The British Accounting Review 41 (2009) 90–106

Contents lists available at ScienceDirect

The British Accounting Review

journal homepage: www.elsevier.com/locate/bar

Internal audit: A comfort provider to the audit committee

Gerrit Sarens a, b, *, Ignace De Beelde c,1, Patricia Everaert c, 2
a
Université Catholique de Louvain, Louvain School of Management, Department of Accounting and Finance, Place des Doyens 1, 1348 Louvain-la-Neuve, Belgium
b
University of Antwerp, Faculty of Business Administration, Department of Accounting and Finance, Prinsstraat 13, 2000 Antwerp, Belgium
c
Ghent University, Faculty of Economics and Business Administration, Department of Accounting and Corporate Finance, Kuiperskaai 55/E, 9000 Ghent, Belgium

a r t i c l e i n f o a b s t r a c t

Article history: This study, based upon four Belgian case studies, provides insights on (1) what drives the
Received 5 August 2008 audit committee to look for the support of the internal audit function; and (2) what makes
Received in revised form 19 December 2008 the internal audit function an expert at providing comfort to the audit committee [Pent-
Accepted 3 February 2009
land, B.T., 1993. Getting comfortable with the numbers: auditing and the micro-production
of macro-order. Accounting, Organizations and Society 18 (7–8), 605–620; Carrington, T.,
Keywords:
Catasús, B., 2007. Auditing stories about discomfort: becoming comfortable with comfort
Internal auditing
theory. European Accounting Review 16 (1), 35–58]. We found that audit committees seek
Audit committee
Comfort theory comfort, with respect to the control environment and internal controls, two areas in which
Risk management they confront considerable discomfort. Besides the internal audit function’s traditional
Internal control assurance role, its involvement in improving internal controls provides a significant level
Sociology of professions of comfort to the audit committee. Internal auditors’ unique knowledge about risk
Case studies management and internal control, combined with appropriate inter-personal and behav-
ioural skills, enables them to provide this comfort. Besides, their internal position, their
familiarity with the company, and their position close to people across the company
facilitate internal auditors being a major source of comfort for the audit committee. Formal
audit reports and presentations, together with informal contacts, seem to be important
symbols of comfort [Power, M., 1997. The Audit Society: Rituals of Verification. Oxford
University Press, Oxford]. In addition, we found that the overall level of comfort to the
audit committee can be enhanced via collaboration between internal and external auditing
(the so-called ‘joint audit approach’).
Ó 2009 Elsevier Ltd. All rights reserved.

1. Introduction

Audit committees are experiencing an ever-expanding monitoring role in corporate governance. The new EU Directive on
Statutory Audit (European Parliament and Council of the European Union, 2006) mentions that: ‘‘Audit committees and an
effective internal control system help to minimise financial, operational and compliance risks, and enhance the quality of financial
reporting.’’ Besides, it is stipulated that ‘‘the audit committee shall monitor the financial reporting process, the effectiveness of the
company’s internal controls, its internal audits where applicable, and its risk management systems.’’ Traditional audit committee
literature approaches this monitoring role from a principal/agent perspective, whereby the audit committee attempts to

* Corresponding author. Université Catholique de Louvain, Louvain School of Management, Department of Accounting and Finance, Place des Doyens 1,
1348 Louvain-la-Neuve, Belgium. Tel.: þ32 10 47 84 41; fax: þ32 10 47 83 24.
E-mail addresses: gerrit.sarens@uclouvain.be (G. Sarens), ignace.debeelde@ugent.be (I. De Beelde), patricia.everaert@ugent.be (P. Everaert).
1
Tel.: þ32 9 264 35 31; fax: þ32 9 264 35 88.
2
Tel.: þ32 9 264 35 00; fax: þ32 9 264 35 88.

0890-8389/$ – see front matter Ó 2009 Elsevier Ltd. All rights reserved.
doi:10.1016/j.bar.2009.02.002
 G. Sarens et al. / The British Accounting Review 41 (2009) 90–106 91

protect the principals’ (the shareholders and debt holders) interests by monitoring the agents’ (management in general)
actions, in terms of financial reporting, risk management and internal control. In other words, the audit committee is
expected to reduce the information asymmetries that exist between the owners and users of resources.
Nevertheless, this growing monitoring role of audit committees implies that audit committee members, themselves
mostly non-executive directors, are confronted with an information asymmetry problem (Raghunandan et al., 1998, 2001)
resulting from a principal/agent quandary between the audit committee and the operational people in the organisation. More
specifically, the audit committee (principal) often lacks information on the status of organisation-specific matters, such as risk
management and internal control, both among the responsibilities of operational people (agents), resulting in uncertainty in
their capacity to fulfil their own monitoring role.
Previous research in this area supports the argument that this information asymmetry between audit committees and
operational people (including lower management) is more likely to be reduced when interactions exist between the audit
committee and the internal audit function (Raghunandan et al., 2001; Scarbrough et al., 1998), without going deeper into the
meaning of these interactions. These authors only mention that regular meetings between the audit committee and the
internal audit function make it more likely that the audit committee remains informed and knowledgeable about relevant
accounting and auditing issues. They agree that an effective internal audit function can be an important resource to the audit
committee in discharging its responsibilities, thereby enhancing the effectiveness of the audit committee. Consequently, they
are convinced that audit committees should have a strong working relationship with the internal audit function. In other
words, the internal audit function can be considered a mechanism by which to reduce the principal/agent problems that exist
between the audit committee and the operational people in the organisation (including lower management). The currently-
presented study goes further and investigates the relationship between the internal audit function and the audit committee
in more detail, taking this principal/agent perspective as a starting point. More specifically, this study, incorporating four
Belgian case studies, focuses on what drives audit committees to look for the support of the internal audit function, applying
the notion of comfort, as introduced by Pentland (1993) and operationalised by Carrington and Catasús (2007). Furthermore,
this study will develop arguments on how the internal audit function can meet the expectations of the audit committee,
thereby building upon the sociology of professions literature (Abbott, 1988; Reed, 1996).
Most empirical research on audit committee effectiveness deals with the impact of audit committees (their existence
and externally-observable characteristics) on specific aspects of governance, by relying on several proxies (for example:
Abbott et al., 2000; Beasley, 1996; Beasley et al., 2000; Bédard et al., 2004; Dechow et al., 1996; DeFond and Jiambalvo,
1991; DeZoort and Salterio, 2001; McMullen, 1996; Raghunandan et al., 2001); and ignores the processes associated with
audit committee operations, among which the committee’s relationship with the internal audit function is part. However,
Spira (2003) and Turley and Zaman (2004) clearly express the need for more research on the processes associated with
audit committee operation. Complementary to recent studies by Beasley et al. (2009), Gendron and Bédard (2006), Gendron
et al. (2004) and Turley and Zaman (2007), this study on the relationship between the internal audit function and the audit
committee focuses more on the audit committee process, instead of the relationship between audit committee input and
output. Furthermore, this study complements the existing, mainly quantitative literature in this area (cf. Cohen et al., 2004
and DeZoort et al., 2002 for an overview), by relying on qualitative empirical data derived from four case studies involving
Belgian companies.
The paper is structured as follows. The next section outlines the broader institutional context of this study. The third
section delves deeper into the theoretical underpinnings of this study. The fourth section deals with the methodology used in
this study, followed by a fifth section, in which the findings are analysed. The paper ends with conclusions and a discussion of
the constructed arguments.

