Impacts of Outsourcing Internal Audit Fuction Author NameInstitution Name
Abstract
This research finds out the effects outsourcing internal audit and extent of external auditors’ dependence on the work done by the internal audit team. We explore if outsourcing the internal audit function affects reliability on internal audit job already done and the use of assistant’s position for internal audit. We determine if internal audit outsourcing, the role of internal audit in systems consulting, affects external auditors’ dependence on internal audit. Results show that involvement in consultancy activities relating to the financial reporting system affects the extent of reliance on the work of the internal audit. When internal audit is in-house, external auditors tend to use the internal auditors as their assistant for quality testing, suggesting an availability influence. Also, external auditors are more likely to use internal audit for control assessment work than for substantive testing. The internal audit function is important in enhancing corporate governance and gives the external an easy work in assessing the internal control systems. When the internal audit function is outsourced, the independence of the function is enhanced since the external professionals are not under the control of the management. However, an in-house internal audit team is likely to perform a better quality work than an outsourced function. Outsourcing the internal audit function compromises the quality of the function since the external team is not in contact with the organization.
Keywords: internal audit; external audit reliance decisions; internal audit outsourcing; internal audit consultancy activities.
Impacts of Outsourcing Internal Audit Function
Internal auditing is objective assurance an independent and consultative process that is aimed at value addition and adjustments in governance and operations of the organization. It helps the organization in better its efficiency in risk management, internal control and governance. Therefore, it helps the organization in achieving its objectives (Fight, 2002).
Internal audit key roles include: risk management and internal control; monitoring and supervision; making follow ups to ensure the information given is in accordance with the laws and procedures in place. By working closely with management, internal audits give assurance that they are in control of the risks, and the governance of the organization is reliable and efficient. Internal auditors offer recommendations to improve the processes, policies and procedures for effectiveness of the organization. Unlike the external auditors who primarily focus on the adherence to the government rules and regulations, internal audit looks at the same data and perform some the same procedures, but in case, there is a problem they inform management to make adjustments before the arrival of the external auditors. Internal audit is always on your side and can make you get through the external review. The current governance environment has led to an increased emphasis on the relationship between internal and external auditors. The economic benefits of external auditors’ reliance on internal audit work are well recognized.
Internationally, external auditors to consider the organizational status of internal audit, the scope of the function, the technical competence of internal audit staff and their exercise of due professional care when assessing whether to rely on internal audit work. The internal audit also involves conducting audits frauds to help identify potential fraudulent acts, involvement in fraud investigations with the permission of the professionals of fraud investment, conduct fraud audit to determine the control breakdowns and establish financial loss. Value added and filled gaps in talent and skills, and organizations are turning to outsourcing. In a full outsourcing arrangement, and external service provider acts as the IA function that carries out the following roles in an organization (Vallabhaneni, 2013).
Internal auditors are authorized by the Institute of Internal Auditors standards to be independent of their audit activities. Objectivity and independence of the internal auditors is seen in the organizational placement and reporting from audit department. Internal auditors to the public companies are suppose report functionality to the board of director or to committee of the board of directors and only administrative purposes to the management (Spira, 2002). Independence of management ensures evaluation of organizational activities and workforce, this ensures internal auditors to perform their role efficiently. Although the internal auditor is part of the company management and paid by the enterprise, the core function of the internal audit is oversight of the management activities. Independence of the organization is achieved when the reports from audit executive is presented to the board. Functional reporting to the board entails the board signing the internal audit charter, Approving the audit plan risk involved; Approving the budget and resource plan for audit processes etc., However, when the internal structure and mechanism cannot be used to manage threats to independence, outsourcing to an external service provider can help promote the independence of internal audit activities (Braiotta, 2004).
