K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2 INTERNAL AUDITORS AND INDEPENDENCE: AN AGENCY LENS ON CORPORATE PRACTICE Karen Van Peursem, PhD, CA, CPA Department of Accounting The University of Waikato New Zealand Lela D. “Kitty” Pumphrey, CIA, PhD, CPA Department of Accounting Idaho State University U.S.A. ABSTRACT This paper draws on relational governance and agency theory to evaluate the relationships between internal auditors and work associates. This is an important topic because the internal auditor is expected to monitor and report on information quality and their relationships within the organisation may or may not contribute to this purpose. The method employed was to analyse speech acts from interviews with practising, senior internal auditors. Findings indicate that the internal auditor acts as an 'agent' and ‘monitor’ for a variety of issues and to various ‘principals’, and that there is a risk that a conflation of roles between the internal auditor and senior management could occur. Conclusions are drawn as to the implications of these dilemmas for their independence. We also conclude with suggestions for further research including replication in other contexts and quantitative studies to explore the effects of gender, regulatory differences, age of audit division and experience. Key words: Internal auditors, Agency theory, Relational governance, Independence
34
Embed
INTERNAL AUDITORS AND INDEPENDENCE: AN AGENCY …ceebi.curtin.edu.au/local/docs/5.VanPeursem.pdf · INTERNAL AUDITORS AND INDEPENDENCE: AN AGENCY LENS ON ... internal auditor is expected
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
INTERNAL AUDITORS AND INDEPENDENCE: AN AGENCY LENS ON CORPORATE PRACTICE
Karen Van Peursem, PhD, CA, CPA Department of Accounting The University of Waikato
New Zealand
Lela D. “Kitty” Pumphrey, CIA, PhD, CPA Department of Accounting
Idaho State University U.S.A.
ABSTRACT
This paper draws on relational governance and agency theory to evaluate the relationships between internal auditors and work associates. This is an important topic because the internal auditor is expected to monitor and report on information quality and their relationships within the organisation may or may not contribute to this purpose. The method employed was to analyse speech acts from interviews with practising, senior internal auditors. Findings indicate that the internal auditor acts as an 'agent' and ‘monitor’ for a variety of issues and to various ‘principals’, and that there is a risk that a conflation of roles between the internal auditor and senior management could occur. Conclusions are drawn as to the implications of these dilemmas for their independence. We also conclude with suggestions for further research including replication in other contexts and quantitative studies to explore the effects of gender, regulatory differences, age of audit division and experience. Key words: Internal auditors, Agency theory, Relational governance, Independence
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
1
Introduction
Recent problems at well-known major corporations such as Enron, Tyco, WorldCom and
Parmalat have cost shareholders, employees and the market, as a whole, billions of dollars.
As a result, market regulators, accountants and audit professionals have come under intense
scrutiny for questionable reporting practices that have led to or exacerbated these problems.
The perceived, and often very real, shortcomings of a lightly regulated free market have
given rise to a public demand for more information about the efficiency, management, risk
assurance and governance of organisations.
These are activities of concern to internal as well as to external auditors, and thus the
importance of the internal auditor’s role has come to be recognised in new legislation and
standards around the globe. In the U.S., the influential Sarbanes-Oxley Act 2002, which has
U.S. audit standard setting responsibilities from the accounting profession to the Federal
Government. In addition, it redefines auditor independence and, significantly for internal
auditors, requires corporate evaluation and reporting of internal controls. In Australia,
CLERP 9 (Corporate Law Economic Reform Program), which became effective from 1 July
2004, addresses similar concerns by requiring an auditor’s independence declaration and, in
general, by expanding the responsibilities of the Financial Reporting Council (FRC). The
Australian Stock Exchange (ASX) also became involved as its Corporate Governance
Council developed principles and practices of ‘best’ corporate governance resulting in
further company disclosure requirements about their internal practices (Hamilton, 2003).
These actions were motivated in part in Australia by the federally-commissioned Ramsay
Report of 2001 (Priest, 2002).
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
2
Similar patterns exist elsewhere. In Canada, the Canadian Securities Administration and the
Canadian accounting professional body are also requiring more disclosure on internal
controls (Anonymous, 2004a; Spira and Page, 2002, p. 648). The UK Accounting Standards
Board (ASB) has expressed concern with operational events since the Cadbury Report
(1992) and carry on with, for example, the Turnbull Reports (Anonymous, 2004b, Vinten,
2001). Overall, the eyes of the public are more firmly fixed on the functions traditionally
associated with internal audit activity and how those auditors convey that information to
their governing authority. The need for an ethical, reasonably independent and competent
internal, as well as external, auditor is thus affirmed.
The internal auditor’s role is generally seen to involve oversight and monitoring. The
internal auditor may be instrumental in guiding and evaluating the economy, efficiency and
effectiveness of an organisation’s operations and systems, and will be normally accountable
to a governing body (COSO, 2003). It is important, therefore, that the internal auditor be
reasonably independent of management as well as be able to work alongside them.
Internal auditors may not always be in a strong position to do so, however (see Al-Twaijry,
Brierley and Gwilliam, 2004; Glasscock, 2002). An Australian survey concluded, for
example, that internal auditors may not be seen as a ‘true profession’ by all, including some
of their own corporate managers (Cooper, Leung and Mathews, 1994). This can result in
less value being attributed to their services or to their views than those of so-called
‘external’ auditors. An internal audit position is seen by many as little more than a corporate
training ground for managers (Cooper, Leung and Mathews, 1994; Goodwin and Yeo,
2001). Brody and Lowe (2000) found it likely that, as a result, internal auditors will become
more involved with top management as consultants rather than as independent assessors.
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
3
While maintaining good relationships with managers is important in order for internal
auditors to be effective in carrying out their day-to-day activities, their reporting lines to
company directors and to audit committees are also important (see Vanasco, 1996; McCall,
2002). This relationship can be impaired if the internal auditor is not sufficiently
independent of the activities which they, themselves, are monitoring or if the governing
authority is, itself, not one that listens or responds to the issues they raise. The roles of the
internal auditor can become conflated as they try to contribute to control systems and
management processes while at the same time independently report to company directors.
