Conceptual framework, development trends and future prospects of internal audit: Theoretical approach. Theofanis Karagiorgos, Assistant Professor, Department of Business Administration University of Macedonia Egnatia Str. 156, 54006, Thessaloniki, Greece, Tel: 0030 2310 891596, Fax: 0030 2310 891678, E-mail:
[email protected] George Drogalas, PhD Candidate Department of Business Administration University of Macedonia Egnatia Str. 156, 54006, Thessaloniki, Greece Tel: 0030 2310 891590, Fax: 0030 2310 891678, E-mail:
[email protected] Petros Christodoulou, Assistant Professor, Department of Business Administration University of Macedonia Egnatia Str. 156, 54006, Thessaloniki, Greece, Tel: 0030 2310 891592, Fax: 0030 2310 891678, E-mail:
[email protected] Michail Pazarskis, PhD Candidate Department of Business Administration University of Macedonia Egnatia Str. 156, 54006, Thessaloniki, Greece, Tel: 0030 2310 891590, Fax: 0030 2310 891678, E-mail:
[email protected]
Abstract In the area of information, internal audit is established as an essential means for the exact management of any business economic resources. However, the necessity which issues from the administration, for distinguished management of the available resources, incalculable expenses, limitation and evasion of misconduct, imposes internal auditing as a key factor in the business management effort. An attempt is being made, via an extended literature review, to investigate the current status and to approach development trends and future prospects of the internal audit analysing the usefulness of auditing in them. More specifically, this article intends to theoretically investigate the concept of internal audit. The results of this extended literature review indicate that, internal audit is a key operation, which approaches the shortcomings and recommends realistic solutions in the increasingly competitive business environment. Keywords: auditing, internal control, internal audit, COSO Report, IIA.
_____________________________________________________________________ * Corresponding author: George Drogalas, Ph.D. Candidate, Dpt. of Business Administration, University of Macedonia, e-mail:
[email protected]
1. Introduction Internal auditing is developing as a substantial element of management in both the public and the private sectors. Because of its importance and because of its continuous escalation into the management process, it is essential this action be taken to ensure that the performance of internal auditing conforms to high quality standards. It is also important to determine that it is a productive process that enhances its goals and its objectives. In order to examine the concept of “internal audit”, the paper is structured in five sections. In the first section, we make reference to the historical background of internal audit. In the second section, we analyze the conceptual framework of internal audit via a grid of definitions. Then, to further approach of the concept of internal auditing, we make reference to its components and modern roles. In the fourth section, we analyze the advantages that come from internal audit, the difficulties which face and its development trends and future prospects. Finally, we highlight internal audit’s great importance in the extremely fluid business environment. 2. Historical analysis of internal audit Internal auditing began as one person clerical procedure that consisted primarily of performing independent verification of bills before payment (Boynton and Kell, 1996). This was, therefore, an embryo internal audit. In the early 1900s, the emphasis on auditing shifted from the detection of fraud to the needs of the various users of financial statements (Guy et al., 1996). In other words, internal audit is the product of modern social and economic development. The significant changes pushed forward by the European Industrial Revolution in the eighteenth century greatly promoted the establishment of many large share-holding companies and monopoly trust groups. With the rapid development of productive technology, expansion of operational scope, and large-sized organizations with many managerial levels, heads of companies could not directly carry out supervision so they needed some full-time representatives to do it for them (Aisiopoulos, 1980) After the 1940s, internal audit entered its golden developing period, in which the theory of internal audit began systematically taking shape and internal audit organizations also came to the fore. The American Institute of Internal Auditors, the predecessor of the Institute of Internal Auditors (IIA), was set up in 1941 (Dittenhofer, 2001). From the first authoritative definition of internal control by the American Institute of Public Accountants in 1949 to the definitions which still exist in professional pronouncements (see for example APB, 1995), there seems to have been no substantial change of meaning, yet a sea change in the internal control of companies was underway during the 1980s and 1990s. From all the definitions, it is clear that internal auditing is the centre of integrated activities within an organization, and is best suited for a new role as an agent of change. This can be developed on the one hand in terms of demand for audit committees and the growing importance of management efficiency and performance audits (Cooper etc., 1996), on the other hand because of the growth of information technology; and changes in audit methods (Spira and Page, 2003).
