Accepted by Pascale Lapointe-Antunes. The authors gratefully acknowledge the editor, Pascale Lapointe-Antunes, and the reviewers for their constructive comments.

About

Sections

PDF

Tools

Share a link

Email
Wechat
Bluesky

Abstract

This structured literature review adopts a multimethod and multitheoretical approach to identify current knowledge about internal audit as well as related knowledge gaps. To that end, it provides an overview of post-Sarbanes-Oxley Act literature, organizing it under three themes: the multiple roles of internal audit, internal audit quality (IAQ), and the practice of internal audit. Despite the volume of literature published during the period covered by this review (2005 to mid-2017), the first two themes are still in development, while the third is emergent. We suggest research avenues to fill the following main gaps: (i) Given differing opinions about the expected or actual roles of internal audit, prior literature infers that the internal audit function has become the “jack of all trades” of governance, but does not clearly capture its actual roles. (ii) The viewpoint of external auditors has dominated IAQ research, leading to a misunderstanding of how actors with greater stakes in the practice of internal audit conceptualize and evaluate IAQ. (iii) Knowledge of the actual practice of internal audit and its accountability and ethical issues is fragmentary, therefore the literature's current picture of internal audit is far from comprehensive.

Abstract

Résumé

Nouvelles perspectives de recherche en audit interne : Une recension des écrits structurée

L'analyse documentaire structurée à laquelle procèdent les auteurs fait appel à une démarche multiméthode et multithéorie pour définir les connaissances actuelles au sujet de l'audit interne ainsi que les lacunes du savoir à ce chapitre. À cet égard, cet exercice donne un aperçu de la documentation postérieure à la SOX, en l'organisant selon trois thèmes : les rôles multiples de l'audit interne, la qualité de l'audit interne et l'exercice de l'audit interne. Malgré le volume de la documentation publiée au cours de la période sur laquelle porte cette analyse (de 2005 jusqu'au milieu de 2017), les deux premiers thèmes sont toujours en développement, alors que le troisième est émergent. Les auteurs proposent des pistes de recherche afin de combler les principales lacunes qui suivent. 1) Compte tenu des divergences d'opinion quant aux rôles attendus ou réels de l'audit interne, les écrits laissent supposer jusqu’à maintenant que la fonction d'audit interne est désormais le « factotum » de la gouvernance, sans toutefois en saisir clairement les rôles réels. 2) Le point de vue des auditeurs externes a dominé la recherche sur la qualité de l'audit interne, ce qui a mené à une méprise quant à la façon dont les acteurs pour lesquels les enjeux de l'exercice de l'audit interne sont plus importants conceptualisent et évaluent la qualité de l'audit interne. 3) La connaissance de l'exercice réel de l'audit interne et de l'obligation de rendre compte ainsi que des questions éthiques qui y sont associées est fragmentaire, si bien que le portrait actuel de la documentation est loin d’être complet.

In the decades preceding the financial scandals of the early 2000s (e.g., Enron, WorldCom), academia appeared rather unconcerned with the topic of the internal audit function (IAF). However, after the enactment of the Sarbanes-Oxley Act (SOX) in the United States and Bill 198 in Canada, this organizational function quickly rose to prominence, prompting researchers to realize how little they knew and how important it would be to address this knowledge gap. The result was an explosion in the internal audit literature, beginning in 2004 with studies such as the seminal literature review by Gramling, Maletta, Schneider, and Church (2004). Their analysis of the role of internal audit in corporate governance heralded the post-SOX era of IAF research, identifying significant gaps in knowledge and suggesting several research avenues, into which investigators subsequently rushed. Since that time, the internal audit literature has explored several virgin or near-virgin territories exceeding the suggestions of Gramling et al. (2004).

More concretely, the IAF, once considered a deathtrap for less competent practitioners (Roussy, 2013), is increasingly recognized as an important agent of organizational change (IIA Research Foundation, 2017; IIA Research Foundation and Proviti, 2017). From this perspective, internal auditors' competencies have gained newfound respect (Roussy and Brivot, 2016; IIA Research Foundation and Proviti, 2017; Trotman and Duncan, 2017). In the post-SOX era, board members on the audit committee have seen a considerable increase in their responsibilities as directors, but not being involved in the organization's day-to-day operations or its risk management and control process, they now rely extensively on the IAF for “comfort” (Sarens, De Beelde, and Everaert, 2009; IIA Research Foundation and Proviti, 2017). Given this change in conditions since the Gramling et al. (2004) paper, the time has come, after more than a decade, to “stand on the shoulders of giants” (Massaro, Dumay, and Guthrie, 2016). In studying early internal audit scholars, researchers can take stock of and organize the current state of knowledge and identify meaningful new research avenues that will contribute to academics and practitioners alike. The current article presents a structured literature review (SLR) that adopts a multimethod and multitheoretical approach to address this topic. It examines academic research published between 2005 and 2017 and classifies this knowledge into three themes: the roles of internal audit, the literature on internal audit quality (IAQ), and the emergent literature that explores the day-to-day practice of internal audit.

The main gaps in each stream of literature have been identified as follows: (i) Because opinions differ about the expected or actual roles of internal audit, the literature gives the impression that the IAF has become the “jack of all trades” of governance, but it fails to clearly capture the IAF's core business role. The risk in adopting this impression is that it can create confusion about the nature of internal audit and possibly lead stakeholders to view the IAF as a “jack of all trades, master of none.” Such misconception might also explain the difficulty of recruiting good candidates (Bartlett, Kremin, Saunders, and Wood, 2016; Burton, Starliper, Summers, and Wood, 2015) in this interesting field of expertise. (ii) IAQ research has been dominated by the viewpoint of external auditors, which has led to a misunderstanding of how IAQ is conceptualized and evaluated by those with a more significant stake in the practice of internal audit. (iii) Knowledge about internal audit professional practice, including its accountability and ethical issues, is emergent and fragmentary, therefore researchers are far from having a comprehensive picture of how internal auditors perform their work.

Concerning SLRs, we believe that awareness of previous research does not lead to a dead end but helps point to the future. This is why we identify several research avenues at the end of each theme. Given that our first two themes are still in development in the literature and the third theme is emergent, any relevant theoretical grounding or methodological design research can significantly contribute to fill the identified gaps if the research question is relevant.1 However, at this stage of knowledge and given the suggested research avenues, researchers interested in the themes presented here should rely mainly on methodologies such as interviews, case studies, experiments, and surveys to inform their studies. Moreover, as 12 percent of reviewed studies are archival, this specific methodology is also relevant and certainly represents an interesting way to study internal audit, despite the current dearth of such data.

The remainder of this article is organized into five sections. The first section describes the methodology, after which the following three sections present the literature review. Concluding remarks are given in the last section.

Methodology

To capture the current state of academic knowledge about internal audit, we conducted a structured review of internal audit articles published in high-quality accounting journals between 2005 and mid-2017. Unlike Gramling et al. (2004), who reviewed only quantitative and agency theory articles, we did not eliminate any papers on the basis of their method or theoretical constructs. Adopting a multimethod and multitheoretical approach, the current article can be considered a SLR, based on Massaro et al.'s (2016) 10 steps, as described in Table 1, which includes the method and purpose of the steps implemented.

Table 1. Application of Massaro et al.’s (2016) steps for SLR

Massaro et al.’s steps for (2016) structured literature reviews	Outlines of our SLR protocol
1. Write a literature review protocol. The protocol details the ideas that the researchers have and guides them in developing the SLR. This step includes a description of the review question/objective, motivation, and the outlines of the method and reliability procedures (p. 774).	At the very beginning of the process, researchers developed a protocol, and the choice of conducting an SLR was made. The skeleton of this review was formulated and tasks were assigned to each researcher. See the next steps for details.
2. Define the questions that the literature review is setting out to answer. An SLR should (i) provide insight into prior work and knowledge, (ii) critique the literature as an emerging, emergent or maturing research field, and (iii) suggest transformative redefinitions (i.e., research avenues) to guide researchers in the future (pp. 774–776).	We defined our SLR objective as follows: Identify what is known about internal audit (insights) and what still needs to be understood (critique) in order to suggest relevant research avenues (transformative redefinitions).
3. Determine the type of studies and carry out a comprehensive literature search. Means must be defined to select the most relevant papers to reach the SLR objective (p. 777). It could be through a list of keywords, journals, time period, citation index, databases, and so on.	We established several criteria to carry out our search: Time period: 2005 to mid-2017 (post-SOX internal audit literature); Databases: ABM Inform/Global and Business Source Premier plus “in press” and “online early” directly on journals' websites; Preliminary journal list (see step 4); List of keywords related to internal audit.
4. Measure article impact. The most impactful relevant articles must be selected (p. 781). Several ways are available to measure impact (e.g., impact factor; Deans Council journal ranking lists; etc.).	We used the ABS Academic Journal Guide as well as the Financial Times top business journals and selected “A” and “B” journals, and “C” journals that specialize in internal audit.
5. Define an analytical framework. In an SLR, articles and previous findings must be considered independent data and analyzed accordingly (p. 783). At this step, the articulation of the SLR emerges through the units of analysis (e.g., articles are classified by location, methodology, theoretical grounding, and main findings and contributions). This analysis framework is dynamic and evolves.	We organized the data (articles) per main findings and contributions regardless of their methods or theoretical grounding. We initially identified six themes (units of analysis in Massaro et al., 2016) under which we classified the reviewed articles. (Note that they were reorganized into 3 three themes at step 8.)
6. Establish literature review reliability. In an SLR, researchers must develop a form of control and triangulation of researchers' interpretations (p. 784).	Both researchers established the protocol. One researcher implemented the protocol and was reviewed by the second researcher. After discussion, they reached a consensus about each aspect of the SLR.
7. Test literature review validity. In an SLR, researchers must implement a series of procedures that ensure the quality of the work in terms of validity (p. 786), such as measuring the proportion per year, per journal and/or per methodology, and using a diagram and a chart to make it visible.	We relied on several procedures to ensure the trustworthiness of our SLR, for instance: One researcher performed the search and the coding while the other reviewed and challenged this work until a consensus was reach at every step of the protocol established at the beginning of the process; The number of articles per year and per journal was measured; Figures that illustrate these measures were created (see Figures 1 and 2); Our prior literature framework and the outlines of the general observations per theme are presented in the conclusion as an integrative figure (see Figure 3); The SLR protocol was documented and presented in a transparent manner.
8. Code data using the developed framework. At this stage, the analytical framework (see step 5) must be articulated into more specific codes. The coding could be manual or software-assisted (p. 788).	At this stage, the initial six themes were reorganized into the three themes presented in this article (see Figure 3). Also, consistent with the procedure established at step 7, one researcher manually coded the findings and contributions per theme and the other reviewed and challenged this coding until a consensus was reached.
9. Develop insights and critique through analyzing the data set. In an SLR, insights from previous literature must be synthetized and organized in a specific manner and critiqued (p. 788).	The prior literature was presented under three themes to make sense of the data. Prior knowledge about internal audit was outlined and gaps in the literature identified. Overall, the literature is in the development stage with respect to the two first themes and emergent for the third.
10. Develop future research paths and questions. Lastly, the researchers must propose several research avenues and/or new questions (p. 791).	A section is dedicated to research avenues under each of the three themes that emerged from prior literature.

We chose a structured literature review (Massaro et al., 2016) because it ensures a high degree of transparency and replicability (Easterby-Smith, Thorpe, and Jackson, 2015). However, since a researcher's journey can be unpredictable, it is important to realize that the steps do not need to be implemented sequentially. Flexibility is required during the research process to avoid overlooking any interesting research avenues and to work around the disadvantages of overly rigid rules, which can limit creativity and intuition (Easterby-Smith et al., 2015).

