Change in internal auditing practice:Evolution, constraints and ingenious solutions

The main purpose of this research is to investigate if and how the internal auditing (IA) profession and practitioners exercise ingenuity to deal with the constraints faced by them during the development of IA and implementation of IA activities at the societal and organizational level. The key aim is to explore whether, through exercising ingenuity, the Institute of Internal Auditors (IIA) and IA functions can strengthen and improve IA quality and effectiveness in order to meet the expectations of management, key stakeholders and the changing role of IA, in order to remain relevant and to survive in the challenging environmental conditions. The data for the study was collected and analysed at both societal and organizational levels, including how they interact each other. The theoretical approach employed in this research offers a valuable lens on the relationship between ingenuity, ingenious strategies and constraints. This theoretical framework offers a way to understand how constraints at societal and organizational levels can be resolved over time as IA evolves. The results of this study found three main constraints: the continuously changing IA role; insufficient resources and capabilities; and low IA status and quality. These led to five main ingenuity strategies that emerged at the societal and organizational levels, such as the use of Risk-Based Internal Auditing (RBIA), co-sourcing, talent management, the continuous improvement of IPPF, and forging collaborative partnerships between internal auditing and risk management. These strategies enable the IIA to improve the quality and effectiveness of IA and assist IA functions to tackle the constraints they face, exercise activities that improve organization operations, and add more value to organizations. This study takes the initiative to categorize ingenious solutions according to types of ingenuity and constraint. The findings of this study (see Chapter 7, 8 and 9) also show that constraints can motivate the IA profession and its practitioners to identify and exercise ingenious practices and become a source for creativity and innovative problem-solving

The influence of objectivity, competence, and work performance on external auditors' judgements relating to the internal audit function in Jordan

This thesis presents empirical research on the perceptions of external auditors (EAs) regarding the impact of three dimensions of auditing, namely the objectivity of the Internal Audit Function (IAF), the competence of the IAF, and the work performance of the IAF, on (1) the effectiveness of the IAF in Jordanian companies listed on the Amman Stock Exchange (ASE) and (2) EAs’ decisions to rely on the work of internal auditors (IAs). In addition, this thesis investigates Jordanian EAs’ level of self-insight into the importance of the three dimensions when (1) evaluating the effectiveness of the IAF and (2) deciding on the degree of reliance on IAs

An Examination of E-Banking Fraud Prevention and Detection in Nigerian Banks

E-banking offers a number of advantages to financial institutions, including convenience in terms of time and money. However, criminal activities in the information age have changed the way banking operations are performed. This has made e-banking an area of interest. The growth of cybercrime – particularly hacking, identity theft, phishing, Trojans, service denial attacks and account takeover– has created several challenges for financial institutions, especially regarding how they protect their assets and prevent their customers from becoming victims of cyber fraud. These criminal activities have remained prevalent due to certain features of cyber, such as the borderless nature of the internet and the continuous growth of the computer networks. Following these identified challenges for financial institutions, this study examines e-banking fraud prevention and detection in the Nigerian banking sector; particularly the current nature, impacts, contributing factors, and prevention and detection mechanisms of e-banking fraud in Nigerian banking institutions. This study adopts mixed research methods with the aid of descriptive and inferential analysis, which comprised exploratory factor analysis (EFA) and confirmatory factor analysis (CFA) for the quantitative data analysis, whilst thematic analysis was used for the qualitative data analysis. The theoretical framework was informed by Routine Activity Theory (RAT) and Fraud Management Lifecycle Theory (FMLT). The findings show that the factors contributing to the increase in e-banking fraud in Nigeria include ineffective banking operations, internal control issues, lack of customer awareness and bank staff training and education, inadequate infrastructure, presence of sophisticated technological tools in the hands of fraudsters, negligence of banks’ customers concerning their e-banking account devices, lack of compliance with the banking rules and regulations, and ineffective legal procedure and law enforcement. In addition, the enforcement of rules and regulations in relation to the prosecution of financial fraudsters has been passive in Nigeria. Moreover, the findings also show that the activities of each stage of fraud management lifecycle theory are interdependent and have a collective and considerable influence on combating e-banking fraud. The results of the findings confirm that routine activity theory is a real-world theoretical framework while applied to e-banking fraud. Also, from the analysis of the findings, this research offers a new model for e-banking fraud prevention and detection within the Nigerian banking sector. This new model confirms that to have perfect prevention and detection of e-banking fraud, there must be a presence of technological mechanisms, fraud monitoring, effective internal controls, customer complaints, whistle-blowing, surveillance mechanisms, staff-customer awareness and education, legal and judicial controls, institutional synergy mechanisms of in the banking systems. Finally, the findings from the analyses of this study have some significant implications; not only for academic researchers or scholars and accounting practitioners, but also for policymakers in the financial institutions and anti-fraud agencies in both the private and public sectors

