Internal Audit Independence and Objectivity: Emerging Research
VerifiedAdded on 2023/04/19
|40
|18149
|460
Literature Review
AI Summary
This paper provides a literature review of internal audit independence and objectivity, focusing on studies published since 1999. It begins by outlining the IIA's definitions and standards related to independence and objectivity. The review covers key areas such as the organizational status of internal audit, the auditor's dual role in assurance and consulting, involvement in risk management, outsourcing, and the use of internal audit as a training ground. It identifies gaps in existing research and suggests opportunities for future studies, contributing to the understanding of internal audit's evolving role in corporate governance. The paper references prior literature reviews and the IIA's Common Body of Knowledge studies to provide a comprehensive overview of the field.
Internal audit independence and objectivity: emerging
research opportunities
Author
Stewart, Jenny, Subramaniam, Nava
Published
2010
Journal Title
Managerial Auditing Journal
DOI
https://doi.org/10.1108/02686901011034162
Copyright Statement
© 2010 Emerald. This is the author-manuscript version of this paper. Reproduced in accordance
with the copyright policy of the publisher. Please refer to the journal's website for access to the
definitive, published version.
Downloaded from
http://hdl.handle.net/10072/34073
Griffith Research Online
https://research-repository.griffith.edu.au
research opportunities
Author
Stewart, Jenny, Subramaniam, Nava
Published
2010
Journal Title
Managerial Auditing Journal
DOI
https://doi.org/10.1108/02686901011034162
Copyright Statement
© 2010 Emerald. This is the author-manuscript version of this paper. Reproduced in accordance
with the copyright policy of the publisher. Please refer to the journal's website for access to the
definitive, published version.
Downloaded from
http://hdl.handle.net/10072/34073
Griffith Research Online
https://research-repository.griffith.edu.au
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
Internal Audit Independence and Objectivity:
Emerging Research Opportunities
JENNY STEWART*
Griffith Business School
Griffith University, Queensland, Australia
and
NAVA SUBRAMANIAM
Faculty of Business and Law
Deakin University, Victoria, Australia
* Contact Author
Acknowledgements: Earlier versions of this paper were presented at a plenary session
of the Sixth European and First Global Academic Conference on Internal Audit and
Corporate Governance at Erasmus University, Rotterdam, April 2008 and at the
Colloquium in Auditing and Governance Celebrating 25 Years of Managerial Auditing
Journal at Deakin University in October 2009. The paper has benefited from the helpful
comments of those present at these events. We also thank two anonymous reviewers for
their suggestions.
January 2010
Internal Audit Independence and Objectivity:
Emerging Research Opportunities
JENNY STEWART*
Griffith Business School
Griffith University, Queensland, Australia
and
NAVA SUBRAMANIAM
Faculty of Business and Law
Deakin University, Victoria, Australia
* Contact Author
Acknowledgements: Earlier versions of this paper were presented at a plenary session
of the Sixth European and First Global Academic Conference on Internal Audit and
Corporate Governance at Erasmus University, Rotterdam, April 2008 and at the
Colloquium in Auditing and Governance Celebrating 25 Years of Managerial Auditing
Journal at Deakin University in October 2009. The paper has benefited from the helpful
comments of those present at these events. We also thank two anonymous reviewers for
their suggestions.
January 2010
2
Autobiographical note:
Professor Jenny Stewart
Department of Accounting, Finance & Economics,
Griffith Business School,
Griffith University,
University Drive, Meadowbrook,
Queensland, 4131
Australia
Ph: 617 33821192
Fax: 617 33821128
Email: j.stewart@griffith.edu.au
(Contact Author)
Professor Nava Subramaniam
Professor of Accounting
School of Accounting, Economics and Finance
Faculty of Business and Law, Building lb4.350
Deakin University, Elgar Road, Burwood Victoria 3125 Australia.
Ph: 613 925 17288
Fax: 613 924 46034
Email: navas@deakin.edu.au
Autobiographical note:
Professor Jenny Stewart
Department of Accounting, Finance & Economics,
Griffith Business School,
Griffith University,
University Drive, Meadowbrook,
Queensland, 4131
Australia
Ph: 617 33821192
Fax: 617 33821128
Email: j.stewart@griffith.edu.au
(Contact Author)
Professor Nava Subramaniam
Professor of Accounting
School of Accounting, Economics and Finance
Faculty of Business and Law, Building lb4.350
Deakin University, Elgar Road, Burwood Victoria 3125 Australia.
Ph: 613 925 17288
Fax: 613 924 46034
Email: navas@deakin.edu.au
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
Internal Audit Independence and Objectivity:
Emerging Research Opportunities
Abstract
Purpose - The objective of this paper is to provide a review of the recent literature on
internal audit independence and objectivity and discuss opportunities for future
research. The topics we examine are the organizational status of internal audit, the
internal auditor’s dual role as a provider of assurance and consulting activities, internal
audit’s involvement in risk management, outsourcing and co-sourcing of internal audit
activities and the use of internal audit as a training ground for managers.
Design/methodology/approach - The approach used in this paper is a review of the
literature followed by an identification of further research opportunities.
Findings -The paper summarizes the existing body of knowledge relating to internal
audit independence and objectivity and identifies gaps in the literature where further
research is needed.
Originality/value - The paper provides researchers with a useful summary of the
literature on internal audit independence and objectivity and stimulates them to engage
in further research in the area.
Keywords - internal audit; independence; objectivity
Paper type - Literature review
Internal Audit Independence and Objectivity:
Emerging Research Opportunities
Abstract
Purpose - The objective of this paper is to provide a review of the recent literature on
internal audit independence and objectivity and discuss opportunities for future
research. The topics we examine are the organizational status of internal audit, the
internal auditor’s dual role as a provider of assurance and consulting activities, internal
audit’s involvement in risk management, outsourcing and co-sourcing of internal audit
activities and the use of internal audit as a training ground for managers.
Design/methodology/approach - The approach used in this paper is a review of the
literature followed by an identification of further research opportunities.
Findings -The paper summarizes the existing body of knowledge relating to internal
audit independence and objectivity and identifies gaps in the literature where further
research is needed.
