8
Procedia Economics and Finance 15 (2014) 530 – 537 2212-5671 © 2014 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/3.0/). Selection and peer-review under responsibility of the Emerging Markets Queries in Finance and Business local organization doi:10.1016/S2212-5671(14)00503-6 ScienceDirect Available online at www.sciencedirect.com Emerging Markets Qu Contemporary Appr Maria Alina Caratas a, a The Bucharest University of Eco b Ovidius Univers Abstract The object of this paper is to present the role of internal a plays a major role in the enterprise, carrying on control in the corporate assets and ensuring the security of accurate there is a strong link which leads to increase the value of audit reporting is given also by adapting its function to policies, aside with risk evaluation and improvement of co Keywords internal audit, internal control, risk management, corpo 1. Introduction Nowadays, internal auditors are operating in a v such circumstances, they try to evaluate and imp governance processes. In order to understand new regulations internal auditors should reconsider their role in determining whether the living will plans d by appropriate documentation, that the right people and addressed” KPMG, 2011. Regulators all over th of internal audit in supporting managers and others financial reporting. Risks, in one form or anothe * Corresponding author. Tel.: +40-722-298-184; fax: +40-24 E-mail address: [email protected] ueries in Finance and Business roaches in Internal Audit , *, Elena Cerasela Spatariu b onomic Studies, Bucharest 010374, Romania sity of Constanta, Romania audit in the contemporary life of a company. Internal audit function n financial field and all others settled by management, safeguarding e records. Between internal audit and the prosperity of a company, f the company and achieve its objectives. The relevance of internal the changing expectations and its alignment to fraud prevention ontrol strategies. orate governance codes: very difficult time, facing a number of serious changes. In prove the effectiveness of risk management, control and w systems and processes created as a result of changing position within the organizations. “Internal audit can play a developed by the organization are reasonable and supported e are involved and that the risks and controls are identified he world have recently highlighted the growing importance s within companies to ensure the integrity and reliability of er, have been around and within companies for decades. 1-632-893. © 2014 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/3.0/). Selection and peer-review under responsibility of the Emerging Markets Queries in Finance and Business local organization

Contemporary Approaches in Internal Audit

Embed Size (px)

Citation preview

Page 1: Contemporary Approaches in Internal Audit

Procedia Economics and Finance 15 ( 2014 ) 530 – 537

2212-5671 © 2014 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/3.0/).Selection and peer-review under responsibility of the Emerging Markets Queries in Finance and Business local organizationdoi: 10.1016/S2212-5671(14)00503-6

ScienceDirectAvailable online at www.sciencedirect.com

Emerging Markets Qu

Contemporary Appr

Maria Alina Caratasa,

aThe Bucharest University of EcobOvidius Univers

Abstract

The object of this paper is to present the role of internal aplays a major role in the enterprise, carrying on control inthe corporate assets and ensuring the security of accuratethere is a strong link which leads to increase the value ofaudit reporting is given also by adapting its function topolicies, aside with risk evaluation and improvement of co

© 2013 Published by Elsevier Ltd. SelectioMarkets Queries in Finance and Business l

Keywords internal audit, internal control, risk management, corpo

1. Introduction

Nowadays, internal auditors are operating in a vsuch circumstances, they try to evaluate and impgovernance processes. In order to understand newregulations internal auditors should reconsider their role in determining whether the living will plans dby appropriate documentation, that the right peopleand addressed” KPMG, 2011. Regulators all over thof internal audit in supporting managers and othersfinancial reporting. Risks, in one form or anothe

* Corresponding author. Tel.: +40-722-298-184; fax: +40-24E-mail address: [email protected]

ueries in Finance and Business

roaches in Internal Audit ,*, Elena Cerasela Spatariub

onomic Studies, Bucharest 010374, Romania

sity of Constanta, Romania

audit in the contemporary life of a company. Internal audit function n financial field and all others settled by management, safeguarding e records. Between internal audit and the prosperity of a company, f the company and achieve its objectives. The relevance of internal the changing expectations and its alignment to fraud prevention ontrol strategies.

on and/or peer review under responsibility of Emerging ocal organization.

orate governance codes:

very difficult time, facing a number of serious changes. In prove the effectiveness of risk management, control and w systems and processes created as a result of changing position within the organizations. “Internal audit can play a

developed by the organization are reasonable and supported e are involved and that the risks and controls are identified he world have recently highlighted the growing importance s within companies to ensure the integrity and reliability of er, have been around and within companies for decades.