3. Definition of internal audit Historically, internal audit has been viewed as a monitoring function, the “organizational policeman and watchdog” (Morgan, 1979), tolerated as a necessary component of organizational control but deemed subservient to the achievement of major corporate objectives. Under the market economy system, with its keen competition, the modern internal audit system has emerged and been developed to suit the enterprises’ needs of struggling for existence (Yan Jin’e, 1997). It is very important to give the definition of the internal audit in order to understand its great importance in the modern business environment. Indicative of its great importance is the large amount of definitions that are given by many researchers. According to Cook and Wincle (1976), the Internal Control System and consecutively internal audit resembles the human nervous system which is spread throughout the business carrying orders and reactions to and from the management. Furthermore, Carmichael and Willingham (1987), and Grigorakou (1989) argue that internal auditing is the audit that performed by employees of organizations functioning in a staff capacity and reporting to a high level officer in the organization. According to the Institute of Internal Auditors, (IIA, 1991; Taylor and Glezen, 1991; Konrath, 1996) internal auditing is “an independent appraisal function, established within an organization to examine and evaluate its activities as a service to the organization”. By measuring and evaluating the effectiveness of organizational controls, internal auditing, itself, is an important managerial control device (Carmichael etc, 1996), which is directly linked to the organizational structure and the general rules of the business (Cai, 1997). Within this framework, COSO report defined internal control as: a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: • Effectiveness and efficiency of operations. • Reliability of financial reporting. • Compliance with applicable laws and regulations (COSO, 1992). The report defines internal control and describes a framework for internal control. But the difference of this report is that it also provides criteria for the management to utilize so as to evaluate controls. (Aldridge and Colbert, 1994) From the above, it is clear that internal auditing is being implemented in businesses as a tool that provides a unique service to businesses (Rittenberg and Schwieger, 1994). In this way, we can achieve a systematic approach towards the most effective operation of the organization, as a unity (Schleifer and Greenwalt, 1996). In other words, enterprises that implement internal audit early have achieved a competitive advantage, and internal audit services are increasingly requested rather than imposed, although there remain pockets of resistance (Zhuang, 1997).
Furthermore, Wang (1999) argue that internal audit is an independent activity conducted by departments, enterprises and undertakings so as to perform internal supervision, examine accounts and related assets, supervise authenticity, legality and effectiveness of financial revenues and expenditures. In June 1999, the Institute of Internal Auditors (IIA) officially adopted a new definition of the internal auditing function. The new definition was developed by the Guidance Task Force (GTF) and defines the internal audit function as: an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes (IIA, 2000). More recently, the Hellenic Institute of Internal Auditors (Η.Ι.Ι.Α., 2004) defines internal control, as: an independent, objective, adequately designed and organized procedure, which through the technical and the scientific approaches, assess how adequately the system of internal control functions. From the above definitions, it is clear that the internal audit is considered to be the security belt of the business for avoiding either the involuntary or the intentional release of information concerning any form of useful first hand stock as well as the avoidance of loss of income from misuse or from any errors in operation (Papastathis, 2003). 4. Components and new roles of internal audit The new definition shifts the focus of the internal audit function from one of assurance to that of value added and attempts to move the profession toward a standards-driven approach with a heightened identity (Bou-Raad, 2000; Krogstad et al., 1999). To add value to the company, management should take into consideration the five components of an adequate and effective internal control defined in the COSO report (Rezaee, 1995). These five components are (Messier, 1997): • control environment, • risk assessment, • control activities, • information and communication, and • monitoring. These interrelated components of internal control must be present and functioning properly in order to have an adequate and effective internal control system. (Gray and Manson, 2000) In today’s highly competitive business environment, internal audit plays a catalytic role (Papadatou, 2005). Via an extended literature review we summarize the different roles of internal audit in this extremely fluid environment (Xiangdong, 1997): 1. Roles of supervision, prevention and protection. Within this framework, internal audit supervise departments and enterprises in order to compliance with state policies, laws and regulations, prevent from asset losses, avoid significant faults and therefore ensure integrity.
