Available online at www.sciencedirect.

com

ScienceDirect
Procedia Economics and Finance 15 (2014) 530 – 537

Emerging Markets Qu eries in Finance and Business

Contemporary App roaches in Internal Audit

a, b
Maria Alina Caratas *, Elena Cerasela Spatariu
a
The Bucharest University of Economic Studies, Bucharest 010374, Romania
b
Ovidius Univer sity of Constanta, Romania

Abstract

The object of this paper is to present the role of internal audit in the contemporary life of a company. Internal audit
function plays a major role in the enterprise, carrying on control in financial field and all others settled by management,
safeguarding the corporate assets and ensuring the security of accurate records. Between internal audit and the prosperity
of a company, there is a strong link which leads to increase the value of the company and achieve its objectives. The
relevance of internal audit reporting is given also by adapting its function to the changing expectations and its alignment
to fraud prevention policies, aside with risk evaluation and improvement of c ontrol strategies.
© 2014 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license
© 2013 Published by Elsevier Ltd. Selecti on and/or peer review under responsibility of Emerging (http://creativecommons.org/licenses/by-nc-nd/3.0/).
Markets Queries in Finance and Business local organization.
Selection and peer-review under responsibility of the Emerging Markets Queries in Finance and Business local organization
Keywords internal audit, internal control, risk management, corporate governance codes:

1. Introduction

Nowadays, internal auditors are operating in a very difficult time, facing a number of serious changes. In such
circumstances, they try to evaluate and improve the effectiveness of risk management, control and governance processes.
In order to understand ne w systems and processes created as a result of changing regulations internal auditors should
reconsider their position within the organizations. “Internal audit can play a role in determining whether the living will
plans developed by the organization are reasonable and supported by appropriate documentation, that the right peopl e
are involved and that the risks and controls are identified and addressed” KPMG, 2011. Regulators all over the world
have recently highlighted the growing importance of internal audit in supporting managers and other s within companies
to ensure the integrity and reliability of financial reporting. Risks, in one form or anothe r, have been around and within
companies for decades.

* Corresponding author. Tel.: +40-722-298-184; fax: +40-241-632-

893. E-mail address: maria.caratas@me.com

2212-5671 © 2014 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND
license (http://creativecommons.org/licenses/by-nc-nd/3.0/).
Selection and peer-review under responsibility of the Emerging Markets Queries in Finance and
Business local organization doi:10.1016/S2212-5671(14)00503-6
 Maria Alina Caratas and Elena Cerasela Spatariu / Procedia Economics and Finance 15 (2014) 530 – 537 531

However, at present, we are witnessing an increased risk environment. Therefore, internal audit should
anticipate risks and identify trends in control field.
The objective of this paper is to examine the role of internal audit in the contemporary life of
organizations which are facing a lot of challenges. Internal auditing plays a vital role within companies,
contributing to their prosperity and future success. The motivation for this research paper stems for the
importance of adapting internal audit functions to the newest expectations of stakeholders. We agree with
Hermanson et al., 2003 who consider that an effective modern internal audit function consists in: making
appropriate assurances regarding controls, evaluating independently accounting practices and processes,
measuring and analyzing risks, preventing fraud.

2. Research methodology

Our research demarche incorporates results of previous academic papers and issues regarding current regulations into
a comprehensive analysis of contemporary internal audit approaches aiming to build an effective internal audit function
adapted to newest expectations. First of all, we appeal to a series of deductive and inductive research mechanisms for
determining the internal audit, internal control and corporate governance concepts. Then we realize a comparative
analysis of the extents to which the UK Corporate Governance Code and that of Bucharest Stock Exchange treat internal
audit as an effective pillar for increasing governance effectiveness. We conclude with a discussion of research results
highlighting the need for including more specific provisions concerning internal audit in national corporate governance
codes by virtue of audit’s dualistic character: as an added value creator and as a partner of companies’ management.