Originality/value - The paper provides researchers with a useful summary of the
literature on internal audit independence and objectivity and stimulates them to engage
in further research in the area.
Keywords - internal audit; independence; objectivity
Paper type - Literature review
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
Internal Audit Independence and Objectivity:
Emerging Research Opportunities
Introduction
The assurance services provided by auditors derive their value and credibility from the
fundamental assumptions of independence of mind and independence in appearance.
Not surprisingly, a large body of research has examined auditor independence and
objectivity, but this has been predominantly in the context of external audit. In more
recent years, there has been heightened interest in issues associated with the
independence and objectivity of internal audit. The motivation for this growth in
research is related to the evolving and expanding role of internal audit as a key
corporate governance mechanism as well as an internal consultancy service. In this
regard, internal auditors are in a unique situation as providers of both assurance services
within the organization and consultancy services to managers. This dual role has
generated significant debate as it has the potential to place the internal auditor in a
situation of conflict. Furthermore, as employees of the organization, the ability of
internal auditors to exercise true objectivity has also been questioned (Paape, 2007).
The objective of this paper is to provide a review of the evolving literature on internal
auditors’ independence and objectivity in order to highlight gaps in knowledge and
make recommendations for future research. As a basis for our review, we draw on the
current definition of internal audit promulgated by the Institute of Internal Auditors
(IIA), together with the IIA professional standards and guidelines on independence and
objectivity. In order to capture the increased scope of internal audit as a key governance
mechanism, we focus on the literature in this area since the new definition of internal
auditing was released in 1999. Our study contributes to the internal auditing literature
by providing an in-depth analysis of key issues that impact independence and
objectivity in the current governance environment.
Prior literature reviews of internal audit
To date, there have been a limited number of prior reviews of the internal audit
literature. Bailey et al. (2003) edited a monograph published by the IIA Research
Foundation on research opportunities in internal auditing. There were two key
objectives of this monograph. It was intended, first, to inspire academic research on
topics of relevance to internal auditing and, second, to bridge the gap between
academics and practitioners. As such, it is a blend of theory and practice, designed to
familiarize academic researchers with internal audit practice (Editorial Preface, xi – xii).
Each chapter of the monograph raises a series of research questions related to a specific
topic in internal auditing and we refer to these where relevant.
Two previous reviews have examined the literature and future research opportunities
relating to the role of the internal audit function in corporate governance. Gramling et
al. (2004) focus on the relationship between internal audit and the other cornerstones of
governance (i.e. external auditors, the audit committee and management). They also
evaluate the literature on internal audit quality (including objectivity and independence),
with a particular emphasis on external auditors’ evaluations of internal audit and their
Internal Audit Independence and Objectivity:
Emerging Research Opportunities
Introduction
The assurance services provided by auditors derive their value and credibility from the
fundamental assumptions of independence of mind and independence in appearance.
Not surprisingly, a large body of research has examined auditor independence and
objectivity, but this has been predominantly in the context of external audit. In more
recent years, there has been heightened interest in issues associated with the
independence and objectivity of internal audit. The motivation for this growth in
research is related to the evolving and expanding role of internal audit as a key
corporate governance mechanism as well as an internal consultancy service. In this
regard, internal auditors are in a unique situation as providers of both assurance services
within the organization and consultancy services to managers. This dual role has
generated significant debate as it has the potential to place the internal auditor in a
situation of conflict. Furthermore, as employees of the organization, the ability of
internal auditors to exercise true objectivity has also been questioned (Paape, 2007).
The objective of this paper is to provide a review of the evolving literature on internal
auditors’ independence and objectivity in order to highlight gaps in knowledge and
make recommendations for future research. As a basis for our review, we draw on the
current definition of internal audit promulgated by the Institute of Internal Auditors
(IIA), together with the IIA professional standards and guidelines on independence and
objectivity. In order to capture the increased scope of internal audit as a key governance
mechanism, we focus on the literature in this area since the new definition of internal
auditing was released in 1999. Our study contributes to the internal auditing literature
by providing an in-depth analysis of key issues that impact independence and
objectivity in the current governance environment.
Prior literature reviews of internal audit
To date, there have been a limited number of prior reviews of the internal audit
literature. Bailey et al. (2003) edited a monograph published by the IIA Research
Foundation on research opportunities in internal auditing. There were two key
objectives of this monograph. It was intended, first, to inspire academic research on
topics of relevance to internal auditing and, second, to bridge the gap between
academics and practitioners. As such, it is a blend of theory and practice, designed to
familiarize academic researchers with internal audit practice (Editorial Preface, xi – xii).
Each chapter of the monograph raises a series of research questions related to a specific
topic in internal auditing and we refer to these where relevant.
Two previous reviews have examined the literature and future research opportunities
relating to the role of the internal audit function in corporate governance. Gramling et
al. (2004) focus on the relationship between internal audit and the other cornerstones of
governance (i.e. external auditors, the audit committee and management). They also
evaluate the literature on internal audit quality (including objectivity and independence),
with a particular emphasis on external auditors’ evaluations of internal audit and their
5
reliance on internal audit work. Cohen et al. (2004) provide an extensive review of
research on corporate governance and its impact on financial reporting quality. The
authors introduce the notion of a corporate governance mosaic, comprising interactions
among the board of directors and the audit committee, management, external audit and
internal audit. As such, they summarize the research literature relating to internal
auditors’ governance role and suggest opportunities for future research. Both of these
reviews provide an excellent synthesis of the literature in this area, but largely from a
North American perspective. Given the growth in international research on internal
audit independence and objectivity, we extend this work to include studies from Europe,
Australasia and other parts of the world.1
In 2006, the IIA commissioned the global Common Body of Knowledge 2006 (CBOK)
study, engaging researchers from around the world “to better understand the expanding
scope of internal audit practice” (Cooper et al., 2006). This study has resulted in three
related literature reviews. Cooper et al. (2006) examined the internal auditing literature
in the Asia Pacific region, Hass et al. (2006) studied the literature from the Americas,
while Allegrini et al. (2006) performed a similar review of the European literature. The
purpose of these reviews was to document changes in internal audit as a result of shifts
in global business practices. Where relevant, we draw on aspects of these reviews that
relate to internal audit objectivity. We also refer to the findings of the CBOK study
(Burnaby et al., 2007) throughout our discussion of the literature.