Audit committees, particularly those that include outside directors, assist the internal
auditors in this regard as their presence and involvement are seen to enhance auditor
independence (Spira and Page, 2003; Vanasco, 1996, pp. 14-15; Goodwin and Yeo, 2001).
In order to be in a position to be 'heard', having an independent audit committee may help.
A recent study also indicates that forming, or having the right to form, collegial relationships
with members of the board and senior management is also important toward reaching this
goal (Van Peursem, 2004). This study is concerned with the independence aspect of the
internal auditor’s role, with the potential conflation of their roles and with the nature of the
relationships they form in the workplace. The aim of this paper is to evaluate the
independence implications of the workplace relationships internal auditors enjoy.
Summary of Principal Findings
Leung, Cooper and Robertson (2004) found in their study of Australian chief audit
executives that accountability practices and relationships between internal auditors vary.
We come to some similar findings in New Zealand from an agency perspective, and we find
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
4
that these internal auditors are obligated to a variety of individuals and for a variety of
purposes. It may be difficult for internal auditors to distinguish between these roles. This is
the crux of their dilemma in an environment in which they are expected to report
independently as well as support management. Nonetheless, our findings do point to some
useful distinctions and practices that, in the better situations, may inform us all.
Background
Relational governance is an important, underlying and normative concept applied to express
the potential benefits from having reasonably-independent relationships between internal
auditors and workplace others. Agency theory is an important financial economic
perspective on personal motivation. Together, they are used here to express how these
relationships are negotiated in the New Zealand context.
Relational Governance
Organisational governance has traditionally been equated with organisational control,
influencing managers and staff to assure their actions serve organisational purposes. Those
in this field may refer to patterns of authority that determine the allocation of organisational
resources and which define the alignments of organisational interests (Daily, Dalton and
Canella, 2003; Sundaramurthy and Lewis, 2003). The purpose underlying such control,
monitoring, and alignment functions of governance is to achieve broad organisational goals.
This may be done through social integration that coordinates the responsibilities and actions
of interdependent actors. Governance, as social integration, implies that managers work
within relationships to integrate work responsibilities, foster internalisation of organisational
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
5
goals and create intrinsic commitment to collective organisational interests.
(Sundaramaurthy and Lewis, 2003). Such practice essentially substitutes a social and
relational form of governance for a bureaucratic understanding of governance that is based
on control and hierarchy (McGinnis, Pumphrey, Trimmer and Wiggins, 2004).
An internal auditor also uses collaboration and social relationships to help align goals and to
improve intraorganisational integration (Van Peursem, 2004). Examining patterns of social
relations, as undertaken in the present study, is particularly useful, therefore, for explaining
internal operations and their potential (McGinnis et al. 2004). Studies on relational
governance thus give us reason to believe that the internal auditor’s relationships with
managers, board members and others matter to help ensure effective corporate governance.
Agency Theory Applied
We will be using the principles of agency theory to evaluate these relationships. Applying a
financial-economics-based theory such as ‘agency’ is of value both to understand an aspect
of organisational practice, and to influence the manner in which management plans,
establishes and maintains control systems (San Miguel, 2002). Though not widely applied
to internal audit, agency theory has been suggested as a useful basis to analyse why some
organisations have internal audit departments and others do not, to examine how
organisational change affects internal audit departments and to evaluate how or why internal
audit departments vary in the way they do (Adams, 1994). Agency theory has been applied
to determine why some public accountants contract for internal auditing (Caplan and
Kirschenheiter, 2000) and to examine moral hazards within management systems of
different cultures (Ekanayake, 2004; Evans, 2003). There is clearly room for further
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
6
application. The issue of why internal audit departments vary is of concern here and, in
particular, there is an interest in whether agency theory may be able to help explain the
relationships between internal auditors and others (see Van Peursem, 1995).
Jensen and Meckling (1976, p. 308), in their seminal work on agency theory, defined agency
as "a contract under which one or more (principals) engage another person (the agent) to
perform some service on their behalf which involves delegating some decision-making
authority to the agent". It has been applied to many economics-related disciplines including
finance (Thornton, 1985), accounting (Watts and Zimmerman, 1978; Ettridge, Simon, Smith
and Stone, 1994) and external financial audit (Wallace, 1985). The economics-driven model
shares assumptions that mark it as a distinct model of human motivation and behaviour.
These include the assumption that players will be rational, maximizing individuals who take
actions that serve their personal interests, irrespective of any moral guidelines to the
contrary (Thornton, 1985). Agency theory, in its purest (and efficient market) form, also
assumes that individuals will take into account all available information, rationally and
instantly, to make these decisions. Assumptions of an efficient market can be relaxed to
explain the importance of accounting practices and contracting services. In an imperfect
market for information, contracting with accountants, auditors and others becomes one
means of monitoring – and making visible – agency costs to principals who cannot know
everything at any one point in time (see for example, Watts and Zimmerman, 1986).
For managers, unacceptable activities such as 'shirking' their duties or realising unauthorised
perquisites (perks) are also rational behaviours which can only be (rationally) reduced
through incurring monitoring (agency) costs. Agency costs also include reductions in rents
(e.g., salary adjustments), bonding (such as insurance) or monitoring activities (such as
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
7
accounting or audit practices). Wallace (1985) brought these concepts firmly into the
external auditing realm, in particular with respect to audit's place as a monitoring cost.
We believe that a similar rationale could be used to explain the roles and relationships that
exist within an organisation, and which involve the internal auditor. Contracts can and,
using agency theory rationales, should be made to constrain self-serving managers on behalf
of shareholder principals. Agency costs – such as internal monitoring – will then be
incurred internally. The Sarbanes-Oxley Act 2002 provides an example of how the internal
auditor can be placed in a 'monitoring' position, not only to shareholder-owners but also by
requiring them to report to the public.
There are inherent challenges in relying on these ‘unmonitored’ monitors, however, because
auditors are, of course, subject to the same shirking and perk risks as are others. In the
public arena there are some, albeit imperfect, means to monitor (and control) auditor
activity. External auditors, for example, have had to pay a number of agency-type fees to
ensure the quality of their monitoring such as insurance premiums, court costs to defend
against claims of negligence and, of course, the costs of professional membership.
