The increasing importance of internal control for larger companies

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

The first chapter of the report will cover the main points for the necessity of this dissertation in relation to the Internal Auditing as it is existing nowadays in some companies. Also, at this chapter, the aim and objectives of the report will be clearly demonstrated. In addition, the above will be followed by a hypothetical question that at the end of the report is going to be answered with various justification and future recommendations. Finally, at the end of this chapter, the structure of the project will be clearly revealed.


According my previous thoughts, audit is a wide and very interesting subject which becomes more adventurous when it is applied in real life. Subsequently, within the complex and the evolution of economy, the importance of Internal Auditing is rapidly increasing. The internal control of the larger economic organizations, which usually brings together a considerable wealth, is becoming more and more essential and the persuasion for corruption and abuse are pleasurable to a lot of people. As it can be seen further down at this project, companies that are using the internal auditing for an attempt to cover up their depths, hide some wrong transactions, disguise their financial mistakes, etc. turns out to be catastrophic to the future economy. What is more frightening though, is that more and more cases of accounting fraud are coming into the public eye particularly in the U.S. but also in Europe. Such cases includes: Enron Scandal 2001, Xerox 2002, Lehman Brothers Holdings 2008, , etc.

Therefore, I have decided to carry out this research with the subject of Internal Auditing which is basically the stage that will prevent the fraud to exist. Optimistically, with this report each employer will be able to understand the importance of Internal Auditing and finally prevent any further expose to the future economy.


The aim of this research is to investigate the importance and purpose of Internal Auditing that is applied into the companies and also the hazard that may occur from the lack of Internal Control will be clearly demonstrated.


The objectives of the current report are:

To be an evidence of the importance that Internal Auditing have into an organisation.

S pecific: clear about what, where, when, and how the situation will be changed;

Measurable: able to quantify the targets and benefits;

Achievable: able to attain the objectives (knowing the resources and capacities at the disposal of the community);

Realistic: able to obtain the level of change reflected in the objective; and

Time bound: stating the time period in which they will each be accomplished

Hypothetical question

Why do businesses have to make appropriate use of Internal Auditing and what are the issues that may have to confront in the circumstances that they do not use Internal Auditing?

With the answers to this hypothetical question, it is expected to briefly justify the objectives of the project that where mentioned above. Moreover, a precise answer to this question will quite to the correct construction of the whole project.

Structure of the project

To all intents and purposes, this project will be divided into five different chapters with the obligation to answer the hypothetical question and gently reach the pick to the project aim that were stated above. The division of the five chapters will be as follows:

At the first chapter, the background of the project will be unfold in accordance with the aim and objectives of the project. Also, a research hypothetical question will be revealed and it will be followed by the structure of the project. The second chapter of the project will illustrate the research overview of the project and it will be followed from a figure which is basically comprised with the research philosophy, the research methodology and the methods of data collection. Then, the methods used for the data analysis will be presented followed by the triangulation that was used. Chapter three represents the literature review that was carried out as regard the Internal Auditing and its changes through the time and also this chapter includes some conceptual definitions that consider essential. Subsequently, at chapter four, the analysis of two case studies (Enron Scandal, Lehman Brothers) will take place. Finally at chapter five, the conclusions and some recommendations will be given with the purpose to reach the aim of the project and give an answer to the hypothetical question that was stated above.

Chapter 2: Research Approach

At this chapter, the research approaches that were used in this project are going to be thoroughly pointed out. To start with, the research overview of the project will be braked down into the research method, research philosophy, research methodology and the data collection. At this point a table will be created to clearly illustrate the path that is going to be used. Following, the data analysis methods will be demonstrated and the cross method of triangulation will be explained.

Research overview

As it can be seen from the figure 1 bellow, the research that was done to complete this project, is considered to be the finest to succeed its aim and objectives. Thus, the research will follow the deduction thinking to gather qualitative information with the assistance of action research, grounded theory and case studies. At the end, the required secondary data will be collected through research of articles, journals and books.

