The role of internal auit in improving corporate governance

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.


It is well known that corporate governance is a vital part of the corporate structure, and as an extension of that, internal audit increases the role of corporate governance and provides the firms with better relationships among their members. However, the question that might arise is 'What really corporate governance is and what is the role of internal audit?'

The definition of corporate governance has been recognised since 1970 and is defined in different ways (Cattrysse, 2005). One of them is 'the mean to improve relations between companies and their shareholders; to improve the quality of outside directors; to encourage people to think long-term; to ensure that information needs of all stakeholders are met and to ensure that executive management is monitored properly in the interest of shareholders.' (Cattrysse, 2005, pp. 3). Corporate governance includes members such as board of directors, management, audit committee, and stakeholders (Cattrysse, 2005).

The role of internal audit within an organisation is to ensure that all internal procedures and controls made by the management are adequate and effective (Cattrysse, 2005). An internal auditor is hired by the management and at the same time the person who occupies this position should be independent, something that is in contrast with the way this recruitment occurred (Cattrysse, 2005). For that reason, the audit committee supports the view that there should be official mechanisms between the internal audit and the internal committee to secure the confidential exchanges (Cattrysse, 2005).

The structure of Internal Audit Unit can be met in three different ways (Li, 2006). According to Li (2006), the internal audit unit and the Board of Directors are at the same level of authority and the monitoring committee is guiding the internal audit unit. The second type of structure occurs when the internal audit unit and the company's various departments are at the same level and the former is controlled by the Board of Directors, whereas the third type happens when the internal audit unit is integrated into the finance department since internal auditing is a vital part of finance unit (Li, 2006).

Internal Audit Unit should support the following functions in order its role to be useful in a company's operation: mission and scope of work, accountability, independence, responsibility, authority, and standards of audit practice (Fitzsimon, 2005). However, a more detailed presentation of Internal Audit Unit's functions is going to be discussed into next section.

Internal control and internal audit are two different meanings and should not be confused (Cattrysse, 2005). The main role of internal control is to provide the users with reliable, relevant, timeliness, and compliance with laws and legislations in the financial statements, so as to assist the users in the decision making process through information's accuracy (Cattrysse, 2005; KPMG, 2008). Firms strive to minimise their risks of material misstatements which are occurred in the financial statements (Cattrysse, 2005; KPMG, 2008). On the other hand, internal audit is the activity that is executed by internal auditors to supervise whether the internal control system operates sufficient or not (Cattrysse, 2005; KPMG, 2008).

Internal Audit Unit, Audit Committee and External Auditor

KPMG (2008) states that internal audit is a fundamental part for a company. Board of directors can fulfill their internal control task, through the internal audit's supervision and assist (KPMG, 2008). The reasons why an internal audit unit should be introduced in a corporate structure, as KPMG (2008) refers, are to be presented.

Internal audit a) provides a brief description of the organisation's control type and evaluates the tone at the top, b) demonstrates unbiased risk assessment, c) shows the various process forms of the organisation, d) explains the contribution of the assets, e) releases valid information of frauds and deceptions, f) illustrates reviews of unacceptable levels of risk, g) displays the compliance framework, h) presents the operational and financial performance, i) offers suggestions for better utilisation of resources, j) estimates the accomplished goals and objectives, and k) gives feedback about firm's code of ethics and firm's values (Hermanson & Rittenberg, 2003; KPMG, 2008).

Audit committee exists due to the fact that every organisation should provide to the public reliable and accurate information and proper assessment of the risk of the firm that are interested in. To be more precise, in accordance with NACD (2000a), Hermanson & Rittenberg (2003), and Sarens et al., (2009) audit committee's task is mainly to observe the financial reporting procedure, to supervise the internal control system, meaning that risks are calculated and minimised by the management, and to monitor whether the internal and external auditors do their work properly or not. Others support the view that audit committee should emphasise primarily in the overseeing of financial reporting procedure (Hermanson & Rittenberg, 2003).

As mentioned above, the monitoring of external auditors includes the fact that an audit committee in some countries (e.g. USA) has the authority to dismiss external auditors from their duties, to hire new ones, and to assess their independence (Hermanson & Rittenberg, 2003).