2. Institutional context

Audit committees have received considerable attention following both more distant and more recent corporate scandals.
Early recommendations, in Anglo-Saxon countries, for the voluntary adoption of audit committees were followed by
proposals to extend their use to many other countries (Collier and Zaman, 2005). The European Commission has been active
at promoting the audit committee concept within its briefs, in attempts to create a fair internal market. Audit committees are
expected to have a key role in ensuring the high standards in financial reporting that underpin confidence in financial markets
(European Parliament and Council of the European Union, 2006).
Several European corporate governance guidelines clearly stipulate the board’s monitoring responsibilities, with respect
to risk management and internal control. This monitoring responsibility often is delegated to the audit committee, who will
advise the board on the effectiveness of risk management and internal control. Given that the case studies have been con-
ducted within four Belgian companies, Principle five of the Belgian Code on Corporate Governance (2004), dealing with the
audit committee’s responsibilities, is relevant and clearly recommends that:

 At least once a year, the audit committee should review the internal control and risk management systems set up by
executive management, with a view to ensuring that the main risks are properly identified, managed and disclosed;
 The audit committee should review the statements included in the annual report on internal control and risk manage-
ment; and
92 G. Sarens et al. / The British Accounting Review 41 (2009) 90–106

 The audit committee should review the specific arrangements made, by which staff of the company may, in confidence,
raise concerns about possible improprieties in financial reporting or other matters. If deemed necessary, arrangements
should be made for proportionate and independent investigation of such matters, for appropriate follow-up action and
arrangements, whereby staff can inform the chairman of the audit committee directly.

It should be clear that risk management and internal control are essential parts of corporate governance. Given internal
auditing’s focus on risk management and internal controls, it is likely that the internal audit function becomes an important player
in corporate governance, and that companies become more aware of the benefits of internal auditing (Carcello et al., 2005;
Chambers, 2005). This is confirmed by the growing number of internal auditors in Europe over the past decade (ECIIA, 2008).
The Institute of Internal Auditors (IIA) also plays an important role in the promotion of the internal audit function as a crucial
player in corporate governance. The most significant illustration of this was the publication of the new internal audit definition
in 1999, clearly describing internal auditing as an activity that ‘‘helps an organization to accomplish its objectives by bringing
a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.’’
Moreover, a significant portion of the International Standards for the Professional Practice of Internal Auditing clearly refers to
the role of internal auditing in risk management, internal control and governance. In other words, an internal audit function
that actively fulfils the definition and complies with the Standards is in a strong position to support the board (and audit
committee), as an essential component of their governance mechanisms (ECIIA, 2005).

3. Theoretical underpinnings

3.1. Interaction between the audit committee and the internal audit function: insights from previous qualitative studies

Recent qualitative studies by Beasley et al. (2009), Gendron and Bédard (2006) and Gendron et al. (2004) demonstrated
that practices carried out in audit committee meetings aim to make members comfortable, with regards to matters such as
the accuracy of financial statements and the quality of the work performed by internal and external auditors. The results of
these studies argue that the notion of comfort, as introduced in Pentland’s (1993) study on audit engagements, is a funda-
mental aspect of the work performed by audit committee members. For example, the study by Gendron and Bédard (2006;
236) answers the question: ‘‘what actions do audit committee members and other attendees engage in while trying to mitigate
their anxieties and transform them into hope and comfort zones?’’
Audit committee members at three Canadian public companies studied by Gendron et al. (2004) had an interest in the
extent to which internal control is effective, not least because internal control underlies the credibility of financial reports.
Audit committee members in their study relied on the work of the internal audit function to develop their own appreciation
of the internal controls’ effectiveness (cf. also Krishnan, 2005). More specifically, they became comfortable with internal
control by assessing the extent to which managers adopt appropriate measures to solve deficiencies highlighted in internal
audit reports. In all three of their cases, internal auditors attended audit committee meetings.
In addition, a more recent study by Gendron and Bédard (2006), partially based upon the same data, found that audit
committee members carry out diverse practices, in order to become comfortable with their company’s internal controls, and
that several of these practices deal with internal audit reports. Their interviewees confirmed that internal auditing mattered
to them. More specifically, the work of the internal audit function makes visible the extent to which top managers are
competent at dealing with risk and internal control. It turns out, from their interviews, that internal auditors are aware of
their capacity to uncover problems. The authors concluded, therefore, that the internal audit function appears to play a central
role in the development of an accountability relationship between corporate management and the audit committee, which
refers to the principal/agent problem between the audit committee and management, as described earlier in this paper.
Beasley et al. (2009), studying the audit committee oversight process within 42 US public companies, found that audit
committee members clearly are dependent upon both internal and external auditors in evaluating the effectiveness of
internal control over financial reporting. In general, the audit committees in their study would meet frequently with the
internal auditors. It appeared that the audit committee’s interaction with internal auditors had increased from pre-SOX
periods, but remained very limited in some of their cases. However, their interviews revealed frequent, ongoing substantive
communications between the audit committee and internal auditors outside of scheduled meetings. In many of their cases,
the oversight of the internal audit function was shared between the audit committee and management in a fairly informal,
sometimes contentious manner. The investigators also identified a substantial lack of clarity in the internal audit function’s
reporting channels.
Additionally, a recent case study conducted at a UK listed financial services company by Turley and Zaman (2007) revealed
that, when judged using formal processes alone, the direct impact of the audit committee on matters of internal control and
audit is limited. The authors found only limited evidence of the audit committee questioning or challenging internal audit
findings. Moreover, the influence of the audit committee on the agenda and work plan of the internal audit function turns out
to be limited. The primary active concern of the audit committee, with respect to internal control, appears to be to ensure that
the internal audit plan is met. Members argue that their limited role in specific internal control matters may be explained by
the audit committee’s lack of detailed knowledge, thereby implicitly referring to the information asymmetry problem with
which audit committee members must deal. However, the authors found evidence supporting the importance of an informal
 G. Sarens et al. / The British Accounting Review 41 (2009) 90–106 93

channel of communication between the head of the internal audit function and the audit committee chair, through which
concerns might be raised. In their specific case, the head of the internal audit function considered that reporting concerns to
the audit committee generally led to improved governance, which confirms the importance of the relationship between the
audit committee and the internal audit function.
It must be noted that the above-mentioned studies implicitly assume a principal/agent problem between the audit
committee and management, leading to significant information asymmetries on behalf of audit committee members.
Furthermore, these studies recognised the internal audit function as an important mechanism by which to reduce these
information asymmetries, without elaborating on what makes it so. The current study will elaborate more on the specific
information asymmetries that exist, on behalf of the audit committee, thereby further exploring the notion of comfort within
the specific context of the audit committee process. Additionally, this study will incorporate an investigation into what makes
the internal audit function a suitable comfort provider for the audit committee.