1-632-893.

© 2014 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/3.0/).Selection and peer-review under responsibility of the Emerging Markets Queries in Finance and Business local organization

Page 2: Contemporary Approaches in Internal Audit

531 Maria Alina Caratas and Elena Cerasela Spatariu / Procedia Economics and Finance 15 ( 2014 ) 530 – 537

However, at present, we are witnessing an increased risk environment. Therefore, internal audit should anticipate risks and identify trends in control field.

The objective of this paper is to examine the role of internal audit in the contemporary life of organizations which are facing a lot of challenges. Internal auditing plays a vital role within companies, contributing to their prosperity and future success. The motivation for this research paper stems for the importance of adapting internal audit functions to the newest expectations of stakeholders. We agree with Hermanson et al., 2003 who consider that an effective modern internal audit function consists in: making appropriate assurances regarding controls, evaluating independently accounting practices and processes, measuring and analyzing risks, preventing fraud.

2. Research methodology

Our research demarche incorporates results of previous academic papers and issues regarding current regulations into a comprehensive analysis of contemporary internal audit approaches aiming to build an effective internal audit function adapted to newest expectations. First of all, we appeal to a series of deductive and inductive research mechanisms for determining the internal audit, internal control and corporate governance concepts. Then we realize a comparative analysis of the extents to which the UK Corporate Governance Code and that of Bucharest Stock Exchange treat internal audit as an effective pillar for increasing governance effectiveness. We conclude with a discussion of research results highlighting the need for including more specific provisions concerning internal audit in national corporate governance codes by virtue of audit’s dualistic character: as an added value creator and as a partner of companies’ management.

3. Background literature

In the literature, the concept of corporate governance refers to “the system by which companies are directed and controlled. Boards of directors are responsible for the governance of their companies. The shareholders’ role in governance is to appoint the directors and the auditors and to satisfy themselves that an appropriate governance structure is in place. The responsibilities of the board include setting the company’s strategic aims, providing the leadership to put them into effect, supervising the management of the business and reporting to shareholders on their stewardship” FRC, 2012. Corporate governance also includes social responsibility, ethical business practices, issues corresponding to internal and external audit and full transparency on financial results Bunget et al., 2009 cited by Ionescu, 2009. Governance is also seen as the mechanism for monitoring companies’ actions, policies and decisions. It involves the alignment of interests among the stakeholders. Credibility, reliability and transparency of financial statements are strengthened by the independent audit role. In such circumstances, internal audit is responsible for monitoring and verifying managers’ activities, interfering directly into corporate governance. The increase of corporate governance effectiveness will determine the maximization of economic efficiency.

We reviewed the related corporate governance and internal audit literature in order to provide some background concerning those subjects. We noticed that, up to 2006, authors had reported a weak support for collaboration between corporate governance and internal audit Goodwin-Stewart and Kent, 2006. After that period, authors observed an increasing responsibility of internal auditors in providing oversight on financial reporting process, including the internal control systems. Since internal auditing becomes a key factor of monitoring, auditors are required to ensure more effective processes control. Above all, “internal auditing is a valuable resource for audit committees to meet their mandate related to financial reporting” Bishop et al., 2000. Moreover, internal auditors are nowadays associated with effective internal control and with a high quality of financial reporting Naiker and Sharma, 2009. Some authors consider that effective internal audit provides a number of benefits including better financial reporting and reduced corporate fraud Abbott et al., 2000 or

Page 3: Contemporary Approaches in Internal Audit

532 Maria Alina Caratas and Elena Cerasela Spatariu / Procedia Economics and Finance 15 ( 2014 ) 530 – 537

Rupley et al., 2011. We assume that internal auditors should prevent, identify and report fraud. In an appropriate environment implying a climate where ethical values are privileged, internal control will be able to work and develop effectively. The cornerstone for internal audit is the system referring to risk assessment. At this point, internal auditors should be able to manage changes at all levels, especially those associated with risks. Lepadatu, 2011 sustains that internal audit should provide its own support, assessing risks and control strategies, suggesting initiatives, solutions, advices, proposals and recommendations to mitigate the threat of fraud.