2. Role of promotion. Furthermore internal audit strengthen enterprise management, advance production technology, reduce production cost, and consecutively improve business economic benefits. 3. Role of evaluation and certification. More recently, internal audit evaluate and certify enterprises’ production, measure financial revenues and expenditures, finally valuate business economic accountability and other economic activities. 4.Roles of consultancy. Providing leaders of enterprises with sufficient, timely, and accurate information, assisting them in prior decision-making, internal audit plays a significant consultative role. Within this framework, Morgan (1979) identified the aspiration of internal auditors to move from “controller” to “controller-adviser” as part of the process of professionalisation of internal audit. 5. Advantages, difficulties, development trends and future prospects of internal audit The purpose of setting up an enterprise is to gain much more economic benefits. However, it is argued that the only way to increase of economic benefits is to raise the level of productivity and improve management quality. To raise the level of productivity requires enterprises to tap potential manpower, material and financial resources, making full use of now available resources for production and operation (Guoming, 1997). To improve management quality requires enterprises to set up a modernized management system, improve managerial organizations and methods and take the right decision in the most appropriate time (Tsaklaganos, 2005). Being an independent department, internal audit is an important means for an enterprise to strengthen operational management (Papas, 1999). Furthermore, internal control system is a significant part of the modern enterprise system, and also an important way that enterprises emphasize management and enhance economic benefit, substantially embodying the self-restraint system of enterprises (Jou, 1997). Generally speaking in recent years, internal audit can add value. In the modern business environment internal audit promotes: • The effectiveness of goods and material supply • The efficiency of productive organization. • Technological effectiveness • The effectiveness of resource utilization. • Cost-benefit. • The effectiveness of economic contracts. • The effectiveness of product sales Except for the advantages that are derived from the internal auditing, the establishment of the internal audit system is facing the following main difficulties: • in some organizations, internal audit units have not been set up or are not independent, • some audit units established lack legalization, systemization and standardization, • there are some cases in which the number and professional quality of auditors are not fully suited to work requirements. Within this extremely fluid business environment, where on the one hand internal audit adds value in the business, on the other it faces a lot of difficulties, the following general development trends of internal audit are emerging:
1. Status of internal audit. The status of internal audit will change from traditional uncertainty to certainty. Because of its value-adding role, internal audit attracts more and more attention from top management of most enterprises. The status of internal audit depends wholly on its value. Therefore, internal audit units will be more independent. As an internal monitoring function, internal audit needs to maintain a high degree of independence within an organization in order to achieve its objectives effectively and make an impact on the organization’s management (Chi, 1997). There was a view that more emphasis will be placed on internal audit being an independent review of operational efficiency within organizations. (Cooper etc., 1996) More recently, Fogarty and Kalbers (2000, p. 134) explored a range of dimensions of professionalisation in internal audit, identifying independence, autonomy and selfregulation as key attributes. 2. Functions of internal audit. The functions of internal audit will be transformed from single ones to multiple ones. Internal auditing is not only the examination of accounts, but also involves supervision, management, evaluation and certification. Generally, all these functions are performed with focus on supervision, certification or evaluation as deemed necessary. Compared with other economic management agencies, internal audit units enjoy more independent, objective and all-round position. 