3.2. The need for comfort

Pentland (1993) argues that a world without accounting and auditing undoubtedly would be a source of discomfort. The
relative absence of this feeling in the normal conduct of affairs demonstrates how effectively the audit ritual generally has
succeeded at transforming chaos into order. Auditors give comfort to those who are vulnerable to erroneous, self-serving,
and/or potentially fraudulent statements from corporate management. The study by Carrington and Catasús (2007) is one of
the most recent applications of comfort theory to the audit context. Although Carrington and Catasús (2007), as well as
Pentland (1993), mainly focused on external (financial) auditors as providers of comfort, a similar argument can be made for
internal auditors. Carrington and Catasús (2007) developed further the idea of auditing as a comfort-producing activity, by
examining three dimensions of audit comfort drawn from nursing theory (Kolcaba and Kolcaba, 1991). A similar framework
can be applied to this study. It must be stressed that comfort, as used in this study, is not synonymous with what the IIA calls
assurance, being the output of so-called assurance services: ‘‘an objective examination of evidence for the purpose of providing an
independent assessment on risk management, control, or governance processes for the organization’’ (IIA, 2004). Overall,
assurance, in general, and assurance services, more specifically, is a potential means by which to provide comfort to, in this
case, the audit committee. However, we are convinced that this is not the only way to create comfort, given the broadening
scope of services provided by the internal audit function. In other words, we consider comfort to be the final effect of the
different kinds of internal audit services (including basic assurance services) provided to comfort seekers (i.e., those who are
confronted with discomfort, in this case the audit committee).
Based upon nursing theory, Carrington and Catasús (2007) derived three senses of comfort:

(1) The relief sense of comfort refers to the acts that relieve the discomfort experienced by audit committee members. By
relieving discomfort, a non-acceptable level of comfort can be turned into an acceptable level. In this study, we will
investigate to what extent the internal audit function, in general, and specific internal audit services, more specifically, are
able to relieve the discomfort of audit committee members. This comfort will be transferred to the comfort seeker through
what Power (1997) calls symbols of comfort; in other words, the specific means by which a comfort provider reduces
information asymmetries on behalf of the comfort seeker.

(2) The state sense of comfort deals with all possible outcomes of comfort. The state sense suggests that, at any moment in
time, there are both sources of comfort and discomfort. Attaining a state of comfort involves a decision that sufficient
discomfort has been relieved thanks to the services of the comfort provider(s). In the context of this study, this sense refers
to the expectations audit committee members have, vis-à-vis the internal audit function, given the specific information
asymmetries with which they have to cope and the extent to which these specific information asymmetries have been
reduced by the internal audit function.

(3) The renewal sense of comfort is characterised by a revitalisation of how comfort is perceived. In other words, renewal is
about new perceptions of acts that relieve discomfort. In this study, this sense is linked to the increased monitoring
responsibilities of audit committees, with respect to risk management and internal control, following recent corporate
governance evolutions, thereby creating new expectations for the internal audit function.

Power (1997) argues that symbols of comfort only have value if they are produced by a credible and independent authority.
In order to build arguments why the internal audit function may be considered the suitable authority to provide comfort to
the audit committee, we rely on the sociology of professions literature.

3.3. The internal audit function: an expert provider of comfort?

The sociology of professions literature has reasoned that the key to survival and the claim of professional stature is the
development and maintenance of an abstract system of knowledge, because it is from this knowledge base that a profession
94 G. Sarens et al. / The British Accounting Review 41 (2009) 90–106

establishes its jurisdiction. Thereby, this literature increasingly has focused on inter- and intra-professional competition,
while socially constituting a jurisdiction by controlling an abstract system of knowledge (Abbott, 1988). This basically means
that one professional occupation, like internal auditing, cannot be studied in isolation from other occupations, like external
auditing (Covaleski et al., 2003).
It is via this abstract system of knowledge that a profession can (1) define and redefine the problems it addresses; (2)
develop the services and practical techniques that must be performed to address these problems (that Abbott defines as the
profession’s jurisdiction); and (3) defend this resultant jurisdiction against competing professions or factions within the
profession. Abbott (1988) defines jurisdictional domains as areas of task performance in which expert groups make ‘more-or-
less’ exclusive claims to technical, social and cultural authority over the knowledge and skills that fall within their ambit.
Based upon the definition provided by the IIA, risk management and internal control can be considered an important (not to
say ‘the most important’) jurisdictional domain of internal auditing. Moreover, in this jurisdictional domain, external auditing
can be considered a competing profession, as external auditors also can claim to possess relevant information on risk
management and internal control systems, based upon their work carried out in the context of the statutory audit of the
annual accounts.3 Based upon the four case studies in this study, we will investigate to what extent internal and external
auditing are competing professions in the jurisdictional domain of risk management and internal control. More specifically,
we will consider this in the context of providing comfort to the audit committee.
Cooper (1992) argues that experts become the crucial social groups for mediating uncertainty, and that they establish some
degree of collective stability – in other words, comfort – in highly mobile societies. Several studies that have analysed expert
power and control have highlighted the strategic contribution that experts and expertise make to the more sophisticated and
pervasive systems of organisational surveillance and control that have been crystallizing in (post) modern societies.
Relying on the sociology of professions, Reed (1996) defines three expert groups: (1) independent or liberal professionals;
(2) organisational professionals; and (3) knowledge workers. Covaleski et al. (2003) classify internal auditors as organisa-
tional professionals, and external auditors as knowledge workers. According to Reed (1996), the organisational profession’s
basic power strategy and corresponding legitimating discourse lie in obtaining and displaying appropriate credentials that
support the individual practitioner’s claim to esoteric knowledge. The second legitimizing discourse lies in developing
a knowledge base and repertoire of skills that are specific to serving the particular organization within which the professional
is housed (Abbott, 1988). Using insights derived from the case studies, we will define the knowledge base, skills and
credentials that allow internal auditors to be(come) expert at providing comfort to the audit committee.
Previous research by Covaleski et al. (2003) used the sociology of professions’ perspective to examine the dramaturgy of
exchange relations among the Big Five public accounting firms, the AICPA, the IIA, and the SEC, in the context of the
outsourcing of internal audit services to international external audit firms. They referred to the Foreign Corrupt Practices Act,
an act that underscored, for the first time, the importance of localised knowledge that is brought to bear by the internal
auditor: ‘‘reviewing, monitoring, and evaluating the system of internal accounting control require a great deal of familiarity with
the company and understanding of its potential exposures and related controls’’ (Clarence Sampson, SEC Chief Accountant, 1979).
Furthermore, in the debate on outsourcing internal audit services, the IIA (1994) claimed that internal auditors are intimately
acquainted with their organisations’ policies, procedures, operating practices and personnel. Through day-to-day experience
in the business, internal auditors acquire an intimate knowledge of an organization’s culture, processes, risks and controls,
and thereby obtain the ‘proprietary knowledge’ that figures prominently in providing comfort seekers (such as the audit
committee) with tailored and relevant information to reduce information asymmetries. In this study, we will consider (1)
how important company-specific information and experience are, in terms of providing comfort to the audit committee; and
(2) to what extent internal auditors excel in this respect.

