal auditors.     

Auditor quality,audit fees,organizational structure,and risk taking in the US life insurance industry

Using a system of simultaneous equations, this study examines the relation among external audit monitoring, in the US life insurance industry. We find insurers with higher leverage risk and surplus risk are more likely to use Big‐4 auditors and to pay higher fees. In return, insurers hiring Big‐4 auditors and paying higher audit fees have lower leverage risk and surplus risk. Second, the results suggest that mutual life insurers have a higher leverage risk and surplus risk than stock life insurers. This evidence is in contrast to that for property–liability insurance companies. Third, we find insurers are less likely to hire Big‐4 auditors and to pay higher audit fees after implementation of the Sarbanes–Oxley Act (SOX). Finally, life insurers with Big‐4 auditors or paying higher audit fees are more likely to take lower risks after the implementation of SOX.     

The impact of financial reporting flexibility on auditor risk judgement: Evidence from the implementation of FIN 46R

This paper investigates how auditors respond, in terms of their pricing and audit work, to a reduction of clients’ financial reporting discretion upon the implementation of FIN 46R, which requires firms to consolidate the variable interest entities (VIE) under their control. Using a difference-in-differences research design, we find that auditors charge relatively fewer audit fees and have shorter audit report lags for firms that are significantly affected by FIN 46R, compared to a group of control firms. This result concurs with the view that auditors react favorably to the reduction of clients’ financial reporting discretion. Our finding is concentrated among clients with higher accrual earnings management constraints, auditors with less client-specific knowledge, and auditors who have no recent experience of audit failures (e.g., severe client restatements). Our results are robust to alternative identifications of treatment and control samples, and our conclusion remains valid after controlling for the contemporaneous adoption of Sarbanes-Oxley (SOX) Act. We also show that the relatively reduced audit fees and audit effort do not lead to the deterioration of audit quality.     

Factors affecting the internal audit effectiveness: A survey of the Saudi public sector

This study assesses factors influencing internal audit effectiveness (IAE) in Saudi Arabia. Data were obtained from 203 managers and 239 internal auditors from 79 Saudi Arabian public sector organizations. Multiple regression analysis examines the association between IAE and five principal factors. Results suggest that management support for IAE drives perceived effectiveness of the internal audit function from both management's and the internal auditors’ perspective. Management support is linked to hiring trained and experienced staff, providing sufficient resources, enhancing the relationship with external auditors, and having an independent internal audit department. Saudi Arabia is representative of many developed and developing environments, and its recent tradition of governance and audit is mirrored in countries worldwide. Moreover, its specific cultural traditions involving clan and tribal allegiances, and pervasive and core religious beliefs, characterize the GCC countries, the Arab World generally, and indeed, many other developing countries, irrespective of wealth. Thus, links between management support and internal audit effectiveness are likely generalizable beyond the Saudi public sector context.     

An Empirical Investigation of the Interface Between Internal and External Auditors

Professional standards place specific responsibilities on auditors for the discovery of material mis-statements in reports of corporate financial performance. Certain factors have been shown to increase the likelihood of fraudulent financial reporting. One warning sign is the potentially pervasive effect of a weak internal control environment consistent with a weak internal audit group. This study investigates the impact of internal audit department quality differences on auditors ‘willingness to place reliance on the work performed by internal auditors. The study also gives consideration to auditors’ recent experiences with material errors and irregularities and examines the influence of two previously untested individual auditor differences on audit judgment decisions: (1) conflict management style and (2) perception of internal/external auditor communication barriers. The results indicate that auditors attend to internal audit department quality differences and that individual auditor differences exhibit significant influence over auditor judgments. Implications for audit practice are considered and directions for future research are suggested.     

The relationship between internal audit and information security: An exploratory investigation

The internal audit and information security functions should work together synergistically: the information security staff designs, implements, and operates various procedures and technologies to protect the organization's information resources, and internal audit provides periodic feedback concerning effectiveness of those activities along with suggestions for improvement. Anecdotal reports in the professional literature, however, suggest that the two functions do not always have a harmonious relationship. This paper presents the first stage of a research program designed to investigate the nature of the relationship between the information security and internal audit functions. It reports the results of a series of semi-structured interviews with both internal auditors and information systems professionals. We develop an exploratory model of the factors that influence the nature of the relationship between the internal audit and information security functions, describe the potential benefits organizations can derive from that relationship, and present propositions to guide future research.     

Audit committee quality,auditor independence,and internal control weaknesses

In this paper we investigate the relation between audit committee quality, auditor independence, and the disclosure of internal control weaknesses after the enactment of the Sarbanes-Oxley Act. We begin with a sample of firms with internal control weaknesses and, based on industry, size, and performance, match these firms to a sample of control firms without internal control weaknesses. Our conditional logit analyses indicate that a relation exists between audit committee quality, auditor independence, and internal control weaknesses. Firms are more likely to be identified with an internal control weakness, if their audit committees have less financial expertise or, more specifically, have less accounting financial expertise and non-accounting financial expertise. They are also more likely to be identified with an internal control weakness, if their auditors are more independent. In addition, firms with recent auditor changes are more likely to have internal control weaknesses.     