Stanciu, 2012 has recently realized a synthesis of the contemporary and foreseen internal audit approaches as it is drawn in Table 1. The author started from some particular drivers such as: IA’s role, models, skills, methodology and perception inside the organizations.

Table 1. Current and future status of internal audit

Current status Future status

Role Independent assurance functions Independent assurance functions

Management advisor

IA models Control assurance supported by risk-based IA plan

Risk-centered: assurance of risk management process effectiveness in addition to control assurance

Skills

Methodology

Perception inside the company

“Traditional” skills

Detailed methodologies

Annual plan and five years plan

Control and assurance function

Extended skills: IT, business models, data mining and analysis, social responsibility

Principles-based approach

Flexibility and sufficient unallocated time to address developing issues

Service provider

Source: Stanciu, 2012.

As we have just shown, internal audit must change. By adapting its functions to current challenges, internal audit will arrive to increase corporate governance as a whole. “All weaknesses internal auditors are signaling as well as their recommendations aiming at improving processes and strengthening controls will ensure the objectives achievement, cost reductions, use of opportunities and in this respect will deliver value for the organization” Stanciu, 2012. In an optimal model of corporate governance, as it has been proposed by Lepadatu, 2011, the key characteristics of internal audit are auditors’ independence and objectivity which have an important impact on internal control effectiveness. In order to demonstrate the importance of internal audit functions for corporate governance we started our research work by the premise sustained by Radu, 2012 in a very recent study according to which “an effective internal audit function is supposed to assist management to fulfill its governance responsibilities”.

In such circumstances, internal control needs also new perspectives. In fact, it represents a process developed by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of company’s objectives. The management is required to disclose significant internal control deficiencies. At another level, internal auditors are required to provide objective, relevant and reliable opinions on management’s assessment. However, most of internal control weaknesses are related to financial statements and procedures. As COSO states, internal control is defined in terms of achieving the effectiveness and efficiency of operations, reliability of financial reporting and compliance with

Page 4: Contemporary Approaches in Internal Audit

533 Maria Alina Caratas and Elena Cerasela Spatariu / Procedia Economics and Finance 15 ( 2014 ) 530 – 537

applicable laws and regulations. Thus, internal control and internal audit should find the adequate paths in order to support corporate governance and to prevent risk and fraud.

4. Internal audit seen by corporate governance codes – A comparative analysis

In the European area, the member states have established their own corporate governance frameworks for the listed companies including governance codes. In order to increase the importance of audit function in ensuring the financial stability, the European Commission issued a report (2010) highlighting the main problems needing reviewing and improvement in terms of audit, in the context of a good corporate governance. We notice at present the need for increasing the role of internal audit in the practice of corporate governance, which is mainly due to internal audit’s strategic position: it is located at the confluence of management, boards and other relevant stakeholders’ interests. Therefore, we consider justified analyzing the way by which the current corporate governance codes in UK and Romania treat this interesting subject. It is necessary to point out that the two codes are not rigid sets of rules. They are specific guides for boards’ good practices. From our research work, we noticed a series of common features but also differences between the analyzed codes.

In order to present a synthesis of our comparative analysis, we elaborated Table 2, which shows codes’ provisions concerning internal audit as well as the possible gaps or insufficient recommendations linked to this issue.

Table 2. Comparative analysis of UK Corporate Governance Code and that of BVB

Analyzed criteria UK Code BVB’s Code

Corporate Governance Code

The UK Corporate Governance Code September 2012

Bucharest Stock Exchange Corporate Governance Code dating from September 2008

Governing system One-tier administered system One-tier system or two-tier administered system

Type of regulation

Corporate governance

Risk management and internal control

Internal audit’s role and position within companies

“Comply or explain” statement

Principles-based approach

Boards are expected to maintain sound risk management and internal control systems. They should review at least annually, the effectiveness of the systems mentioned above.