4. Methodology

4.1. Why do we rely on qualitative research?

The two previous studies explicitly dealing with the interaction between audit committees and the internal audit function
(Raghunandan et al., 2001; Scarbrough et al., 1998) evaluated large samples using archival and survey data that largely relied
on proxies and externally-observable characteristics. However, Spira (1999) argues that ‘‘there is a dearth of studies which
explore the perceptions of those involved in audit committee activity, through the use of qualitative research methodologies.’’
Moreover, Turley and Zaman (2004) advocate field studies to complement extant research. Qualitative data, including in-
depth interviews combined with relevant internal documents, provide a significant potential for understanding the rela-
tionship between the audit committee and internal audit in their organisational context (Beasley et al., 2009).
While large-sample studies provide a generalizable set of findings pertaining to a few pre-determined constructs, case
studies produce much more detailed information, albeit about a limited number of people and cases (Patton, 2002). Given the

3
One of the basic differences between external and internal auditors lies in the principle party that they serve. External auditors, being independent of
the company, serve the owners of the company; whereas internal auditors, being employees of the company, basically serve the board of directors (audit
committee) and senior management. Internal auditors only contribute indirectly, via their relationship with the board of directors or the audit committee,
to the protection of the interests of the owners of the company.
 G. Sarens et al. / The British Accounting Review 41 (2009) 90–106 95

limited amount of knowledge that exists regarding the relationship between audit committees and the internal audit
function, qualitative data are more opportune in terms of gaining new insights into this relationship. It is important to see that
the status of the risk management and internal control system, the broader context in which this relationship is studied, is, to
a large extent, company-specific (Covaleski et al., 2003). Consequently, the needs of the audit committee for comfort, and the
specific ways by which the internal audit function can provide that comfort, also are company-specific and, thus, need to be
studied, especially at an early stage, from a holistic perspective (Patton, 2002), using company-specific data gathered via case
studies.

4.2. Four case studies

We selected, based upon previous research on internal auditing and audit committee practices in Belgium (The Institute of
Internal Auditors Belgium, 2006),4 four companies that can be considered representative, in terms of four specific variables, of
those Belgian companies that have both an audit committee and an internal audit function. This fits within the case sampling
approach recommended by Yin (1994).
More specifically, the following four variables were taken into account when selecting the four companies (cases): firm
size; international operations; listing; and risk profile. Previous research (IIABEL, 2006) has shown that a large majority of the
Belgian companies with both an internal audit function and audit committee have at least 1000 employees.5 Therefore, four
companies with at least 1000 employees were selected. All four companies, with headquarters in Belgium, operate on an
international scale (e.g. Europe, USA, Asia and Middle East), which can be considered representative.6 Given that a majority,
but not all, of the Belgian companies with an internal audit function and an audit committee are listed,7 three out of four
companies (Cases B, C and D) listed on Euronext Brussels were chosen. The fourth company (Case A) has never been listed and
has no plans for an initial public offering in the near future. In order to increase comparability, all four companies have
a representative and similar risk profile, in terms of industry complexity, recent involvement in mergers and/or acquisitions,
company growth, and profitability.8 Table 1 provides relevant information on the four companies for the period over which
the case studies were conducted, including risk factors9 as well as internal audit and audit committee characteristics.

4.3. Data collection

We developed an interview guide (cf. Appendix A) which contains certain guiding questions, while being flexible enough to
delve deeper into issues that emerge during the course of each interview (semi-structured). The interview guide was developed
based upon our primary research objective, previous literature on the relationship between the audit committee and the
internal audit function, and previous studies on the role of the internal audit function. We customized the interview guide for
both categories of interviewee (internal auditors and audit committee members). The relevance, completeness and clarity of
this interview guide were tested during an explorative interview with six experienced Chief Audit Executives in 2004.10
For each case, we conducted two interviews with the internal auditor (Cases A, B and C) or the Chief Audit Executive (Case D)
and one interview with the head of the audit committee. These interviews, which were conducted from June through
September 2005, lasted from 60 to 120 min. We took several steps to enhance the reliability of the collected data. Each interview
was started by describing the objectives of our study. Interviewees were asked regularly to provide specific examples to
substantiate their thoughts. Furthermore, all interviews were tape-recorded and transcribed immediately upon completion. All
transcribed interviews ran to 101 pages single-spaced text. Complete anonymity and the guarantee that no other organisation
member would examine the transcript were provided. Finally, interviewees had the opportunity to verify the accuracy of the
transcript and add changes, if they deemed this necessary, within one week of the interview (cf. Patton, 2002).
In order to support the interview data and enhance the reliability of the derived findings, for each case, archival materials –
like the internal audit charter, internal audit plans, and internal audit reports – were obtained and analysed, in addition to

4
Note that the survey to which we refer was conducted in the same year (2005) as the case studies reported in this paper. The research report was
published by IIABEL early in 2006.
5
According to the recent survey conducted by IIABEL (IIABEL, 2006), 73.4 percent of Belgian companies with both an internal audit function and an audit
committee have more than 1000 employees.
6
The recent survey conducted by IIABEL (IIABEL, 2006) revealed that 76.6 percent of Belgian companies with both an internal audit function and an audit
committee operate on an international scale.
7
More specifically, 62.5 percent of the Belgian companies with both an internal audit function and an audit committee are listed (IIABEL, 2006).
8
IIABEL (IIABEL, 2006) found that, of those Belgian companies with both an internal audit function and an audit committee: 62.5 percent operate in
a highly complex industry; 62.5 percent have been involved in a merger and/or acquisition within the past two years; 85 percent have experienced positive
company growth over the previous two years, and 60.9 percent did not report a loss over the past three years.
9
Data on industry complexity were found via the IIABEL survey, which were analysed at the same time as when the companies for these case studies
were selected (April 2005). In this survey, the Chief Audit Executive had to assess the complexity of the industry in which the company operated
(self-reported measure). Data on the remaining three risk factors were found in the annual report of 2004 (if already available at that time) or on the
company website.
10
We consider Chief Audit Executives who have been in this position for at least five years as a relevant source of feedback, even in the interview guide for
the head of the audit committee, given their experience with the audit committee. The interviews with these six Chief Audit Executives were part of
a previous study, conducted in 2004 by the first two authors, on the role of the internal audit function in risk management.
96 G. Sarens et al. / The British Accounting Review 41 (2009) 90–106

Table 1
Company characteristics.

Case A Case B Case C Case D

Industry Services Services Manufacturing Manufacturing
Listing Not listed Euronext Brussels Euronext Brussels Euronext Brussels
Total revenues (euro) >1 billion <500 million 500 million–1 billion >1 billion
Creation of the internal audit function <5 years ago >15 years ago >15 years ago >20 years ago
Industry complexity High High High High
Involvement in mergers and/or acquisitions in the past two years Yes Yes Yes Yes
Company growth during the last two years Positive Positive Positive Positive
Loss in previous three years No No No No

Size of the internal audit function (FTE) 1 1 1 10

Number of audit committee members 4 3 3 5
Number of non-executive audit committee members 4 3 3 3
Number of independent audit committee members 2 2 2 1
Number of audit committee meetings 3 4 6 3

internal presentations, business control guides and audit committee reports. Furthermore, data collection generated
numerous field notes, containing a wide variety of impressions, comments and anecdotes written down by the interviewers
during or immediately after the interviews were conducted. These field notes provided an overall impression of the rela-
tionship between the audit committee and the internal audit function, as well as of the applicability of the theoretical
concepts described above, even before starting data analysis.11

4.4. Data analysis

A key step in analysing data from case studies is within-case analysis, which helps to cope with the deluge of data that
springs from field work. As suggested by the analytical protocol of Miles and Huberman (1994), all interview transcripts,
archival documents and field notes were coded. We derived an initial set of codes using basic theoretical concepts, and
completed this process with new codes reflecting concepts that emerged during the interview analysis. Based upon these
coded data, we performed structured case study write-ups (summaries), using standardised matrices, for each case. This
process allowed for the unique patterns related to the relationship between the audit committee and the internal audit
function within each case to emerge, before patterns were generalised across cases.
The cross-case analysis performed as the next step forced us to go beyond initial impressions, and enhanced the proba-
bility of identifying novel findings within the data, based upon the applicability of the theoretical concepts. In the next
section, these cross-case insights will be described and illustrated, with specificities from the individual cases.