3. Background literature

In the literature, the concept of corporate governance refers to “the system by which companies are
directed and controlled. Boards of directors are responsible for the governance of their companies. The
shareholders’ role in governance is to appoint the directors and the auditors and to satisfy themselves that an
appropriate governance structure is in place. The responsibilities of the board include setting the company’s
strategic aims, providing the leadership to put them into effect, supervising the management of the business
and reporting to shareholders on their stewardship” FRC, 2012. Corporate governance also includes social
responsibility, ethical business practices, issues corresponding to internal and external audit and full
transparency on financial results Bunget et al., 2009 cited by Ionescu, 2009. Governance is also seen as the
mechanism for monitoring companies’ actions, policies and decisions. It involves the alignment of interests
among the stakeholders. Credibility, reliability and transparency of financial statements are strengthened by
the independent audit role. In such circumstances, internal audit is responsible for monitoring and verifying
managers’ activities, interfering directly into corporate governance. The increase of corporate governance
effectiveness will determine the maximization of economic efficiency.
We reviewed the related corporate governance and internal audit literature in order to provide some background
concerning those subjects. We noticed that, up to 2006, authors had reported a weak support for collaboration between
corporate governance and internal audit Goodwin-Stewart and Kent, 2006. After that period, authors observed an
increasing responsibility of internal auditors in providing oversight on financial reporting process, including the internal
control systems. Since internal auditing becomes a key factor of monitoring, auditors are required to ensure more
effective processes control. Above all, “internal auditing is a valuable resource for audit committees to meet their
mandate related to financial reporting” Bishop et al., 2000. Moreover, internal auditors are nowadays associated with
effective internal control and with a high quality of financial reporting Naiker and Sharma, 2009. Some authors consider
that effective internal audit provides a number of benefits including better financial reporting and reduced corporate fraud
Abbott et al., 2000 or
532 Maria Alina Caratas and Elena Cerasela Spatariu / Procedia Economics and Finance 15 (2014) 530 – 537

Rupley et al., 2011. We assume that internal auditors should prevent, identify and report fraud. In an
appropriate environment implying a climate where ethical values are privileged, internal control will be able
to work and develop effectively. The cornerstone for internal audit is the system referring to risk assessment.
At this point, internal auditors should be able to manage changes at all levels, especially those associated
with risks. Lepadatu, 2011 sustains that internal audit should provide its own support, assessing risks and
control strategies, suggesting initiatives, solutions, advices, proposals and recommendations to mitigate the
threat of fraud.
Stanciu, 2012 has recently realized a synthesis of the contemporary and foreseen internal audit approaches
as it is drawn in Table 1. The author started from some particular drivers such as: IA’s role, models, skills,
methodology and perception inside the organizations.

Table 1. Current and future status of internal audit

Current status Future status

Role Independent assurance functions Independent assurance functions
Management advisor

IA models Control assurance supported by risk- Risk-centered: assurance of risk

based IA plan management process effectiveness in
addition to control assurance
Skills “Traditional” skills Extended skills: IT, business models, data mining
and analysis, social responsibility
Methodology Detailed methodologies Principles-based approach

Annual plan and five years plan Flexibility and sufficient unallocated time to
address developing issues
Perception inside the Control and assurance function Service provider

company
Source: Stanciu, 2012.

As we have just shown, internal audit must change. By adapting its functions to current challenges,
internal audit will arrive to increase corporate governance as a whole. “All weaknesses internal auditors are
signaling as well as their recommendations aiming at improving processes and strengthening controls will
ensure the objectives achievement, cost reductions, use of opportunities and in this respect will deliver value
for the organization” Stanciu, 2012. In an optimal model of corporate governance, as it has been proposed by
Lepadatu, 2011, the key characteristics of internal audit are auditors’ independence and objectivity which
have an important impact on internal control effectiveness. In order to demonstrate the importance of internal
audit functions for corporate governance we started our research work by the premise sustained by Radu,
2012 in a very recent study according to which “an effective internal audit function is supposed to assist
management to fulfill its governance responsibilities”.
In such circumstances, internal control needs also new perspectives. In fact, it represents a process developed by an
entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the
achievement of company’s objectives. The management is required to disclose significant internal control deficiencies. At
another level, internal auditors are required to provide objective, relevant and reliable opinions on management ’s
assessment. However, most of internal control weaknesses are related to financial statements and
procedures. As COSO states, internal control is defined in terms of achieving the effectiveness and efficiency
of operations, reliability of financial reporting and compliance with
 Maria Alina Caratas and Elena Cerasela Spatariu / Procedia Economics and Finance 15 (2014) 530 – 537 533

applicable laws and regulations. Thus, internal control and internal audit should find the adequate paths in
order to support corporate governance and to prevent risk and fraud.