A moderating role of board characteristics on the effect of antecedents on the stage of enterprise risk management implementation

Enterprise Risk Management (ERM) has become an important issue of increasing attention among the business community throughout the world. However, the concept is still relatively new among Nigerian companies and little is known about why many organizations are not fully implementing it. The main objective of this study is to examine the current state of ERM practices and the stage of its implementation in the Nigerian banking sector. The study further examined the effect of the antecedents on the stage of ERM implementation, and evaluated the moderating effect of board characteristics on the relationship between antecedents and the stage of ERM implementation. The study used a survey approach to collect cross-sectional data across 361branches and the headquarters of the 21 Nigerian commercial banks using 722 respondents. The response rate is 60 percent. Logistic Regression Model was used for data analysis. The finding revealed that there is an ERM complete in place in majority of the banks. Furthermore, the finding showed that internal audit effectiveness, human resource competency and top management commitment effect significant influence on the stage of ERM implementation while regulatory influence had partial effect. Likewise, there is a moderating effect of board characteristics on internal audit effectiveness and the stage of ERM implementation. The finding has a policy implication for the Board of Directors to improve their oversight functions and the regulatory authorities to entrench risk based supervision in all the Nigerian banks. Nevertheless, the study has limitation in terms of power of prediction with respect to measurement scale of the dependent variable and the respondents. Future research is therefore needed to evaluate the effectiveness of ERM process using a more robust scale and top management as respondents. Therefore, a clarion call is made to introduce an ERM practices across all the Nigerian companies irrespective of their status

Computer-assisted audit tools and techniques use: Determinants for individual acceptance

During the last fifteen years, several studies on the research topic of Individual Technology Acceptance have been developed, and several new models have been proposed. All these models aim to understand and define determinant contributions for the acceptance of technologies and what the drivers leading to successful adoption are. This dissertation’s main emphasis is to gain an understanding of individual acceptance of Computer-assisted Audit Tools and Techniques (CAATTs) in the context of Portuguese Statutory Auditors. Previous research in other countries, utilizing several and distinct research universes, has informed this work and the definition of the main objectives of the present research. This dissertation has as its main objectives: 1) understanding the tasks in which CAATTs are used; 2) to identify the adoption drivers of CAATTs; 3) to explore the current usage of CAATTs among statutory auditors and 4) to develop a CAATTs adoption model. To reach the objectives two studies were conducted: a qualitative study, supported by interviews to experts, and a quantitative study operationalized by a questionnaire to 110 Portuguese statutory auditors. This latter study was the cornerstone, which allowed testing the CAATTs acceptance model. This dissertation presents significant contributions impacting the various stakeholders: individual Statutory Auditors, Statutory Auditors Firms, The Portuguese Institute of Statutory Auditors, Software houses and higher education.Nos últimos 15 anos, vários estudos de investigação foram desenvolvidos abordando a temática da aceitação individual de tecnologia, tendo sido apresentados novos modelos. Esses modelos têm como objetivo compreender e identificar os determinantes sobre a aceitação de tecnologias que levem a uma adoção bem-sucedida. A principal ênfase da tese é compreender a aceitação individual de “Tecnologias de Informação para Auditoria”, também designadas, em Português, por “Ferramentas Informáticas de Suporte à Auditoria” ou “Técnicas de Auditoria Assistidas por Computador” (CAATT), no contexto dos Revisores Oficiais de Contas em Portugal. Investigações anteriores realizadas em diferentes países, com distintos universos de investigação, inspiraram este trabalho na definição dos principais objetivos da presente pesquisa. A presente dissertação tem como principais objetivos compreender as tarefas em que as CAATT são utilizadas; identificar os fatores de adoção de CAATT; explorar o atual uso de CAATT entre Revisores Oficiais de Contas e desenvolver um modelo de adoção de CAATT. Para alcançar estes objetivos foram realizados dois estudos: um estudo qualitativo e exploratório, apoiado por entrevistas com peritos, e um estudo quantitativo operacionalizado através de um questionário a 110 Revisores Oficiais de Contas portugueses. Este estudo foi a pedra angular que permitiu testar o modelo de aceitação de CAATT. Esta dissertação apresenta contribuições significativas com impactos para os principais stakeholders: Revisores Oficiais de Contas, empresas, Ordem dos Revisores Oficiais de Contas, software houses e instituições de ensino superior