5. Findings

5.1. Overall status of the risk management and internal control system

With respect to the overall status of the risk management and internal control system, Cases A and D represent two
extremes. In Case A, the company has a soft control environment and an informal way of dealing with risk management and
internal control. A well-developed risk management system and a clearly-defined risk management strategy remain missing.
In contrast, in Case D, the company aims to achieve a strong and uniform corporate culture with a high level of control
awareness, guided by a company-wide and standardised Code of Conduct and Guide to Business Control. Accordingly, the
company has implemented an internally-developed and highly-formalised risk management system. In order to follow-up on
corporate evolutions, and taking into account changing risks, the risk management system is updated yearly by top
management, the audit committee and the head of the internal audit function. The extremes can, to some extent, be explained
by different attitudes towards risk management and internal control on behalf of executive management.
‘‘What does risk management mean for [company name]?’’ [Interviewer] ‘‘I don’t know whether risk management exists
within our company. at least not formally. maybe informally. Honestly, I don’t think management cares about that, they

11
It must be noted that for each case, additional interviews with the CEO and/or CFO were conducted which were reported in a separate paper (Sarens
and De Beelde, 2006) studying the relationship between internal audit and senior management, another important relationship in contemporary corporate
governance. It has to be stressed that both papers are significantly different in terms of research questions and theoretical framework. The major insights
stemming from the interviews with the head of the audit committees also were used in Sarens and De Beelde (2006), however, for different research
purposes, namely to investigate whether or not the audit committee affects the relationship between internal audit and senior management. The inter-
views with the CEO and CFO were more open-ended than the ones conducted with the audit committee given that these last ones were more inspired by
theory whereas the first ones were more exploratory. In both studies, the same archival materials were used. However, the analysis of these materials has
been performed twice given the different research questions of both studies.
 G. Sarens et al. / The British Accounting Review 41 (2009) 90–106 97

are entrepreneurs you know. I think only one or two of them are aware of the importance of risk management. The other ones
think that risk management will hinder our growth. However, we, the audit committee, require more attention for risk
management. but it will need time. lots of time.’’ [Head of the audit committee – Case A]
‘‘I often meet several people who do the same job, but each of them has built his own control procedures. just to illustrate to
you that internal control is far from integrated and standardised. [.] Top management doesn’t really like internal control,
that’s the major problem I think. [.] ‘‘But how do they deal with problems resulting from the fact that risk management is
missing?’’ [Interviewer] ‘‘Oh, they just let it happen. they are rather reactive instead of proactive. If things go wrong, they
apologize and go one. everyone can make mistakes, can’t they?’’ [Internal auditor – Case A]
‘‘What does risk management mean for [company name]?’’ [Interviewer] ‘‘I strongly believe that we have to manage all
kinds of risk, irrespective of their cause, which could be a lack of control or human failure. in a proactive way. [.] We have
a formal risk management system that we have developed without the help of consultants. This system is updated on an
annual basis, based upon our input as well as input from top management and internal audit.’’ [Head of the audit
committee – Case D]
Cases B and C appear to be situated somewhere between these two extreme cases. These companies, overall, have an
informal way of approaching risk management and internal control, based upon a rather trust-based corporate culture and
informal ‘common sense’. Nevertheless, there exists a sufficient level of risk and control awareness and essential formal
internal controls to manage major risks. The formalisation of risk management and internal controls has started, and these
companies now are in a transition phase. Indications were found that this increasing interest in formalising risk management
and internal control has resulted from the growing attention it is receiving in corporate governance guidelines. As will be
discussed later, this growing attention for risk management and internal control in corporate governance guidelines will lead
to higher expectations, in terms of comfort provision vis-à-vis the internal audit function. In terms of comfort theory, this
refers to what Carrington and Catasús (2007) call the renewal sense of comfort.
‘‘Does top management care about risk management? [Interviewer] ‘‘Yes, but it is more based on trust than on procedures. I
think that the more family ownership there is, the more the culture is trust-based and the less one needs to deal with internal
control in a formal way.’’ [Head of the audit committee – Case B]
‘‘No formal risk management system exists, but I have to say that most of the people are aware of the important risks; they
take them into account, for example, when making decisions. I also have the impression that important controls are put in
place’’ [Internal auditor – Case B] ‘‘Is there a need to formalise this?’’ [Interviewer] ‘‘I would not say a need. but they are
open to it, they are moving towards more formalisation.’’
‘‘I have to admit that [company name] does not formally manage its risks. IT (Information Technology) is the only domain in
which risk management is currently more formalised. Anyway, I am sure that we have to start thinking about it. I have
mentioned it a couple of times. but most people were wondering what I was talking about. I am not sure whether everyone
is ready for this, but I think it really should become a priority.’’ [Head of the audit committee – Case C]
‘‘What does risk management mean for [company name]?’’ [Interviewer] ‘‘Tough question. I think there is some risk
management in this company, although it isn’t formalised. Most of them [top management] are aware of risks and they take
them into account. They have listed it as an issue to address in the business planning for next year; they plan to perform
company-wide risk identification. I think that this is useful, especially because our stakeholders expect this. [.] I also see
a trend towards more attention for internal control. mainly as an aftermath of what has happened in the US. Internal
control also became an element in the Belgian corporate governance code. I expect that they will be more interested in this,
especially if they want to give a global opinion on the internal control system. Nowadays, they don’t come up with such an
opinion. Honestly, I don’t know on what this opinion would be based. Overall, I think that this is mainly due to top man-
agement’s attitude; they prefer to keep arranging things informally.’’ [Internal auditor – Case C]

5.2. Audit committee seeks comfort

Based upon a comparison between Case B and the other three cases, it becomes clear that the more the audit committee is
aware of the importance of risk management and internal control for the company, as well as their own monitoring
responsibilities, the more the audit committee deals with these topics during its meetings and, consequently, the more likely
the members will encounter an information asymmetry problem, creating feelings of discomfort. Given its own growing
monitoring responsibilities, feeling uncomfortable about risk management and internal control encourages the audit
committee to look for one or more sources of comfort. As will be illustrated below, indications were found that these feelings
of discomfort are influenced by the overall corporate approach and attitude towards risk management and internal control.
‘‘The more information we get, the better we can get an idea about what is going on in the company and, thus, the better we
can do our work. We really need that interaction with the internal auditor. because we have not enough contact with the
company itself. [.] We often focus too much on details; let’s say 80% of our time, mainly because we don’t know what’s going
on in the company.’’ [Head of the audit committee – Case A]
In Case A, the major source of discomfort for the audit committee results from the weaknesses of not having a formal and
well-developed risk management system. The head of the audit committee refers to certain serious problems that emerged
98 G. Sarens et al. / The British Accounting Review 41 (2009) 90–106