Background - professional guidance relating to independence and objectivity
In this section we review the professional guidance pertaining to internal audit
independence and objectivity. We commence with the definition of internal audit put
forward by the IIA (1999) and the definitions of independence and objectivity provided
in the Glossary to the IIA Standards (IIA, 2009a). We then summarize the IIA Code of
Ethics (2000) with respect to objectivity. We follow this with an overview of the
attribute standards and other guidance that the IIA has issued on independence and
objectivity.
The IIA (1999) definition of internal auditing is now familiar and well accepted:
“Internal auditing is an independent, objective assurance and consulting
activity designed to add value and improve an organization’s operations. It
helps an organization accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the effectiveness of risk
management, control, and governance processes.”
This definition highlights the independence and objectivity of internal auditing with
respect to both assurance services and consulting. Independence and objectivity are
closely related. However, the Glossary to the IIA Standards distinguishes between the
two concepts in the following way:
“Independence – The freedom from conditions that threaten objectivity or the
appearance of objectivity. Such threats to objectivity must be managed at the
individual auditor, engagement, functional and organizational levels.”
“Objectivity – An unbiased mental attitude that allows internal auditors to
perform engagements in such a manner that they have an honest belief in their
work product and that no significant quality compromises are made.
Objectivity requires internal auditors not to subordinate their judgment on
audit matters to that of others.”
reliance on internal audit work. Cohen et al. (2004) provide an extensive review of
research on corporate governance and its impact on financial reporting quality. The
authors introduce the notion of a corporate governance mosaic, comprising interactions
among the board of directors and the audit committee, management, external audit and
internal audit. As such, they summarize the research literature relating to internal
auditors’ governance role and suggest opportunities for future research. Both of these
reviews provide an excellent synthesis of the literature in this area, but largely from a
North American perspective. Given the growth in international research on internal
audit independence and objectivity, we extend this work to include studies from Europe,
Australasia and other parts of the world.1
In 2006, the IIA commissioned the global Common Body of Knowledge 2006 (CBOK)
study, engaging researchers from around the world “to better understand the expanding
scope of internal audit practice” (Cooper et al., 2006). This study has resulted in three
related literature reviews. Cooper et al. (2006) examined the internal auditing literature
in the Asia Pacific region, Hass et al. (2006) studied the literature from the Americas,
while Allegrini et al. (2006) performed a similar review of the European literature. The
purpose of these reviews was to document changes in internal audit as a result of shifts
in global business practices. Where relevant, we draw on aspects of these reviews that
relate to internal audit objectivity. We also refer to the findings of the CBOK study
(Burnaby et al., 2007) throughout our discussion of the literature.
Background - professional guidance relating to independence and objectivity
In this section we review the professional guidance pertaining to internal audit
independence and objectivity. We commence with the definition of internal audit put
forward by the IIA (1999) and the definitions of independence and objectivity provided
in the Glossary to the IIA Standards (IIA, 2009a). We then summarize the IIA Code of
Ethics (2000) with respect to objectivity. We follow this with an overview of the
attribute standards and other guidance that the IIA has issued on independence and
objectivity.
The IIA (1999) definition of internal auditing is now familiar and well accepted:
“Internal auditing is an independent, objective assurance and consulting
activity designed to add value and improve an organization’s operations. It
helps an organization accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the effectiveness of risk
management, control, and governance processes.”
This definition highlights the independence and objectivity of internal auditing with
respect to both assurance services and consulting. Independence and objectivity are
closely related. However, the Glossary to the IIA Standards distinguishes between the
two concepts in the following way:
“Independence – The freedom from conditions that threaten objectivity or the
appearance of objectivity. Such threats to objectivity must be managed at the
individual auditor, engagement, functional and organizational levels.”
“Objectivity – An unbiased mental attitude that allows internal auditors to
perform engagements in such a manner that they have an honest belief in their
work product and that no significant quality compromises are made.
Objectivity requires internal auditors not to subordinate their judgment on
audit matters to that of others.”
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
Hence, the IIA’s distinction between the two terms appears to be that objectivity is a
state of mind while independence is the state of affairs that permits an internal auditor to
operate with an objective attitude. While the IIA standards (IIA, 2009a) emphasize
independence at the organizational level, the definition indicates that it is also important
at the individual, engagement and functional levels.
The IIA Code of Ethics (IIA, 2009b) consists of a number of basic principles which
internal auditors are expected to uphold, together with rules of conduct which describe
the norms of behaviour expected of internal auditors. The principle relating to
objectivity requires internal auditors to “exhibit the highest level of professional
objectivity in gathering, evaluating, and communicating information about the activity
or process being examined.” Furthermore, internal auditors are expected to make a
balanced assessment of all the relevant circumstances and they should not be unduly
influenced by their own or others’ interests when forming judgments. The rules of
conduct specify that internal auditors:
(i) shall not participate in any activity or relationship that may impair or be presumed to
impair their unbiased assessment;
(ii) shall not accept anything that may impair or be presumed to impair their
professional judgment; and
(iii) shall disclose all material facts known to them that, if not disclosed, may distort the
reporting of activities under review.
The IIA has issued a number of attribute standards (IIA, 2009a) and associated practice
advisories (IIA, 2009c) relating to independence and objectivity. Standard 1100 states
that “the internal audit activity must be independent, and internal auditors must be
objective in performing their work.” To achieve the required degree of independence,
the chief audit executive (CAE) should have direct and unrestricted access to senior
management and the board and this can be achieved by a dual reporting relationship.
Attribute Standard 1110 further discusses organizational independence based on the
CAE reporting to a level in the organization that permits the internal audit activity to
fulfill its responsibilities. The standard stresses that the CAE must confirm the
organizational independence of internal audit to the board at least annually. The related
Practice Advisory 1110-1 stresses that the CAE should ideally report functionally to the
board and administratively to the chief executive officer (CEO). As a minimum,
administrative reporting should be to an executive with “sufficient authority to promote
independence and to ensure broad audit coverage, adequate consideration of
engagement communications and appropriate action on engagement recommendations”.