Figure 1: Internal Auditing in an Organisational Governance Framework.

Source: Ruud & Bodenmann, 2001, pp. 522; Ruud, 2003, pp. 75)

Despite the fact that external auditors are not incorporated in the organisation, they are considered to be engaged by it (Pop et al., 2008). Additionally, they provide an annual report of the organisation's financial statements. Furthermore, external auditors can minimise errors that are not material significance and as an extension of the aforesaid, they focus on the general performance and financial results. Finally, they examine risk factors regarding management issues and 'behaviours' (Pop et al., 2008). Rudd (2003) claims that, an audit committee acts as a coordinator between external audit and internal audit unit. Figure 1 supports the previous argumentation.

It so far obvious that internal auditing is influenced by senior management and external auditing is not (Pop et al., 2008). Goals and strategies of internal auditing rely on the management's needs whereas external auditors are interested in accurate and unbiased financial statements that do not encompass material misstatements (Pop et al., 2008). What is more, external auditing should be informed by the internal auditors in case something unexpected happens to the internal auditing reports and external auditors should notify when an event is able to affect internal auditing (Pop et al., 2008). External auditors must have complete access to internal auditing reports, and lastly, they should carry out an evaluation of the internal audit function (Pop et al., 2008).

Internal audit and corporate governance

Internal audit's work, through their ability to provide information to risk's reduction, can lead a corporation into safety paths and therefore to improve corporate governance (Allen, 2008). Consistent with Allen (2008), internal auditing facilitates the function of 'risk intelligent enterprise', implying that these enterprises assess the probabilities and apply scenarios in their operations, which enables them to the decision-making process and create strategies. The contribution of internal auditors at this point is to achieve a solution for the corporation in order to be more risk intelligent (Allen, 2008). Moreover, they can act as an information channel as well as to enhance operating efficiency (Allen, 2008).

Risk is another factor an enterprise should consider since internal auditors can recognise the different types of risk and imbalances that may occur (Allen, 2008). Enterprises cannot flourish when performing so as to avoid risks (Allen, 2008). Instead, enterprises that utilise the internal auditors' knowledge could add new value in the organisation and develop competitive advantage (Allen, 2008).

Most enterprises assume only traditional financial measurements can evaluate their condition but non-financial factors (among others customer satisfaction, operational quality, innovation, and employee commitment) are those indicators that can assess the performance of an enterprise as well (Allen, 2008). Ethics is also a crucial factor, which can be recognised by internal auditors and raise the corporate performance by boosting the consumers' confidence and creating dedicated customers (Allen, 2008). Using their abilities and the fact that they are integrated in the company, internal auditors can build value by informing management deal with a number of potential threats, from corporate reputation to environmental issues (Allen, 2008). Lastly, expanding the board with members having internal auditing experience, higher boardroom diversity could be achieved, and as a result, greater thought production and improved corporate governance could occur (Allen, 2008).

Cadbury Report (1992), named as 'The Financial Aspects of Corporate Governance' provided recommendations for the reformation of boards and accounting systems so as to minimise corporate governance risks, and to establish effective audit committees with efficient internal controls. Cadbury's recommendations focused on the separation of the roles between the chairman and the CEO (Cadbury, 1992; Cattrysse, 2005). Additionally, the idea that there should be an element in the boardroom, that could prevent CEOs from getting too much power, prevailed (Cadbury, 1992; Cattrysse, 2005).

In short, Cadbury refers to a framework including three principles: openness, integrity, and accountability (Cadbury, 1992; Cattrysse, 2005). A requirement that could influence internal audit function was the fact that the directors had to report whether the internal control system was effective or not (Cadbury, 1992; Cattrysse, 2005). The Cadbury Report is, in a great extent, based on the Committee of Sponsoring Organisations of the Treadway Commission (COSO) and Cadbury's principles are applied in various worldwide corporations (Cattrysse, 2005).