after a recent acquisition that were, according to him, due to the lack of a well-developed risk management system and the
lack of risk awareness. These feelings of discomfort made the audit committee more aware of the importance of risk
management as a crucial decision-supporting tool.
‘‘They don’t take risks into account when making decisions. After this acquisition in [European country], we wanted to
launch two of our brands. but one of them failed. This doesn’t have to do with financial issues, but refers to the strategic
level. We, as the audit committee, are really struggling with this. they just didn’t take it into account that something could
go wrong.’’ [Head of the audit committee – Case A]
Even though the head of the audit committee in Case B is convinced that risk management should become a major topic
for the audit committee, the audit committee itself is not aware of its role in risk management. Consequently, the members do
not feel discomfort in this area. They are convinced that risk management is a responsibility of the internal audit function, but
do not see how the internal auditor can provide comfort in this area:
‘‘The internal auditor is dealing with risk management in a more formal way. but we do not know much about it. However, I
do not feel that the audit committee members really need this information. Do we have to know it?’’ [Head of the audit
committee – Case B]
‘‘Does the audit committee already ask specific questions of the internal auditors?’’ [Interviewer] ‘‘No, we mainly rely on the
external auditors, because they are the ones who are doing audits, aren’t they? Our only source of neutral information on the
internal control system is the external auditor. . The internal auditor actually works for management, which leads to an
important independence problem.’’ [Head of the audit committee – Case B]
Nevertheless, the head of the audit committee was convinced that, given the overall corporate culture, top management
would not appreciate it if the audit committee dealt too much with risk management in a formal way. Thus, without a change
in the overall attitude towards risk management, it would be hard for the internal auditor to become perceived, by the audit
committee, to be an important provider of comfort in this area.
‘‘My audit committee is not really dealing with risk management and internal control. Personally, I think this is a short-
coming. but what can I do about it? It would mean that I have to start interfering with the business. I am sure that this
would lead to problems, given the atmosphere and culture in the company.’’ [Head of the audit committee – Case B]
In Case C, the audit committee works in a pro-active way, which means that the members focus intensely on high-risk
areas that might create problems for the company in the future. This pro-active focus on high-risk areas creates specific needs
for comfort, on behalf of the audit committee. The head of the audit committee illustrates the committee’s way of working, by
describing some major high-risk areas that have created discomfort, and on which the committee currently is focussing. As
will be illustrated later in this paper, the audit committee member’s discomfort with respect to these high-risk areas will lead
to specific expectations of the internal audit function (cf. state sense of comfort).
‘‘.here are some audit reports. I get them all. however, 90% of these reports are thrown away immediately, if they contain
nothing useful that needs our follow-up. These are a few reports I really want to follow-up. For example, this one is about an
audit in [Asian subsidiary]. it turned out that a specific employee had received a loan, but never had paid it back, even after
he left the company. When I see this, I don’t feel comfortable, because I am sure that there are more of these cases out there.
Based upon the experience with my own company, I know that this is part of their culture. Another one was in [another Asian
subsidiary] and mentioned potential fraud with stocks. Risks related to stocks are often an issue on our agenda, as well as
receivables and impairment. two other issues that we closely follow. Our role is to anticipate, as much as possible, what can
go wrong in the future.’’ [Head of the audit committee – Case C]
‘‘Does the audit committee provide input for your planning?’’ [Interviewer] ‘‘Not much, but when they give input, all other
audits are immediately postponed. because I want to make sure that they feel comfortable.’’ [Internal auditor – Case C]
Apart from Case B, all audit committees view the internal audit function as a major source of comfort.

5.3. Specific needs for comfort and specific provisions of comfort

Except for Case B, all audit committees clearly expressed their need for comfort, with respect to the control environment.
This provides a first insight into the state sense of comfort (Carrington and Catasús, 2007); in other words, the information
asymmetries that audit committee members experience that lead to specific expectations towards the internal audit function
to relieve the resulting discomfort. Given the great distance between the audit committee and the operational level, thereby
creating feelings of discomfort, the committee expects the internal audit function to play an important communicator role, so
as to provide an overall impression of the risk and control culture, the integrity of people, and the different kinds of internal
problems. Playing this translator role makes internal audit like a ‘guard of the corporate culture’, providing comfort related to
‘what is going on in the company’. This ‘guard’ role of the internal audit function is a first illustration of the relief sense of
comfort, in other words, a first way for the internal audit function to relieve discomfort among audit committee members
(Carrington and Catasús, 2007).
 G. Sarens et al. / The British Accounting Review 41 (2009) 90–106 99

‘‘We do not have enough contact with the field, as we call it, and that is what we really need to do our job. Therefore, we need
good interaction with the internal auditor. [.] As internal auditor, you hear a lot. about what’s going on in the company.
You develop a good relationship with the people on the floor. that is something our external auditor is missing. Via our
internal auditor, we know much more about our company, because he has contacts with the people on the floor. [.] Our
company is getting bigger and bigger, with activities in different countries, and that’s why we need a ‘translator’. Internal
audit has to play the role of translator. He hears and sees a lot and has to come and tell us what it means according to him. In
other words, he has to improve the communication between the top and the floor, by telling us what is really going on in the
company.’’ [Head of the audit committee – Case A]
In Case D, given the strongly formalised risk management system this company has, the need for comfort related to the
control environment goes further, as the internal audit function is expected to monitor compliance with the company’s
standards of business conduct. More specifically, it is expected of the internal audit function that it actively assists with the
integration of newly-acquired companies, in order to make them evolve towards standardised company policies and
procedures. The audit committee considers this to be an important aspect of the internal audit function’s role as ‘guard of the
corporate culture’. More practically, by providing training and advice in local procedure development, the internal audit
function tries to relieve discomfort in this area.
‘‘We have one standard and that is the [name of the company] standard, and we really stick to this. We are not open to any
compromise.’’ [Head of the audit committee – Case D] ‘‘Does internal audit play a role in the implementation of this
standard?’’ [Interviewer] ‘‘That’s an essential role for them. They are the guards of this standard; they have to make sure that
everyone in the company, wherever they are in the world, follows this standard.’’ [Head of the audit committee – Case D]
‘‘For the past couple of years, we always have done an audit shortly after we acquire a new company and in fact, this audit is
a combination of training and advice in local procedure development. If they don’t have their own procedures, we help them,
based on the existing procedures of the group. You have to do it quickly; don’t wait for two years. because then it is too late.
They have to know from Day 1 what [name of the company] stands for.’’ [Head of the internal audit function – Case D]
In some cases, the audit committee even expects internal auditors, as part of their ‘guard’ role, to become facilitators for
whistle blowing, thereby enabling people in the company to raise concerns about possible improprieties in financial reporting
or other matters:
‘‘It is comfortable to know that people can go to internal audit when they want to report a problem or concern. It also is
clearly mentioned in the charter that people have to sign when they start working in the company that they can always go to
internal audit when they want to communicate any problem. That’s part of the global philosophy: internal audit is my
business partner.’’ [Head of the audit committee – Case D]
Besides the control environment, the case studies indicate that audit committees need comfort related to internal controls
in high-risk areas, which provides us a second insight into the state sense of comfort (Carrington and Catasús, 2007). A risk-
based way of auditing seems to be a good way for the internal audit function to provide comfort to the audit committee. In
order to signal their discomfort, audit committees provide input for the internal audit planning. With respect to the high-risk
areas, audit committees expect the internal audit function to review the existence and effectiveness of internal controls
completed with recommendations, which provides them with a basic level of comfort. Furthermore, audit committees feel
more comfortable fulfilling their monitoring responsibilities, when they see that the internal audit function is able to facilitate
improvements in internal controls. More specifically, this ranges from follow-up of their recommendations, to facilitating the
implementation of recommendations, and even to assisting management with the implementation of recommendations. We
can consider this a second illustration of the relief sense of comfort in the context of this study (Carrington and Catasús, 2007).
It is illustrated by Case A that, given the overall status of the risk management and internal control system, and the averse
attitude of management towards risk management, close follow-up on and even facilitation of the implementation of
recommendations provide additional comfort to the audit committee. By communicating with respect to the follow-up of
audits, and showing how the risk management and internal control systems are improving, the internal auditor is able to
provide valuable information, enabling the audit committee to formulate its own opinions and fulfil its monitoring
responsibilities. The internal auditor confirms that an important source of comfort results from his being able ‘to make things
happen’. More specifically, from internal auditor-prompted discussions on risk management and internal control, increased
awareness and appropriate control actions emerge in different layers of the company:

‘‘I think that [name of the internal auditor] needs time to communicate about his function. He has to prove that he is
a partner of management. He has to prove that he can improve the functioning of our company. [.] I think he has to become
even more the facilitator of his recommendations. By doing that, he can come and tell us how things are improving, that
would definitely be an added value for us. I think he is on the right path.’’ [Head of the audit committee – Case A]
‘‘Currently, I am like a challenger, a driver of innovation, a driver of change management. [.] Based upon some of my recent
audit reports, a handful of smart people have reacted and started to take action to install and improve internal controls. But
don’t forget, I have to keep repeating the same things over and over again.’’ [Internal auditor – Case A]
The audit committee in Case C is convinced that the internal auditor is an important provider of comfort in high-risk areas
and, therefore, clearly signals its need for comfort by giving specific input for the audit planning. The internal auditor
100 G. Sarens et al. / The British Accounting Review 41 (2009) 90–106

considers this input to be an unconditional priority. An investigation into the audit planning confirms the influence of these
high-risk areas on the working agenda of the internal auditor. The fact that the internal auditor was able to encourage
management to take actions for improvement – in other words, that ‘the internal auditor can make things happen’ – has
relieved important sources of discomfort on behalf of the audit committee.
‘‘Our stocks are too high. that is probably the most significant risk for [company name]. We are really focussing on this
issue, because I do not feel like we know enough about this. Numerous actions have been undertaken based upon our input.’’
[Head of the audit committee – Case C] ‘‘Did the internal auditor already do some work on stocks?’’ [Interviewer] ‘‘Yes
absolutely. We have explicitly asked him to do this. After his audits, I was pleased to see that they have hired an external
consultant to develop a new stock management system. This guy has given a presentation at the last audit committee
meeting and I have asked him to come back to one of the next meetings.’’ [Head of the audit committee – Case C]
The head of the internal audit function in Case D admits that she regularly receives specific requests from the audit
committee. Through the members’ questions on the coverage of the internal audit planning, specific audits reflecting major
areas of discomfort are suggested. Each audit committee request reflects a high-risk area for the company and, ultimately,
becomes a priority during internal audit planning. Besides the assurance role, the head of the internal audit function clearly
stresses its role supporting and assisting management. The internal audit webpage on the company intranet illustrates this
vision:
‘‘Does the audit committee give input to internal audit?’’ [Interviewer] ‘‘Definitely! [Name of an Asian subsidiary] is a good
example where we have recently asked them to do an audit. given that certain issues have started to get worse and we were
feeling very uncomfortable about that. [Name of a US subsidiary] is another example where some urgent action was needed.
The follow-up of our recent investments in [names of a few European countries] is a third point that we have recently
suggested to internal audit. [.] On my request, [name of the head of the internal audit function] has assisted with the
development of a procedure to manage our intellectual property rights, because the audit committee was really concerned
about this. especially in our new subsidiaries in [name of an Asian country], where people are not used to this notion. That
is what really concerns us for the future.’’ [Head of the audit committee – Case D]
‘‘Did you ever think about calling in internal audit? In many situations, internal audit may be the partner you are looking for.
We regard all audit projects as opportunities to assist you, as partners, in improving the effectiveness and efficiency of the
business processes or activities you are responsible for.’’ [Internal audit webpage on intranet – Case D]
Knowing that management can call on the internal audit function as a supporting tool contributing to the improvement of
internal controls is an important way to relieve discomfort, on behalf of the audit committee in Case D.
In those companies without a formalised risk management system, the internal audit functions express their intentions to
play a role in the formalisation process. This can be considered a third illustration of the relief sense of comfort. Creating risk
and control awareness and stimulating discussions on risk management and internal controls also are considered crucial
sources of comfort for the audit committee in this ‘transitional phase’. Overall, being resolute and persuasive are important
inter-personal skills for creating risk and control awareness and driving the formalisation process. Furthermore, the internal
audit function often plays the role of educator, making people in the company as well as the audit committee aware of the
theoretical underpinnings and importance of risk management, as well as its own responsibilities. This educating role is an
important strategy by which the internal audit function can promote itself as the expert in the jurisdictional domain of risk
management and internal control, and by consequence, a comfort provider to the audit committee.
‘‘One of my first audit reports provided an assessment of the internal control system. I have presented them [the audit
committee] the major advantages and disadvantages of the so-called ‘soft control environment’ in which we are currently
working and the impact this has on the effectiveness and efficiency of our operations. I have made a few recommendations on
which they have built an action plan. Finally, they [the audit committee] have started a discussion on the control strategy
they want to implement. It seems like I have awakened them, made them more aware of the importance of more formalised
risk management and internal controls. [.] They also expect that I support them in the development of this control strategy.
My major added value is that I have started the whole discussion about risk management.’’ [Internal auditor – Case A]
‘‘They do not know frameworks like COSO and ERM, so I will have to introduce these concepts to them, step by step. Recently, I
illustrated to them the meaning of ‘tone at the top’, as this is a major risk area for the company.’’ [Internal auditor – Case A]
‘‘Internal control is something you have to make people aware of. You know, 90% of our managers are engineers and they
focus on technical issues. therefore, we often have to train these people in internal control issues. [.] This year, I have
written a Guide to Business Conduct and Control that will be used to increase control awareness and to train managers.’’
[Head of the internal audit function – Case D]