As suggested by Massaro et al. (2016), we established a review protocol (step 1), starting with the identification of a research objective (step 2). We then defined our selection criteria and searched for the articles. To that end, we first made a list of keywords and keyword combinations related to internal audit (e.g., internal audit; internal audit and governance; internal audit and audit committee; IAQ; etc.). We then performed a full-text search for those keywords (instead of abstract-only) in the scholarly databases ABI/INFORM Global and Business Source Premier for the period indicated above. Because the databases provided access only up to around May 2017, we searched for “in press” or “online early” papers directly on the journals' websites. We also communicated directly by email and via Research Gate with some researchers to gain access to their most current papers and add them to our review.

To include the most impactful and relevant articles (step 4), we restricted our search to A- and B-level journals, as listed in the most recent ABS Academic Journal Guide and the Financial Times' top journals used in business. We also extended our review to C-level journals that specialize in internal auditing, such as the Managerial Auditing Journal.

We defined our framework (steps 3 and 5) as multimethod and multitheoretical to avoid excluding important findings or points of view. However, we rejected C-level papers from developing countries because their governance regulations generally differ from those of industrialized countries. To limit our scope to academic journals, we also excluded practitioner publications and surveys such as the Internal Auditor magazine and the common body of knowledge (CBOK) surveys2 published by the Institute of Internal Auditors (IIA). The historical scope of our review (2005–2017) begins where the Gramling et al. (2004) review left off, given our desire to capture post-SOX-era articles. We reviewed and analyzed 117 articles published in 20 different academic journals to identify the trends in the literature, and we retained 91. Figure 1 illustrates their distribution per year since 2005, showing an overall growth curve with a peak of 16 papers in 2015. Results for 2017 may seem considerably lower, but they cover only half the year. Figure 2 shows the distribution of articles per academic publication, indicating that the three journals that published more than 41 percent of the reviewed internal audit papers specialized in audit research (Managerial Auditing Journal: 16 papers; Auditing: A Journal of Practice and Theory: 12; and International Journal of Auditing: 10).

Details are in the caption following the image — **Figure 1**
Open in figure viewer PowerPoint

Articles by year

Reliability measures were conducted to ensure the trustworthiness3 of our findings (steps 6 and 7). Notably, the researchers jointly defined the following protocol: one researcher would perform the keyword research, read the papers, construct the framework analysis, and then share the results with the other researcher, and then together, they would examine and discuss the results until they reached a consensus. Originally, the papers were organized into six categories, but after further discussion they were grouped into three categories (step 8): the multiple roles of internal audit, IAQ, and the practice of internal audit. During the iterative writing process, both researchers made sure they agreed with the interpretation of the results, by reading the drafts as well as reviewed articles when needed, and discussing and challenging each other's vision and comprehension of the results.

After a summary of the literature was prepared, both researchers identified what was lacking in the literature and proposed promising research avenues for the next wave of internal audit research (steps 9 and 10).

The Multiple Roles of Internal Audit

As mentioned in the introduction, we classified the literature under three themes representing the main issues explored by the studies. A total of 29 papers were grouped under the first theme, but their views differ, as noted at the end of this section, and several questions remain open to future research. Table 2 4 summarizes the articles on this theme.

Table 2. Multiple roles of internal audit

Author and year	Research issue(s)	Methodology	Finding(s)
Mihret and Grant (2017)	Role of the internal auditor from a Foucauldian perspective	Conceptual paper	Using this framework, internal audit can be seen and researched as a disciplinary mechanism within organizations.
Ma'ayan and Carmeli (2016)	Ways the organization can learn from an audit	Two surveys (internal auditors, managers and auditees)	Internal auditors can facilitate learning from internal audits by being proficient, respectful, and fair toward auditees. Management support is also important to be successful.
Brender, Yzeiraj, and Fragniere (2015)	Performance audits as a tool for fostering corporate governance	Interviews (CEOs, CFOs, senior managers and internal auditors)	In its corporate governance role, the IAF performs audits of risk management and controls processes and can also perform audits of governance processes. However, in Switzerland audits are seldom used as tools to address corporate governance issues.
Chambers and Odar (2015)	How internal auditors can move forward after the global financial crisis	Conceptual paper	Internal audit has failed in its role of gatekeeper. It needs to move further to audit corporate governance and provide assurance to the board.
D'Onza, Lamboglia, and Verona (2015)	Satisfaction of senior managers of Italian banks with IT audits	Interviews (senior managers and IT internal auditors)	IT auditing satisfies Italian banks managers, but they would like further support from the IAF with regard to IT governance processes.
Soh and Martinov-Bennie (2015)	Internal auditors' perceptions of their role in sustainability	Survey (CAEs and internal auditors)	The importance of environmental issues in internal auditing is expected to increase in the coming years, and the related skill level is seen as being distinctly lower than that applied to social and governance issues.
Trotman and Trotman (2015)	GHG emission reporting and energy reporting	Interviews (audit committee members, internal auditors, CAEs, IA partners in accounting firms)	The IAF should be involved in this kind of reporting because it is seen as having become part of the external reporting process.
Mihret (2014)	Conceptualization of internal audit through the lens of labor process theory	Conceptual paper	The IAF can be seen as a control mechanism that helps to create value by providing advisory services and assurance that increase the rate of return on capital.
Vinnari and Skaerbaek (2014)	Implementation of risk management as a tool	Interviews (key actors) and document analysis	Risk management as a management tool has created, rather than reduced, unexpected uncertainties. The IAF's role in risk management is highlighted.
Héroux and Fortin (2013)	Holistic approach to investigating IT governance	Interviews (board members, IT executives and managers, CAEs)	The IAF's role in IT governance has not fully expanded. It focuses mainly on risk assessment and evaluation of IT controls.
Roussy (2013)	Roles of the internal auditor	Interviews (CAEs and internal auditors)	Internal auditors play two key roles, as protectors and helpers. They typically do not act as the governance watchdogs that regulatory bodies expect.
Anderson, Christ, Johnstone, and Rittenberg (2012)	Philosophies in organizations regarding IAF staffing. And What are the factors associated with IAF size?	Survey (CAEs and internal auditors)	Two philosophies are highlighted: internal auditing as a career, or as a training ground for future managers. The size of the IAF is positively associated with the size of the audit committee, the frequency of its meetings with the chief audit executive (CAE), and its oversight role in approving the internal audit budget, as well as a model that views internal audit as a training ground.
Arel, Beaudoin, and Cianci (2012)	Strength of executive ethical leadership and the IAF and the impact both have on accounting managers.	Experiment (professional accountants who act as audited managers)	Accountants are less likely to book a questionable journal entry if there is a strong IAF and weak ethical leadership from executives.
Lenz and Sarens (2012)	Investigate and discuss potential reasons why the internal auditing (IA) profession has been marginalized in the governance debate on solutions after the financial crisis that started in 2007.	Conceptual paper	Positioning IA as agent to the board/audit committee and, at the same time, as partner to management is challenging in practice. Furthermore, this article argues for a consolidation of internal audit around its core function of providing assurance when seeking to establish IA as a profession.
Leung, Cooper, and Perera (2011)	The IAF's governance role	Survey (CAEs)	A lack of correlation exists between internal auditors' tasks and the IAF's objectives. In light of this, internal auditors may not play their governance oversight role well.
Lin, Pizzini, Vargus, and Bardhan (2011)	Role of the IAF in the disclosure of material weaknesses reported under Section 404 of the Sarbanes-Oxley Act	Archival study (observations from 214 US listed firms)	Disclosure of material weaknesses is negatively associated with internal auditors' education level.
Ridley, D'Silva, and Szombathelyi (2011)	Role of internal auditors in sustainability reporting	Conceptual paper	Sustainability reporting without independent assurance is less valuable to stakeholders. Internal audit can play a role in offering assurance, although it has not been promoted as such, and can therefore contribute to effective corporate governance.
Sarens and Abdolmohammadi (2011)	The IAF and independent board members' complementary governance roles	Survey (CAEs)	The greater the number of independent members on the board, the smaller the IAF is, leading to the conclusion that independent members play a similar governance role.
Soh and Martinov-Bennie (2011)	Roles and responsibility of the IAF and how to ensure its effectiveness	Interviews (audit committee members and CAEs)	The IAF's role is difficult to define because it has changed more quickly than the ways used to measure its effectiveness.
Barua, Rama, and Sharma (2010)	Association between audit committee characteristics and investments in the IAF	Archival study (Observations from 181 SEC registrants)	The IAF budget is lower when the audit committee includes an auditing expert and average member tenure is long. There is a substitution effect between committee members and internal auditors' expertise.
Norman, Rose, and Rose (2010)	Effect of audit committee reporting vs. management reporting on fraud risk assessment	Survey and experiment (CAEs and internal auditors)	Internal auditors assess a lower fraud risk when they have to report to the audit committee than when they have to report to top management.
Holt and DeZoort (2009)	Impact of an internal audit report on investor confidence and investment decisions.	Experiment (MBA and MACC students who act as investors)	The presence of an internal audit report affects the judgment of investors, especially in situations where fraud risk is high.
Sarens et al. (2009)	How the IAF brings comfort to the audit committee	Case studies (four Belgian companies)	The IAF is a source of comfort to the audit committee regarding the control environment and internal controls.
Archambeault, DeZoort, and Holt (2008)	The IAR as a tool for improving governance transparency for external stakeholders	Interviews (audit committee members, financial analysts, internal auditors and regulators)	The IAR could complement existing disclosure, increase external stakeholders' confidence in governance quality, and motivate internal auditors' diligence.
Asare, Davidson, and Gramling (2008)	Are internal auditors' fraud risk decisions determined by audit committee quality and management performance incentives?	Two experiments (internal auditors)	Internal auditors are influenced by management performance incentives in their assessment of fraud risk. They are influenced by audit committee quality in their assessment only in a due diligence role.
Coram, Ferguson, and Moroney (2008)	Effect of an IAF on the ability of an organization to detect and self-report fraud	Survey (CFOs)	Organizations with an IAF are more likely to detect and self-report fraud. Also, organizations with a fully outsourced IAF are less likely to detect and self-report fraud.
Goodwin-Stewart and Kent (2006a)	Factors that lead publicly listed Australian firms to have an IAF	Survey (Australian listed firms)	Only a third of the companies have an IAF. Company size seems to be the principal factor, along with the importance given to risk management. Board chair independence and the presence of an audit committee also have an influence on the presence of an IAF.
Goodwin-Stewart and Kent (2006b)	The influence of the audit committee and IAF on external audit fees	Survey (Australian listed firms)	Frequent meetings of the audit committee and an extensive use of internal audit are positively associated with higher audit fees.
Davidson, Goodwin-Stewart, and Kent (2005)	Role of the IAF in constraining earnings management	Archival study (observations from 434 Australian listed firms)	The presence of an IAF does not influence the level of earnings management.

Oversight Governance Role

As Gramling et al.’s (2004) seminal literature review posited that the IAF acts as a governance mechanism, the first wave of research adopted this idea as a premise (Goodwin-Stewart and Kent, 2006a; Mat Zain and Subramaniam, 2007; Prawitt et al., 2009; Stewart and Subramaniam, 2010). Published on the heels of SOX, this group of studies is interested in the “fiduciary” aspect of governance (Labelle, Gargouri, and Francoeur, 2010). Internal audit is therefore considered an oversight governance mechanism that mitigates the agency problem, to shareholders' benefit, by providing assurance to the audit committee mainly, if not exclusively, on financial reporting. However, Sarens and Abdolmohammadi (2011) and Barua et al. (2010) argue that there is a substitution effect between the IAF and the audit committee, but more research is needed to confirm or discard this conclusion.