In order to apply the corporate reporting, risk management and internal control principles, the UK Code recommends to companies’ boards to set up an appropriate relationship with the auditors (internal and external ones).

There are insufficient provisions concerning internal audit’s role and position in the UK Code.

However, because of the audit committee’s responsibility for monitoring and reviewing internal audit and internal control’s effectiveness, we could consider that internal audit is subordinated to the audit committee.

The UK Code set out the recommended

“Comply or explain” statement

Principles-based approach

Boards are responsible for all risk management and internal control’s tasks. They should meet, at least twice a year, with internal and financial auditors in order to discuss problems linked to financial reporting, internal control and risk management.

Boards are expected to establish an audit committee formed by their members.

There are not clear provisions concerning internal audit’s role and position.

Page 5: Contemporary Approaches in Internal Audit

534 Maria Alina Caratas and Elena Cerasela Spatariu / Procedia Economics and Finance 15 ( 2014 ) 530 – 537

Audit committee’s composition

Audit committee’s role

Internal audit function

composition of the audit committee.

Boards should establish an audit committee of 3 or 2 (for small companies) independent non-executive directors. At least one member of this committee should have relevant financial experience in accounting and/or auditing.

The code sets out the recommended minimum terms of reference concerning audit committee’s functions and responsibilities that consist in:

-monitoring the integrity of financial statements and reviewing significant financial reporting judgments;

-reviewing of company’s internal control and risk management systems;

-assessing internal financial control;

-reviewing and monitoring the external auditors’ independence and objectivity as well as the effectiveness of internal audit process;

-providing advice to management (in terms of accounts, annual reports) and information for shareholders (when requested).

Our findings suggest that there are companies that have implemented internal audit function and others that have not. The audit committee should consider annually whether the companies need such a function and make recommendations to the board in this respect. However, companies are expected to provide explanations concerning the reasons for the absence of internal audit function in a relevant section of their annual report.

We also observe that the UK Code does not stipulate the obligation of internal auditors to set up and disclose their own report, as in the case of external or statutory auditors. The present code refers to a separate section of companies’ annual reports that should describe the work process of audit committees in discharging their responsibilities. At this point, this section should involve the significant issues concerning the financial

The Romanian Code recommends that the audit committee be formed exclusively by non-executive members. It is also stated that the audit committee should have a sufficient number of independent members.

The BVB’s Code stipulates in great lines the main responsibilities of the audit committee that consist in:

-assessing the effectiveness of financial reporting, internal control and risk management systems;

-monitoring the credibility and integrity of financial information and reviewing the relevance of applicable accounting standards;

-making recommendations to the board concerning the election, the nomination and replacement of financial auditors.

There are not clear provisions concerning internal audit function.

Page 6: Contemporary Approaches in Internal Audit

535 Maria Alina Caratas and Elena Cerasela Spatariu / Procedia Economics and Finance 15 ( 2014 ) 530 – 537

statements, an explanation regarding the external audit process and its effectiveness, but also remarks about external auditors’ independence and objectivity.

Source: authors’ analysis

5. Research discussion

From our comparative analysis, we remark that either in the UK Corporate Governance Code nor in the Romanian one, the internal audit is not granted the same importance as in the case of external audit, even if it plays a unique role in corporate governance by monitoring organizational risks and by controlling the effectiveness of processes within companies, as it was seen also by Holt and DeZoort, 2006. For the fact that internal audit’s role and function is insufficiently delimited in the above mentioned codes, we consider appropriate to point out the gaps we met and to make some recommendations such as: • A good delimitation as well as clear and effective responsibilities will support internal audit become a key

factor for increasing corporate governance effectiveness. We propose a strong cooperation between internal audit and the audit committee in terms of risks monitoring that could affect the achievement of company’s objectives. Internal auditors should assess whether internal control mechanisms and procedures address the identified risks.