Corporate scandals, such as Enron, Barings Bank, Northern Rock, and WorldCom, which cost billions to the investors, forced US to publish the Sarbanes-Oxley Act of 2002 (Cattrysse, 2005). Section 404 in Sarbanes-Oxley Act (SOX) refers to the assessment of internal control (Sarbanes-Oxley Act, 2002). Precisely, management and external auditing should conduct a report concerning the adequacy of internal control system for financial reporting (Sarbanes-Oxley Act, 2002). SOX presented eight sets of 'rules' or 'codes' until 2004 aiming to restore the reputation of the biggest US organisations and to enhance good corporate governance (Cattrysse, 2005). Moreover, an internal auditing became a necessity for all NYSE listed companies (Cattrysse, 2005). Nevertheless, even with these harsh measures, SOX did not manage to eradicate the risk of corporate scandals (Cattrysse, 2005).

The Combined Code 2010 formulated due to Hampel Committee and promoted even more good corporate governance (Combined Code, 2010). The Combined Code combines the elements of accountability and corporation prosperity (Combined Code, 2010). The former element was the corner stone of the Code since it could improve the performance and the profit of the firm (Combined Code, 2010). The recommendations of Cadbury Committee, Greenbury Committee, and Hampel Committee compose the Code which mentions among others that the audit committee should be represented by independent non-executive directors and great emphasis has been given in the notion of integrity due to the aforementioned corporate scandals (Cattrysse, 2005).

Corporate scandals

Lehman Brothers belongs to the biggest corporate scandals in history. The reasons of the bankruptcy are quite clear. Several executive members were highly-paid despite the financial crisis. This fact revealed that the proportion of the payments was far too huge in relation to the previous year's payments. Another reason for the bankruptcy appears to be the inadequate internal audit control since they let accounting system to be manipulated presenting virtual numbers in the balance sheets. As Story & Dash (2010) state, Lehman exploited a small firm named 'Hudson Castle' to move some of the assets and transactions in order to hide the real financial position of the company. Lehman could control the board members since he possessed a part of the Hudson Castle.

Apart from the aforesaid reasons, Lehman Brothers suffered many losses from the mortgages which had been already securitised. The bank had lack of liquidity because the borrowers were unable to pay their loans due to the crunch. The bank's stock started to fall rapidly and the bank released 1,500 employees to cope with its depts. Bank's investors felt insecure and lost their faith, drifting Dow Jones down. The company tried to make deal with Barclays, a large investment firm in UK, so as to be sold but the deal collapsed. Government also denied assisting Lehman Brothers. According to Bloomberg, on September 15th 2008 Lehman Brothers filed for Chapter 11 bankruptcy protection and J.P. Morgan gave to Lehman Brothers a liquidity boost, money that were repaid by the Federal Reserve Bank of New York to J.P. Morgan two days later. WIKIPEDIA

Figure 2: Lehman Brothers Share Price (

As it seems, the rescue plan for Lehman Brothers was absent because the bank was only the victim since the assist could come earlier. The bank collapsed, dragging lots of investment firms down. The domino effect that occurred forced governments to reformulate bank regulations in order to improve guidance, transparency, disclosure, and monitoring.

Audit committees in corporate scandals were not sufficient informed by the management and external auditors resulting to an information gaps (Pozen, 2011). Moreover, audit committees have to deal with a mass of complex information and regulations, which is difficult to control when audit committees, external auditors, and management do not cooperate properly (Pozen, 2011).

In the case of Enron, audit committee had been outsourced to the company's external auditors (Hala, 2003). As a result, junior internal auditors would not confront senior executives' and senior auditors' decisions (Hala, 2003). Furthermore, many internal auditors report directly to the CFO or senior management than to the audit committee resulting to biased financial statements and lack of independence since CFO has the authority to hire and fire the chief audit executive when unwelcome opinions are heard (Gallegos, 2004).