Attribute Standard 1120 relates to individual objectivity and requires internal auditors to
“have an impartial, unbiased attitude and avoid any conflict of interest.” The related
Practice Advisory 1120-1 stresses the need to avoid potential and actual conflicts of
interest and bias at the individual level and suggests that staff assignments should be
rotated periodically. Attribute Standard 1130 discusses the need to adequately disclose
to appropriate parties any impairment to independence or objectivity. Examples of
impairment include internal auditors assessing operations for which they were
previously responsible. Other impairments noted in the Glossary to the Standards are
personal conflicts of interest, scope and resource limitations, and restrictions on access
to records, personnel and property.
Hence, the IIA’s distinction between the two terms appears to be that objectivity is a
state of mind while independence is the state of affairs that permits an internal auditor to
operate with an objective attitude. While the IIA standards (IIA, 2009a) emphasize
independence at the organizational level, the definition indicates that it is also important
at the individual, engagement and functional levels.
The IIA Code of Ethics (IIA, 2009b) consists of a number of basic principles which
internal auditors are expected to uphold, together with rules of conduct which describe
the norms of behaviour expected of internal auditors. The principle relating to
objectivity requires internal auditors to “exhibit the highest level of professional
objectivity in gathering, evaluating, and communicating information about the activity
or process being examined.” Furthermore, internal auditors are expected to make a
balanced assessment of all the relevant circumstances and they should not be unduly
influenced by their own or others’ interests when forming judgments. The rules of
conduct specify that internal auditors:
(i) shall not participate in any activity or relationship that may impair or be presumed to
impair their unbiased assessment;
(ii) shall not accept anything that may impair or be presumed to impair their
professional judgment; and
(iii) shall disclose all material facts known to them that, if not disclosed, may distort the
reporting of activities under review.
The IIA has issued a number of attribute standards (IIA, 2009a) and associated practice
advisories (IIA, 2009c) relating to independence and objectivity. Standard 1100 states
that “the internal audit activity must be independent, and internal auditors must be
objective in performing their work.” To achieve the required degree of independence,
the chief audit executive (CAE) should have direct and unrestricted access to senior
management and the board and this can be achieved by a dual reporting relationship.
Attribute Standard 1110 further discusses organizational independence based on the
CAE reporting to a level in the organization that permits the internal audit activity to
fulfill its responsibilities. The standard stresses that the CAE must confirm the
organizational independence of internal audit to the board at least annually. The related
Practice Advisory 1110-1 stresses that the CAE should ideally report functionally to the
board and administratively to the chief executive officer (CEO). As a minimum,
administrative reporting should be to an executive with “sufficient authority to promote
independence and to ensure broad audit coverage, adequate consideration of
engagement communications and appropriate action on engagement recommendations”.
Attribute Standard 1120 relates to individual objectivity and requires internal auditors to
“have an impartial, unbiased attitude and avoid any conflict of interest.” The related
Practice Advisory 1120-1 stresses the need to avoid potential and actual conflicts of
interest and bias at the individual level and suggests that staff assignments should be
rotated periodically. Attribute Standard 1130 discusses the need to adequately disclose
to appropriate parties any impairment to independence or objectivity. Examples of
impairment include internal auditors assessing operations for which they were
previously responsible. Other impairments noted in the Glossary to the Standards are
personal conflicts of interest, scope and resource limitations, and restrictions on access
to records, personnel and property.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
Various practice advisories are related to impairment of independence and objectivity.
Practice Advisory 1130-1 requires internal auditors to report to the CAE any situations
involving actual or potential impairment and highlights the importance of not accepting
fees, gifts or entertainment from audit clients. Practice Advisory 1130.A1-1 does not
permit staff transferred or temporarily assigned to internal audit to undertake audits of
activities that they previously performed until at least one year has elapsed. Practice
Advisory 1130.A2-1 stresses that internal auditors should not have responsibility for
non-audit functions that are subject to internal audit assessments.
In addition to the standards and advisory statements, the IIA has also published a
framework to guide internal auditors with respect to independence and objectivity
(Mutchler et al., 2001). In this framework independence is recognized as a state where
threats to objectivity are appropriately managed. Hence, internal auditors are required to
identify, assess and manage threats to their objectivity, including the need to consider
safeguards that can mitigate the effects of the threats. An excellent summary of this
framework is provided by Mutchler (2003) 2 in her discussion of research opportunities
related to this framework. To avoid duplication, we provide only a brief overview of
the framework while, in subsequent sections of the paper, we extend and discuss
Mutchler’s suggestions for research in the area.
On an individual level, the framework discusses seven threats to an internal auditor’s
objectivity. These are (i) self-review, where the internal auditor reviews his/her own
work; (ii) social pressure, where the internal auditor is exposed to pressure from, say,
the auditee, or others on the audit team; (iii) economic interest, resulting, for example,
from incentive payments or from auditing the work of someone who has the power to
affect the internal auditor’s employment or salary; (iv) personal relationship, where the
internal auditor is a relative or friend of the auditee; (v) familiarity, resulting from a
long term relationship with the auditee including having worked in the unit being
audited; (vi) cultural, racial and gender biases arising in multinational organizations
when the auditor is biased or lacks an understanding of local culture and customs; and
(vii) cognitive biases resulting from preconceived notions or the adoption of a particular
psychological perspective when performing the audit. These threats can also occur at
the internal audit function level, particularly when the function is involved in both
consulting and assurance activities.
The framework also gives examples of mitigating factors that act as safeguards against
the threats to objectivity. Examples include organizational position and policy
statements which increase the status of internal auditors in the organization, a strong
and supportive governance environment, appropriate incentive schemes which reward
objectivity, the use of teams, and adequate supervision of staff.