3. Contents of internal audit. Internal audit will change from its examination of financial activities, to checking and evaluation of economic benefits, and the internal control system. Internal audit concentrates on improving economic benefits, which are the key to enlivening enterprises and developing the national economy. During the past 12 years, internal audit has played important roles thereon. Internal audit units, especially those within enterprises with losses, should make greater efforts to help enterprises improve operating management and economic benefits. 4. Internal audit methodology. Internal audit methodology will extend from traditional examination of statements, accounts and vouchers to new audit technology and evaluation methods. The methodology includes sampling audit, feasibility study, economic evaluation of investment projects and computer-assisted audit. Generally speaking, internal audit will develop to a large extent in terms of audit scope and depth, and the general trend of internal audit will see its transformation from financial audit to management audit and performance audit. Internal audit has experienced a very hard period but made great progress. Internal audit will surely have bright future prospects. Internal audit in modernized enterprises will continuously be developed and become perfect in the environment of the socialist market economy. It shall provide its service for and meet the expectations of the highest leadership and functional segments of an enterprise, and play an important role in improving enterprise management, developing strategies, safeguarding business financial and economic order improving internal management and increasing economic benefits. Generally speaking, internal audit will see its great improvement in the fields of internal audit status and roles. 6. Conclusions Historically, internal auditing has consisted primary of the audit of compliance with internal financial procedures; nowadays, it extends to the appraisal of efficiency and effectiveness in non-financial as well as financial matters. In the modern business environment internal auditing is critical to the success of the businesses as it is
regarded “the eyes and ears of management”. Finally, it is a fact that, nowadays, internal audit is taking on increased importance in today’s businesses by assisting management in evaluating controls and operations. The challenge is to identify and meet management expectations; internal audit is a vehicle to survival and success.
7. References 1. Aisiopoulos, K. (1980) “The internal control system in the managerial and accounting field of business”, Papazisi ed., Greece. 2. Aldridge, R. and Colbert, J. (1994) “Management's Report on Internal Control, and the Accountant's Response”, Managerial Auditing Journal, 9(7), pp. 21-28. 3. Auditing Practices Board (1995) “Accounting and Internal Control Systems and Audit Risk Assessments”, APB ed., London, SAS 300. 4. Arena, M., Arnaboldi, M. and Azzone, G. (2006) “Internal audit in Italian organizations A multiple case study”, Managerial Auditing Journal, 21(3), pp. 275-292. 5. Bou-Raad, G. (2000) “Internal auditors and a value-added approach: the new business regime”, Managerial Auditing Journal, 15(4), pp.182-186. 6. Boynton, W.C. and Kell, W.G. (1996) “Modern Auditing”, 6th edition, John Willey & Sons Inc, U.S, pp. 839. 7. Cai, C. (1997) “On the functions and objectives of internal audit and their underlying conditions”, Managerial Auditing Journal, 12(4), pp. 247-250. 8. Carmichael, D.R. and Willingham, J. J., (1987) “Auditing concepts and methods. A Guide to current auditing theory and practice”, 4th edition, McGraw-Hill ed., pp.22. 9. Carmichael, D.R., Willingham, J. J., and Schaller C.A. (1996) “Auditing concepts and methods.A Guide to current theory and practice”, 6th edition, McGraw-Hill ed., pp.25. 10. Chi, T.C. and Chen, Q. (1997) “Internal audit at Guangdong Nuclear Power Joint Venture Company Limited”, Managerial Auditing Journal, 12(4), pp. 219-226. 11. Cook, J. and Wincle, G. (1976) “Auditing, Philosophy and Technique”, John Wiley & Sons Inc, U.S, pp. 136. 12. Cooper, B.J., Leung, P. and Clive M. (1996) “Benchmarking - a comparison of internal audit in Australia, Malaysia and Hong Kong”, Managerial Auditing Journal, 11(1), pp. 23-29. 13. Committee of Sponsoring Organisations of the Treadway Commission (COSO), 1992, Internal Control – Integrated Framework, AICPA, New York, U.S. 14. Dittenhofer, M. (2001) “Internal auditing effectiveness: an expansion of present methods”, Managerial Auditing Journal, 16(8), pp. 443-450. 15. Enyue, Z. (1997) “Development trends of internal auditing in China”, Managerial Auditing Journal, 12(4), pp. 205-209.