Internal control is a process that by the directors, management, and other stakeholders involved ensuring the business strive toward achieving the some of these objectives. Accuracy and efficiency of operational activities, financial report to management are reliable, adherence to the regulations and procedures in place and safeguarding the organization’s assets. internal control is management responsibility which involves five key vital components: risk management, internal control, communication, risk control activities and supervision activities (Franzel, 2005). The managers are to establish processes, policies, and exercises these components of control to aid the organization achieve specific goals. The primary rationale for outsourcing is to access to a wealth of technical skills. It’s better to co-source the audit instead of outsourcing it to a specialist who will leave once the work is done and take valuable company knowledge with them.
Risk management
Organization identifies and assesses, analyzes outcome, get information and monitor risks that could probably have significant effect the organization’s ability to achieve its aims. Organization’s strategy, reporting, adherence objectives associated to strategic business risks, organization’ uncertain outcome resulting from both internal and external events that prevents the ability of the organization to attain its goals. Management assesses dangers as a normal c business activity such as planning strategically, marketing, finance planning, incentive payout procedure, etc. regulations require extensive risk assessment of financial reporting processes. Legal counsel usually arranges for comprehensive evaluations process for current and possible litigation a company faces. Internal auditors advises management on the reports involving forward operating measurements to the Board, to assist come up with emerging risks. Internal auditors assess these activities and lay focus on the overarching procedure used to manage risk environment. Internal auditors report and evaluate on whether the board and other stakeholders can have assurance that the organization’s management have put in place efficient business risk management program (Pickett, 2005). The audit function may assist the organization tackle its risk to fraud by risk assessment. Many businesses highly value the process of enhancing and implementing effective control systems so that the quality is consistent, and required standards are met. Internal auditors play a vital role in assisting businesses execute a top-down risk assessment. Internal auditors basically part and parcel of the risk management team in an advisory role. The auditors, therefore, help the companies to establish and maintain risk management processes. But when the internal auditors stick to ‘what they know’ it can be difficult to meet the evolving danger, strategies, and needs of the organization. And external provider can offer a consultative mindset on the range of risk and issues, as well as industry-specific leading practices and knowledge acquired by working with other clients. To ensure efficient implementation of the management systems and guarantee the quality is maintained, and professional standards achieved.
Corporate governance
Corporate governance refers to policies involving management, procedures and processes, and the organization’s leadership structure used to direct activities, protect the interests of the stakeholder and therefore achieving objectives consistent with ethical rules and standards. Internal audit is known one of the pillars of corporate governance, the other pillars being Board of Directors, management and external auditors. The key role of the internal audit in business governance is to aid the audit committee and the board of directors to execute its duties effectively and efficiently. Reports of management control concerns, coming up with questions for the audit committee agendas and liaising with the external audit and management for the board to receive enough information (Bragg, 2007). IIA advocates for evaluation of business governance, more so in the areas of oversight from the board of business risk, ethics and fraud.
There are two important areas that reliability of internal audit teams which is outsourced may fall short. Firstly, outsourced internal audit falls short of integrated assurance. The external providers has no incentive to coordinate curtained work, eliminate duplication, guide management unless this was stated the contract. Practically, the holistic view of risk issues to the executive committee will be hard due to technological differences and reporting formats between the external provider and in-house department. Secondly, confidentiality issues prevents an outsource team performing strategic risk audit, this can hinder major audit risk from occurring. It doesn’t matter perfect and competent outsourced or co-sourced providers are, their lack of contact on the ground makes it difficult consistently to maintain and improve the managers ’awareness of the vital risk and control (Kagermann, 2008).
Outsourcing of internal audit activities is common lately though it’s not acceptable for the external auditors to provide internal audit services to their audit clients. Public accounting firms deliver outsourcing services to non-audit customers and by the specialist, inspect domestic companies. An in-house internal audit function can be less objective than an outsourced service as it’s not easy for an employee to be truly independent of management. Outside internal audit provides, particularly the large accounting firms, offer quality services and may have a greater level of expertise especially about the specialist knowledge such as technological skills. Although the company providers lack the in-depth business knowledge possessed by in-house internal auditors. Referring to IIA (1994) argument that a competent in-house internal audit department can perform the internal auditing functions more effectively and efficiently than the contracted audit service (Salamasick, 2012).