Research process

At this particular project, the use of deductive rather that inductive thinking was considered more appropriate. With the deductive process we imply a specific theory and then we narrow it down to the means of the generic hypothesis that we have ( ). Moreover, with the clarification that we will obtain through the project we will derive to the final conclusion which may agree with the main theory or the theory may need to be slightly modified ( Saunders et al 2007 ).

Research Philosophy

The research philosophy of the project, as it can be seen in figure 1, is the section were qualitative data will be collected rather than quantitative data. Qualitative data are the data that provide us with information regarding only our case studies. Furthermore, the available qualitative data will carefully be examine with the cross theory of triangulation( Saunders et al 2007 ).

Research Methodology

As it can be seen from the figure 1 above, the research methodologies that will be used for the establishment of this project are case studies, grounded theory and action research. With the case studies assistant, we will manage to expand our understanding on the subject and provide the readers with an accurate outcome. In addition, grounded theory is very precise to the fact that will explain the behaviour of Internal Auditing into an organisation. Finally, action research is the research that it is focusing in the action and will occur in most section of this project. Hopefully at the end it will assist to create a number of recommendation regarding this project's aim( Saunders et al 2007 ).

Data Collection

As implied in the previous section, this project will only based on secondary data collection. This data are mostly collected from journals, articles and books. Additionally, with the appropriate examination and judgment of those data we will form the most proper conclusion for the hypothetical question which was stated at a previous section.


Throughout this research, the method of triangulation will be thoroughly applied to validate that the data that are going to be used will be accurate and reliable. Moreover, triangulation method will be applied to generate that most appropriate conclusion and recommendations at the final stage of the project.

Chapter 3: Literature Review

Historical development of Auditing

Auditing as a function was originate very early in the ancient civilizations of China (Lee, 1986), Egypt and Greece (Boyd, 1905). According to McMickle (1978, pp 11-12) the ancient checking activities found in Greece (350B.C.) appear to be closest to the auditing of nowadays. Similar kind of checking activities were found in the ancient England where officers called auditors were responsible for the examination of the accounts in order to prevent fraud (Abdel-Qader, 2002).

What is more, in the late medieval, the regeneration of Accountancy is marked in Italy and the city of Pisa have their first official auditor. Also, around the same time at the English treasury tax lists are created for comparison. In 1581 the first official "Association of Professional Accountants" was created in Venice and it was named as "Coliegio dei Raxonati" 1997). The economic crises of the years 1825 and 1836 and the development of smaller and larger industries, contributed to the dissemination and systemization of the audits in the UK(, 2000).

Nowadays, the internal audit is a well expanded profession. Some years ago, an auditor who was going to work at a company in an internal audit department, would have faced a difficult situation regarding the auditing functions of the firm(Pickett, 2003). Watching the development of internal audit, it can be seen that before 1941, when the Institute of Internal Auditors was established( ), it was mainly a function of office and most of the record keeping was completed by hand and internal auditors were needed only to verify the accounting data and find errors (fraud). The old concept of the internal auditor was for the purposes of security and their primary objective was to uncover fraud(Pickett, 2003).

In 1900s at the UK, auditing became more established as a result of the industrial revolutions (Abdel-Qader, 2002). Brown (1962) reported that auditors were required to check all the transactions and financial statements. As stated by Lawrence R.Dicksee (1892 cited in Leung, 2004, p.7) in a Practical Manual for Auditors, the objectives of auditing were: (a) the detection of fraud; (b) the detection of technical errors, and (c) the detection of errors of principles. The existence of internal audit was still minimized (Porter, et al., 2005).

Some decades later the further growth of the companies force them to separate the ownership from the auditing functions. Moreover, there was a need to convince investors in the financial markets that the company's financial statement was transparent. Therefore, around 1940s the primary objective of an auditor has shifted from fraud detection to the truth and fairness of the companies. The voluminous transactions and financial operations developed the sampling techniques (Brown, 1962).