Redefining internal audit performance: Impact on corporate governance

One of the preventive measures to situations akin to world financial crises increasingly forwarded is effective internal audit function (IAF) (e.g., Imhoff, 2003; Mohamad & Muhamad Sori, 2011). Internal audit, a component of corporate governance, continues to evolve due to changes in business strategies and requirements placed on it by legislators. The roles of internal auditors and audit committees (ACs), the key personnel in IAFs, are changing to a more value-added approach as business strategies move towards corporate sustainability and organisational excellence. Suggestions forwarded to improve the performance or determining the quality of IAF include effective involvement of ACs in internal audit activities, the employment of competent internal auditors and determining the impact of internal audit on corporate governance (e.g., Mohamad & Muhamad Sori, 2011, Sarens, 2009, Turley & Zaman, 2007). Research on the quality of internal audit has focussed mainly on the relationships of internal audit with internal control and ACs (e.g., Fadzil, Haron, & Jantan, 2005; Mat Zain & Subramaniam, 2007; Turley & Zaman, 2007). However, none has linked the impact of internal audit performance to corporate governance. This study provides an agency of value view, explaining the effectiveness of IAF and its impact on corporate governance. Using a convergent mixed methods approach, the main findings from survey data collected from corporate members of the Institute of Internal Auditors Malaysia are compared and integrated with perspectives from chief audit executives of selected public listed companies interviewed. The factors investigated are the structure of the IAF, activities of best practices in internal auditing, ACs’ involvement as stated by the Malaysian public listing guidelines (Bursa Malaysia, 2000, 2009b) and the World Bank’s corporate governance framework (World Bank, 1991). An exploration on the extent of collaborations and combined assurances in internal audit is also carried out. The primary analysis on the probability of an effective IAF and profiling of the internal audit activities, level of AC involvement and areas of corporate governance is made using the Rasch model. Non-parametric tests are also used to determine the statistical significance of the relationships of the components investigated. In-depth interview data are analysed using template analysis. The findings support the establishment of an in-house IAF with a definitive team size and professional expertise for an effective IAF. Other IAF components are member experience, combined audit activities and collaborations of audit activities. Although these other components are not significantly related to the effectiveness of IAF, the indepth interviews provided more explanations on their importance in internal audit. An important structure of the IAF is the AC’s oversight role. The findings also indicate that the level of ACs’ involvement in the reviews of each stage of the internal audit process contributes to the overall effectiveness of IAF. Due to issues in staffing and the changing business environment, collaborations particularly in risk management, information technology audits and quality audits, are increasingly being used as a strategy in internal audit to provide value add services. Further, as suggested by Sarens (2009), the level of internal audit performance could now be identified to its impact on corporate governance, for example such as in areas of expenditure management, revenue management, analysis of data and conflict resolution. The results have implications on the policy regarding internal control for public listed companies, favouring an in-house internal audit function as opposed to outsourcing the function, to address the recommendations on the effectiveness of ACs and its relationship with IAFs. The practice of internal audit in future should be more collaborative to harness the expertise and experience of other departmental personnel in producing effective internal audit, ultimately creating a greater impact on corporate governance

Employee fraud and prevention strategies at universities in KwaZulu-Natal.