4. Internal audit seen by corporate governance codes – A comparative analysis

In the European area, the member states have established their own corporate governance frameworks for the listed
companies including governance codes. In order to increase the importance of audit function in ensuring the financial
stability, the European Commission issued a report (2010) highlighting the main problems needing reviewing and
improvement in terms of audit, in the context of a good corporate governance. We notice at present the need for
increasing the role of internal audit in the practice of corporate governance, which is mainly due to internal audit’s
strategic position: it is located at the confluence of management, boards and other relevant stakeholders’ interests.
Therefore, we consider justified analyzing the way by which the current corporate governance codes in UK and Romania
treat this interesting subject. It is necessary to point out that the two codes are not rigid sets of rules. They are specific
guides for boards’ good practices. From our research work, we noticed a series of common features but also differences
between the analyzed codes.
In order to present a synthesis of our comparative analysis, we elaborated Table 2, which shows codes’
provisions concerning internal audit as well as the possible gaps or insufficient recommendations linked to
this issue.

Table 2. Comparative analysis of UK Corporate Governance Code and that of BVB

Analyzed criteria UK Code BVB’s Code

Corporate Governance The UK Corporate Governance Code Bucharest Stock Exchange Corporate Governance
Code September 2012 Code dating from September 2008
Governing system One-tier administered system One-tier system or two-tier administered system
Type of regulation “Comply or explain” statement “Comply or explain” statement
Corporate governance Principles-based approach Principles-based approach
Risk management and Boards are expected to maintain sound Boards are responsible for all risk management
internal control risk management and internal control and internal control’s tasks. They should meet, at
systems. They should review at least least twice a year, with internal and financial
annually, the effectiveness of the auditors in order to discuss problems linked to
systems mentioned above. financial reporting, internal control and risk
In order to apply the corporate management.
reporting, risk management and internal Boards are expected to establish an audit
control principles, the UK Code committee formed by their members.
recommends to companies’ boards to
set up an appropriate relationship with
the auditors (internal and external
ones).
There are insufficient provisions There are not clear provisions concerning internal
Internal audit’s role and concerning internal audit’s role and audit’s role and position.
position within companies position in the UK Code.
However, because of the audit
committee’s responsibility for
monitoring and reviewing internal audit
and internal control’s effectiveness, we
could consider that internal audit is
subordinated to the audit committee.
The UK Code set out the recommended
534 Maria Alina Caratas and Elena Cerasela Spatariu / Procedia Economics and Finance 15 (2014) 530 – 537

Audit committee’s composition of the audit committee. The Romanian Code recommends that the audit
composition Boards should establish an audit committee be formed exclusively by non-
committee of 3 or 2 (for small executive members. It is also stated that the audit
companies) independent non-executive committee should have a sufficient number of
directors. At least one member of this independent members.
committee should have relevant
financial experience in accounting
and/or auditing.
The code sets out the recommended The BVB’s Code stipulates in great lines the main

Audit committee’s role minimum terms of reference concerning

audit committee’s functions and responsibilities of the audit committee that consist
responsibilities that consist in: in:
-monitoring the integrity of financial -assessing the effectiveness of financial reporting,
statements and reviewing significant internal control and risk management systems;
financial reporting judgments; -monitoring the credibility and integrity of
-reviewing of company’s internal financial information and reviewing the relevance
control and risk management systems; of applicable accounting standards;
-assessing internal financial control; -making recommendations to the board
-reviewing and monitoring the external concerning the election, the nomination and
replacement of financial auditors.
auditors’ independence and objectivity
as well as the effectiveness of internal
audit process;
-providing advice to management (in
terms of accounts, annual reports) and
information for shareholders (when
requested).
Our findings suggest that there are

Internal audit function companies that have implemented There are not clear provisions concerning internal
internal audit function and others that audit function.
have not. The audit committee should
consider annually whether the
companies need such a function and
make recommendations to the board in
this respect. However, companies are
expected to provide explanations
concerning the reasons for the absence
of internal audit function in a relevant
section of their annual report.

We also observe that the UK Code does

not stipulate the obligation of internal
auditors to set up and disclose their own
report, as in the case of external or
statutory auditors. The present code
refers to a separate section of
companies’ annual reports that should
describe the work process of audit
committees in discharging their
responsibilities. At this point, this
section should involve the significant
issues concerning the financial
 Maria Alina Caratas and Elena Cerasela Spatariu / Procedia Economics and Finance 15 (2014) 530 – 537 535

statements, an explanation regarding the

external audit process and its
effectiveness, but also remarks about
external auditors’ independence and
objectivity.
Source: authors’ analysis