Few articles have investigated the IAF's impact on investors' judgments and decision making (Archambeault et al., 2008; Holt and DeZoort, 2009), on earnings management levels (Davidson et al., 2005), and external audit fees (Goodwin-Stewart and Kent, 2006b). Since the results of these studies are mixed, the IAF's impact on “external” stakeholders is still to be demonstrated.

The first group of studies shows that the IAF's usefulness as an oversight governance pillar resides mainly in its ability to (i) enhance the reliability of financial information (Davidson et al., 2005; Prawitt et al., 2009;), and (ii) to prevent, detect, and disclose both significant internal control weaknesses and financial fraud perpetrated within the organization (Arel et al., 2012; Asare et al., 2008; Coram et al., 2008; Lin et al., 2011; Norman et al., 2010). However, Norman et al. (2010) argue that the IAF's influence on fraud prevention, detection, and disclosure remains unproven since in some circumstances internal auditors tend to protect top management from negative repercussions stemming from the audit committee. Roussy (2013, 2015) echoes these ideas by questioning the IAF's governance oversight role as a premise (see following section). Additionally, Brender et al. (2015) recently argued that although the IAF should be considered a tool to oversee other governance mechanisms and processes, it is not actually used as such. More research is needed to delineate whether and how the IAF can provide assurance on the effectiveness of risk management and other governance bodies such as the board of directors. For instance, surveys and interviews with boards of directors and internal auditors could be fairly relevant methodologies to use in launching this exploration.

Last but not least, some studies that investigated the 2007 financial crisis (Chambers and Odar, 2015) or compared the role of internal audit with the actual tasks of internal auditors (Leung et al., 2011) argued that internal audit might have failed to play its governance oversight role properly. They assert that to provide the board with relevant assurance, this function needs to move to auditing corporate governance mechanisms and processes instead of concentrating its activities on operational processes. These two articles lead us to consider a second wave of research that documents additional roles for internal audit.

General Observations and Research Avenues

In our perusal of the literature, we found no consensus regarding the roles internal audit should play or even of its actual role in organizations. Although most of the studies assume that the IAF is an oversight governance mechanism, others maintain that the roles of this function lie elsewhere. As a result, the literature seems to infer that the IAF has become a kind of “jack of all trades.” Having multiple roles is not necessarily problematic, but (i) it can create confusion about the IAF's main role, and (ii) stakeholders risk completing the expression “jack of all trades” with “master of none,” a perspective that may impair the function's perceived (or actual) added value.

The IIA has failed to offer a way out of this impasse, even compounding the problem by recently amending its standards to allow internal auditors to assume other responsibilities (in addition to assurance and consulting activities), according to the needs of the organization (Institute of Internal Auditors, 2017).While the IAF's roles may have been uncertain before this amendment, they are even more nebulous now. They must be more clearly defined or the confusion will ultimately affect (i) the practice of internal audit and (ii) IAF quality assessment by practitioners (and researchers) (Roussy and Brivot, 2016; Soh and Martinov-Bennie, 2011). Consequently, this important research avenue remains wide open. We particularly need to understand the extent to which the IAF's roles can be associated with the strategic aspect of governance duties (Labelle et al., 2010), given that its other roles (as we defined previously) fall under that category, adding to or complementing its “fiduciary” role (Labelle et al., 2010). Future research must consider the conflicting nature of the strategic and fiduciary aspects of governance if they are to coexist within the IAF, not least because this issue could raise independence and ethical concerns for internal auditors. Experimental research design seems an appropriate vehicle for such testing.

Additionally, the IAF's roles with respect to IT governance and other IT issues such as big data, cryptocurrency, and block chains require further understanding given the scant literature on this topic. As IT concerns are emergent in the IAF literature, interviews and/or surveys could be relevant for further investigation. For instance, interviews with ISACA officials or internal auditors who specialize in IT audit (i.e., internal auditors with the Certified Information Systems Auditors professional designation) could be an appropriate starting point for engaging the internal audit literature on this important future research avenue.

With the exceptions of Trotman and Trotman (2015) and Soh and Martinov-Bennie (2015), none of the reviewed articles examined a further relevant and underexplored issue: the social role of internal audit. In light of the IIA's assertion that internal auditors are professionals with their own professional designation (e.g., certified internal auditor (CIA)), standards, and code of ethics (Institute of Internal Auditors, 2017), it follows that internal auditors should be working for the public interest, an objective that may create a moral conflict with the governance and strategic imperatives of organizations. In sum, not only are internal audit's social roles undefined, but also the question remains as to whether it is actually a profession within the meaning of the fundamentals of sociology of the professions (e.g., Abbott, 1988; Freidson, 2001; Macdonald, 1995). Historical research on the professionalization of internal audit could shed light on its social roles, as could a study of the IIA's representation of internal audit, based on a content analysis of its website and publications, the CIA's exams, and the CBOK questionnaires.

Internal Audit Quality: From Criteria to Stakeholder Perceptions

The 49 reviewed articles in the IAQ literature fall into two categories. The first deals with IAQ criteria and pertains to the early reviewed studies, although more recent papers on IAQ criteria were also found. The second theme is stakeholders' perceptions of IAQ, an emergent topic that derives from research on internal audit's other roles. As noted at the end of this section, several questions regarding the IAQ remain open to future research. Table 3 summarizes articles from this stream of literature.