Later on, in the 1970s with economy's and technology's growth, auditors played an important role in enhancing the solvency of financial information and furthering the operations of an effective capital market (Porter, et al., 2005). Due to the increase of financial accounts, auditors placed more reliance on the internal control of companies during the audit procedure. If the internal control was reliable, the auditors reduced the detailed testing.

In the 1980s risk-based auditing had been introduced. Risk-based auditing is an audit approach where the auditor focuses on areas which are likely to contain errors. In order to implement risk-based auditing, auditors need to achieve a thorough understanding of their clients (Porter, et al., 2005). As Porter (2005) opined, that was the period when computer systems were introduced in most companies in order to process their data. Additionally, auditors developed one more role since they were providing advisory services to their clients.

Since 1990s a rapid change was observed in auditing profession due to the fast growth of the world economies. Nowadays, as Porter et al (2005) stated, auditing is expanded into new processes that built on a business risk perspective of their clients. The business risk approach supports that a wide range of the client's business risks are relevant to the audit. If the auditor understands the different kind of risks in businesses the identification of different matters will be more significant and relevant to the auditing.

A conceptual Definition of Internal Audit and Audit Risk

In an effort to appreciate the concept of internal audit, it will be necessary to distinguish it between the concept of internal control system. Then and with the same manner, the concept of the internal and external auditor will be contrasted so that the one who works within a company (Internal Auditor) will be more cleared from the auditor (External Auditor) who works for it.

Internal Audit and Internal Control System

In accordance to Millichamp (2008), the internal audit process in an organization includes the responsibility to plan, organize and direct the performance of actions, which are designed to provide adequate security to meet the targets of: a) achieving specific objectives, b) review of the economy and efficient use of resources, c) protecting the company's assets, d) reliability and integrity of the given information, e) comply with policies, programs, procedures, laws and other regulations. In addition, internal audit is a part of the model of corporate governance in the sense that contributes to the governance process of an organization by evaluating and improving: a) the process by which the aims and the values of the organization are established, b) the way of monitoring the achievement of the companies objectives, c) by ensuring the accountability of the firm and d) by protecting the companies values. (Picket, 2003).

The internal control system is an organized network of functions and procedures. It is a system of controls that is established by the board of directors and it is designed to keep the organization operating efficiently(Cheung, 1997). The internal control systems is an important task which is ahead of the auditing, while at the same time it comprises the effective work of the internal auditor. Moreover, a basic precondition for their preparation, is the existence of documented procedures in the organization, for the reason that any control program follows the workflow step by step. Also, by the end of the custom checks, the auditors are improving the system by introducing new data that may have obtained and at the end, if compiled for the first time, they filed the new data (2003). Finally, it is creditable to say that the internal control system looks similar to the human nervous system since both of them transfers commands and responses to and from the administration (Cook et al, 1976).

Internal auditors and their distinguish from the external auditors

The internal and external auditors have a number of common features, such as: a) their concern for the effectiveness of internal financial operations, b) their need to have in hand procedures that are adequate without any important ignorance, c) both of them need to cooperate with each other, d) they both have to generate audit reports, etc. ( ). What is more, on the other hand, we will distinguish the internal from the external auditors and we will list their essential differences:

A. Different objectives

The internal auditors are engaged to the business in both economic and non-economic processes and strategies, aiming to help the company achieve its purpose effectively and with a more disciplined approach. On the other hand, the external auditors who ensure whether the economic situation of a particular period is presented in a fair, correct and accurate manner (Millichamp 2008).

B. Organizational structure/ responsibility

The internal auditors are representing an internal part of the organization that they are working to and they are accounting to the management of the firm. In contrast the external auditors submit a report to the shareholders of the firm on an annual basis (Millichamp 2008).

C. Legal Status

The formation of internal auditors section into organization is not mandatory, except for companies that are trading into stock exchange, while the external audit is required by law for most firms, especially for those which are commercially register(Millichamp 2008).