In summary, it is apparent that the IIA takes a strong stance on the need for
independence and objectivity within the profession. Burnaby et al. (2007) report that
67% of respondents in the CBOK survey believed that they fully comply with IIA
Standard 1100, while 88% are of the view that the standard provides adequate guidance
with respect to independence and objectivity. However, as Paape (2007) argues, the two
concepts are not well defined and are relative in nature given that internal auditors are
employees of the entity. Hence, in addition to the empirical research opportunities
discussed in the next section, there is also an opportunity for academics to contribute to
Various practice advisories are related to impairment of independence and objectivity.
Practice Advisory 1130-1 requires internal auditors to report to the CAE any situations
involving actual or potential impairment and highlights the importance of not accepting
fees, gifts or entertainment from audit clients. Practice Advisory 1130.A1-1 does not
permit staff transferred or temporarily assigned to internal audit to undertake audits of
activities that they previously performed until at least one year has elapsed. Practice
Advisory 1130.A2-1 stresses that internal auditors should not have responsibility for
non-audit functions that are subject to internal audit assessments.
In addition to the standards and advisory statements, the IIA has also published a
framework to guide internal auditors with respect to independence and objectivity
(Mutchler et al., 2001). In this framework independence is recognized as a state where
threats to objectivity are appropriately managed. Hence, internal auditors are required to
identify, assess and manage threats to their objectivity, including the need to consider
safeguards that can mitigate the effects of the threats. An excellent summary of this
framework is provided by Mutchler (2003) 2 in her discussion of research opportunities
related to this framework. To avoid duplication, we provide only a brief overview of
the framework while, in subsequent sections of the paper, we extend and discuss
Mutchler’s suggestions for research in the area.
On an individual level, the framework discusses seven threats to an internal auditor’s
objectivity. These are (i) self-review, where the internal auditor reviews his/her own
work; (ii) social pressure, where the internal auditor is exposed to pressure from, say,
the auditee, or others on the audit team; (iii) economic interest, resulting, for example,
from incentive payments or from auditing the work of someone who has the power to
affect the internal auditor’s employment or salary; (iv) personal relationship, where the
internal auditor is a relative or friend of the auditee; (v) familiarity, resulting from a
long term relationship with the auditee including having worked in the unit being
audited; (vi) cultural, racial and gender biases arising in multinational organizations
when the auditor is biased or lacks an understanding of local culture and customs; and
(vii) cognitive biases resulting from preconceived notions or the adoption of a particular
psychological perspective when performing the audit. These threats can also occur at
the internal audit function level, particularly when the function is involved in both
consulting and assurance activities.
The framework also gives examples of mitigating factors that act as safeguards against
the threats to objectivity. Examples include organizational position and policy
statements which increase the status of internal auditors in the organization, a strong
and supportive governance environment, appropriate incentive schemes which reward
objectivity, the use of teams, and adequate supervision of staff.
In summary, it is apparent that the IIA takes a strong stance on the need for
independence and objectivity within the profession. Burnaby et al. (2007) report that
67% of respondents in the CBOK survey believed that they fully comply with IIA
Standard 1100, while 88% are of the view that the standard provides adequate guidance
with respect to independence and objectivity. However, as Paape (2007) argues, the two
concepts are not well defined and are relative in nature given that internal auditors are
employees of the entity. Hence, in addition to the empirical research opportunities
discussed in the next section, there is also an opportunity for academics to contribute to
8
the conceptual debate on independence and objectivity. This debate should be directed
at providing further clarification on the distinction between the two concepts.
The extant literature and research opportunities
To avoid replication of previous literature reviews, we do not cover the whole spectrum
of internal audit research. Rather, we focus on specific areas of significance to internal
audit objectivity where we perceive a need for further research. As previously noted,
our emphasis is on work that has engaged internal auditors rather than on work that
examines the perceptions of external auditors.3 In order to address issues of current
relevance, we restrict our discussion of prior studies to those that have been conducted
since the revised definition of internal audit in 1999.
The topics that we discuss are: (i) organizational status; (ii) assurance versus consulting;
(iii) internal audit’s role in risk management; (iv) outsourcing and co-sourcing internal
audit activities; and (v) internal audit as a management training ground. For each topic,
we summarize the key studies, highlight the gaps in knowledge and discuss
opportunities for future research. We conclude our review with a brief discussion of
emerging areas that could provide further research opportunities.
Organizational status
As we discussed earlier, the IIA stresses that the internal audit function should be given
the appropriate status in the organization to enable the function to exercise
organizational independence and individual internal auditors to act objectively. This is
necessary because internal auditors are in a unique position as employees of an
organization with responsibility to assess and monitor decisions made by management
and also to advise management on the adequacy and effectiveness of internal controls
(Sarens and de Beelde, 2006a). It is thus no surprise that internal auditors can face
considerable familiarity and social pressure threats stemming from their relationship
with management. In more recent years, audit committees have undertaken an important
governance role in coordinating and overseeing the communications between
management, internal auditors, and external auditors. Gramling et al. (2004, p.148)
highlight that “a quality relationship between the IAF (internal audit function) and the
audit committee also works towards providing the IAF with an appropriate environment
and support system for carrying out its own governance related activities (e.g. risk
assessment, control assurance and compliance work)”. In addition, corporate
governance guidelines and listing rules explicitly recognize the governance role played
by audit committees in enhancing the relationships between management, external
auditors and internal auditors (Blue Ribbon Committee, 1999; Smith Committee, 2003).
As such, audit committees can be viewed as a key safeguard mechanism for internal
auditors in managing their professional objectivity.
The majority of prior studies relating to the organizational status of internal audit have
focused on internal audit’s relation with the audit committee. Most of these studies
involve surveys or interviews of internal auditors. An exception is the study by Carcello
et al. (2002) which examined audit committee charters and reports of 150 US
companies. Part of this study looks at disclosures relating to auditor oversight. The
authors found that disclosures relating to external audit were much more prevalent than
those relating to internal audit, with less than 50% of companies in their sample
reporting that the audit committee held private meetings with internal audit.
the conceptual debate on independence and objectivity. This debate should be directed
at providing further clarification on the distinction between the two concepts.