Such controls are not inherent to the internal auditor’s position. Generally controls over the
internal auditor’s behaviour are instituted through hiring and firing. Therefore, in a
managerial hegemony situation (where there is a weak board) the CEO is likely to be a very
powerful influence over the internal auditor. Moreover, if internal auditors hold themselves
up as managers-in-waiting, as their claims to consultancy activities would suggest, then the
matter is further complicated because they are also agents to managers and accountable for
the same behaviours to which managers are subject. This complex web creates an inherent
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
8
dilemma for the internal auditor: how can they carry out their monitoring role over
management when they are not subject to effective monitoring themselves? There are a
number of complex dilemmas, and we use agency theory to help evaluate them as these New
Zealand internal auditors describe their relationships with workplace others.
Method
The spotlight has only recently been placed on the independence of internal auditors, and
there is little in the literature as yet to suggest how they are responding to it. As such, this
work is an exploratory study of their understandings of those experiences and of their work
relationships. Therefore we found it appropriate to adopt a qualitative and exploratory
research approach.
The full transcripts from six extensive semi-structured interviews with senior internal
auditors at six diverse New Zealand organisations, and the researchers’ related observations
of the participants’ policies and worksites, form the basis for the analysis. We identified and
analysed each speech act, that is, each sentence or paragraph in which they described their
relationships with others. Ninety speech acts were identified in this way. Drawing on these
speech acts, we considered how and under what conditions their relationships could be
understood in terms of ‘monitoring costs’, ‘agent’ or ‘principal’ concepts. Two researchers
participated in this classification.
We gathered information about each organisation and had access to various documents they
used to explain their positions, procedures or measures. The interviews asked each of them,
among other things, how they dealt with others in the workplace. In particular, we asked
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
9
about how they communicated their ideas with middle managers, with staff, with their CEO
and board, and others with whom they dealt on a regular basis.
Semi-structured interviews, such as those used here, are valuable toward providing depth in
understanding particularly where, such as in this case, the researchers wish to know about
general topics (Fontana and Frey, 2003, pp 73-78). As this study is essentially one about the
participants’ view of their work ‘worlds’, including how they perceive their relationships,
the semi-structured format is appropriate (Collis and Hussey, 2003, p. 168). The interviews
were not totally open-ended because structuring the interview to some degree may improve
interview validity and help ensure that the interviews are conducted in the same way (see
Collis and Hussey, 2003, pp. 167-170; Arvey and Campion, 1982 in Wiesner and Cronshow,
1988).
We thus addressed potential reliability problems associated with qualitative research by
beginning with a fixed set of questions about the participants’ roles, activities, reporting
activities and workplace communications. To obtain the depth of understanding and
‘discovery’ that we desired we also encouraged the participants to speak freely. As a result,
the comments they made were followed up with questions beyond the ‘script’ in order to
discover ‘meanings’ using interview methods such as that described in the research methods
literature (see Zikmund, 2003, pp. 126-131; Collis and Hussey, 2003, pp. 167-170).
Obtaining access to an appropriate group can be difficult and, in some cases, participants
may have confidentiality concerns about such contacts (Collis and Hussey, 2003, pp. 168-
170). In this study, however, the interviews followed on from an earlier and extensive
survey of just under 300 respondents who were asked to express their willingness to be
interviewed. Obtaining appropriate participation was, therefore, not a problem. From the 20
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
10
or so who responded and who provided information to contact them, six were seen to be
appropriate because of the seniority they enjoyed and the variety of organisations they
represented. Confidentiality concerns were addressed through applying normal ethical
procedures and disclosures common to the researchers’ university practice.
Problems can emerge if participants do not ‘understand’ the issues or the questions in a
qualitative study, or are unable to convey their thoughts (Collis and Hussey, 2003, pp. 168-
169). To reduce the risk of this occurring, each question was explored in-depth and
interviews were recorded in their entirety so that the transcript could be reviewed to ensure a
reasonable interpretation. In addition, each participant was given an opportunity to review
the way in which we ‘understood’ and ‘classified’ their comments several weeks after the
last interview. Having two researchers to analyse the results also provided some
triangulation in the analysis process. Overall, these methods were used to ensure – to the
most reasonable extent – interview reliability and an appropriate interpretation of the
participants’ thoughts.
These internal auditors were from different types and sizes of organisations and enjoyed
various professional and career backgrounds despite their common IIA membership. We
attempted to look at a wide range, rather than a large number, of internal auditors to gather
an in-depth understanding of the New Zealand ‘case’. As many internal audit groups are
found to be within government organisations, and far fewer in the private sector, half of the
participants were selected from government organisations and all are introduced to the
reader below.
PS is the senior audit and assurance manager of a large internal audit division of a large
organisation. He has held similarly senior positions at other organisations overseas within
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
11
the internal audit profession itself. He also has an extensive professional accounting
background. His organisation employs over 1000 people throughout New Zealand and
contracts primarily to government. He has a large audit staff of 39, 17 of whom are in the
internal audit division (with the remainder in ‘fraud’). PS enjoys a direct line of
accountability to the board, nine of whom are outside appointees and executives.
PV is the internal audit manager of a large audit group within a major, listed New Zealand
manufacturing and service corporation. He manages a professional team of 16 internal
auditors. He has worked for 13 years within a private sector accounting firm with a
background and extensive senior experience in external audit. He has been a senior internal
auditor at his present organisation for six years. His team both consults and reports directly
to the audit committee of his governing board and to the CEO. They carry out a
combination of compliance and consultative projects for the organisation.
PA is an audit partner in a major international accounting firm. His department specifically
carries out internal audit contracts with and within a variety of organisations. PA’s expertise
is in technology audits and he leads a large, highly-specialised team which carries out
technology audits, risk management investigations, fraud investigations and external audit
support. All work in internal auditing is carried out through contractual arrangements and
the parties to whom they report depend upon the contractual conditions but are generally, in
name at least, governing bodies.