D. Scope and Approach

The employer has always the right to judge the knowledge and skills that their internal auditor need to have. Usually, those internal auditors are coming from within the company, thus they are already aware to some extent with the functions of the firm. what is more after years of employment in only one company they acquire a solid and extensive knowledge and experience. Alternatively, the external auditors must come from the body of statutory auditors and they only make an audit of the financial accounts, assets/liabilities of the company once or twice a year, resulting in not so extensive knowledge of the firms functions in relation to the internal auditor.

Audit Risk

As it was mentioned above, audit risk was introduced around the 1980s when auditors could not go through all transactions. Therefore, a risk based approach is used by auditors in order to eliminate the chance of giving a false audit opinion. All audits must follow the risk based approach in accordance with ISAs (International Standard on Auditing), in order to ensure that audit work is correct and the most efficient tests are used based on the audit risk assessment. As stated in ISA315, auditors should detect possible risks that might lead in errors in transactions and balances or a misstatement in the financial statements. ( )

Audit risk is fundamental for all auditors and according to the IAASB (Glossary of Terms, Handbook, 2009) is defined as: The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of material misstatement and detection risk. The above definition comes in agreement with the definition given from the ASB (Auditing Standard Board) Meeting in August 2007.

Components of Audit Risk

Audit risk is basically constituted by three components: Inherent risk, Control risk and Detection risk. Inherent risk as Wyett J. stated (1999) is when account balances or transactions could be materially misstated because of factors arising at the entity or account balance or class of transaction level. An afterwards information argue that Inherent risk is when the auditor's assessment of the susceptibility of a relevant assertion to a misstatement that could be material, either individually or when aggregated with other misstatements, assuming there were no related controls (Akresh D., 2008).

According again to Wyett J. (1999), Control risk means that a material misstatement could occur in an account balance or class of transactions which would not be prevented or detected in a timely fashion by the entity's accounting and internal control systems. Subsequently, an information debate that the auditor's assessment of the risk that a misstatement that could occur in a relevant assertion and that could be material, either individually or when aggregated with other misstatements, will not be prevented or detected (and corrected) on a timely basis by the entity's internal control (Akresh D., 2008).

Finally, detection risk is defined as the risk that all the substantive tests of details and substantive analytical procedures concerning an assertion would fail to detect aggregate material misstatements that have occurred and were not detected (and corrected) by the entity's internal controls (Akresh D., 2008).

Chapter 4: Collapsed Auditing processes

This chapter summarizes the conclusions of the project that derived from the research review and the case studies analysis. Also, at this chapter we will have some points of improvement and suggestions on improving internal auditing. Moreover, the importance of internal auditing will be clearly described.

Conclusions & Recommendations

As it can be seen from the above project, it is more preferable for the efficiency and effectiveness of internal auditing to select a control system that is going to take into consideration the risk of all departments in the business and it will be adjusted according to their fluctuations. Moreover, another important step for the improvement to the services of internal audit into organizations is to force the internal auditors to comply with the international standards of internal auditing. Additionally, the continuous renewal of professional standards for the internal auditors is necessary so that it will match with their skills and knowledge in the present growth. What is more, the complementary relationship and continuing collaboration among all structures of audit activities may also contribute to more internal quality auditing.

In addition, it is for the best interest if the internal auditors were to work without time pressure at all, for the reason that occasionally this pressure may be a limiting factor for obtaining sufficient and appropriate evidence. Moreover, to maintain and strengthen the independence of internal auditors, the confusion and the conflict with other functions within the organization should be avoided as much as possible. In addition, the relationship between internal auditors and other employees in the business must be redesigned due to the fact that the internal auditors are required only to check and not provide consultant to them.

Nowadays, the internal and external audit should be cooperated and both of them use each other knowledge, doing that the company could become more efficient and effective. That is one way so the external auditors can rely on their work and increase the functionality to a better overall control system