Table 3. Internal audit quality

Author and year	Research issue(s)	Methodology	Finding(s)
Bartlett, Kremin, Saunders, and Wood (2017)	Business professionals' view of IAF	Experiment (professional accountants)	Business professionals have a generally favorable view of IAF, although they are less likely to apply for a position labeled as internal audit, compared to a similarly worded position labeled as general employee.
Chen, Chung, Peters, and Wynn (2017)	Effect of internal auditors' incentive-based compensation (IBC) on EA's reliance	Survey (CAEs of NYSE firms)	IBC negatively impacts the EA's reliance, especially when IBC is paid in stock or stock options, because this impairs objectivity.
Trotman and Duncan (2017)	Key governance stakeholders' perspectives of internal audit quality	Interviews (audit committee members, internal auditors, CAEs, IA partners in big accounting firms)	Audit committee members focus on the output, managers focus on the outcome, internal auditors focus on the process, and internal auditors' partners focus on both output and outcome.
Bartlett et al. (2016)	External auditors' view of IAF	Experiment (professional accountants)	External auditors have negative views about IAF, and especially of in-house internal auditors, compared to outsourced internal auditors. Higher-qualified individuals are being steered away from pursuing internal audit as a career.
Abbott, Daugherty, Parker, and Peters (2016)	Determinants of IAF effectiveness as a financial reporting monitor	Survey (CAEs and internal auditors)	IAF quality is the sum of independence and competence.
Bhattacharjee, Maletta, and Moreno (2016)	Effect of the relationship between account subjectivity and misstatement risk on external auditors' reliance of the internal auditors' judgment	Survey (Big X external auditors)	Increases in account subjectivity have no effect on external auditors' reliance on the internal auditor's judgment across low misstatement risk. However, an increase in account subjectivity on moderate risks also increases external auditors' reliance. Their reliance decreases when account subjectivity increases across higher misstatement risk.
Farkas and Hirsch (2016)	Effect of frequency and automation of internal control testing on external auditors' reliance on the IAF	Experiment (external auditors)	The perception of the strength of internal controls impacts external auditor’ reliance. If they perceive work performance as low, they reduce their reliance.
Pike, Chui, Martin, and Olvera (2016)	Effect of the participation of external auditors in the development of the internal auditor's audit plan on external auditors' reliance	Experiment (external auditors)	External auditors who participate in the development of the IAF's audit plan perceive the function as more objective and therefore rely more on their work.
Roussy and Brivot (2016)	Stakeholders' perceptions of internal audit quality	Interviews (audit committee members, CAEs and internal auditors) and document analysis (IIA documentations and IAQ prior literature)	External auditors concentrate on the conditions they view as necessary to ensure the outputs to judge the quality of the audit. Internal auditors and members of the audit committee base their judgment regarding audit quality on the usefulness of the output for top managers. The IIA perceives quality according to the internal audit's level of conformity to norms and best practices.
Boyle, DeZoort, and Hermanson (2015)	Relationship between internal audit reporting and fraud assessment	Experiment (internal auditors)	Internal auditors assess higher fraud risks when they provide assurance in an internal auditing report or a report to the audit committee.
Burton et al. (2015)	Job applicants' perceptions of IA positions	Experiment (undergraduate and post-graduated accounting students)	College-graduate job applicants with work experience believe that other professionals have a negative view of their profession. They are therefore deterred from applying to positions labeled as “internal audit,” and are more likely to apply to a similarly worded position simply labeled “accounting.”
Christ, Masli, Sharp, and Wood (2015)	Effect of personnel rotation in the IAF on financial reporting quality	Interviews (audit committee chairs and CAEs)	The model of rotating internal auditors out of the IAF and into managerial positions is associated with lower financial reporting quality.
D'onza, Selim, Merlville and Allegrini (2015)	How the IAF can add value to the organization	Survey (internal auditors)	The function adds value when it is objective and independent, systematically evaluates the effectiveness of internal controls and the risk management system, and interacts frequently with the audit committee, thereby adding independence to the function.
Ege (2015)	IAF quality and the likelihood of management misconduct	Archival study (observations that are from the IIA's 2010 GAIN database)	A measure of quality and competence is negatively associated with management misconduct. Following misconduct revelations, firms improve IAF quality through IAF competence.
Malaescu and Sutton (2015)	Effect of using continuous audit on external auditors' reliance	Experiment (external auditors)	The implementation and use of continuous auditing increases external auditors' reliance on the IAF's work. However, the effect of continual auditing diminishes when entities have a history of control problems.
Mazza and Azzali (2015)	Effect of IAQ on severity and persistence of internal controls deficiencies (ICD)	Survey (Italian firms)	The persistence of ICD is decreased by a competent and independent IAF, whereas the severity and persistence of the deficiencies are reduced by the “planning–scoping and testing–monitoring” phases carried out by the auditors.
Pizzini, Lin, and Ziegenfuss (2015)	Effect of IAF quality and its contribution to the financial statement audit on audit delay	Archival study (observations from an IIA's database)	Good IAF quality, personnel competence, and perceived objectivity diminish audit delay.
Omar and Stewart (2015)	Impact of incentive-based compensation on internal auditors' objectivity	Experiment (Internal auditors)	Incentive-based compensation is a threat to internal auditors' objectivity when based on the company's performance. Internal auditors seem to develop a bias that affects the company's performance when making decisions.
Issa and Kogan (2014)	Evaluate and examine the quality of internal auditors' judgment in risk assessment	Field study (multinational corporation)	The study suggests a model that can be used to assess the quality of the internal auditor's evaluation of the control risk regarding the organization's internal controls.
Lenz, Sarens, and D'Silva (2014)	Different factors that can influence the internal audit function's effectiveness	Survey (CAEs)	Factors are grouped into four dimensions: the organization, internal audit resources, internal audit processes, and the internal auditors' relationships.
Regoliosi and d'Eri (2014)	Degree of IAF effectiveness in Italian firms with respect to corporate governance	Survey (managers)	Internal audit quality is associated with some corporate governance characteristics, but the opposite is not always the case. “Good corporate governance” does not automatically equate to a good IAF.
Singh, Woodliff, Sultana, and Newby (2014)	Relationship between a firm's IAF and its audit fees	Archival study (observation from Australian public listed firms)	The variables used in research models may have a greater impact on audit fees relationships than in reality. Therefore, the relationship might be the outcome of the model used, and not reality.
Abdolmohammadi (2013)	Correlates of outsourcing the IAF	Survey (CAEs)	Factors that positively influence the outsourcing of the function are audit committee participation, missing skill sets, and audit staff vacancies. An inverse relationship between outsourcing and value-added activities was observed.
Davidson, Desai, and Gerard (2013)	Effect of using continuous audit on external auditors' reliance	Experiment (external auditors)	An IAF that uses continuous auditing is perceived by external auditors as being as reliable as a function that has been outsourced.
Zaman and Sarens (2013)	Existence of informal interactions between audit committee and the IAF	Survey (CAEs)	Informal interactions between the audit committee and the internal auditor, along with formal meetings, play an important role in the relationship between the two bodies.
Abbott, Parker, and Peters (2012a)	Effect of outsourcing the IAF on audit fees	Survey (CAEs)	IAF outsourcing reduces the cost of the audit and is seen as more reliable by external auditors. However, strengthening the oversight role in-house cancels the positive effects of reliance on outsourced functions.
Abbott, Parker, and Peters (2012b)	Association between external audit delay and the IAF's assistance	Survey (CAEs and internal auditors)	Using the works of the IAF helps diminish the length of the external audit and therefore its cost.
Abdolmohammadi (2012)	Performance attributes of internal auditors by rank and cultural cluster	Survey (CAEs)	The leadership attributes are perceived to be the most important for CAEs while technical skills are most important for internal auditors. No pattern of industry or cultural difference was found, leading to the conclusion that a generic profile for internal auditors may be in order.
Gras-Gil, Marin-Hernandez, and Garcia-Perez de Lema (2012)	Relationship between the IAF and the quality of financial reporting	Survey (CAEs)	The more time and resources the function spends on financial audits, the better the financial reporting. Also, the quality of the reporting improves when the IAF and the external auditor have a good relationship because this results in regular meetings and collaboration in preparing the annual audit.
Holt (2012)	Impact of the internal auditor's role and reporting relationship on investors' perceptions of disclosure credibility	Experiment (MBA students who act as nonprofessional investors)	The internal audit role (assurance-related or consulting-related) does not affect perceived disclosure credibility. This credibility is higher when the CAE reports to the audit committee/CEO than when the CAE reports to the CFO.
Prawitt, Sharp, and Wood (2012)	Pre-SOX outsourcing of the IAF and its effect on accounting risk	Archival study (observations from a proprietary database)	Accounting risk, defined as intentionally misleading or fraudulent reporting, is lower when the work is outsourced to an external auditor than when it is assigned to another auditor or to in-house internal auditing.
Sierra Garcia, Barbadillo, and Pérez (2012)	Relationship between the audit committee, the IAF, and earnings management in Spanish companies	Archival study (observations from listed firms)	The size of the committee and the number of meetings it holds has a negative relation with earnings management, leading to the conclusion that the more often members meet, the more they can detect anomalies such as abnormal accruals.
De Zwaan, Stewart, and Subramaniam (2011)	Internal auditors' involvement in enterprise risk management and their willingness to report breakdowns to the audit committee	Experiment (internal auditors)	The more the IAF is involved in enterprise risk management, the less it will disclose breakdowns in the risk management process to the audit committee. Moreover, the quality of the relationship between the AC and the IAF has no effect on the findings.
Desai, Gerard, and Tripathy (2011)	Effect of different IAF sourcing arrangements—in-house, cosourcing, and outsourcing—on external auditors' reliance	Experiment (external auditors)	Outsourcing and cosourcing the IAF is seen as higher quality than in-house IAF; therefore, external auditors will rely more on the work produced by such arrangements.
Messier Jr, Reynolds, Simon, and Wood (2011)	Effect of using the IAF as a management training ground on external audit fees and external auditors' perception.	Survey and experiment (external auditors)	External auditors find lower objectivity in employees working in an IAF being used as training ground. They thus charge higher fees to companies that use IAF as a management training ground.
Munro and Stewart (2011)	Do the relationships between the IAF and the audit committee and between the IAF and the business risk environment impact external auditors?	Experiment (external auditors)	Both factors influence external auditors' reliance on the IAF's work. External auditors are more likely to use internal audit for control evaluation than for tests of balance.
Prawitt, Sharp, and Wood (2011)	How can the IAF contribute to a decrease in external audit fees?	Archival study (observations from a proprietary database)	To lower audit fees, internal auditors must perform tasks under the supervision of external auditors. The financial tasks they perform while not under supervision have no impact on fees.
Abbott, Parker, and Peters (2010)	The audit committee's oversight of the IAF and its influence on the nature of IAF activities	Survey (CAEs and internal auditors)	Audit committee oversight is positively associated with the budget size of IAF internal controls-based activities, leading to the conclusion that oversight has an influence.
Brandon (2010)	Implications of outsourced internal auditors providing non-audit services	Experiment (External auditors)	Providing non-audit services negatively affects the outsourced internal auditor's perceived objectivity.
Desai, Roberts, and Srivastava (2010)	Development of a model to help external auditors evaluate the strength of the internal audit	Archival study	The model is based on three factors: competence, work performance, and objectivity. When these factors are strongly related, good audit quality results.
Munro and Stewart (2010)	Impact of outsourcing the IAF and the IAF's involvement in systems consulting on the EA's reliance on the work of the function	Experiment (external auditors)	There is no difference between outsourced and in-house internal auditors when relying on work already undertaken. External auditors are, however, less inclined to rely on the work of internal auditors involved in consulting.
Schneider (2010)	Effect of internal auditors' incentive compensation and stock ownership on audit procedures	Experiment (internal auditors)	Internal auditors may be reluctant to expand audit procedures to items that could affect the organization's earnings, because doing so could negatively affect their compensation.
Christopher, Sarens, and Leung (2009)	Critical analysis of the IAF's independence with respect to management and audit committee relationship	Survey (CAEs)	Some threats are found regarding both relationships, such as using the IAF as a stepping stone to other positions, having the CEO or CFO approve the IAF budget, not having the CAE report to the audit committee, and the committee not having the sole responsibility of hiring, firing, and evaluating the CAE.
Davies (2009)	Relationship between the IAF and the audit committee in Welsh local governments	Survey (audit committee members and internal auditors)	Communication between the IAF and the audit committee is an important part of the relationship. Having easy access to the audit committee is viewed as important for internal auditors.
Prawitt, Smith, and Wood (2009)	Relationship between internal auditors and earnings management	Archival Study (observations from the IIA's GAIN database)	IAF quality is negatively associated with earnings management, measured by abnormal accruals and analysts' forecasts.
Glover, Prawitt, and Wood (2008)	Impact of outsourcing the IAF on external auditors' reliance on the work of the function	Experiment (external auditors)	External auditors tend to perceive an outsourced IAF as more objective and to rely on it more when inherent risk is high.
Abbott, Parker, Peters, and Rama (2007)	Outsourcing the internal audit to an external auditor	Survey (CAEs and internal auditors)	Companies outsource many nonrecurring internal audit activities to external auditors. Effective audit committees are negatively associated with the outsourcing of routine internal audit work.
Mat Zain and Subramaniam (2007)	Perceptions of internal auditors regarding their relationship with audit committee members in developing markets	Interviews (CAEs and internal auditors)	There are informal communications between internal auditors and audit committee members. Internal auditors hold in high regard audit committee members and respect their authority. They have high expectations of the members' leadership of management and ensuring internal audit is seen as important.
Carcello, Hermanson, and Raghunandan (2005)	What determines investments in the IAF	Survey (CAEs) and archival study (observations from US listed firms)	The IAF budget is determined by various factors and the audit committee review of the IAF budget.

Internal Audit Quality Criteria

The first wave of research on IAQ assumed that internal audit is an oversight governance mechanism and that IAQ is important for benefitting shareholders of publicly listed firms (Gramling and Vandervelde, 2006). Relying on the premise that IAQ is based on external audit quality criteria, as described by De Angelo (1981),5 especially independence and competence, this wave of studies thus replicated the approached used to measure external audit quality.

Unsurprisingly, the two main IAQ indicators that emerge from the literature are (i) the degree to which the external auditor relies on the work of the internal audit6 (Abbott et al., 2012a, 2012b; Bhattacharjee et al., 2016; Chen et al., 2017; Davidson et al., 2013; Issa and Kogan, 2014; Malaescu and Sutton, 2015; Munro and Stewart, 2011; Pizzini et al., 2015; Prawitt et al., 2011; Singh et al., 2014), viewed as a proxy for the IAF's “work performance” (Desai et al., 2010; Trotman and Duncan, 2017), and (ii) the effectiveness of the audit committee (Abbott et al., 2007, 2010; Anderson et al., 2012; Carcello et al., 2005; Christ et al., 2015; Davies, 2009; D'Onza, Selim, Melville, and Allegrini, 2015; Mat Zain and Subramaniam, 2007; Regoliosi and d'Eri, 2014), considered as the main proxy for independence.7

The internal audit's influence on the following items has been considered IAQ indicators: judgment and decisions of shareholders (Holt and DeZoort, 2009); level of earnings management (Abbott et al., 2016; Gras-Gil et al., 2012; Prawitt et al., 2009; Sierra Garcia et al., 2012); fraud risk and probability of its prevention, detection, and disclosure by internal auditors (Asare et al., 2008; Coram et al., 2008; Ege, 2015); and internal controls deficiencies (Farkas and Hirsch, 2016; Mazza and Azzali, 2015).

The literature indicates positive or negative correlations to IAQ for the following independence indicators. Positively correlated are the proportion of assurance assignments (Gramling et al., 2004; Lin et al., 2011); the strategic character of audited business processes (Archambeault et al., 2008); the fixed remuneration of chief audit executives (Schneider, 2010); close relationships between the chief audit executives and the audit committee (Anderson et al., 2012; Archambeault et al., 2008; Boyle et al., 2015; Christopher et al., 2009; D'Onza, Selim, Merlville, and Allegrini, 2015; Gramling et al., 2004; Holt, 2012; Holt and DeZoort, 2009; Prawitt et al., 2009; Stewart and Subramaniam, 2010; Zaman and Sarens, 2013); the audit committee's independence and competence (Christopher et al., 2009); and the outsourcing of internal audit work to a professional accounting firm (Abbott et al., 2012a; Brandon, 2010; Desai et al., 2011; Desai et al., 2010; Glover et al., 2008; Gramling and Vandervelde, 2006; Stewart and Subramaniam, 2010; Pike et al., 2016; Prawitt et al., 2012). Negatively correlated are the proportion of operational assignments (i.e., assignments in which the internal auditor acts as a manager) or consulting assignments (De Zwaan et al., 2011; Glover et al., 2008; Gramling et al., 2004; Prawitt et al., 2009); variable remuneration (Omar and Stewart, 2015; Schneider, 2010); use of the IAF as a training ground for top managers (Christ et al., 2015; Christopher et al., 2009; Messier et al., 2011); top management's significant involvement in long-term internal audit planning (Christopher et al., 2009); and close relationships between internal auditors and top managers (Holt, 2012; Norman et al., 2010).

We identified fewer studies on the competence criteria of IAQ. However, Abdolmohammadi (2012) argues that leadership skills are the CAEs' most important ones, while the technical skills are more important for their team (i.e., the internal auditors). Desai et al. (2011) and Bartlett et al. (2016) found that external auditors' positive perception of IAQ increases when the internal audit work is outsourced to a professional accounting firm. It would follow that external auditors consider themselves more independent and competent than internal auditors. Conversely, Munro and Stewart (2010) and Abdolmohammadi (2013) obtained opposite findings based on the fact that internal auditors are more familiar with business processes and risks. In addition, some recent studies show the difficulty of recruiting highly qualified candidates to the IAF given their negative perceptions of this function (Bartlett et al., 2016, 2017; Burton et al., 2015). However, Trotman and Duncan (2017) argue that the use of the IAF as a training ground for senior managers is perceived as a positive signal regarding internal auditor competence and that it informs the recruitment of good candidates.