• Internal audit should constantly intervene in internal control in order to assess its effectiveness and quality. This assessment should be part of a written report transmitted periodically to the audit committee for making the appropriate decisions.

• At another point, we consider that the codes should involve provisions concerning internal audit’s role in providing assurance that companies comply with law and regulations. This responsibility could be able to increase investors and other relevant stakeholders’ confidence.

• We notice that the UK Code foresees, but not in an explicit manner, a possible subordination of internal audit to the audit committee. Unlike the cited code, the BVB’s one does not stipulate any position of internal audit. Therefore, we consider that this issue needs a real re-examination because a clear position of internal audit in corporate governance process will help companies to establish well delimited responsibilities and raise governance effectiveness.

• The UK Code states that at least one of audit committee’s members should have relevant experience in accounting and/or auditing. We consider that, in general, internal auditors’ experience in financial field could be able to improve internal control and corporate governance as a whole. Therefore, corporate governance codes should offer more detailed recommendations concerning this internal auditors’ experience.

• Internal auditors’ independence is another point that should be granted an adequate importance by corporate governance codes. Auditors’ independence is able to influence positively internal control effectiveness being a variable with a significant impact, as it was previously stated by Frankel et al., 2002 or Krishnamurthy et al., 2006.

• We observe that both the UK Code and that of BVB make only insufficient recommendations concerning internal audit implementation within companies. Therefore, we conclude that in these cases, there is no legal obligation for companies to organize their own internal audit department. We point out that such a department would provide a greater responsibility and authority to internal audit function. By the virtue of such a department, internal auditors will be expected to issue annual plans and reports that will contribute to the increase of audit and corporate governance effectiveness.

Page 7: Contemporary Approaches in Internal Audit

536 Maria Alina Caratas and Elena Cerasela Spatariu / Procedia Economics and Finance 15 ( 2014 ) 530 – 537

• The corporate governance codes should also provide clear and detailed recommendations concerning the scope of internal audit. In such circumstances, auditors will be required to deliver certain assurance for their work, an assurance emerging from information asymmetries created between management and stakeholders. The level of this assurance will indicate the probability that once the financial statements being audited, they are free from material errors. This proposal starts from a recent research finding belonging to Radu, 2012. According to this author, internal audit is seen as an independent and objective assurance and consulting activity aiming to bring added value to companies, the overall objective of internal audit activity consisting in delivering a reasonable assurance that management and internal control system do operate effectively, as required by regulators. We add that internal audit should ensure stakeholders that financial operations are carried out correctly, no error being registered, which will support the increase of governance effectiveness.

• As a general remark for our comparative analysis, we state that there is a contradiction between one of the main principles of corporate governance – that referring to transparency – and the extent to which corporate governance codes use to treat internal audit function. According to the above mentioned principle, the codes should disclose relevant and transparent information concerning their corporate governance structure, composition, functioning etc. However, our findings prove that the UK Code does not declare explicitly the internal audit function organization and, in the case of the Romanian one, there are not clear stipulations at this regard. We assume that an effective internal audit function could support risk management and prevent fraud.

6. Conclusion

Our research findings aim to highlight the need for repositioning the internal audit function as a key factor in a changing environment where corporate governance faces a lot of challenges. According to internal audit’s role in assessing the effectiveness of internal control and risk management systems, we truly believe that this fact has direct implications on risks’ minimization as well as on financial reporting. We consider that the presence of an effective internal audit function within a company could prevent misstatements in financial reporting. Moreover, internal audit, as a control function, leads to the improvement of company’s performances. By realizing a comparative analysis between two corporate governance codes, we remark an acute lack of information concerning the existence, position, organization, role and responsibilities of internal audit as a specific part within an entity. This finding makes us sustain that it is necessary for regulators to review the corporate governance codes’ provisions in order to grant to internal audit the adequate importance. From our analysis, we notice that internal auditors are expected to provide their assessment of risk management and internal control only to managers and to the audit committee. However, we sustain that this information should be made available to other interested parties in order to increase transparency that is so necessary for good corporate governance. Such a measure could be able to prevent abuses and to make more responsible the participants to corporate governance process. The disclosure of internal audit reports seems to us appropriate for increasing shareholders’ confidence in financial reporting. Therefore, internal audit could be regarded as a standard for measuring management and board’s effectiveness in the circumstances of corporate governance. We consider as the main limit of our research its exclusively theoretical character. It is possible that it would have been more interesting to realize an empirical research for investigating regulators, professionals, companies and other interested parties’ perception concerning the place and role of internal audit within corporate governance with their opinions on possible weaknesses and strengths among governance codes’ settlements. However, given the theme of our paper and the current state of the research findings in this field, we appreciate that our results could open the way for future studies which will bring more accurate information concerning different mechanisms able to increase governance effectiveness.