MI is the (acting) audit manager of three personnel in the internal audit group of a
government social distribution department. The department has approximately 1000
employees and about 20 separate offices throughout New Zealand and within six different
business groups. MI’s background is in the social sciences. She has internal audit training
but no accounting or auditing experience. (Only one member of her team of three, the
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
12
newest auditor, has a financial background.) She is relatively new to the internal audit role
having only been employed in that capacity in the last several years. MI has served four
different CEOs in that time and, as a result, there has been little support for, or consistency,
in internal audit practices. This audit group primarily carries out compliance audits on a
spot basis and based on areas perceived to be of high risk. Two of the divisions have their
own ‘auditors’ but they are only accountable internally to that division. MI’s original
interest in participating in the study was to ensure that we knew that 'accounting' was not
what they did. She is the only woman represented.
MD is the Corporate Assurance Officer for a large service-based government organisation.
As with MI’s situation, several divisions have their own ‘auditors’ who are not accountable
outside that division. MD’s audit group is small and is only two years old. Its existence is
owed to a recommendation from one of the major accounting firms. His professional
background and expertise is in information systems. He is a self-taught internal auditor who
both inspired and encouraged the leadership in his organisation, with whom he has been
affiliated for over twelve years, to form an internal audit division. He has drawn particular
attention to the risk in the payroll they manage. His group works closely with the central
government’s auditors (Audit New Zealand) on a variety of projects. This audit group is
accountable to the chief financial officer, to a senior functional chief and to a risk liaison
group for generally distinct purposes.
MJ is the senior (and sole) auditor in a government organisation of two hundred employees
including four local subdivisions. This group provides ‘coordination and leadership’,
advising the Minister on ‘activities’ of the organisation. He has an accounting background,
and was previously employed in a senior position by the New Zealand Audit Office. MJ
describes himself as a ‘jack of all trades’ and, like MD, is accountable to a wide range of
senior managers and elected ministers.
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
13
Results
Our results are illustrated in Tables I, II and III. In total, we identified 90 speech acts that
are relevant to these internal auditors’ relationships with others, most of which could be
understood in agency terms. The analysis is divided into issues relevant to the internal
auditor acting as an 'agent' or as a 'monitor'. We found no speech act that portrayed the
‘internal auditor as principal’1, and have thus not included this category in our analysis. We
also found comments referring to what were, on the surface of it, non-agency-like
relationships. These are brought into the analysis later in this section.
Auditor as 'Agent'
We find that these internal auditors are obligated to a variety of individuals as an 'agent' and
for a variety of purposes. Those parties to whom they are most commonly held to account
are the external auditor, senior financial managers, the CEO (or equivalent), or their
equivalents in government.
1 We suggest that there may have been more if we had asked questions on their relationships with their
own audit team, but this was not the focus of the investigation.
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
14
Table I: Agent Roles of the Internal Auditor
Who
Role and Organisation
To what principal?
For what purpose?
External auditor
When needed MD
Corporate assurance officer, large public sector organisation
Senior financial managers Advising on projects
MJ Sole internal auditor in medium-sized government organisation
CEO via group managers (no apparent relationship with the Board to allow them to effectively act as principal)
Question, investigate, understand, listening, 'turn things around', develop and facilitate risk management framework, investigative queries, assure that things working 'properly', picking up on issues, 'mining', internal consultancy, restricting managers, adding value, monitor quality assurance, ensure accountability 'owned'. Follow up enquiries
(not specified)
Audit activities, systems changes
CEO and the Audit committee 'administratively together with general manager
MI Senior auditor, and one of three, in government department Government
PS Senior audit and assurance manager in large but unlisted, profit-oriented organisation.
To the general manager For policy initiatives; for quality assurance and project management
CEO, then audit committee, also external auditors
Advisory consulting, risk plan
Externals, users of financial and regulatory reports
Co-agents with external auditor for audit work
Managers implied For compliance, to check controls, what's needed for a project
Managers The ‘business’
Advisory, consulting (Manager is 'agent' for 'doing it', for process and for instituting controls.)
PV
Internal audit manager in a major, listed corporation
Board and CEOs For skill-base (information technologists, engineer, project people, accountants) and interpersonal skills
(not specified) Employing external technical contractors, having technical & core skills; writing and 'convincing others, horizontal role across policy and coordination; Translate technical issues and risks into business speak, operate at multiple levels, understand all levels of risk, align with organisational direction, big picture person; Communication, negotiation, understanding viewpoints
CEO Others not specified
In terms of organisation, to add value
PA
Audit partner in a major CA professional firm
Various managers at various levels of the enterprise
Monitoring issues of interest, varies across organisations, pro-active contribution, quality assurance, project management, business objective not operational roles
* Each set of initials represents one of the six different interviewees
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
15
In some cases they also report to middle-level managers, and this may be a reflection of
issues specific to each organisation. For example, MJ’s accountability is communicated via
group managers. This appears to be related to a less-than-ideal communication pathway to
the governing authority. PV is accountable to a variety of managers, but this appears
because he operates in a consulting or advisory capacity.
A group less commonly named is the audit committee or board. This may be because
internal auditors are, as is illustrated in Table I, agents for ‘advising on projects’, ‘adding
value’ and the like which are at a functional level. Unless there is a problem with these
activities, it seems logical that functional topics are less likely to be of interest to the
strategy-seeking board.
An inconsistency emerges, however, where it would appear that the same obligation (of the
auditor-agent) is due to both the CEO and to the audit committee/board as joint ‘principals’.
This practice seems to be most prevalent in the government organisations and comprises a
less-than-ideal conflation of roles. Under such circumstances the auditor may find it
difficult to hold the CEO accountable to the board since the CEO appears to be part of the
board. Even where there is an audit committee, which would normally exclude the CEO,
this problem is found to exist. MI describes a confusing situation in which internal auditors
are accountable to the CEO and to the audit committee "administratively together with the
general manager". In contrast, PS is more careful to distinguish the roles by clarifying that
the auditor is accountable to the external auditors for external financial information and to
the general manager for policy initiatives, quality assurance and project management. PA
also makes a clear distinction. While a clear path for reporting certain events to certain
‘principals’ exists in some organisations, it is not present in all.