The in-house internal auditors are likely to be more available than those from outside as the outsourced review teams have limited contact with the company. Therefore, availability could lead to greater external auditor reliance on an in-house internal function, regardless of any difference in perception of internal audit quality.
Research Evidence relating to the impact of internal audit outsourcing on external auditors’ decision to rely on internal audit work is limited to just two studies. Glover et all. (2008) Use attribution theory to explain the impact of internal audit sourcing arrangement, inherent risk, and task subjectivity on external audit reliance decisions (Braiotta, 2004). The theory suggests that evaluators consider whether the situational factors create incentives for a source to bias their message. When it’s evaluated that their incentives to bias, they perceive the message to be less persuasive and therefore, not ready to rely on the source. Attribution theory with referring to external audit reliance explains why external auditors will rely less on the work of the internal audit when they perceive that internal audit has the incentive to report in a particular way. The close alignment between an in-house internal audit function and management will lead external auditors to attribute favorable internal audit reports to incentives to please the management. Hence, external auditors will rely more on worked performed by outsourced internal auditors than the in-house accounts. External auditors rely on outsourced internal auditors only when the risk is high. The external auditors consider the in-house internal auditors to be less objective than the outsourced internal auditors; they also find that the sourcing arrangement does not provide additional explanatory power.
Vandervelde (2006) use group affiliation theory to explain why external auditors may be biased in their evaluations of internal audit quality when another public accounting firm performs the service. From the experimental study conducted both internal and external auditors, it was found that there is no difference in either group’s assessment of competence, work performance and overall quality of work based on the sourcing arrangement. However, the external auditor’s respondents assessed internal audit objectivity to higher when the provider was another accounting firm. This finding contrast with the internal auditor respondents who valued objectivity to be higher when the internal audit is in-house (Regional multilateral development banks, 2001). To minimize the likelihood of this theory bias, we designate the outsource provider as a specialist, internal audit, and business risk consulting firm rather than a public accounting firm. In the light of this argument, it’s predicted that external auditors would perceive a specialist, internal audit consulting firm to be more independent than an in-house internal audit function. As such, they are likely to be more willing to rely on work already undertaken by internal audit when the service is outsourced. However, we expect that the greater availability of in-house internal auditors is likely to lead to a greater use of internal auditors as assistants compared to outsourced internal audit. Reliance on the work of internal audit affects the nature, timing and extent of audit procedures performed by the external auditor. Hence, the degree to which the external auditor relies on internal audit work is a critical audit planning decision which can have a significant impact on audit fee.
Conclusion
An in-house internal audit function is likely to provide a better service than an outsourced team. An internal team is always in contact with the organization and understands the organizational processes better than an external firm. Therefore, outsourcing the internal audit function may compromise the quality of the internal audit function. Outsourcing also affects the reliability of the external auditor on the work of the internal audit function. Outsourcing enhances the independence of the internal audit function thus, the external auditor is likely to place more reliance on its function than when the internal audit is in-house.
References
Pickett, K. (2005). Auditing the risk management process. Hoboken, N.J.: Wiley.
Salamasick, M. (2012). Auditing outsourced functions. Altamonte Springs, Fla.: Institute of
Internal Auditors Research Foundation.
Bragg, S. (2007). The new CFO financial leadership manual. Hoboken, N.J.: Wiley.
Spira, L. (2002). The audit committee. Boston: Kluwer Academic Publishers.
Fight, A. (2002). Measurement and internal audit. Oxford, England: Capstone Pub.
Franzel, J. (2005). Material internal control issues reported in SEC's fiscal year 2004 financial
statement audit report. Washington, DC: U.S. Government Accountability Office.
Braiotta, L. (2004). The audit committee handbook. New York: Wiley.
Regional multilateral development banks. (2001). [Washington, D.C.].
Vallabhaneni, S. (2013). Internal audit practice. Somerset, N.J.: Wiley.
Kagermann, H. (2008). Internal audit handbook. Berlin: Springer.