The extant literature and research opportunities
To avoid replication of previous literature reviews, we do not cover the whole spectrum
of internal audit research. Rather, we focus on specific areas of significance to internal
audit objectivity where we perceive a need for further research. As previously noted,
our emphasis is on work that has engaged internal auditors rather than on work that
examines the perceptions of external auditors.3 In order to address issues of current
relevance, we restrict our discussion of prior studies to those that have been conducted
since the revised definition of internal audit in 1999.
The topics that we discuss are: (i) organizational status; (ii) assurance versus consulting;
(iii) internal audit’s role in risk management; (iv) outsourcing and co-sourcing internal
audit activities; and (v) internal audit as a management training ground. For each topic,
we summarize the key studies, highlight the gaps in knowledge and discuss
opportunities for future research. We conclude our review with a brief discussion of
emerging areas that could provide further research opportunities.
Organizational status
As we discussed earlier, the IIA stresses that the internal audit function should be given
the appropriate status in the organization to enable the function to exercise
organizational independence and individual internal auditors to act objectively. This is
necessary because internal auditors are in a unique position as employees of an
organization with responsibility to assess and monitor decisions made by management
and also to advise management on the adequacy and effectiveness of internal controls
(Sarens and de Beelde, 2006a). It is thus no surprise that internal auditors can face
considerable familiarity and social pressure threats stemming from their relationship
with management. In more recent years, audit committees have undertaken an important
governance role in coordinating and overseeing the communications between
management, internal auditors, and external auditors. Gramling et al. (2004, p.148)
highlight that “a quality relationship between the IAF (internal audit function) and the
audit committee also works towards providing the IAF with an appropriate environment
and support system for carrying out its own governance related activities (e.g. risk
assessment, control assurance and compliance work)”. In addition, corporate
governance guidelines and listing rules explicitly recognize the governance role played
by audit committees in enhancing the relationships between management, external
auditors and internal auditors (Blue Ribbon Committee, 1999; Smith Committee, 2003).
As such, audit committees can be viewed as a key safeguard mechanism for internal
auditors in managing their professional objectivity.
The majority of prior studies relating to the organizational status of internal audit have
focused on internal audit’s relation with the audit committee. Most of these studies
involve surveys or interviews of internal auditors. An exception is the study by Carcello
et al. (2002) which examined audit committee charters and reports of 150 US
companies. Part of this study looks at disclosures relating to auditor oversight. The
authors found that disclosures relating to external audit were much more prevalent than
those relating to internal audit, with less than 50% of companies in their sample
reporting that the audit committee held private meetings with internal audit.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
Leung et al. (2004) explored the role of internal audit in corporate governance and
management in Australia using both an on-line survey and in-depth interviews of CAEs.
They report that, while a majority of CAEs had reporting responsibilities to the audit
committee or board level, more than 22% of participants reported only to management
(either to the CEO or the chief financial officer). Globally, the CBOK study (Burnaby et
al., 2007) found that only 47% of CAE respondents reported to the audit committee
level. However, where an audit/oversight committee was present (in 73% of
organizations), 91% of respondents believed that they had appropriate access to the
committee.
Christopher et al. (2009) examined the independence of the internal audit function in a
sample of 34 Australian companies through the function’s relationship with both
management and the audit committee. An e-mail based survey of CAEs identified a
number of threats to independence stemming from internal audit’s relationship with the
audit committee. These threats include CAEs not reporting functionally to the
committee, the audit committee not having sole responsibility for appointing,
dismissing and evaluating the CAE and audit committee members lacking expertise in
accounting.
Other surveys have examined whether the composition of the audit committee is
associated with the strength of the relationship between the internal audit function and
the audit committee. Raghunandan et al. (2001), in a survey of US chief internal
auditors4, assessed the joint effect of audit committee independence and expertise on the
committee’s interaction with internal audit. They found that independent committees
with at least one member with accounting or finance expertise had longer meetings and
more private meetings with the chief internal auditor. Goodwin and Yeo (2001)
surveyed chief internal auditors in Singapore and found that audit committees
comprised solely of independent directors had more frequent meetings and more private
meetings with the chief internal auditor. Goodwin (2003) obtained similar results in a
survey of chief internal auditors from Australia and New Zealand. In contrast, however,
O’Leary and Stewart (2007), in a study of Australian internal auditors’ ethical decision
making, found that the existence of an effective audit committee had little impact on
internal auditors’ perceptions of their willingness to act objectively.
The involvement of the audit committee in decisions to dismiss the chief internal
auditor is another indicator of internal audit independence. Prior studies have obtained
mixed results in this regard. For example, Goodwin and Yeo (2001) report that 72% of
audit committees in their Singapore study were involved in dismissal decisions while
Goodwin (2003) found only 52% of Australian and New Zealand audit committees
were similarly involved. Only Goodwin (2003) found a relationship between dismissal
decisions and the independence of the audit committee.
Studies based on in-depth interviews of internal auditors and audit committee members
suggest that audit committees may strengthen internal auditors’ status and in turn their
ability to remain objective and independent. Turley and Zaman (2007) conducted
interviews with a variety of personnel from a large UK financial services company (of
which one interviewee was the head of group internal audit and another, the audit
committee chair). Based on these interviews, the authors argue that an audit committee
is able to set a ‘tone’ that allows internal audit to have a certain degree of influence in
Leung et al. (2004) explored the role of internal audit in corporate governance and
management in Australia using both an on-line survey and in-depth interviews of CAEs.
They report that, while a majority of CAEs had reporting responsibilities to the audit
committee or board level, more than 22% of participants reported only to management
(either to the CEO or the chief financial officer). Globally, the CBOK study (Burnaby et
al., 2007) found that only 47% of CAE respondents reported to the audit committee
level. However, where an audit/oversight committee was present (in 73% of
organizations), 91% of respondents believed that they had appropriate access to the
committee.
Christopher et al. (2009) examined the independence of the internal audit function in a
sample of 34 Australian companies through the function’s relationship with both
management and the audit committee. An e-mail based survey of CAEs identified a
number of threats to independence stemming from internal audit’s relationship with the
audit committee. These threats include CAEs not reporting functionally to the
committee, the audit committee not having sole responsibility for appointing,
dismissing and evaluating the CAE and audit committee members lacking expertise in
accounting.