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
16
Looking to the ‘purpose’ for which the auditor is an ‘agent’, we find that there is a common
obligation to ‘consult’ in their role:
"Advising on projects"
"Advice"
"Develop and facilitate risk management framework …"
"... to check controls, what's needed for a project"
"Monitoring issues of interest ... quality assurance, project management, business objective not
operational roles"
The traditional ‘tick and check’ function distinguishes the internal auditor’s activities from
those of the managers, and the internal auditor appears to be a clear agent for them. We
note that in some cases, however, internal auditors select the subject for audit “in
consultation” with management, indicating that they may not have the authority they need
when it comes to selecting that which they intend to review.
Another range of expressions refers to the skills that would be expected of an internal
auditor. Insofar as those skills are both desired and present in the individuals employed, it
would seem that the internal auditors have an obligation toward applying them as part of
their responsibilities as an agent:
“[The internal auditor is responsible for having or acquiring] "skill-base ... IT, engineer, project
people, accountants… and [having] interpersonal skills”
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
18
"Employing external technical contractors, having technical and core skills ... writing and convincing
others, translate technical issues and risks into business speak, operate at multiple levels, big picture
person ... communication, negotiation, understanding viewpoints"
"Co-agents with external auditor for audit work"
"... [Controlling a] subtle way ...”
Both technical and social skills are valued and it seems that internal auditors are inclined to
develop collegial relationships with their work colleagues.
Overall, four features emerge to suggest that the internal auditor is: the responsible ‘agent’
for informed consultation on projects that add value to the organisation, the responsible
‘agent’ for carrying out traditional audit duties of control and oversight and expected to have
and apply technical and social skills in undertaking work with employees. Finally the most
commonly-named ‘principal’ is senior management or the CEO. While these points
dominate, these auditors nonetheless fail to express a consistent view on these issues,
leading us to suggest that there is likely to be significant variation in practice.
Auditor as 'Monitor'
An equally complex situation is encountered with respect to the internal auditor’s activities
as a ‘monitor.’ The following analyses the participants’ discourse on the roles they adopt in
this capacity (Table II) and the responsibilities for which they are held to account (Table
III).
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
19
Table II: Monitoring Roles of the Internal Auditor
Who?
Role and Organisation
To what principal or what agent?
Summary of Comments
[External users implied]; To Board & CEO of manager; Managers agents & monitors
Joint monitors with external auditor for Audit activity; State of internal controls; Using self-assessment
MD
Corporate assurance officer in large public sector organisation CFO/ Chief of Services;
Corporate Risk Officer, Ministry; of Management
Project management issues; Policy, relative administration; Ineffective systems or policies
MJ
Sole internal auditor in medium-sized government organisation
To government and Board; Of management
Ownership issues, capabilities of the organisation, how processes carried out; 'Turning things around'', looking at things from [audit] perspective, getting acceptance on [audit] rationales, restrict managers, quality assurance, 'as auditor', ensure accountability is 'owned', to 'restrict' others
To government of the 'organisation'
Internally for legal compliance
MI
Acting senior auditor, and one of three, in government department
To CEO and Audit Committee and Public of management
Monitor in public interest (Audit Committee not an active principal )
To Board/ CEO (formally); Chairman/ Board of managers
Relative risk and risk assessment (to Board) and control status (to CEO)
To general manager Policy [process of carrying out implied], plans, using follow up
PS
Senior audit and assurance manager in large unlisted, profit-oriented organisation.
[Not specified] Policy assurance and project management
To CEO of the manager
Reporting on 'audit grading'
To Board/ Audit Committee via Charter of management (incl CEO) (using follow up)
Accountability, 'independence', state of internal controls by looking at processes "to Board & CEO", audit committee receives annual formal report: other reports by auditor to CEO
PV
Internal audit manager in a major, listed corporation Auditor may become monitor (from agent
with managers) if something 'out of beam' To Audit Committee for CEO (ideally); if Audit Committee missing, no apparent principal, for share price stakeholders; To Government for CEO (indirectly; To CEO in 'his role'
Too often monitoring role arbitrated and ineffective; Not directly a monitor for enforcing good government practice, monitor for managers in subtle way, no longer monitor of past manager performance; (not specified)
PA
Audit partner in a major CA professional firm
Government Monitor CEO though not for enforcing government practice
* Each set of initials represents one of the six different interviewees
The monitoring role appears to call on the internal auditor to review information flows
between corporate ‘agents’ (primarily management) and their corporate ‘principals’
(primarily, but not exclusively, the governing body). A pattern found is that there is no
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
20
consistent ‘principal’ for the auditor-as-monitor, although this may be in part attributable to
the fact that the auditor must adopt several roles, and thus accept oversight from various
sources. In some cases the CEO (or other senior manager) and a governing body member
are referred to together. This is more concerning and is another illustration of how
conflation of their role can occur. Consider the situation in which the auditor-as-monitor
reports to the CEO and an independent board together who, themselves, have opposing
interests. The action the auditor should take is not clear, should, for example, the CEO be
shirking and thereby damaging the organisation as a whole. The ‘subtle relationship skills’
to which one auditor refers would certainly be useful at that point and would seem to be the
least of what they would need in such a dilemma.
There are varying experiences as to how well the audit committees work and whether they
are effective principals.
“The audit committee’s now meeting more often than it used to … it’s now four times a year …
what’s come out of the States probably hasn’t changed [things here] hugely in terms of the importance
of the committee and its role but it’s really reinforced it … [this company] has always had pretty good
governance” (PV)
Elsewhere, the activities of the audit committee appear to be either less clear or less
functional. Typical of the three government organisations is MD’s description of a complex
web of accountabilities, none of which is clearly linked into an audit committee or its
equivalent:
[Our Chief Executive] is accountable to the audit committee and sort of functionally as an audit unit,
we’ve got a direct reporting line to the Chief Executive however (MD)
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
21
PA, in his unique external contracting position, has the opportunity to observe a number of
organisations and comments on his observations:
“[In my contracts] there has to be reporting to an independent audit committee. I say that because my
perception of what happens in reality is not quite like that! Some of our clients do have that sort of
structure in place. I’d be fairly critical of [others including] some of the government arrangements at
the moment; when I think that the CEO, certainly in terms of what I can see in the central government
agencies, place[s] far too much on … arbitrating what in internal audit matters” (PA).