5. Research discussion

From our comparative analysis, we remark that either in the UK Corporate Governance Code nor in the
Romanian one, the internal audit is not granted the same importance as in the case of external audit, even if it
plays a unique role in corporate governance by monitoring organizational risks and by controlling the
effectiveness of processes within companies, as it was seen also by Holt and DeZoort, 2006. For the fact that
internal audit’s role and function is insufficiently delimited in the above mentioned codes, we consider
appropriate to point out the gaps we met and to make some recommendations such as:
• A good delimitation as well as clear and effective responsibilities will support internal audit become a key
factor for increasing corporate governance effectiveness. We propose a strong cooperation between
internal audit and the audit committee in terms of risks monitoring that could affect the achievement of
company’s objectives. Internal auditors should assess whether internal control mechanisms and
procedures address the identified risks.
• Internal audit should constantly intervene in internal control in order to assess its effectiveness and
quality. This assessment should be part of a written report transmitted periodically to the audit committee
for making the appropriate decisions.
• At another point, we consider that the codes should involve provisions concerning internal audit’s role in
providing assurance that companies comply with law and regulations. This responsibility could be able to
increase investors and other relevant stakeholders’ confidence.
• We notice that the UK Code foresees, but not in an explicit manner, a possible subordination of internal
audit to the audit committee. Unlike the cited code, the BVB’s one does not stipulate any position of
internal audit. Therefore, we consider that this issue needs a real re-examination because a clear position
of internal audit in corporate governance process will help companies to establish well delimited
responsibilities and raise governance effectiveness.
• The UK Code states that at least one of audit committee’s members should have relevant experience in
accounting and/or auditing. We consider that, in general, internal auditors’ experience in financial field
could be able to improve internal control and corporate governance as a whole. Therefore, corporate
governance codes should offer more detailed recommendations concerning this internal auditors’
experience.
• Internal auditors’ independence is another point that should be granted an adequate importance by
corporate governance codes. Auditors’ independence is able to influence positively internal control
effectiveness being a variable with a significant impact, as it was previously stated by Frankel et al., 2002
or Krishnamurthy et al., 2006.
• We observe that both the UK Code and that of BVB make only insufficient recommendations concerning
internal audit implementation within companies. Therefore, we conclude that in these cases, there is no
legal obligation for companies to organize their own internal audit department. We point out that such a
department would provide a greater responsibility and authority to internal audit function. By the virtue of
such a department, internal auditors will be expected to issue annual plans and reports that will contribute
to the increase of audit and corporate governance effectiveness.
536 Maria Alina Caratas and Elena Cerasela Spatariu / Procedia Economics and Finance 15 (2014) 530 – 537

• The corporate governance codes should also provide clear and detailed recommendations concerning the scope of
internal audit. In such circumstances, auditors will be required to deliver certain assurance for their work, an
assurance emerging from information asymmetries created between management and stakeholders. The level of this
assurance will indicate the probability that once the financial statements being audited, they are free from material
errors. This proposal starts from a recent research finding belonging to Radu, 2012. According to this author, internal
audit is seen as an independent and objective assurance and consulting activity aiming to bring added value to
companies, the overall objective of internal audit activity consisting in delivering a reasonable assurance that
management and internal control system do operate effectively, as required by regulators. We add that internal audit
should ensure stakeholders that financial operations are carried out correctly, no error being registered, which will
support the increase of governance effectiveness.
• As a general remark for our comparative analysis, we state that there is a contradiction between one of the
main principles of corporate governance – that referring to transparency – and the extent to which
corporate governance codes use to treat internal audit function. According to the above mentioned
principle, the codes should disclose relevant and transparent information concerning their corporate
governance structure, composition, functioning etc. However, our findings prove that the UK Code does
not declare explicitly the internal audit function organization and, in the case of the Romanian one, there
are not clear stipulations at this regard. We assume that an effective internal audit function could support
risk management and prevent fraud.

6. Conclusion

Our research findings aim to highlight the need for repositioning the internal audit function as a key factor in a
changing environment where corporate governance faces a lot of challenges. According to internal audit’s role in
assessing the effectiveness of internal control and risk management systems, we truly believe that this fact has direct
implications on risks’ minimization as well as on financial reporting. We consider that the presence of an effective
internal audit function within a company could prevent misstatements in financial reporting. Moreover, internal audit, as
a control function, leads to the improvement of company’s performances. By realizing a comparative analysis between
two corporate governance codes, we remark an acute lack of information concerning the existence, position,
organization, role and responsibilities of internal audit as a specific part within an entity. This finding makes us sustain
that it is necessary for regulators to review the corporate governance codes’ provisions in order to grant to internal audit
the adequate importance. From our analysis, we notice that internal auditors are expected to provide their assessment of
risk management and internal control only to managers and to the audit committee. However, we sustain that this
information should be made available to other interested parties in order to increase transparency that is so necessary for
good corporate governance. Such a measure could be able to prevent abuses and to make more responsible the
participants to corporate governance process. The disclosure of internal audit reports seems to us appropriate for
increasing shareholders’ confidence in financial reporting. Therefore, internal audit could be regarded as a standard for
measuring management and board’s effectiveness in the circumstances of corporate governance.