Stakeholder Perceptions of Internal Audit Quality

The main weakness of the first group of articles on IAQ is that they focus almost exclusively on independence and competence criteria. Similarly to the literature on external audit quality, these studies overlook other important aspects of audit quality (Trotman and Duncan, 2017). In addition, the external auditor's viewpoint dominates the analyzed data, indicating that prior literature, despite using a variety of methodologies, has largely neglected the perspectives of other stakeholders.

Roussy and Brivot (2016) argue that various perceptions of IAQ exist where there are multiple stakeholders present, and that the time has come to give these actors a voice and step away from the single lens of the external auditor. They consider that there can be no single definition of IAQ because this concept is a matter of stakeholder perception. On this topic, Roussy and Brivot (2016), as well as Trotman and Duncan (2017), have drawn inspiration from Knechel et al.'s (2013) paper on external audit quality. Roussy and Brivot (2016) used a mixed-method design to explore the IAQ perceptions of the IIA, external auditors, audit committee members, and internal auditors. They conclude that each stakeholder has its own conception of IAQ, as well as a consistent way to evaluate it, which may lead to different ways to control IAF activities and processes. For their part, Trotman and Duncan (2017) comprehensively applied the Knechel et al. (2013) external audit quality framework (including input, process, outputs, and outcomes as well as contextual factors) to internal audit by interviewing audit committee members, senior managers (the auditees), and internal auditors in an effort to identify the main dimensions of the quality framework these actors use. As a result, they developed a multistakeholder IAQ framework that went beyond the IAQ criteria of independence and competence. This framework is consistent with Lenz et al. (2014), who investigated the different factors that can influence IAF effectiveness, grouping them into four dimensions: the organization, internal audit resources, internal audit processes, and internal audit relationships.

General Observations and Research Avenues

As the perspective of external auditors has largely dominated the IAQ literature, the next logical step within that literature was to treat IAQ like external audit quality and to search for similar indicators. As a result, independence and competence became the core of this literature, and several indicators pertaining to these aspects were widely documented.

However, we support the criticism that emerged in the literature regarding the dominance of the external auditor's perspective and the underrepresentation of organizational stakeholders such as audit committee members, the internal auditors themselves, and the audited managers. The literature is also silent about the perspective of other stakeholders such as shareholders, financial analysts, and regulators.

As we found only two articles that addressed this gap, we argue that more research is needed to clarify these stakeholders' conceptualization of IAQ and the way they manage and/or assess it. Indeed, these stakeholders can influence the practice of internal audit and, consequently, the roles actually played by this function.

For instance, future research could test the Trotman and Duncan (2017) and Lenz et al. (2014) IAQ frameworks by surveying stakeholders to identify the extent of their reliance on the documented indicators. As the literature generally tested only one indicator at a time (or a few indicators individually), future research should try to capture a comprehensive view of the way in which stakeholders assess the IAQ (e.g., how do they weigh the different quality indicators used? Which is most important, and under what conditions?). In addition, future research could build on the Roussy and Brivot (2016) IAQ paper and explore how the IAF is managed and controlled to determine whether this method is consistent with stakeholders' conception of a high-quality internal audit. Interviews with chief audit executives, audit committee chairs, and CEOs may be a relevant methodological approach for that particular purpose. Thereafter, a survey instrument could be constructed and sent to a larger sample of stakeholders to assess whether the results are generalizable.

Lastly, we were unable to find any studies that investigated the influence on the IAQ of IIA requirements regarding the quality assurance and improvement program (Institute of Internal Auditors, 2017) and the extent to which stakeholders rely on the program to gain a degree of trust in the IAF. This could be a relevant research avenue because the IIA's international professional practices framework emphasizes the importance of compliance with such requirements. As a follow-up, it may be interesting to explore whether, and under what circumstances, IAFs certified under the Quality Assurance and Improvement Program (Institute of Internal Auditors, 2017) are actually of better quality than uncertified ones and whether stakeholders consider this certification in their assessment of IAQ. To that end, given the absence of archival data on this topic, a content analysis of quality assurance and improvement program evaluations could be carried out based on prior IAQ literature findings. This exercise could be followed by surveys or interviews with relevant stakeholders, namely certified assessors (external independent professionals authorized by the IIA to conduct external assessments of IAF quality). In this particular case, these methods appear to be more accurate and productive research methodologies.

What do we Know About Internal Audit Practice?

In this third and last theme, we present articles that shed light on how internal auditors perform their duties during the different stages of the internal audit process (i.e., assignment planning, execution, conclusion, and follow-up). We also refer to the few papers that examined IAF accountability issues, and discuss ethical concerns inherent to the practice of internal audit. Given that only 13 of these papers addressed internal audit practice, and the fact that every aspect of internal audit practice requires further investigation, it can be concluded that scholars know very little about how internal auditors behave or how they address conflictual situations and ethical issues. We urge researchers to delve into this issue and suggest some research avenues as springboards for further studies. Indeed, we are convinced that at the end of the day, the practice of internal audit impacts both the actual roles played by the IAF and the quality of this function. Table 4 summarizes the articles on this third theme.

Table 4. Internal audit practice

Author and year	Research issue(s)	Methodology	Finding(s)
Kidron, Ofek, and Cohen (2016)	How to tell when an organization is ready to change following an audit	Conceptual paper	A model identifying the determinants of organizational change is proposed.
Li, Chan, and Kogan (2016)	A framework with which to prioritize the exceptions generated by a continuous auditing system is proposed and validated through an experiment	Experiment (internal auditors)	The framework consists of six stages: (i) generation of exceptions using defined rules, (ii) assignment of suspicion scores to exceptions using belief functions, (iii) exception prioritization, (iv) exception investigation,(v) rule confidence level update utilizing back propagation, and (vi) addition of rule(s) using a rule learner algorithm.
Roussy and Rodrigue (2018)	Impression management within the IAF in the accountability report	Document analysis (private IAF's Accountability report)	Signs of impression management tactics benefitting managers and internal auditors were found. The IAF teamed up with management instead of with the audit committee.
Hoos, Kochetova-Kozloski, and d'Arcy (2015)	Effect of CAE communications on internal auditors' judgements	Experiment (CAEs)	The CAE's messages influence internal auditors' judgment when there is a higher level of ambiguity.
Roussy (2015)	How internal auditors cope with conflict in their day-to-day practice	Interviews (CAEs and internal auditors)	Internal auditors rely on a complex process to cope with day-to-day conflicts when implementing the internal audit process. Internal auditors in the Québec public sector may be considered to lack independence when this concept is contrasted with its purist conceptualization (auditor has a practical “gray” concept of independence).
Everett and Tremblay (2014)	Ethics in the field of internal auditing	Interviews (accounting practitioners) and document analysis (Cynthia Cooper's autobiography and the IIA's website)	Internal auditors are expected to have an ambiguous sense of morality bordering on the conflicted.
Fanning and Piercy (2014)	Internal auditors' use of interpersonal likability, arguments, and accounting information	Experiment (internal auditors)	An internal auditor who is likable and uses thematically organized arguments can influence managers, even when the underlying information fails to clearly support the IA's position.
Mahzan and Lymer (2014)	Generalized audit software and how it is successfully implemented	Interviews (key actors of organizations)	Based on several constructs from the “unified theory of acceptance and use of technology,” performance expectancy and facilitating conditions are important factors of a successful adoption.
Nickell and Roberts (2014)	Commentary on Everett and Tremblay's (2014) analysis of ethics in the field of internal auditing	Commentary/conceptual paper	The commentary finds conflicting ethical roles.
Shin, Lee, and Park (2013)	Implementing the continuous auditing system to reinforce internal controls	Case study (implementation of a continuous auditing system in the ERP-based environment)	A method for the implementation of this system as a reinforcement of internal controls is proposed. Based on a two-stage approach, it can be applied to numerous ERP-based environments.
Burton, Emett, Simon, and Wood (2012)	How internal auditors can convince managers	Experiment (managers)	Managers change their point of view when presented with preference-inconsistent operational recommendations. They rely more on quantified than on non-quantified information.
Guthrie, Norman, and Rose (2012)	Chief audit executives' evaluations of fraud whistle-blowing allegations	Experiment (CAEs)	CAEs view anonymous whistle-blowing allegations as less credible than allegations from named sources.
Stefaniak, Houston, and Cornell (2012)	Levels and effects of auditors' identification with employers/clients and its effects on their internal control evaluation	Experiment (external and internal auditors)	There is a psychological attachment between auditors and their clients. Internal auditors identify with the evaluated firm more strongly than do external auditors, who see the firm as a client. This identification leads internal auditors to be less lenient when evaluating internal control deficiencies.

Of the few papers that tried to unlock the black box of the day-to-day practice of internal audit, only Roussy's (2015) study proposed an analysis that tracks the internal audit process stages. Roussy's objective was to identify the conflicts internal auditors face on a regular basis and at each stage of the process, and to understand how they cope with them. According to her analysis, internal auditors seem to act strategically depending on the conflict they face, and they adopt several coping tactics based on the circumstances at hand. She notably argues that the coping strategies used during the audit process tend to indicate a lack of independence and that audit committee members exert little power over them compared to top managers. Her study initiated a debate on ethical issues surrounding internal audit and identified ethical conflicts while highlighting internal auditors' lack of independence.

In light of the financial scandals of the early aughts and the advent of SOX, ethical concerns have come to the forefront in business environments. The resulting scrutiny has spread to internal audit as a governance oversight governance mechanism. Everett and Tremblay (2014) made an initial foray into the subject of internal auditors' ethics, arguing that internal auditors are asked to follow an ambiguous moral directive that borders on the conflicted. Contrary to the “lightness” conveyed in the profession's ethical narratives, the authors noted a Kantian “heaviness” in the practice. This conclusion was elaborated by Nickell and Roberts (2014), who suggested that internal auditors look to Brunsson's model of organized hypocrisy to cope with the moral aspect of their work. However, the effect of this suggestion remains to be demonstrated.

Stefaniak et al. (2012) uncovered a psychological attachment between internal auditors on the one hand and their auditees and organization on the other, a relationship that affect the execution of assignments because it influences internal auditors' judgment regarding internal control deficiencies. Surprisingly, it also leads internal auditors to be less lenient in their evaluation of internal control deficiencies, whereas external auditors are more tolerant during this exercise. This result suggests that internal auditors behave ethically even when emotionally attached to their organization, supporting Roussy's (2013) conclusion that internal auditors tend to act as the organization's protector. It would be interesting to explore, perhaps through an experimental design, whether such emotional attachment influences the actual role of internal auditors, and whether this role has an impact on IAQ.

We were unable to identify any papers related to planning, the first stage of the internal audit process. Regarding the execution stage, the sources were scant, with the notable exception of the Stefaniak et al. (2012) paper, which examined internal auditors' judgment regarding internal control deficiencies. Three other articles proposed and/or discussed a technological tool that can aid internal auditors in performing their assignments (Mahzan and Lymer, 2014; Li et al., 2016; Shin et al., 2013), but none of them made a substantial contribution to understanding the way internal auditors actually use the tool. Hoos et al. (2015) indicate that chief audit executives influence the professional judgment of their team members in ambiguous situations but these authors do not explore this thought much further. Guthrie et al. (2012) conducted an experiment that demonstrated that internal auditors find whistle-blowing allegations more credible when the sources are named than when they remain anonymous. However, they do not offer a genuine analysis of how internal auditors address the problem after receiving an allegation.

Only two articles in our review directly investigate the negotiation of the internal audit report with the audited manager (an integral part of the conclusion stage of the internal audit process). Fanning and Piercy (2014) argue that the likability of internal auditors and their thematic organization of arguments can positively influence managers' judgment, even when the underlying information fails to clearly support the IAF's conclusions. Burton et al. (2012) examined how internal auditors convince audited managers to change their minds when preference-inconsistent operational recommendations are suggested, and found that internal auditors rely more on quantified than on nonquantified information in this effort.