Doctor of Philosophy in Management and Public Administration. University of KwaZulu-Natal, Durban, 2015.The results of continuing global research, including this study, have found that employee fraud is ubiquitous. An analysis of the crime statistics relating to fraud in South Africa reflects a similar picture. This study delved into employee fraud at universities in KwaZulu-Natal by evaluating the nature and causes of this phenomenon as well as the preventative measures that are, or should be, implemented to obviate the risk of fraud at universities. The study of fraud and corruption at universities in KwaZulu-Natal represents a microcosm of such crimes at national and international universities. The objectives of this study were to gain knowledge and understanding of the causes and nature of employee fraud and to establish other measures that could prevent fraud as well as to propose a conceptual model and recommendations which universities could use to prevent fraud. In order to achieve these objectives, the study included an extensive review of recent and relevant literature, an empirical survey, review of case files and interviews with knowledgeable individuals in the field of fraud risk management. In addition, the study provides an overview of historical and philosophical origins of the theoretical concepts and frameworks and models relating to employee fraud, fraud risk management, internal controls and governance of fraud risks. Results indicate that employee fraud is considered a risk to the sustainability of higher education, vis-à-vis the provision of tertiary education to the community. A conceptual model is proposed to address employee fraud at universities. The conceptual input/output transformational systems model adapted from Easton (A systems analysis of political life (1979)) was utilised as a sophisticated addition to the set of recommendations provided in the last chapter. Despite its particular shortcomings, this model would be useful as a concept clarifier to those entrusted with designing and implementing policy at universities destined to elevate the fraud prevention process. The conceptual model advocates a holistic approach to prevent fraud. In responding to stakeholder demands to combat fraud, universities should implement specific policies that would transform any such dysfunctionalities within its operations to enable it to achieve its predetermined educational goals. Supplementary to the adapted input/output transformational systems model for prevention of fraud and corruption at universities in KwaZulu-Natal, a set of recommendations is proposed that is intended to provide policy-makers with information about the inputs from the environments that impact the achievement of goals and that proposes a conversion mechanism which could support achieving, maintaining and enhancing of predetermined goals. The prevention of employee fraud would be beneficial to all stakeholders, such as the community, government and universities, nationally and internationally

A study on the applicability of the internal audit technician learnership in the public sector.

Thesis (MPA)-University of KwaZulu-Natal, Westville, 2011.The solution to South Africa’s growing skills crisis subsists in its ability to transform into a thriving knowledge economy. In a globalised world where it has become easy for skills to transcend borders, skills development and more importantly, skills retention strategies, ought to be an integral part of an organisation’s strategic framework in particular, and the country’s skills development strategy in general. Learnerships, viewed as a panacea for the skills crisis, is a legislated skills development initiative which falls under the Skills Development Act. This in turn resides within the Public Human Resource Management domain. A learnership is a vocationally-based training programme which is quality assured by the Sector Education and Training Authority (SETA) and has as its foundation experiential learning principles. To this end, the Institute of Internal Auditors administers the Internal Audit Technician (IAT) learnership. Internal audit is deemed a scarce skill, and the IAT is aimed at increasing the level of internal audit skills whilst filling the skills gap. Presently the IAT is in greater demand within the public sector as opposed to the private sector. This research was based on completed public sector IAT programmes and some key findings included a clear and disconcerting gap in consultation and communication between the supervisor and manager of the learner. Another was that the majority of learners had benefitted vastly from the communication module and recorded visible improvements in the way they communicated. Key recommendations include greater supervisory and management commitment towards the learnership programme and that all public sector internal auditors report directly to the Auditor-General. This will allow for internal auditors to conduct internal audits free of political interference and the concomitant fear from any form of reprisal, especially where corruption is involved