The Contribution of Internal Audit as a Determinant of External Audit Fees and Factors Influencing This Contribution

Despite extensive research on the determinants of external audit fees, there is little empirical evidence on the effect of internal audit contribution on the external audit fee. Using a cross-sectional regression model based on prior audit fee research, this study provides evidence that internal audit contribution is a significant determinant of the external audit fee. Further, a second model that provides evidence on the determinants of internal audit contribution is developed and tested. This second model indicates that internal audit contribution is influenced by internal audit quality and, conditional on the level of inherent risk, the availability of internal audit and the extent of coordination between internal and external auditors. These results are based on a unique data-set comprised of publicly available data matched with survey responses from internal and external auditors affiliated with 70 non-financial services Fortune 1000 firms. The sample includes all of the former "Big 6" international accounting firms and clients from twenty-nine different industries.     

Organizational legitimacy,conflict, and hypocrisy: An alternative view of the role of internal auditing

This article provides a commentary on Everett and Tremblay's (2014) analysis of ethics and internal audit by further exploring the role of the internal audit function within Nils Brunsson's model of organized hypocrisy (Brunsson, 1986, Brunsson, 1993, Brunsson, 2002). Specifically, we extend Everett and Tremblay's discussion of internal auditors as ‘moral’ actors and propose that the counter-coupling of an organization's primary outputs–talk, decision and action–provides internal auditors with the necessary tools to carry out conflicting ethical roles within the organization.     

Internal audit reporting lines,fraud risk decomposition,and assessments of fraud risk

The main purpose of this research is to examine the effects of internal audit reporting lines on fraud risk assessments made by internal auditors when the level of fraud risk varies. Significant emphasis has been placed on the importance of reporting lines in maintaining the autonomy of internal auditors, but the perceived benefits of requiring internal audit to report directly to the audit committee have not been validated or systematically investigated. Results of an experiment involving 172 experienced internal auditors and additional survey findings indicate that internal auditors perceive more personal threats when they report high levels of risk directly to the audit committee, relative to management. Perceived threats lead internal auditors to reduce assessed levels of fraud risk when reporting to the audit committee relative to when reporting to management. This finding runs counter to the anticipated benefits of requirements that the internal audit function report directly to the audit committee, and it reveals potential conflicts of interest and independence threats created by the audit committee itself. We also investigate the effects of fraud risk decomposition on risk assessments made by internal auditors. We find that fraud risk assessment decomposition does not have the same effects on internal auditors as it has on external auditors, and the effects of decomposition do not align with the expected benefits of decomposition.     

Corporate Governance and Efficiency: Evidence From U.S. Property–Liability Insurance Industry

This study examines the relation between corporate governance and the efficiency of the U.S. property–liability insurance industry during the period from 2000 to 2007. We find a significant relation between efficiency and corporate governance (board size, proportion of independent directors on the audit committee, proportion of financial experts on the audit committee, director tenure, proportion of block shareholding, average number of directorships, proportion of insiders on the board, and auditor dependence). We also find property–liability insurers have complied with the Sarbanes‐Oxley Act (SOX) to a large extent. Although SOX achieved the goal of greater auditor independence and might have prevented Enron‐like scandals, it had some unexpected effects. For example, insurers became less efficient when they had more independent auditors because the insurers were unable to recoup the benefits of auditor independence.     

基于决策、执行、监督分离治理模式下的企业内部审计地位探讨

公司治理是依据企业产权关系建立起的一种权力制衡结构。我国的公司治理主要有以监事会为核心和以董事会(独立董事)为核心的两种结构模式。在公司治理中,内部审计与企业投资人及其他利益关系人不存在直接的委托与受托关系,其本身并不能单独成为一个合格的治理要素。内部审计与总经理为代表的经营管理系统是一种功能"抵消"和"消溶"的关系,与以董事会为代表的决策系统则是一种功能"排斥"关系,而与监事会或审计委员会位代表的监督系统却是一种功能"互补"和"融合"的关系。因此,内部审计只有依附于监督系统而成为监督支持系统和监督信息系统,才能成为一个合格的治理要素。     

Common auditors and internal control similarity: Evidence from China

This study investigates how important common auditors are to internal control similarity between two firms. Based on a less concentrated audit market in China, we find that firm-pairs with common auditors enforce a similar internal control system. This inference holds after accounting for other social connections, examining internal control components, using alternative measures of internal control, adopting finer industry classifications, constructing alternative internal control similarity, running auditor switch tests, and addressing endogeneity problems. Additional analyses indicate that auditor style and information sharing serve two underlying mechanisms to undergird the documented relationship. Finally, our evidence suggests that high-centrality firms in auditor networks are associated with better financial reporting.