None of the papers in our review investigated how follow-up is conducted as the final stage of the internal audit process. We identified only a conceptual paper that suggests a tool (without testing it) to help internal auditors determine whether the organization (or a specific business unit) is ready to implement the internal audit recommendations and to actually engage in the process of sustainable change (Kidron et al., 2016). However, Roussy and Rodrigue (2018) provided indirect information about the follow-up stage in their analysis of the IAF's annual accountability to the audit committee. Although that theme was not the central focus of their paper, their information could be used as a starting point for research on the last stage of the internal audit process.

Roussy and Rodrigue (2018) conducted a documentary analysis of an exclusive and confidential IAF annual accountability report that revealed that the internal auditors in this case teamed up with the managers and used several impression management tactics in the report to protect both parties. Their results are consistent with those of Norman et al. (2010) and Roussy (2013, 2015). Finally, it should be noted that, with the exception of Stefaniak et al. (2012), studies of the day-to-day practice of internal audit cast doubt on internal auditors' ethics when internal audit is considered to be an oversight governance pillar that must remain independent.

General Observations and Research Avenues

In view of the scarcity of research on the practice of internal audit, our conclusion is unsurprising: we know too little about this practice, and the time has come to conduct more research on the matter. Every stage of the internal audit process is poorly documented and understood. We therefore urge academics to investigate this issue, regardless of their theoretical or methodological preferences. That said, archival studies are extremely difficult, if not impossible, to conduct in internal audit practice because archival data is virtually nonexistent. Researchers must therefore rely on other methodologies such as interviews, case studies, surveys, and experiments.

On the topic of the planning stage, the literature is almost silent, and seems to consist of only one indirect study. Yet it would be most interesting to document how audit objectives and performance criteria are selected by internal auditors, and to analyze the extent to which these factors are consistent with the organization's strategic objectives and risk analysis. Moreover, as previous research has observed that internal auditors negotiate with auditees during the conclusion stage in regard to the findings and recommendations that will appear in the report, it would be relevant to understand the interactions between internal auditors and audited managers to determine how intensely the objectives and audit criteria are negotiated at the beginning of the process in anticipation of the final negotiation exercise.

The execution stage is also poorly understood. Not only is there insufficient scientific insight into the IT tools that internal auditors use to perform their duties, the audit methodologies they implement, and how they collect evidence, but the very nature of internal auditors' teamwork and interactions with one another remains unexplored. It would be significant to understand this aspect of their function as this would shed light on how they collectively perform assignments and establish their professional judgment. In addition, although we found a paper that documented the negotiation process pertaining to the findings and recommendations presented in internal audit reports, it would be highly valuable to conduct a documentary analysis of a real audit report in light of IAQ output indicators (Trotman and Duncan, 2017) and other relevant quality criteria. Such research would have been almost impossible even a few years ago, but some organizations, including the Canadian government, now publish their internal audit reports, giving researchers access to highly valuable data. Furthermore, access to the field and to confidential internal audit reports or IAF accountability reports can be negotiated for academic purposes, as demonstrated in Roussy and Rodrigue (2018).

It would also be relevant to measure managers' compliance with internal audit recommendations and how they perceive how these recommendations have contributed to improving organizational processes. Such research could help to capture the usefulness of the IAF.

In addition, the ethical reasoning of internal auditors is an important component of their professional judgment. It requires not only objectivity, sound technical competencies, and a good understanding of the organization, but also strong ethical deliberation skills, including the ability to detect ethical dilemmas and resolve them competently. Because previous research has cast doubt on internal auditors' ethical behavior (e.g., Everett and Tremblay, 2014; Roussy, 2015), we suggest that their ethical reasoning is a promising research avenue. For instance, experimentation could be a relevant research design since it makes it possible to simulate real-life scenarios in which internal auditors are confronted with ethical dilemmas and must posit a judgment and act accordingly.

Given the scarcity of studies on the IAF accountability process to the audit committee, scholars lack an overall understanding of this issue. However, the conclusions of prior literature (Roussy and Rodrigue, 2018) are worrisome and need to be supplemented and challenged. Other IAF accountability reports should be documented and analyzed in different settings to improve our understanding of the IAF's actual roles and quality. Interviews with audit committee members who receive accountability reports would also provide needed information on how they evaluate IAQ.

Conclusion

To capture the current state of academic knowledge about internal audit, we reviewed internal audit articles published in high-quality accounting journals between 2005 and mid-2017, using a multimethod and multitheoretical approach. Our study can be considered a structured literature review based on the 10 steps suggested by Massaro et al. (2016). We identified 91 internal audit papers and classified them into three central themes: the multiple roles of internal audit, IAQ, and the practice of internal audit. This literature review illustrates that despite the explosion of internal audit studies since 2005 compared to the pre-SOX era, knowledge of this function remains fragmentary. We identified significant gaps and accordingly suggested interesting research avenues. Figure 3 illustrates the three interconnected central themes of this literature review as well as the outlines of our general observations per theme.

Future research to follow-up on the current study would be relevant and insightful regardless of the theoretical frameworks, methodological designs, or epistemological perspectives the prospective authors choose. We hope that our reading of the literature, along with the ideas proposed in this article, will trigger future research in internal audit as this topic can provide ample study opportunities for emerging scholars as well as established academics.