Page 8: Contemporary Approaches in Internal Audit

537 Maria Alina Caratas and Elena Cerasela Spatariu / Procedia Economics and Finance 15 ( 2014 ) 530 – 537

References

KPMG, 2011. “Dodd-Frank: Top Ten Priorities for Internal Audit”, Americas’ FS Regulatory Center of Excellence, November 2011. Hermanson, D.R. and Rittenberg, L.E., 2003. “Internal audit and organizational governance”, Research Opportunities in Internal Auditing,

The Institute of Internal Auditors Research Foundation, Altamonte Springs, FL. Financial Reporting Council, September 2012. “The UK Corporate Governance Code”, Available at: http://www.frc.org.uk/Our-

Work/Publications/Corporate-Governance/UK-Corporate-Governance-Code-September-2012.aspx> Ionescu, M.V., 2009. “Guvernanta corporativa”, article in press, available on-line at:

http://old.standard.money.ro/articol_111474/valentin_m_ionescu_guvernanta_corporativa.html Goodwin-Stewart, J. and Kent, P., 2006. “The use of internal audit by Australian companies”, Managerial Auditing Journal, 21(1), pp. 81-

101. Bishop, W.G., Hermanson, D.R., Lapides, P.D., Rittenberg, L.E., 2000. “The year of the audit committee”, Internal Auditor, 57(2), pp. 46-

51. Naiker, V. and Sharma, D.S., 2009. “Former audit partners on the audit committee and internal control deficiencies”, The Accounting

Review, 84(2), pp. 559-587. Abbott, L., Park, Y. and Parker, S., 2000. “The effects of audit committee activity and independence on corporate fraud”, Managerial

Finance, 26, pp. 55-67. Rupley, K., Almer, E. and Philbrick, D., 2011. “Audit committee effectiveness: Perceptions of public company audit committee members

post-SOX”, Research in Accounting Regulation, vol.23, pp. 138-144. Lepadatu, G.V., 2011. “Corporate Governance and audit activity”, Economy Transdisciplinarity Cognition, XIV (1), pp. 44-49. Stanciu, V., 2012. “Internal audit-rising to the challenge”, 7th International Conference “Accounting and Management Information

Systems”, June 13-14, 2012, Bucharest, Romania. Radu, M., 2012. “Corporate governance, internal audit and environmental audit – the performance tools in Romanian companies”,

Accounting and Management Information Systems, 11(1), pp. 112-130. European Commission, 2010. “Green Paper – Audit policy: lessons from the crisis”, October 2010, Available at:

http://ec.europa.eu/internal_market/auditing/docs/market/consultation2008/summary_report_en.pdf The Bucharest Stock Exchange Corporate Governance Code, 2008, Available at: http://www.bvb.ro Holt P.T. and DeZoort, F.T., 2006. “The Effects of Internal Audit Report Disclosure on Perceived Financial Reporting Reliability”, Working

Paper, University of Alabama, December. Frankel, R., Johnson, M. and Nelson, K., 2002. “The relation between auditor’s fees for non-audit services and earnings quality”, The Accounting Review (Supplement), pp. 71-105. Krishnamurthy, S., Zhou, J. and Zhou, N., 2006. “Auditor Reputation, Auditor Independence and the Stock Market Impact of Andersen’s Indictment on its Client Firms”, Contemporary Accounting Research, 23(2), pp. 465-490.