16. Fogarty, T.J. and Kalbers, L.P. (2000) “An empirical evaluation of the interpersonal and organisational correlates of professionalism in internal auditing”, Accounting and Business Research, 30(2), pp.125-136. 17. Gray, I. and Manson, S. (2000) “The Audit Process. Principles, Practice and Cases”, 2nd edition, Thomson Learning, U.S. 18. Grigorakou, Th. (1989) “Basic principles of auditing”, Smpilias ed., Greece. 19. Guoming, B. (1997) “The developing trend and prospects of internal auditing”, Managerial Auditing Journal, 12(4), pp. 243-246. 20. Guy, D.M., Alderman, W.C., and Winters, A.J. (1996) “Auditing”, 4th edition, The Dryden Press, U.S. 21. Hellenic Institute of Internal Auditors (2004) Available online: http://www.hiia.gr 22. Institute of Internal Auditors-UK (1991) “Standards and Guidelines for the Professional Practice of Internal Auditing”, IIA-UK ed. (statement of responsibilities). 23. Institute of Internal Auditors (2000) “Internal Auditing: Adding Value across the Board”, IIA ed. (corporate brochure). 24. Jou, J.W. (1997) “The present situation and developing trends of Chinese internal auditing”, Managerial Auditing Journal, 12(4), pp. 235-242. 25. Konrath, Larry F. (1996) “Auditing concepts and applications”, 3rd edition, West Publishing Company, United States of America, pp. 730. 26. Krogstad, J., Ridley, A., and Rittenberg, L. (1999) “Where we’re going”, Internal Auditor, 12, pp. 27-33. 27. Messier William F. (1997) “Auditing. A systematic approach”, McGraw-Hill ed., pp. 202. 28. Morgan, G. (1979) “Internal audit role conflict: a pluralist view”, Managerial Finance, 5(2), pp.160-170. 29. Nagy, A.L. and Cenker, W.J. (2002) “An assessment of the newly defined internal audit function”, Managerial Auditing Journal, 17(3), pp. 130-137. 30. Rezaee, Z. (1995) “What the COSO report means for internal auditors”, Managerial Auditing Journal, 10(6), pp. 5-9. 31. Papadatou, Th. (2005) “Internal and external control of Joint Stock Companies”, Sakoulas ed., Greece. 32. Papas, A. (1990) “Auditing”, Smpilias ed., Greece, pp. 71-72.
33. Papas, A. (1999) “Introduction in Auditing”, Benos ed., Athens, pp. 109-110. 34. Papastathis, P. (2003) “The Modern Internal Control in Businesses and its applications in them”, Greece. 35. Rittenberg, L.E. and Schwieger, B.J. (1994) “Auditing: Concepts for a Changing Environment”, The Dryden Press Harcourt Brace & Company, U.S pp. 11231125. 36. Schleifer, L.F. and Greenawalt, M.B. (1996) “The internal auditor and the critical thinking process”, Managerial Auditing Journal, 11(5), pp. 5-13. 37. Spira, L. and Page, M. (2003) “Risk management: The reinvention of internal control and the changing role of internal audit”, Accounting, Auditing & Accountability Journal, 16(4), pp. 640-661. 38. Taylor, D.H. and Glezen, W.G. (1991) “Auditing: Integrated Concepts and Procedures”, 5th edition, John Wiley & Sons Inc, U.S., pp. 5, 29. 39. Tsaklaganos A. A. (2005) “Auditing”, 2nd edition, Kiriakidis ed., Thessaloniki, pp.12-14. 40. Xiangdong, W. (1997) “Development trends and future prospects of internal audit”, Managerial Auditing Journal, 12(4), pp. 200-204. 41. Yan, J. and Li, D. (1997) “Performance audit in the service of internal audit”, Managerial Auditing Journal, 12(4), pp. 192-195.