References

Abbott, A. 1988. The system of professions: An essay on the division of expert labor. Chicago, IL: The University of Chicago Press.
10.7208/chicago/9780226189666.001.0001
Google Scholar
Abbott, L., S. Parker, and G. Peters. 2010. Serving two masters: The association between audit committee internal audit oversight and internal audit activities. Accounting Horizons 24 (1): 1–24.
10.2308/acch.2010.24.1.1
PubMed Web of Science® Google Scholar
Abbott, L. J., B. Daugherty, S. Parker, and G. F. Peters. 2016. Internal audit quality and financial reporting quality: The joint importance of independence and competence. Journal of Accounting Research 54 (1): 3–40.
10.1111/1475-679X.12099
Web of Science® Google Scholar
Abbott, L. J., S. Parker, and G. F. Peters. 2012a. Audit fee reductions from internal audit-provided assistance: The incremental impact of internal audit characteristics. Contemporary Accounting Research 29 (1): 94–118.
10.1111/j.1911-3846.2011.01072.x
Web of Science® Google Scholar
Abbott, L. J., S. Parker, and G. F. Peters. 2012b. Internal audit assistance and external audit timeliness. Auditing: A Journal of Practice & Theory 34 (4): 3–20.
10.2308/ajpt-10296
Web of Science® Google Scholar
Abbott, L. J., S. Parker, G. F. Peters, and D. V. Rama. 2007. Corporate governance, audit quality, and the Sarbanes-Oxley Act: Evidence from internal audit outsourcing. The Accounting Review 82 (4): 803–35.
10.2308/accr.2007.82.4.803
Web of Science® Google Scholar
Abdolmohammadi, M. 2012. Chief audit executives' assessment of internal auditors' performance attributes by professional rank and cultural cluster. Behavioral Research in Accounting 24 (1): 1–23.
10.2308/bria-50023
Google Scholar
Abdolmohammadi, M. 2013. Correlates of co-sourcing/outsourcing of internal audit activities. Auditing: A Journal of Practice & Theory 32 (3): 69–85.
10.2308/ajpt-50453
Web of Science® Google Scholar
Anderson, U. L., M. H. Christ, K. M. Johnstone, and L. E. Rittenberg. 2012. A post-SOX examination of factors associated with the size of internal audit functions. Accounting Horizons 26 (2): 167–91.
10.2308/acch-50115
Web of Science® Google Scholar
Archambeault, D. S., F. T. DeZoort, and T. P. Holt. 2008. The need for an internal auditor report to external stakeholders to improve governance transparency. Accounting Horizons 22 (4): 375–89.
10.2308/acch.2008.22.4.375
Web of Science® Google Scholar
Arel, B., C. A. Beaudoin, and A. M. Cianci. 2012. The impact of ethical leadership, the internal audit function, and moral intensity on a financial reporting decision. Journal of Business Ethics 109 (3): 351–66.
10.1007/s10551-011-1133-1
Web of Science® Google Scholar
Asare, S., R. Davidson, and A. Gramling. 2008. Internal auditors' evaluation of fraud factors in planning an audit: The importance of audit committee quality and management incentives. International Journal of Auditing 12 (3): 181–203.
10.1111/j.1099-1123.2008.00379.x
Google Scholar
Bame-Aldred, C. W., D. M. Brandon, W. F. Messier Jr., L. E. Rittenberg, and C. M. Stefaniak. 2013. A summary of research on external auditor reliance on the internal audit function. Auditing: A Journal of Practice & Theory 32 (Suppl. 1): 251–86.
10.2308/ajpt-50342
Google Scholar
Bartlett, G. D., J. Kremin, K. K. Saunders, and D. A. Wood. 2016. Attracting applicants for in-house and outsourced internal audit positions: Views from external auditors. Accounting Horizons 30 (1): 143–56.
10.2308/acch-51309
Web of Science® Google Scholar
Bartlett, G. D., J. Kremin, K. K. Saunders, and D. A. Wood. 2017. Factors influencing recruitment of non-accounting business professionals into internal auditing. Behavioral Research in Accounting 29 (1): 119–30.
10.2308/bria-51643
Web of Science® Google Scholar
Barua, A., D. Rama, and V. Sharma. 2010. Audit committee characteristics and investment in internal auditing. Journal of Accounting and Public Policy 29 (5): 503–13.
10.1016/j.jaccpubpol.2010.09.001
Web of Science® Google Scholar
Bhattacharjee, S., M. J. Maletta, and K. K. Moreno. 2016. The role of account subjectivity and risk of material misstatement on auditors' internal audit reliance judgments. Accounting Horizons 30 (2): 225–38.
10.2308/acch-51363
Web of Science® Google Scholar
Boyle, D. M., F. T. DeZoort, and D. R. Hermanson. 2015. The effects of internal audit report type and reporting relationship on internal auditors' risk judgments. Accounting Horizons 29 (3): 695–718.
10.2308/acch-51110
Web of Science® Google Scholar
Brandon, D. 2010. External auditor evaluations of outsourced internal auditors. Auditing: A Journal of Practice & Theory 29 (2): 159–73.
10.2308/aud.2010.29.2.159
Web of Science® Google Scholar
Brender, N., B. Yzeiraj, and E. Fragniere. 2015. The management audit as a tool to foster corporate governance: An inquiry in Switzerland. Managerial Auditing Journal 30 (8–9): 785–811.
10.1108/MAJ-03-2014-1013
Web of Science® Google Scholar
Burton, F. G., S. A. Emett, C. A. Simon, and D. A. Wood. 2012. Corporate managers' reliance on internal auditor recommendations. Auditing: A Journal of Practice & Theory 31 (2): 151–66.
10.2308/ajpt-10234
Web of Science® Google Scholar
Burton, F. G., M. W. Starliper, S. L. Summers, and D. A. Wood. 2015. The effects of using the internal audit function as a management training ground or as a consulting services provider in enhancing the recruitment of internal auditors. Accounting Horizons 29 (1): 115–40.
10.2308/acch-50925
Web of Science® Google Scholar
Carcello, J. V., D. R. Hermanson, and K. Raghunandan. 2005. Factors associated with U.S. public companies' investment in internal auditing. Accounting Horizons 19 (2): 69–84.
10.2308/acch.2005.19.2.69
Google Scholar
Chambers, A. D., and M. Odar. 2015. A new vision for internal audit. Managerial Auditing Journal 30 (1): 34–55.
10.1108/MAJ-08-2014-1073
Web of Science® Google Scholar
Chen, L. H., H. H. Chung, G. F. Peters, and J. P. Wynn. 2017. Does incentive-based compensation for chief internal auditors impact objectivity? An external audit risk perspective. Auditing: A Journal of Practice & Theory 36 (2): 21–43.
10.2308/ajpt-51575
Web of Science® Google Scholar
Christ, M. H., A. Masli, N. Y. Sharp, and D. A. Wood. 2015. Rotational internal audit programs and financial reporting quality: Do compensating controls help? Accounting, Organizations and Society 44: 37–59.
10.1016/j.aos.2015.05.004
Web of Science® Google Scholar
Christopher, J., G. Sarens, and P. Leung. 2009. A critical analysis of the independence of the internal audit function: evidence from Australia. Accounting, Auditing & Accountability Journal 22 (2): 200–20.
10.1108/09513570910933942
Google Scholar
Coram, P., C. Ferguson, and R. Moroney. 2008. Internal audit, alternative internal audit structures and the level of misappropriation of assets fraud. Accounting and Finance 48 (4): 543–59.
10.1111/j.1467-629X.2007.00247.x
Web of Science® Google Scholar
Davidson, B. I., N. K. Desai, and G. J. Gerard. 2013. The effect of continuous auditing on the relationship between internal audit sourcing and the external auditor's reliance on the internal audit function. Journal of Information Systems 27 (1): 41–59.
10.2308/isys-50430
Google Scholar
Davidson, R., J. Goodwin-Stewart, and P. Kent. 2005. Internal governance structures and earnings management. Accounting and Finance 45 (2): 241–67.
10.1111/j.1467-629x.2004.00132.x
Google Scholar
Davies, M. 2009. Effective working relationships between audit committees and internal audit—the cornerstone of corporate governance in local authorities, a Welsh perspective. Journal of Management & Governance 13 (1–2): 41–73.
10.1007/s10997-008-9070-9
Google Scholar
De Angelo, L. E. 1981. Auditor size and audit quality. Journal of Accounting and Economics 3 (3): 183–99.
10.1016/0165-4101(81)90002-1
Google Scholar
De Zwaan, L., J. Stewart, and N. Subramaniam. 2011. Internal audit involvement in enterprise risk management. Managerial Auditing Journal 26 (7): 586–604.
10.1108/02686901111151323
Google Scholar
Desai, N. K., G. J. Gerard, and A. Tripathy. 2011. Internal audit sourcing arrangements and reliance by external auditors. Auditing: A Journal of Practice & Theory 30 (1): 149–71.
10.2308/aud.2011.30.1.149
Web of Science® Google Scholar
Desai, V., R. Roberts, and R. Srivastava. 2010. An analytical model for external auditor evaluation of the internal audit function using belief functions. Contemporary Accounting Research 27 (2): 537–75.
10.1111/j.1911-3846.2010.01016.x
Web of Science® Google Scholar
D'Onza, G., R. Lamboglia, and R. Verona. 2015. Do IT audits satisfy senior manager expectations? A qualitative study based on Italian banks. Managerial Auditing Journal 30 (4–5): 413–34.
10.1108/MAJ-07-2014-1051
Web of Science® Google Scholar
D'Onza, G., G. M. Selim, R. Melville, and M. Allegrini. 2015. A study on internal auditor perceptions of the function ability to add value. International Journal of Auditing 19 (3): 182–94.
10.1111/ijau.12048
Web of Science® Google Scholar
Easterby-Smith, M., R. Thorpe, and P. Jackson. 2015. Reviewing the literature. Management & Business Reasearch. London: Sage.
Google Scholar
Ege, M. S. 2015. Does internal audit function quality deter management misconduct. The Accounting Review 90 (2): 495–527.
10.2308/accr-50871
Web of Science® Google Scholar
Everett, J., and M.-S. Tremblay. 2014. Ethics and internal audit: Moral will and moral skill in a heteronomous field. Critical Perspectives on Accounting 25 (3): 181–296.
10.1016/j.cpa.2013.10.002
Web of Science® Google Scholar
Fanning, K., and M. D. Piercy. 2014. Internal auditors' use of interpersonal likability, arguments, and accounting information in a corporate governance setting. Accounting, Organizations and Society 39 (8): 575–89.
10.1016/j.aos.2014.07.002
Web of Science® Google Scholar
Farkas, M. J., and R. M. Hirsch. 2016. The effect of frequency and automation of internal control testing on external auditor reliance on the internal audit function. Journal of Information Systems 30 (1): 21–40.
10.2308/isys-51266
Web of Science® Google Scholar
Francis, J. 2004. What do we know about audit quality? The British Accounting Review 36 (4): 345–68.
10.1016/j.bar.2004.09.003
Google Scholar
Francis, J. 2011. A framework for understanding and researching audit quality. Auditing: A Journal of Practice & Theory 30 (2): 125–52.
10.2308/ajpt-50006
Web of Science® Google Scholar
Freidson, E. 2001. Professionalism, the third logic: On the practice of knowledge. Chicago, IL: The University of Chicago Press.
Web of Science® Google Scholar
Glover, S. M., D. F. Prawitt, and D. A. Wood. 2008. Internal audit sourcing arrangement and the external auditor's reliance decision. Contemporary Accounting Research 25 (1): 193–213.
10.1506/car.25.1.7
Web of Science® Google Scholar
Goodwin-Stewart, J., and P. Kent. 2006a. Relation between external audit fees, audit committee characteristics and internal audit. Accounting and Finance 46 (3): 387–404.
10.1111/j.1467-629X.2006.00174.x
Web of Science® Google Scholar
Goodwin-Stewart, J., and P. Kent. 2006b. The use of internal audit by Australian companies. Managerial Auditing Journal 21 (1): 81–101.
10.1108/02686900610634775
Google Scholar
Gramling, A. A., M. J. Maletta, A. Schneider, and B. K. Church. 2004. The role of the internal audit function in corporate governance: A synthesis of the extant internal auditing literature and directions for future research. Journal of Accounting Literature 23 (1): 194–244.
Google Scholar
Gramling, A. A., and S. D. Vandervelde. 2006. Assessing internal audit quality. Internal Auditing 21 (3): 26–30; 32-33.
Google Scholar
Gras-Gil, E., S. Marin-Hernandez, and D. Garcia-Perez de Lema. 2012. Internal audit and financial reporting in the Spanish banking industry. Managerial Auditing Journal 27 (8): 728–53.
10.1108/02686901211257028
Google Scholar
Guthrie, C. P., C. S. Norman, and J. M. Rose. 2012. Chief audit executives' evaluations of whistle-blowing allegations. Behavioral Research in Accounting 24 (2): 87–99.
10.2308/bria-50154
Google Scholar
Héroux, S., and A. Fortin. 2013. The internal audit function in information technology governance: A holistic perspective. Journal of Information Systems 27 (1): 189–217.
10.2308/isys-50331
Google Scholar
Holt, T. P. 2012. The effects of internal audit role and reporting relationships on investor perceptions of disclosure credibility. Managerial Auditing Journal 27 (9): 878–98.
10.1108/02686901211263085
Google Scholar
Holt, T. P., and T. DeZoort. 2009. The effects of internal audit report disclosure on investor confidence and investment decisions. International Journal of Auditing 13 (1): 61–77.
10.1111/j.1099-1123.2008.00391.x
Google Scholar
Hoos, F., N. Kochetova-Kozloski, and A. C. d'Arcy. 2015. The importance of the chief audit executive's communication: Experimental evidence on internal auditors' judgments in a “Two Masters Setting”. International Journal of Auditing 19 (3): 166–81.
10.1111/ijau.12046
Web of Science® Google Scholar
IIA Research Foundation. 2017. Practitioners' Common Body of Knowledge (CBOK) 2015. Available online at https://global.theiia.org/iiarf/Pages/Common-Body-of-Knowledge-CBOK.aspx, retrieved March 31, 2018.
Google Scholar
IIA Research Foundation and Proviti. 2017. Stakeholders' Common Body of Knowledge (CBOK) 2015. available online at https://global.theiia.org/iiarf/Pages/Common-Body-of-Knowledge-CBOK.aspx, retrieved March 31, 2018.
Google Scholar
Institute of Internal Auditors (IIA). 2017. Standards & Guidance, International Professional Practices Framework. Available online at https://na.theiia.org/standards-guidance/Pages/Standards-and-Guidance-IPPF.aspx, retrieved November 8, 2017.
Google Scholar
Issa, H., and A. Kogan. 2014. A predictive ordered logistic regression model as a tool for quality review of control risk assessments. Journal of Information Systems 28 (2): 209–29.
10.2308/isys-50808
Google Scholar
Kidron, A., Y. Ofek, and H. Cohen. 2016. New perspective on the black box of internal auditing and organisational change. Managerial Auditing Journal 31 (8–9): 804–20.
10.1108/MAJ-07-2015-1220
Web of Science® Google Scholar
Knechel, W. R., G. V. Krishnan, M. Pevzner, L. B. Shefchik, and U. K. Velury. 2013. Audit quality: Insights from the academic literature. Auditing: A Journal of Practice & Theory 32 (Suppl. 1): 385–4.
10.2308/ajpt-50350
Web of Science® Google Scholar
Labelle, R., R. M. Gargouri, and C. Francoeur. 2010. Ethics, diversity management, and financial reporting quality. Journal of Business Ethics 93 (2): 335–53.
10.1007/s10551-009-0225-7
Web of Science® Google Scholar
Lenz, R., and U. Hahn. 2015. A synthesis of empirical internal audit effectiveness literature pointing to new research opportunities. Managerial Auditing Journal 30 (1): 5–33.
10.1108/MAJ-08-2014-1072
Web of Science® Google Scholar
Lenz, R., and G. Sarens. 2012. Reflections on the internal auditing profession: What might have gone wrong? Managerial Auditing Journal 27 (6): 532–49.
10.1108/02686901211236382
Google Scholar
Lenz, R., G. Sarens, and K. D'Silva. 2014. Probing the discriminatory power of characteristics of internal audit functions: Sorting the wheat from the chaff. International Journal of Auditing 18 (2): 126–38.
10.1111/ijau.12017
Google Scholar
Leung, P., B. J. Cooper, and L. Perera. 2011. Accountability structures and management relationships of internal audit: An Australian study. Managerial Auditing Journal 26 (9): 794–816.
10.1108/02686901111171457
Google Scholar
Li, P., D. Y. Chan, and A. Kogan. 2016. Exception prioritization in the continuous auditing environment: A framework and experimental evaluation. Journal of Information Systems 30 (2): 135–57.
10.2308/isys-51220
Web of Science® Google Scholar
Lin, S., M. Pizzini, M. Vargus, and I. Bardhan. 2011. The role of the internal audit function in the disclosure of material weaknesses. The Accounting Review 86 (1): 287–323.
10.2308/accr.00000016
Web of Science® Google Scholar
Ma'ayan, Y., and A. Carmeli. 2016. Internal audits as a source of ethical behavior, efficiency, and effectiveness in work units. Journal of Business Ethics 137 (2): 347–63.
10.1007/s10551-015-2561-0
Web of Science® Google Scholar
Macdonald, K. M. 1995. The sociology of the professions. United Kingdom: Sage Publications.
Google Scholar
Mahzan, N., and A. Lymer. 2014. Examining the adoption of computer-assisted audit tools and techniques. cases of generalized audit software use by internal auditors. Managerial Auditing Journal 29 (4): 327–49.
10.1108/MAJ-05-2013-0877
Google Scholar
Malaescu, I., and S. G. Sutton. 2015. The reliance of external auditors on internal audit's use of continuous audit. Journal of Information Systems 29 (1): 95–114.
10.2308/isys-50899
Web of Science® Google Scholar
Malsch, B., and S. Salterio. 2016. Doing good field research: Assessing the quality of audit field research. Auditing: A Journal of Practice & Theory 35 (1): 1–22.
10.2308/ajpt-51170
Web of Science® Google Scholar
Massaro, M., J. Dumay, and J. Guthrie. 2016. On the shoulders of giants: Undertaking a structured literature review in accounting. Accounting, Auditing & Accountability Journal 29 (5): 767–801.
10.1108/AAAJ-01-2015-1939
Web of Science® Google Scholar
Mat Zain, M., and N. Subramaniam. 2007. Internal auditor perceptions on audit committee interactions: A qualitative study in Malaysian public corporations. Corporate Governance: An International Review 15 (5): 894–908.
10.1111/j.1467-8683.2007.00620.x
Web of Science® Google Scholar
Mazza, T., and S. Azzali. 2015. Effects of internal audit quality on the severity and persistence of controls deficiencies. International Journal of Auditing 19 (3): 148–65.
10.1111/ijau.12044
Web of Science® Google Scholar
Messier, W. F., Jr., J. K. Reynolds, C. A. Simon, and D. A. Wood. 2011. The effect of using the internal audit function as a management training ground on the external auditor's reliance decision. The Accounting Review 86 (6): 2131–54.
10.2308/accr-10136
Web of Science® Google Scholar
Mihret, D. G. 2014. How can we explain internal auditing? The inadequacy of agency theory and a labor process alternative. Critical Perspectives on Accounting 25 (8): 771–82.
10.1016/j.cpa.2014.01.003
Web of Science® Google Scholar
Mihret, D. G., and B. Grant. 2017. The role of internal auditing in corporate governance: A Foucauldian analysis. Accounting, Auditing & Accountability Journal 30 (3): 699–719.
10.1108/AAAJ-10-2012-1134
Web of Science® Google Scholar
Munro, L., and J. Stewart. 2010. External auditors' reliance on internal audit: The impact of sourcing arrangements and consulting activities. Accounting and Finance 50 (2): 371–87.
10.1111/j.1467-629X.2009.00322.x
Web of Science® Google Scholar
Munro, L., and J. Stewart. 2011. External auditors' reliance on internal auditing: further evidence. Managerial Auditing Journal 26 (6): 461–81.
10.1108/02686901111142530
Google Scholar
Nickell, E. B., and R. W. Roberts. 2014. Organizational legitimacy, conflict, and hypocrisy: An alternative view of the role of internal auditing. Critical Perspectives on Accounting 25 (3): 217–21.
10.1016/j.cpa.2013.10.005
Web of Science® Google Scholar
Norman, C., A. Rose, and J. Rose. 2010. Internal audit reporting lines, fraud risk decomposition, and assessments of fraud risk. Accounting, Organizations and Society 35 (5): 546–57.
10.1016/j.aos.2009.12.003
Web of Science® Google Scholar
Omar, H. M. H., and J. Stewart. 2015. The effect of incentive-based compensation on internal auditors' perceptions of objectivity. International Journal of Auditing 19 (1): 37–52.
10.1111/ijau.12032
Web of Science® Google Scholar
Patton, M. Q. 2015. Qualitative research and evaluation methods: Integrating theory and practice, 4th ed. Thousand Oaks, CA: Sage Publications.
Google Scholar
Pike, B. J., L. Chui, K. A. Martin, and R. M. Olvera. 2016. External auditors' involvement in the internal audit function's work plan and subsequent reliance before and after a negative audit discovery. Auditing: A Journal of Practice & Theory 35 (4): 159–73.
10.2308/ajpt-51486
Web of Science® Google Scholar
Pizzini, M., S. Lin, and D. E. Ziegenfuss. 2015. The impact of internal audit function quality and contribution on audit delay. Auditing: A Journal of Practice & Theory 34 (1): 25–58.
10.2308/ajpt-50848
Web of Science® Google Scholar
Power, M., and Y. Gendron. 2015. Qualitative research in auditing: A methodological roadmap. Auditing: A Journal of Practice and Theory 34 (2): 147–65.
10.2308/ajpt-10423
Web of Science® Google Scholar
Prawitt, D., J. Smith, and D. Wood. 2009. Internal audit quality and earnings management. The Accounting Review 84 (4): 1255–80.
10.2308/accr.2009.84.4.1255
Web of Science® Google Scholar
Prawitt, D. F., N. Y. Sharp, and D. A. Wood. 2011. Reconciling archival and experimental research: does internal audit contribution affect the external audit fee? Behavioral Research in Accounting 23 (2): 187–206.
10.2308/bria-10065
Google Scholar
Prawitt, D. F., N. Y. Sharp, and D. A. Wood. 2012. Internal audit outsourcing and the risk of misleading or fraudulent financial reporting: Did Sarbanes-Oxley get it wrong? Contemporary Accounting Research 29 (4): 1109–36.
10.1111/j.1911-3846.2012.01141.x
Web of Science® Google Scholar
Regoliosi, C., and A. d'Eri. 2014. “Good” corporate governance and the quality of internal auditing departments in Italian listed firms. An exploratory investigation in Italian listed firms. Journal of Management & Governance 18 (3): 891–920.
10.1007/s10997-012-9254-1
Google Scholar
Ridley, J., K. D'Silva, and M. Szombathelyi. 2011. Sustainability assurance and internal auditing in emerging markets. Corporate Governance 11 (4): 475–88.
10.1108/14720701111159299
Google Scholar
Roussy, M. 2013. Internal auditors' roles: From watchdogs to helpers and protectors of the top manager. Critical Perspectives on Accounting 24 (7–8): 550–71.
10.1016/j.cpa.2013.08.004
Web of Science® Google Scholar
Roussy, M. 2015. Welcome to the day-to-day of internal auditors: How do they cope with conflicts? Auditing: A Journal of Practice & Theory 34 (2): 237–64.
10.2308/ajpt-50904
Web of Science® Google Scholar
Roussy, M., and M. Brivot. 2016. Internal audit quality: A polysemous notion? Accounting, Auditing & Accountability Journal 29 (5): 714–38.
10.1108/AAAJ-10-2014-1843
Web of Science® Google Scholar
Roussy, M., and M. Rodrigue. 2018. Internal audit: Is the ‘Third Line of Defense’ effective as a form of governance? An exploratory study of the impression management techniques chief audit executives use in their annual accountability to the audit committee. Journal of Business Ethics 151 (3): 853–69. First published online July 22, 2016.
10.1007/s10551-016-3263-y
Web of Science® Google Scholar
Sarens, G., and M. Abdolmohammadi. 2011. Monitoring effects of the internal audit function: Agency theory versus other explanatory variables. International Journal of Auditing 15 (1): 1–20.
10.1111/j.1099-1123.2010.00419.x
Google Scholar
Sarens, G., I. De Beelde, and P. Everaert. 2009. Internal audit: A comfort provider to the audit committee. The British Accounting Review 41 (2): 90–106.
10.1016/j.bar.2009.02.002
Google Scholar
Schneider, A. 2010. Determining whether there are any effects of incentive compensation and stock ownership on internal audit procedures. International Journal of Auditing 14 (1): 101–10.
10.1111/j.1099-1123.2009.00405.x
Google Scholar
Shin, I., M. Lee, and W. Park. 2013. Implementation of the continuous auditing system in the ERP-based environment. Managerial Auditing Journal 28 (7): 592–627.
10.1108/MAJ-11-2012-0775
Google Scholar
Sierra Garcia, L., E. R. Barbadillo, and M. O. Pérez. 2012. Audit committee and internal audit and the quality of earnings: Empirical evidence from Spanish companies. Journal of Management & Governance 16 (2): 305–31.
10.1007/s10997-010-9152-3
Google Scholar
Singh, H., D. Woodliff, N. Sultana, and R. Newby. 2014. Additional evidence on the relationship between an internal audit function and external audit fees in Australia. International Journal of Auditing 18 (1): 27–39.
10.1111/ijau.12009
Google Scholar
Soh, D. S. B., and N. Martinov-Bennie. 2011. The internal audit function. Managerial Auditing Journal 26 (7): 605–22.
10.1108/02686901111151332
Google Scholar
Soh, D. S. B., and N. Martinov-Bennie. 2015. Internal auditors' perceptions of their role in environmental, social and governance assurance and consulting. Managerial Auditing Journal 30 (1): 80–111.
10.1108/MAJ-08-2014-1075
Web of Science® Google Scholar
Stefaniak, C. M., R. W. Houston, and R. M. Cornell. 2012. The effects of employer and client identification on internal and external auditors' evaluations of internal control deficiencies. Auditing: A Journal of Practice & Theory 31 (1): 39–56.
10.2308/ajpt-10179
Web of Science® Google Scholar
Stewart, J., and N. Subramaniam. 2010. Internal audit independence and objectivity: Emerging research opportunities. Managerial Auditing Journal 25 (4): 328–60.
10.1108/02686901011034162
Google Scholar
Trotman, A. J. and K. Duncan. 2017. Internal audit quality: Insights from audit committee members, senior management and internal auditors. Auditing: A Journal of Practice & Theory. In press.
10.2308/ajpt-51877
Google Scholar
Trotman, A. J., and K. T. Trotman. 2015. Internal audit's role in GHG emissions and energy reporting: evidence from audit committees, senior accountants, and internal auditors. Auditing: A Journal of Practice & Theory 34 (1): 199–230.
10.2308/ajpt-50675
Web of Science® Google Scholar
Vinnari, E., and P. Skaerbaek. 2014. The uncertainties of risk management. A field study on risk management internal audit practices in a Finnish municipality. Accounting, Auditing & Accountability Journal 27 (3): 489–526.
10.1108/AAAJ-09-2012-1106
Web of Science® Google Scholar
Zaman, M., and G. Sarens. 2013. Informal interactions between audit committees and internal audit functions. Exploratory evidence and directions for future research. Managerial Auditing Journal 28 (6): 495–515.
10.1108/02686901311329892
Google Scholar