Without an effective audit committee, it may be more difficult to challenge the CEO.
“[If the independent audit committee is ineffective] I suppose [internal audit] changes its direction,
instead of being an area which can add value to the organisation as a whole… it tends to be more… a
department which will aid the CEO in his role… I think that a strong audit committee is a powerful
aid. If it’s done correctly I think audit committees challenge CEOs…” (PA)
The internal auditor-as-monitor, in the absence of an effective audit committee, will have to
convince the principal, CEO or the Board, through the power of personal persuasion.
“[Is management helpful toward achieving action?] "Oh it is, but it's up to how well you [the internal
auditor] drive that ... and sell it. You're not going to get it unless you can convince the powers that be
that ...this is actually necessary." (PS)
Obtaining management buy-in on audit rationales and ensuring that accountability is 'owned'
are challenges and may reflect on that aspect of the internal auditor’s relationships with top
management (Table II). A further consideration is given to what the internal-auditor-as-
monitor’s responsibilities comprise (Table III).
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
22
Table III: The Auditor’s Responsibilities as Monitor
Apparent 'Principal' For What Responsibility * External users, shareholders Joint monitors with external auditors for external, financial
information Governance groups (Board, Audit Committee or Ministry) only
Relative administration Ownership issues Organisational capabilities How processes carried out Legal compliance (2) Public interest Risk assessment Control status If something appears out of place
Senior Managers/ CEO Only Project management Turning things around Getting acceptance on [audit] rationales Restrict managers and others Quality assurance Ensure accountability is 'owned' Control status Carrying out policy NOT past performance of manager
Board and CEO Combined Internal controls Processes
* In all cases management was named. As the level of manager was not always specified, or in other cases the term was used to refer to managers 'generically', we did not distinguish between upper- and middle-level management.
The auditor may be expected to provide an account to the boards of the condition of the
organisation's internal controls. While, on the face of it, internal controls would not
normally be of strategic importance, it is perhaps a telling indication of the times that boards
wish to be informed of such operational matters.
For the most part, however, internal auditors only report to their governing body on external
issues, not in internal efficiencies unless they are in some way extraordinary. This includes
reporting on such issues as legal compliance, organisational goals, ownership issues and
public interest concerns. There seem to be distinctions, therefore, between what these
auditors monitor for governing bodies and what they monitor for senior management. If
these comments are indicative of a wider practice, then this may be one fundamental way in
which their relationships with their boards differ from their relationships with their CEOs.
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
23
Nonetheless, and citing the points raised above, it would appear that the internal auditor's
role may be effective only insofar as there exists an independent board which is ready to
listen and act upon the auditor's assessments.
Other Roles
Not all of the internal auditors' relationships can be defined as resting strictly within the
agency model, of course, as the auditor’s work draws them into a variety of relationships
with others. Some of those to which these auditors refer serve educational or social needs
and, as such, do not appear to have ‘agency’ implications.
“ ... and then we had the education days ... their type of education days and training programmes I find
really useful, more so than the ICANZ” (MJ)
“When I first got here, and the new Zealand IIA wasn’t really that well run or that focused, it was
more of a donation because I felt that ... we should actually be supporting the IIA” (PV)
“[About a team of external auditors] They sort of do their own independent audits and they also help
us and we help them. My role of helping them this year was to [provide assistance organise material
needed for their audit]” (MD)
In other cases, however, these casual relationships may mask the more serious purpose of
reinforcing their ‘monitoring’ role. In particular, the internal auditor’s relationships with
association members seem to contribute to an ‘independence of mind’ for the auditor-as-
monitor by bringing them closer into the ethos of the audit community.
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
24
“The internal audit association have monthly meetings and they always have a darn good speaker ...
that's primarily to try to get people to sort of move away, shall we say management thinking and
[from developing a non-independent relationship with their managers]” (MD)
“We go along to the [IIA] education days and a few other training courses ... when we can ... I think
it's useful to know what's going on in the audit world, because they get speakers in from all over the
place, new things have come along ... if you have a particular problem [with managers] ... you can get
hold of people [for advice]” (MI)
“I find it's very useful, particularly when you work in isolation, and to be able to have contacts with
other [IIA] colleagues and other organisations” (MJ)
This may also, in selected cases, be the case in their relationships with the external auditor
as well, though few commented on external auditors in ‘relationship’ terms and those that
did sometimes indicated a distant and possibly intimidating relationship:
“We work really closely with the external auditors and simplistically we’ll look at the P&L and
operational things and they’ll look at the balance sheet” (PV)
“[Our relationship with the external auditor is] Excellent! External auditors do no control work in our
organisation [so they must trust what you’ve done?] Well if they didn’t, I’m sure one of us would find
out [laughter]” (PS)
“To be honest, we just don’t have the budget to bring in [external auditors]” (MI)
Their collegiality with other audit professionals may be an important mechanism to reduce
the risk of being caught up in the ‘day-to-day’ or identifying too closely with managers’
interests. It may be this association that also enables the internal auditor to ‘educate’ their
own managers in return:
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
25
“But what I wanted to try and do is get [managers] to buy into ... [the fact that risk is] their
responsibility ... but I've found it does take time to ... get that understanding and get that [buy
in]”(MD).
“You've got to be quite clear about what you're going to do, and keep on emphasising things ...
challenge is ... getting to those people that just don't want to hear but are presenting a big risk to the
department” (MI)
Improving the manager’s ‘knowledge’ seems to be a pseudonym for convincing managers to
accept their ‘agent’ responsibilities. As such, even the most casual relationships they enjoy
with other auditors may help to solidify their monitoring role.
Conclusion and Recommendations
It is comforting to observe that these professionals generally agree that the internal auditor’s
voice should be a relatively distinct one that ‘supports’, as opposed to ‘performs’,
management functions within the traditional bounds of auditor oversight. Nonetheless, and
despite such self-knowledge, these distinctions do not seem to carry the same weight in all,
or consistently through all, of these practices in a way that would suggest that they are fully
observed.