Other surveys have examined whether the composition of the audit committee is
associated with the strength of the relationship between the internal audit function and
the audit committee. Raghunandan et al. (2001), in a survey of US chief internal
auditors4, assessed the joint effect of audit committee independence and expertise on the
committee’s interaction with internal audit. They found that independent committees
with at least one member with accounting or finance expertise had longer meetings and
more private meetings with the chief internal auditor. Goodwin and Yeo (2001)
surveyed chief internal auditors in Singapore and found that audit committees
comprised solely of independent directors had more frequent meetings and more private
meetings with the chief internal auditor. Goodwin (2003) obtained similar results in a
survey of chief internal auditors from Australia and New Zealand. In contrast, however,
O’Leary and Stewart (2007), in a study of Australian internal auditors’ ethical decision
making, found that the existence of an effective audit committee had little impact on
internal auditors’ perceptions of their willingness to act objectively.
The involvement of the audit committee in decisions to dismiss the chief internal
auditor is another indicator of internal audit independence. Prior studies have obtained
mixed results in this regard. For example, Goodwin and Yeo (2001) report that 72% of
audit committees in their Singapore study were involved in dismissal decisions while
Goodwin (2003) found only 52% of Australian and New Zealand audit committees
were similarly involved. Only Goodwin (2003) found a relationship between dismissal
decisions and the independence of the audit committee.
Studies based on in-depth interviews of internal auditors and audit committee members
suggest that audit committees may strengthen internal auditors’ status and in turn their
ability to remain objective and independent. Turley and Zaman (2007) conducted
interviews with a variety of personnel from a large UK financial services company (of
which one interviewee was the head of group internal audit and another, the audit
committee chair). Based on these interviews, the authors argue that an audit committee
is able to set a ‘tone’ that allows internal audit to have a certain degree of influence in
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
the organization. As such, an effective audit committee is seen to play a critical role in
supporting the internal auditor’s position and strengthening internal audit independence.
In a similar vein, Mat Zain and Subramaniam’s (2007) study of heads of internal audit
from eleven organizations in Malaysia reflects the importance of the powerful position
of audit committees in enhancing internal audit objectivity. The study reveals that
internal auditors place significant trust in audit committees to take up the key
questioning role in more formal settings. This finding raises the possibility of a cultural
effect stemming from the fact that Malaysia is a high power distance nation (Hofstede,
1981), where the cultural norm emphasizes class distinctions based on the level of
authority.
Finally, the role of audit committees serving as a potential support of internal audit is
also evident in James’ (2003) study. He examined the perceptions of bank lending
officers with respect to the impact of reporting structure on internal audit’s ability to
prevent financial statement fraud. The study found that internal audit functions that
report to senior management are perceived as being less able to prevent fraudulent
reporting compared to those departments that report solely to the audit committee.
Another avenue of research pertaining to organisational status involves the relationship
between internal audit and senior management. Investigations into the impact of this
relationship on internal audit objectivity are very limited. Sarens and De Beelde (2006a)
used a case study approach of five Belgian companies to explore the expectations and
perceptions of both senior management and internal auditors with respect to the
relationship between the two parties. They found that, when internal audit operates
primarily in a management support role, there is a lack of perceived objectivity and the
relationship with the audit committee is weak. They also found that senior
management’s expectations significantly influence internal audit and that the support of
senior management is critical to the acceptance and appreciation of the internal audit
function within the organization. Christopher et al. (2009) found that independence
threats associated with internal audit’s relation with management stem from the
involvement of the CEO or chief financial officer (CFO) in the internal audit function’s
plan and budget, management regarding the internal auditor as a partner and using the
internal audit function as a stepping stone to other positions. 5 Van Peursem (2005), in a
multiple case study of six senior internal auditors in New Zealand, found that internal
auditors’ close relationship with management can place their independence from
management at risk. For example, interviewees recognised a need to balance the
conflicting interests of their managers with the interests of their profession and were
conscious that they have a responsibility to report over their employer’s head if
necessary.
Table I provides a summary of the above studies.
Insert Table I about here
While prior research has provided some insights into the impact of organizational status
on internal audit objectivity, there are a number of avenues for further research. For
instance, although corporate governance guidelines and listing rules recognize the
governance role played by audit committees, we do not know whether audit committees
do in fact play a key role in internal audit independence. Further, very little is known
the organization. As such, an effective audit committee is seen to play a critical role in
supporting the internal auditor’s position and strengthening internal audit independence.
In a similar vein, Mat Zain and Subramaniam’s (2007) study of heads of internal audit
from eleven organizations in Malaysia reflects the importance of the powerful position
of audit committees in enhancing internal audit objectivity. The study reveals that
internal auditors place significant trust in audit committees to take up the key
questioning role in more formal settings. This finding raises the possibility of a cultural
effect stemming from the fact that Malaysia is a high power distance nation (Hofstede,
1981), where the cultural norm emphasizes class distinctions based on the level of
authority.
Finally, the role of audit committees serving as a potential support of internal audit is
also evident in James’ (2003) study. He examined the perceptions of bank lending
officers with respect to the impact of reporting structure on internal audit’s ability to
prevent financial statement fraud. The study found that internal audit functions that
report to senior management are perceived as being less able to prevent fraudulent
reporting compared to those departments that report solely to the audit committee.
Another avenue of research pertaining to organisational status involves the relationship
between internal audit and senior management. Investigations into the impact of this
relationship on internal audit objectivity are very limited. Sarens and De Beelde (2006a)
used a case study approach of five Belgian companies to explore the expectations and
perceptions of both senior management and internal auditors with respect to the
relationship between the two parties. They found that, when internal audit operates
primarily in a management support role, there is a lack of perceived objectivity and the
relationship with the audit committee is weak. They also found that senior
management’s expectations significantly influence internal audit and that the support of
senior management is critical to the acceptance and appreciation of the internal audit
function within the organization. Christopher et al. (2009) found that independence
threats associated with internal audit’s relation with management stem from the
involvement of the CEO or chief financial officer (CFO) in the internal audit function’s
plan and budget, management regarding the internal auditor as a partner and using the
internal audit function as a stepping stone to other positions. 5 Van Peursem (2005), in a
multiple case study of six senior internal auditors in New Zealand, found that internal
auditors’ close relationship with management can place their independence from
management at risk. For example, interviewees recognised a need to balance the
conflicting interests of their managers with the interests of their profession and were
conscious that they have a responsibility to report over their employer’s head if
necessary.
