Internal auditing competence profile: an empirical ... Internal auditing competence profile: an empirical

  • View
    1

  • Download
    0

Embed Size (px)

Text of Internal auditing competence profile: an empirical ... Internal auditing competence profile: an...

  • Internal auditing competence profile: an empirical analysis

    Arena, M. (*), Azzone, G., Ciceri, M.

    Politecnico di Milano

    Dipartimento di Ingegneria Gestionale

    Corresponding author

    Marika Arena

    Politecnico di Milano

    Dipartimento di Ingegneria Gestionale

    Piazza Leonardo da Vinci 32

    20133 Milano

    marika.arena@polimi.it

    0039 02 23994070

    Early Draft

    Please do not quote without authors’ permission

  • Introduction

    The problem of defining a competence profile of internal auditors has become particularly relevant in recent

    years due to the evolution of the role of Internal Auditing (IA) within the organization and the broadening of

    the range of IA stakeholders.

    Originally, IA was introduced as a monitoring mechanism aimed at protecting company assets and ensuring

    reliable accounting information. In the following years, however, internal auditors tried to extend their areas

    of involvement beyond financial auditing and compliance, to include operational auditing, risk management

    and consulting activities (Bou-Raad, 2000; Spira & Page, 2003; IIA UK and Ireland, 2008; 2009, Arena &

    Azzone, 2009). More recently, financial scandals and the related reforms attracted new attention on IA as

    one of the fundamental components of corporate governance, in conjunction with external auditors, top

    management and the audit committee (Ebaid, 2011). IA has been increasingly looked at as a possible

    response to external pressure of reducing information asymmetry between top management and external

    stakeholders (Spira & Page, 2003).

    These changes had a double impact on internal auditors’ work. On the one hand, the range of activities

    performed by the internal auditors was broadened, with an increasing involvement of internal auditors in

    issues such as sustainability, technology, projects. On the other hand, the nature of the activities performed

    changed with the introduction of consulting activities in addition to assurance services. These changes

    naturally called for an enlargement of internal auditors’ competences, to ensure their ability to deal with

    issues that goes beyond the traditional areas of financial auditing and compliance (Abdolmohammadi et al.,

    2006; Burnaby & Hass, 2009).

    The original focus on internal controls over financial reporting has in fact resulted in competences not

    completely coherent with the new needs of the organizations, with potential impacts on the effectiveness of

    IA activities concerning the risk assessment process, IA plan development, IA quality and audit coverage

    (Ernst & Young, 2008). From a technical perspective, the development of the ability to evaluate and test

    internal controls, audit and assess complex IT environments and address both enterprise-wide risk and

    governance issues has become essential for internal auditors in addition to traditional financial competences.

    From a managerial perspective, internal auditors should be able to “think beyond the project” and have the

    business knowledge and confidence to engage in substantive conversations with senior management, middle

    management and the audit committee (PricewaterhouseCoopers, 2007).

    An appropriate skills set not only allows internal auditors a better understanding of what adds greater value

    to the company, but also increases their credibility, trust and respect towards them, which contributes to the

    effectiveness of the IA function (Ramamoorti, 2003; Turner, 2007). Therefore, internal auditors are expected

    not only to acquire new skills and tools, but also to adopt new attitudes and practices required to effectively

    play the new role (Senapalh, 2000).

    This enlargement of IA competences, however, is in contrast with some concrete difficulties that the internal

    auditors have to face. On the one hand, the CAEs themselves consider the lack of competences and

    capabilities to be one of their primary challenges (PricewaterhouseCoopers, 2007), though they give great

  • importance to education, training and competence development (Bou-Raad, 2000; Venter & du Bruyn, 2002;

    Rittenberg & Anderson, 2006; Steyn & Plant, 2009).