We consider as the main limit of our research its exclusively theoretical character. It is possible that it
would have been more interesting to realize an empirical research for investigating regulators, professionals,
companies and other interested parties’ perception concerning the place and role of internal audit within
corporate governance with their opinions on possible weaknesses and strengths among governance codes’
settlements. However, given the theme of our paper and the current state of the research findings in this
field, we appreciate that our results could open the way for future studies which will bring more accurate
information concerning different mechanisms able to increase governance effectiveness.
 Maria Alina Caratas and Elena Cerasela Spatariu / Procedia Economics and Finance 15 (2014) 530 – 537 537

References
KPMG, 2011. “Dodd-Frank: Top Ten Priorities for Internal Audit”, Americas’ FS Regulatory Center of Excellence, November 2011. Hermanson,
D.R. and Rittenberg, L.E., 2003. “Internal audit and organizational governance”, Research Opportunities in Internal Auditing,
The Institute of Internal Auditors Research Foundation, Altamonte Springs, FL.
Financial Reporting Council, September 2012. “The UK Corporate Governance Code”, Available at: http://www.frc.org.uk/Our-
Work/Publications/Corporate-Governance/UK-Corporate-Governance-Code-September-2012.aspx>
Ionescu, M.V., 2009. “Guvernanta corporativa”, article in press, available on-line at:
http://old.standard.money.ro/articol_111474/valentin_m_ionescu_guvernanta_corporativa.html
Goodwin-Stewart, J. and Kent, P., 2006. “The use of internal audit by Australian companies”, Managerial Auditing Journal, 21(1), pp.
81-101.
Bishop, W.G., Hermanson, D.R., Lapides, P.D., Rittenberg, L.E., 2000. “The year of the audit committee”, Internal Auditor, 57(2), pp.
46-51.
Naiker, V. and Sharma, D.S., 2009. “Former audit partners on the audit committee and internal control deficiencies”, The Accounting
Review, 84(2), pp. 559-587.
Abbott, L., Park, Y. and Parker, S., 2000. “The effects of audit committee activity and independence on corporate fraud”, Managerial
Finance, 26, pp. 55-67.
Rupley, K., Almer, E. and Philbrick, D., 2011. “Audit committee effectiveness: Perceptions of public company audit committee
members post-SOX”, Research in Accounting Regulation, vol.23, pp. 138-144.
Lepadatu, G.V., 2011. “Corporate Governance and audit activity”, Economy Transdisciplinarity Cognition, XIV (1), pp. 44-49.
Stanciu, V., 2012. “Internal audit-rising to the challenge”, 7th International Conference “Accounting and Management Information
Systems”, June 13-14, 2012, Bucharest, Romania.
Radu, M., 2012. “Corporate governance, internal audit and environmental audit – the performance tools in Romanian companies”,
Accounting and Management Information Systems, 11(1), pp. 112-130.
European Commission, 2010. “Green Paper – Audit policy: lessons from the crisis”, October 2010, Available at:
http://ec.europa.eu/internal_market/auditing/docs/market/consultation2008/summary_report_en.pdf
The Bucharest Stock Exchange Corporate Governance Code, 2008, Available at: http://www.bvb.ro
Holt P.T. and DeZoort, F.T., 2006. “The Effects of Internal Audit Report Disclosure on Perceived Financial Reporting Reliability”,
Working Paper, University of Alabama, December.
Frankel, R., Johnson, M. and Nelson, K., 2002. “The relation between auditor’s fees for non-audit services and earnings quality”,
The Accounting Review (Supplement), pp. 71-105.
Krishnamurthy, S., Zhou, J. and Zhou, N., 2006. “Auditor Reputation, Auditor Independence and the Stock Market Impact of
Andersen’s Indictment on its Client Firms”, Contemporary Accounting Research, 23(2), pp. 465-490.