题目

Effects of Internal Audit Quality on the Severity and Persistence of Controls Deficiencies

刊名

International Journal of Auditing

来源数据库

International Journal of Auditing，2015,19(3)：148—165．

https://doi.org/10.1111/ijau.12044

原始语种摘要

The objective of this study is to test the effects of internal audit quality on the severity and persistence of the internal controls deficiencies (ICD). Internal audit quality is investigated through the internal audit process, internal audit input and types of ICD. The paper extends previous findings on ICD severity and ICD persistence. Using private data collected with questionnaires and performing logistic regressions, we find that the improvement of planning – scoping and testing – monitoring quality and competences – independence reduces ICD severity, decreasing significant deficiencies and material weaknesses, and reduces persistence of ICD over time. We also find that revenues are the most severe type of ICD, while human resources and period end accounts are the most persistent.

关键词

Keywords:Internal audit;Internal control;audit planning;audit quality

原始语种正文

节选

INTRODUCTION

The objective of this study is to test the effects of internal audit quality on the severity and persistence of internal controls deficiencies (ICD). Internal audit quality is investigated through the internal audit process, internal audit input and types of ICD.

The prior literature has analyzed ICD mainly in the United States (US) where the Sarbanes-Oxley Act (SOX) has been implemented. The US literature mainly analyses ICD as the outcome of audit quality as reported in the opinion on internal control over financial reporting (ICFR) by auditors. Following Bedard and Graham (2011), we analyze ICD severity (outcome). Severity is measured separating the less severe deficiencies (D) from the more severe significant deficiencies (SD) and material weaknesses (MW). We also contribute to the literature by adding ICD persistence as outcome proxies, extending the results of Klamm, Kobelsky and Watson (2012). Persistence is evaluated looking at the dynamics of ICD from the start-up period (2007–2009) to the operating period (2010–2012) of Italian Law 262/2005.

Our study extends the US literature by analyzing the audit quality of ICFR through an input–process–outcome approach, widely recognized both in the literature (Francis, 2004, 2011; Bedard, Johnstone amp; Smith, 2010; Knechel et al., 2013; DeFond amp; Zhang, 2014)and by regulators (Financial Reporting Council, 2008; International Auditing and Assurance Standards Board, 2011; Public Company Accounting Oversight Board, 2013). We contribute in testing the impact of internal auditor competences – independence (input), audit cycle phases (process) and types of ICD – on severity and persistence (outcomes).

This study focuses on Italy, where a law with the same objectives and origins as the US SOX has also been implemented. Italy is interesting because it allows us to analyze the usefulness of the regulations implemented as a result of financial scandals in a civil law country where the market is driven by banks and financial institutions. Moreover, a peculiarity of Italy is that the responsibility for ICFR opinion is assigned to the chief financial officerand internal auditors. This allowed us to analyze the internal audit perspective.

Prior literature mainly uses publicly available annual report data to distinguish characteristics of companies disclosing MWs under SOX Section 404 or Section 302 (Ashbaugh-Skaife, Collins amp; Kinney, 2007; Doyle, Ge amp; McVay, 2007; Hoitash, Hoitash amp; Bedard, 2009). We use proprietary data collected by internal auditors from a sample of Italian listed companies, which shows 4,284 ICD. Private data are more precise and comprehensive than public data so we are able to further develop findings from previous literature. Furthermore, private data gives an indication on how ICD are detected by the internal auditor. Absence of private data has not previously allowed research to address this topic.

Regression results find a lower probability of more severe ICD in companies with higher overall quality of internal control. Specifically, we find that ICD becomes less severe through improvement in the effectiveness of the phases of the audit cycle (planning – scoping and testing – monitoring). ICD become less persistent through an improvement in planning – scoping, testing frequency, competencies and independence of internal auditors. Next, we find that revenues are the most severe ICD types and that human resource and period-end policies are the most persistent.

These results have several implications for regulators, academics and auditors. Regulators in countries with environmental contexts similar to Italy could make use of them in order to interpret the behavior of ICD in ICFR in listed companies, outside the context of SOX. The original model proposed in this paper can be replicated in other countries or extended with other audit quality proxies to test our results. Academics may appreciate the usefulness of the input–process–outcome approach used to evaluate audit quality. The findings should encourage auditors to distinguish effective audit cycle phases.

BACKGROUND

The empirical setting of the study is the Italian stock market. This market is driven more by banks and financial institutions than b

剩余内容已隐藏，支付完成后下载完整资料