Table I provides a summary of the above studies.
Insert Table I about here
While prior research has provided some insights into the impact of organizational status
on internal audit objectivity, there are a number of avenues for further research. For
instance, although corporate governance guidelines and listing rules recognize the
governance role played by audit committees, we do not know whether audit committees
do in fact play a key role in internal audit independence. Further, very little is known
11
about management’s attitudes towards internal audit objectivity and whether their
ability to act in an unbiased manner is strengthened when they report to the audit
committee. Further, the relationship between internal audit functional independence
(the state of affairs that permits an objective attitude) and objectivity (the individual
internal auditor’s state of mind) is relatively unexplored. In addition, while it is
recognized that reporting to the CFO is likely to compromise internal audit
independence and objectivity, there has been little research that has examined the
impact of reporting to more senior management such as the CEO.
We also do not know whether the results of prior studies are generalizable to other
jurisdictions and cultures. Of note, cultural dimensions such as power distance could be
driving the results of studies in Eastern cultures such as Malaysia and Singapore and
this warrants further exploration. Finally, alternative research designs could add insight
to our understanding of the relation between organizational status and internal audit
objectivity. For example, experimental designs could be undertaken in order to identify
causal relationships more easily. Numerous experimental studies have examined
various aspects of external auditor independence and these could be used as a base to
provide insight into further exploration of internal audit objectivity.
Assurance versus consulting
The IIA definition of internal audit highlights the value-adding role of internal audit as
an assurance and consulting activity. 6 Consulting services as defined by the IIA refer to
“advisory and related client service activities, the nature and scope of which are agreed
with the client, are intended to add value and improve an organization's governance, risk
management, and control processes without the internal auditor assuming management
responsibility” (IIA, 2009). Chapman (2001) argues that involvement in consulting
activities has elevated internal audit to a more strategic role in the organization. She
further suggests that consulting activities are generally of a problem-solving nature,
with internal audit working closely with management to assist management to achieve
its objectives. Further, consulting involves a more pro-active approach whereby internal
audit becomes a partner with management (Bou-Raad, 2000; Christopher et al., 2009).
A number of studies around the world have examined the extent to which internal audit
engages in consulting activities. A study by Nagy and Cenker (2002) examined whether
the new definition actually reflected the activities of internal auditors. The researchers
interviewed 11 US directors of internal audit, addressing issues and highlighting
changes associated with audit scope, organizational structure, risk management and
audit committee expectations. The study found that the change in definition simply
reflected existing practice, with internal auditors having performed consulting services
and other value-added activities for many years.
Hass et al. (2006) report that during the 1990s internal auditors in the US tended to
became consultative partners with management. However, in the early 2000s the
increasing emphasis on compliance surrounding internal control systems in the
immediate post-Sarbanes-Oxley (SOX) era led to a move back towards assurance work
for internal auditors. This signals that the extent of internal audit involvement in
consulting activities is influenced by the economic and regulatory environment and is
therefore likely to vary across time.
about management’s attitudes towards internal audit objectivity and whether their
ability to act in an unbiased manner is strengthened when they report to the audit
committee. Further, the relationship between internal audit functional independence
(the state of affairs that permits an objective attitude) and objectivity (the individual
internal auditor’s state of mind) is relatively unexplored. In addition, while it is
recognized that reporting to the CFO is likely to compromise internal audit
independence and objectivity, there has been little research that has examined the
impact of reporting to more senior management such as the CEO.
We also do not know whether the results of prior studies are generalizable to other
jurisdictions and cultures. Of note, cultural dimensions such as power distance could be
driving the results of studies in Eastern cultures such as Malaysia and Singapore and
this warrants further exploration. Finally, alternative research designs could add insight
to our understanding of the relation between organizational status and internal audit
objectivity. For example, experimental designs could be undertaken in order to identify
causal relationships more easily. Numerous experimental studies have examined
various aspects of external auditor independence and these could be used as a base to
provide insight into further exploration of internal audit objectivity.
Assurance versus consulting
The IIA definition of internal audit highlights the value-adding role of internal audit as
an assurance and consulting activity. 6 Consulting services as defined by the IIA refer to
“advisory and related client service activities, the nature and scope of which are agreed
with the client, are intended to add value and improve an organization's governance, risk
management, and control processes without the internal auditor assuming management
responsibility” (IIA, 2009). Chapman (2001) argues that involvement in consulting
activities has elevated internal audit to a more strategic role in the organization. She
further suggests that consulting activities are generally of a problem-solving nature,
with internal audit working closely with management to assist management to achieve
its objectives. Further, consulting involves a more pro-active approach whereby internal
audit becomes a partner with management (Bou-Raad, 2000; Christopher et al., 2009).
A number of studies around the world have examined the extent to which internal audit
engages in consulting activities. A study by Nagy and Cenker (2002) examined whether
the new definition actually reflected the activities of internal auditors. The researchers
interviewed 11 US directors of internal audit, addressing issues and highlighting
changes associated with audit scope, organizational structure, risk management and
audit committee expectations. The study found that the change in definition simply
reflected existing practice, with internal auditors having performed consulting services
and other value-added activities for many years.
Hass et al. (2006) report that during the 1990s internal auditors in the US tended to
became consultative partners with management. However, in the early 2000s the
increasing emphasis on compliance surrounding internal control systems in the
immediate post-Sarbanes-Oxley (SOX) era led to a move back towards assurance work
for internal auditors. This signals that the extent of internal audit involvement in
consulting activities is influenced by the economic and regulatory environment and is
therefore likely to vary across time.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 40
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2026 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.