Barings Bank was equipped with negligent external auditors who had lack of knowledge about derivatives. Consequently, top management and auditors could not understand the business of the chief trader for Barings Futures in Singapore. Lack of clear reporting line and monitoring of employees, were incidents that were responsible for Bank's collapse. (BIBLIO MANDYLA)

According to D'Arcy (2008), 'Northen Rock's internal auditing could not evaluate the effectiveness of the management of risk and provide assurance to the Board'. The effectiveness of internal auditing is deemed according to the right reporting lines and the responsibility of the board or the Audit Committee (D'Arcy, 2008).

Similar to Northen Rock, WorldCom's mechanisms such as questionable ethics, aggressive earnings management, shortcomings in accounting and reporting, weak internal control, and internal corporate control failed leading to WorldCom's bankruptcy (Akhigbe et al., 2005).

Akhigbe, A., Martin, A., Whyte, A., 2005. Contagion effects of the world's largest bankruptcy: the case of WorldCom, The Quarterly Review of Economics an Finance, 45, pp. 48-64

current requirements and responsibilities of Internal Audit Unit

Based on recent legislation, the report should describe the current requirements and responsibilities of the Internal Audit Unit. It should explain how the Internal Audit Unit interacts with the Audit Committee and External Auditor, and should also explore how the contribution of internal audit can be measured.

The current role of Internal Audit Unit is better described in the following figure (Fig. 3). According to the figure, shareholders acquire useful information directly from management, skipping the financial statements (Holland, 1995; Baker & Owsen, 2002). Moreover, responsibility of internal auditing is the improvement of management controls and procedures in order to facilitate the CEO to enhance the financial performance of the firm Cadbury Committee, 1992; EC Commission, 1997; Elliott, 1994; Baker & Owsen, 2002).

Griffioen (1995), Byrne (1998) and Baker & Owsen (2002) discuss that the financial analysts and other sources of information play a more vital role for institutional investors than auditors (Griffioen, 1995; Byrne, 1998; Baker & Owsen, 2002). Precisely, institutional investors are informed by financial analysts regarding the investment decisions. With the assist of technology (among others internet and media), the information flows fast, is up-to-date and can be accessed easily by financial analysts (Baker & Owsen, 2002).

Audit committees organise meetings with internal auditors to figure out whether the internal control over financial reporting is effective or not (Beasley et al., 2009; Sarens et al., 2009). Furthermore, surveys demonstrate that audit committees are completely dependent by the internal and external auditors when evaluating the effectiveness over financial reporting (Beasley et al., 2009; Sarens et al., 2009).

Researchers also revealed that the reporting channels of internal auditing were not clear enough (Beasley et al., 2009; Sarens et al., 2009). As a result, information asymmetries occur between the audit committee and management leading to the principal/agent problem (Turley & Zaman, 2007; Sarens et al., 2009). The asymmetry derives from the fact that the members of the audit committee have lack of detailed knowledge (Sarens et al., 2009). It should be noticed that the influence of the audit committees was quite limited when it comes to the work plan of internal audit function, but it was necessary for the internal audit plan to be met (Turley & Zaman, 2007; Sarens et al., 2009).

Figure 3: The current role of Internal Audit Unit (Williams, 1996; Frost & Pownell, 1996; Baker & Owsen, 2002).

A factor that can enhance the contribution of internal auditors is the availability, namely the time that an internal auditor can dedicate in a given period for the financial statements' preparation (Felix et al., 2001). Time availability can assist in informing external auditors by the internal auditors (Felix et al., 2001). Another factor is the internal audit quality which refers to the level of quality of the financial statements (Felix et al., 2001). Moreover, a successful coordination between external and internal auditors can contribute to the internal auditors' efficiency (Felix et al., 2001). Finally, risk in the audit environment can influence internal audit's decisions (Maletta & Kida, 1993; Maletta, 1993; Felix et al., 2001).

The Contribution of Internal Audit as a Determinant of External Audit Fees and Factors Influencing This Contribution

William L. Felix, Jr., Audrey A. Gramling and Mario J. Maletta

Page 517 of 513-534 Journal of Accounting Research   >  Vol. 39, No. 3, Dec., 2001 


In summary, the report should analyse whether and how the introduction of internal audit enhances companies' effectiveness and accountability. It should consider which requirements and functions are especially helpful for companies and investors.