The analysis reveals that the reason for this may lie in the fact that it is very difficult for the
internal auditor to control their own involvement in and with management. It does not
appear to be, for most of these auditors, a lack of knowledge about what they should do.
Most seem to know to step back when circumstances require them to do so. Their dilemma
seems to lie in the paradox that they need to be both adept at holding themselves
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
26
accountable to the CEO and, at the same time, accountable to the audit committee about the
CEO. This point is illustrated from the following findings.
Several of these internal auditors have indicated a less-than-uniform level of 'management'
to whom and about whom they report. Whether the internal auditor is acting as ‘monitor’ or
‘agent’, such questions appear to exist and they contribute to a concerning conflation in the
auditor’s role. This is potentially a significant problem for the auditor and for the
organisation because, in a managerial hegemonic situation with a dominant CEO, that CEO
may be able to ‘shirk’ without monitoring oversight and with impunity if a clear reporting
line is not established.
Most of these internal auditors act as monitors between agent-managers and director-
principals and yet at the same time are also the agents accountable to the CEO-directors for
proper oversight. This is another practice that leads to a conflation in their role. If an
auditor becomes involved in changes being made to a system, it would be all too easy to
become involved in implementing that system and, ultimately, monitoring their own work.
There is a fine line between advising and implementing, and one to which the internal
auditor must be sensitive in their communications and relations with others. One way to
address this dilemma would appear to be found in the existence of a quality Audit Charter,
one in which reporting relationships are clearly defined. All of the organisations discussed
had Audit Charters (except for the independent contractor). In fact, one participant had
insisted that his Charter include provisions about accountability (reporting to others, when
and for what) before he would accept the position. While it may be difficult to make such
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
27
demands prior to employment, it would seem to be an important opportunity if one can to
establish the relationship and role.
Related to these points is the dilemma that most of these auditors face in addressing
expectations that senior managers will have some input into formulating the audit plan or
programme. This effectively makes the auditors co-agents with management for what would
normally comprise audit decisions. While the purpose may be to ensure that the results of
the audit work will meet organisational needs and be accepted by employees, and it may
indeed serve such a purpose, it is also a practice which places the auditor’s independence at
risk. This is because the manager could ‘discourage’ the auditor from conducting
investigations into areas in which that manager feels vulnerable. This is yet another
‘conflation’ of the auditor’s role as it permits the managers to intrude into activities
normally associated with someone who enjoys independent oversight.
The findings reveal some informative ways in which these internal auditors address these
problems. For example, participants often found themselves explaining their own role to
their own managers and workmates. By ‘educating’ their colleagues as to what the auditor
can and cannot do, and when they will and will not do it, a clarity of role can potentially be
carved out by the internal auditor. This may explain why these auditors refer to their skills
in communication and in building relationships so frequently. Relational governance is not
an empty term to these auditors. They must ensure that their lines of communication are
strong so that they can explain their position in a way that is likely to be understood and
accepted by their work colleagues.
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
28
The presence of a strong audit committee has to be another important feature in reducing the
effects of audit role conflation. As long as the audit committee excludes the CEO and is
competent and involved, there may be a clearer line of authority for the internal auditor to
report about the CEO. If the audit committee is absent or weak, and if the CEO or other
senior managers are overly influential, then auditors are simply not in a position to challenge
unethical practices when they exist near the top of the organisation. The risk from being a
co-agent with line managers may be partially offset, it would seem, by having real access to
those responsible for governance. While it is difficult to say whether a casual relationship
between the internal auditor and the audit committee would serve these purposes well, an
easily-accessible one would seem to hold some promise.
Finally, the casual relationships internal auditors appear to enjoy with other members of
their profession may mask the serious service they contribute to the auditor’s independence.
Leaders in internal audit departments and auditors who find themselves working in isolation
seem to benefit from the audit ethos which their professional association provides. That
their closest working colleagues – managers – are also those to whom they may be charged
to monitor highlights further the importance of these luncheons and seminars with their
peers. This sharing of concerns, and how to resolve them, may be what turns the tide when
it comes to making important decisions impacting independence.
Most participants seem to be aware of the point at which they should ‘pull back’ from
becoming too involved in managerial decisions. But whether they can do so or not is
another story. Ultimately, their success at being an ‘agent’ for their risk-analysis skills may
also depend on their success at being a ‘monitor’ of their management, a situation perhaps
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
29
more reliant on relational governance, personal communication skills and workplace ethos
than formal structures may imply.
Limitations and Suggestions for Further Research
A limitation of the study is its New Zealand focus. Practice in New Zealand may or may not
reflect that in other contexts. In particular, law and regulation may lead to different
practices overseas. For this reason, we suggest that the study be replicated in other contexts.
The issues still matter, however, as these internal auditors share, in common with internal
auditors globally, their professional association and code. The IIA provides guidance,
ethical codes, education and a particular vision so there is likely to be a common range of
issues on the international scale, but perhaps handled in different ways in different places.
It must also be acknowledged that there would be people acting as internal auditors who are
not IIA members, and that their views and practices are not incorporated into the study. We
note, however, that where 'best practice' is not performed by IIA members, it may be all the
more prevalent in internal audit departments which do not include IIA members. Hence, we
would suggest that we are probably observing the best of internal audit independence
practice.
The sample size is small and does not permit statistical evaluation, thereby limiting the
generalizability of the findings. Nonetheless, the intent of reaching out to a variety of
practices and practitioners was achieved, as was the desire to explore their discourse in
greater depth than a statistically-sized survey could have made possible. We suggest that, as
an exploratory study, it establishes a foundation for quantitative studies which could look for
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
30
patterns in internal audit relationships across such variables as gender lines, experience,
national/legal boundaries or the age of audit departments.
There are other opportunities for further research. Replication of this study in other
jurisdictions has been suggested. It would also be of value to explore the implications, in
reporting terms, of maintaining an 'agent', 'monitoring' or 'principal' role. In general, the
issue of internal auditor independence is an important topic to explore further. Issues raised
in the New York Attorney General’s pursuit of management-stacked boards (Anonymous,
2004c) suggest to us that if auditors somehow confuse their obligations, and with whom
those obligations lie, there may ultimately be a heavy price to pay.