    On the other hand, some empirical research showed that IA stakeholders often consider internal auditors

    insufficiently knowledgeable to provide useful help (Griffiths, 1999; Van Peursem, 2004; 2005). In

    particular, managers lament internal auditors’ lack of technical skills, their inability to clearly communicate

    findings, and the perception of a limited benefit resulting from the implementation of the recommendations

    received (Hunton & Wright, 1995; Flesher & Zanzig, 2000). Others believe that internal auditors have the

    capabilities to assess risk management processes and report their opinions, but are not able to identify and

    report in a reasonable time the problems that threaten the efficiency of these systems (Leech, 2009; Bota-

    Avram, 2009).

    In this context, the paper aims to: (1) analyze the evolution of internal auditors’ competences in response to

    the change role of the IA role, (2) identify key drivers influencing the development of a specific competence

    profile at the organizational level.

    To answer to these objectives, we relied on the model proposed by Cheetham & Chivers (1998) and we

    applied it to the IA. The application of the model is based on data collected through a case study method,

    with interviews performed with the CAEs of 14 Italian companies operating in 4 main industries (energy,

    manufacturing, financial services and IT)

    The paper contributes to the current literature in different ways. This work is one of the few paper that deals

    with the problem of IA competence from an academic perspective. The current literature mainly focused on

    external auditing (e.g.: Abdolmohammadi & Shanteau, 1992; Abdolmohammadi et al., 2004; Bonner &

    Lewis, 1990; Bonner & Pennington, 1991; Libby & Luft, 1993; Libby & Tan, 1994; Tan & Libby, 1997;

    Tan, 1999); but very few academic studies have addressed the case of IA (Abdolmohammadi, 2009).

    However, the research findings from the external auditing field cannot be automatically transposed to the IA

    sphere, due to some significant distinctions. Firstly, the objectives of internal and external auditors, and the

    work which they do, are different. The aim of external auditors is to formulate an opinion as to whether

    financial statements are free of material misstatement, while the task of internal auditors is to assist senior

    management and the board of directors with evaluating and managing risks, assessing compliance with laws

    and regulations, and evaluating operational efficiency (e.g. Eilifsen, Messier, Glover, & Prawitt, 2006).

    Secondly, internal audits are conducted within a single entity, and there are hierarchical links between the IA

    function and other parts of the organization (such as management, or the board of directors/audit committee).

    The external auditing literature does not consider these specificities, suggesting a need for further research.

    The second contribution of the paper deals with the methodology adopted. Most of current works on IA

    competence move from a pre-defined list of competencies and tested it through a survey method (Vinten,

    2004; Abdolmohammadi et al., 2006; Ernst &Young, 2008; PricewaterhouseCoopers, 2007, 2008, 2010;

    Protiviti, 2011). In this paper, we move from a competence model, that is widely adopted in the competence

    literature, and we applied it to the case of the IA, complementing quantitative analysis with a case study

  • method. This approach allowed us to analyze more in details the motivations at the basis of the development

    of a specific competence profile for IA and the factors influencing it.

    The reminder of the paper is articulated as follows. Section 2 presents the Cheetham & Chivers (1998)

    model, that we propose as a valuable model to analyse IA competences. Section 3 discusses the method used

    for data collection and analysis. Section 4 describes the findings of the study and we conclude in section 5.

    Theoretical framework

    The model selected for the development of the study is the “holistic model of professional competence”

    proposed by Cheetham & Chivers (1998) (in Figure 1). The model was elaborated with the aim of bringing

    together in a single holistic model the coherent elements among the approaches suggested before by various

    authors.

    Figure 1: Holistic model of professional competence (source: Cheetham & Chivers (1998))

    Cheetham e Chivers’s model consists of four key components, that are thought to be strictly intertwined:

    knowledge/cognitive competence, functional competence, personal or behavioural competence,

    values/ethical competence. Knowledge/cognitive competence has been defined by the authors as the

    possession of appropriate work-related knowledge and the ability to put this to effective use. Functional

    competence is defined as the ability to perform a range of work-based tasks effectively to produce specific

  • out

Recommended

View more >