Footnotes

1 Note that Massaro et al. (2016) identify three levels of development of prior research: emergent, in development and at maturity.

2 The CBOK survey is a periodic worldwide questionnaire about the internal audit profession administered approximately every five years by the IIA Research Foundation. The most recent CBOK survey was conducted in two phases, the first on internal auditors and the second (conducted for the first time in 2015 in collaboration with Proviti, Inc.) on stakeholders's perspectives as senior management, audit committees, and board members (IIA Research Foundation, 2017; IIA Research Foundation and Proviti, 2017). The outline of the last CBOK is available in reports by theme and can be found online at https://global.theiia.org/iiarf/Pages/Common-Body-of-Knowledge-CBOK.aspx.

3 Note that Massaro et al. (2016) used positivist terminology and therefore referred to validity and reliability, whereas the authors, as interpretive researchers, use the term trustworthiness to establish the current study's credibility. Interested readers can turn to Patton (2015), Power and Gendron (2015), and Malsch and Salterio (2016) to explore and assess the subtleties of each research paradigm.

4 Note that the contents of Tables 2-4 are in reverse chronological and alphabetical order.

5 See Francis (2004, 2011) and Knechel, Krishnan, Pevzner, Shefchik and Velury (2013) for interesting recent literature reviews on external audit quality.

6 See Bame-Aldred, Brandon, Messier, Rittenberg, and Stefaniak (2013) and Lenz and Hahn (2015) for a literature review of these specific aspects of IAQ.

7 See Stewart and Subramaniam (2010) for a literature review on this specific aspect of IAQ.

Citing Literature

Volume17, Issue3

September 2018

Pages 345-385

This article also appears in:

Recent Highlights in Accounting Perspectives

New Perspectives in Internal Audit Research: A Structured Literature Review^†

Abstract