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
31
References
Al-Twaijry, A. A. M., Brierley, J.A., & Gwilliam, D. R. (2004). An examination of the relationship between internal and external audit in the Saudi Arabian corporate sector, Managerial Auditing Journal, 19(7), 929-944. Adams, M. B. (1994). Agency Theory and the Internal Audit. Managerial Auditing Journal. 9(8), 8-12. Anonymous. (2004a, June 12). ASB issues draft standard on the operating and financial review, Double Entries, 6. Anonymous. (2004b). The report: Yet to see uniform model for gauging risk. Credit Control, 25(5), 608. Anonymous. (2004c, November). Marsh and Mac. Business Week, 35-43. Brody, R. G., & Lowe, D. J. (2000). The New Role of the Internal Auditor: Implications for Internal Auditor Objectivity. International Journal of Auditing, 4, 169-176. Caplan, D. H., & Kirschenheiter, M. (2000). Outsourcing and Audit Risk for Internal Audit Services. Contemporary Accounting Research. 17(3), 387-428. Chan, S. (2004, October 11). Mapping COSO and CobiT for Sarbanes-Oxley compliance. IT Audit: A Service of the Institute of Internal Auditors, www.theiia.org/itaudit/index.cfm. Collis, J., & Hussey, R. (2003). Business Research. Basingstoke, Hampshire, UK: Palgrave Macmillan. Committee of Sponsoring Organizations of the Treadway Commission (COSO). (2003). Internal Control – Integrated Framework COSO, 4, www.coso.org Cooper, B. J., Leung, P., & Mathews, C. (1994). Internal Audit: An Australian Profile. Managerial Auditing Journal, 9(3), 13-19. Daily, C. M., Dalton, D. R., & Cannella, A. A. (2003). Corporate Governance: Decades of Dialogue and Data. Academy of Management Review, 28(3), 371-382. Ekanayake, S. (2004). Agency theory, national culture and management control systems. Journal of American Academy of Business, 4/1-2, 49-54. Ellis, T. (2004, December 12). Exporters to the US must pull their SOX up. National Business Review, 28, col. 1-6. Ettridge, M., Simon, D., Smith D., & Stone, M. (1994). Why Do Companies Purchase Timely quarterly Reviews? Journal of Accounting and Economics, 18(2), 131-155. Evans, L. (2003). Auditing and audit firms in German before 1931. The Accounting Historians Journal, 30(2), 29-65.
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
32
Fontana, A., & Frey, J. H. (2003). The interview: From structured questions to negotiated text. In N. K. Denzin & Y. S. Lincoln (Eds.), Collecting and Interpreting Qualitative Materials (2nd Edition). London: Sage Publications. Glasscock, K. L. (2002). Auditees or clients? The Internal Auditor, 59(4), 84-85. Goodwin, J., & Yeo, T. Y. (2001). Two Factors Affecting Internal Audit Independence and Objectivity: Evidence from Singapore. International Journal of Auditing, 5, 107-125. Hamilton, L. (Chairperson). (2003). Principles of Good Corporate Governance and Practice Recommendations. Sydney: Australian Stock Exchange (ASX). Jensen, M. C., & Meckling, W. H. (1976). Theory of the Firm:Managerial Behavior, Agency Costs and Ownership Structure, Journal of Financial Economics, 3, 305-360. Leung, P., Cooper, B., & Robertson, P. (2004). The Role of Internal Audit in corporate Governance and Management. Melbourne: RMIT Publishing. McCall, S. M. (2002). The auditor as consultant. The Internal Auditor, 59(6), 35-39. McGinnis, S. K., Pumphrey, L. D., Trimmer, K. J., & Wiggins, C. (2004). Sustaining and extending organisation strategy via information technology governance. Proceedings of the 37th Hawaii International Conference on Social Sciences, Hawaii. Priest, A. (2002, April 19). CPA Australia puts forward a financial reporting framework. Accounting Education News, www.accountingeducation.com San Miguel, J. G. (2002). The Behavioral Sciences and Concepts and Standards for management Planning and Control. Accounting, Organizations and Society. 2(2), 177-186. Spira, L. F., & Page, M. (2002). Risk management: The reinvention of internal control and the changing role of internal audit. Accounting, Auditing & Accountability Journal, 16(4), 640-661. Spira, L. F., & Page, M. (2003). Risk management: The reinvention of internal control and the changing role of internal audit, Accounting, Auditing & Accountability Journal, 16(4), 640-661. Sundaramurthy, C., & Lewis, M. (2003). Control and Collaboration: Paradoxes of Governance, Academy of Management Review, 28(3), 397-415. Thornton, D. B. (1985, January), A Look at Agency Theory for the Novice: Part 2, J.H. Amernic (Ed.), CA Magazine, 93-100. Van Peursem, K. A. (2004). Internal auditors’ role and authority: New Zealand evidence. Managerial Auditing Journal, 19(3), 378-393. Van Peursem, K. A. (2005). Conversations with Internal Auditors: The Power of Ambiguity. Managerial Auditing Journal. 20(5), 489-512.
K. Van Peursem, L.D. Pumphrey/FRRaG (Financial Reporting, Regulation and Governance) 2005, 4:2
33
Vanasco, R. R. (1996). Auditor independence: An international perspective. Managerial Auditing Journal, 11(9), 4-48. Vinten, G. (2001). Corporate governance and the sons of Cadbury. Corporate Governance, 1(4), 4-8. Wallace, W. A. (1985). Auditing Monographs, New York: Macmillan Inc. Watts, R. L. and Zimmerman, J.L. (1978). Towards a positive theory of the determination of accounting standards. The Accounting Review, 53 (1), 112-134. Watts, R. L., & Zimmerman, J. L. (1986). Positive Accounting Theory, Englewood Cliffs, New Jersey: Prentice-Hall. Weisner, W. H., & Cronshaw, S. F. (1988). A Meta-analytic investigation of the impact of interview format and degree of structure on the validity of the employment interview. Journal of Occupational Psychology, 61(4), 275-291. Zikmund, W. G. (2003). Business Research Methods. Mason, OH: Thomson