5.4. The internal audit function: an expert in providing comfort

The case studies contained herein confirm that the basis for the internal audit function to relieve discomfort on behalf of
the audit committee stems from the unique, abstract knowledge base of the internal auditors. This knowledge consists of
general conceptual knowledge, as well as more specific company-related and practical knowledge on risk management and
internal controls. It is important to see that the first component often results from prior work experience of the internal
 G. Sarens et al. / The British Accounting Review 41 (2009) 90–106 101

auditors, often in external auditing. This illustrates that the knowledge bases of internal and external auditors do not
necessarily conflict; rather, working together, internal and external auditors can create valuable synergies for the provision of
comfort to the audit committee. The second component of knowledge comes from the internal auditors’ familiarity with the
company and their intimate knowledge regarding processes and procedures.
‘‘Does your background as an external auditor has an added value to your current work?’’ [Interviewer] ‘‘Yes, definitely! I
can easily compare the situation at [company name] with other companies in similar industries, how they approach risk
management and internal control.’’ [Internal auditor – Case B]
The audit committee in Case A is convinced that the internal auditor’s specific knowledge and expertise make it possible
for him to focus his internal control evaluation work on a limited number of high-risk areas, and provide a limited number of
specific recommendations to improve the internal controls in these areas. Case D illustrates how the internal audit function’s
own unique approach towards reviewing internal controls, through the use of an internally-developed control framework,
enables the internal auditors to develop idiosyncratic knowledge about internal controls, which is a sound and unique basis
for providing comfort with respect to internal controls. Moreover, playing a management supporting role in the improvement
of internal controls often enables internal auditors to build valuable knowledge that afterwards can be used in their internal
control evaluations. Furthermore, the head of the internal audit function is convinced that her internal auditors have a unique
perspective on the company and its operations, which enables them to provide even more comfort than the external auditors
might:
‘‘I always say to my auditors, your first working instrument is safety goggles, so that you can enter the plants. actually,
that’s our favourite task. If you want to do an inventory audit and you’ve never been in the plant, then you don’t know what
you’re talking about, and you can’t give an opinion on it.’’ [Head of internal audit – Case D]
Due to their internal position, their familiarity with and unique perspectives on the company, and their position close to
the people on the floor, internal auditors seem to be the most suitable to provide comfort in terms of the overall control
environment. Furthermore, having the right communication skills, as well as being able to listen to all kinds of people with an
open and friendly attitude, is an attribute that seems crucial to playing this role.
‘‘What is important to me? That the internal auditor can talk to everyone in the company and also the other way around.
that everyone can go to the internal auditor, without management’s permission, to report things that go wrong [.] He needs
to obtain a lot of information from the people he meets; therefore, he has to have a friendly attitude, can’t scare people, can’t
be a policeman.’’ [Head of the audit committee – Case C]
‘‘It is one of my major objectives to listen to people and give them the chance to talk about their problems. On the first day of
an audit, I always say that they can raise any problem, at any time during the audit.’’ [Internal auditor – Case C]
‘‘The success of a company is based on the success of individuals. people who have their own personal problems. I think that
it is important for internal auditors to take this human aspect into account.’’ [Head of the audit committee – Case D]

5.5. Symbols of comfort

The four case studies illustrate that internal audit reports and formal presentations at audit committee meetings – dis-
cussing major findings, recommendations, management reactions, and action plans – are considered to be crucial outputs of
the internal audit work, reducing the information asymmetry about issues such as risk management and internal control, and
thereby relieving discomfort. Besides these formal symbols of comfort, as Power (1997) calls them, informal contacts through
face-to-face meetings with the head of the internal audit function seem to be an important mean of providing comfort to the
audit committee. Moreover, the internal audit charter, a regularly-used communication instrument that describes the internal
audit function’s roles and objectives, also is an essential instrument for the internal audit function, to demonstrate the
jurisdictional domains in which they can provide comfort.
‘‘When I talk to someone who does not know much about internal audit, I always give them my charter so that they know
what they can expect from me.’’ [Internal Auditor – Case B]
Audit reports clearly are considered to be working instruments for the audit committee in Case C, which is confirmed by
the numerous notes written about them by the head of the audit committee. Besides these formal symbols of comfort, the
audit committee also has regular informal contacts with the internal auditor to discuss specific aspects of his work. These
informal contacts are an important aspect of the relationship between the internal auditor and the audit committee, and
represent an important symbol of comfort to the audit committee (Power, 1997):
‘‘If we have a question about an audit report, we often deal with this in an informal way by phone, so we do not always have
to wait until the next audit committee meeting.’’ [Head of the audit committee – Case C]
Besides formal interactions during the audit committee meetings in Case D, the head of the audit committee has regular
informal contacts with the head of the internal audit function. He regularly meets one-to-one with the head of the internal
audit function, and even attends team meetings of the internal audit department as an informal observer. These informal
102 G. Sarens et al. / The British Accounting Review 41 (2009) 90–106

interactions reveal valuable information for the audit committee, and can be considered an important symbol of comfort for
the audit committee (Power, 1997).

5.6. Joint audit approach

Indications were identified that, despite their different knowledge bases and power strategies, the supposed inter-
professional competition between internal and external auditing is less apparent in the context of providing comfort to the
audit committee. It becomes clear in the cases that a so-called ‘joint audit approach’, combining the knowledge and expertise
of internal and external auditing via well-considered collaboration, offers a way of combining both sources of comfort,
thereby enhancing the overall level of comfort for the audit committee. It turns out that the jurisdictional domain of risk
management and internal control is, to some extent, shared by the internal and external auditors, which makes a joint audit
approach more attractive.
As he is the only one, the internal auditor in Case A is aware of his limitations, with respect to providing comfort to the
audit committee. Therefore, he has started to collaborate actively with the external auditor, as both are convinced that they
have the same goal; namely, creating risk and control awareness and assisting with the formalisation of a risk management
system.
‘‘The external auditor is my ally. We have agreed on a few key issues with respect to the introduction of risk management that
we have to signal to management and the audit committee. I have to admit. we share the same mission.’’ [Internal
auditor – Case A]
In Case B, the motivation for a joint audit approach is different. The audit committee considers the external auditor to be
the expert at reducing their major information asymmetry in internal controls, whereas the internal auditor is expected to
provide the audit committee with more detailed investigations, based upon input from the external auditor, as an additional
expert aiming to reduce the remaining information asymmetry. In other words, the audit committee attempts to combine
these two sources of comfort.
‘‘I need the report of the external auditor on the internal control weaknesses they have found, to feel more at ease. This
independent report is a source of input to the internal auditor who can start digging deeper into the problems.’’ [Head of the
audit committee – Case B]
In accordance with the expectations of the audit committee in Case D, the head of the internal audit function makes
significant efforts to improve the relationship with the external auditor and, by doing so, actively contributes to a joint audit
approach. More specifically, the head of the internal audit function regularly meets with the external auditor to exchange
information on risks, problems and work performed, in order to avoid duplication. They even have the intention of developing
a coverage chart, in an attempt to jointly achieve broader and better coverage of risk and internal control reviews, which will
create more comfort for the audit committee.
‘‘It is important to strive towards complete synergy between the internal and external auditor. For the past couple of years,
this has been one of my goals: to optimise the collaboration between internal and external audit, which has not always been
easy. I have to admit that we have made a lot of progress.’’ [Head of the audit committee – Case D]

6. Conclusions and discussion

It can be concluded that the notion of comfort, initially introduced by Pentland (1993) and further operationalised by
Carrington and Catasús (2007), combined with concepts from the sociology of professions literature (Abbott, 1988; Cooper,
1992; Reed, 1996), provides a relevant framework by which to study the relationship between the internal audit function and
the audit committee. Overall, this paper contributes to the literature by digging deeper into the relationship between the
internal audit function and the audit committee, thereby complementing recent qualitative studies in this area that all have
suggested the increased importance of this relationship from a corporate governance perspective, without explaining why
(Beasley et al., 2009; Gendron et al., 2004; Gendron and Bédard, 2006; Turley and Zaman, 2007). In other words, this study
has investigated an unexplored aspect of audit committee effectiveness, and opens several interesting avenues for future
research. Fig. 1 summarises the major insights generated by this study.
With respect to the risk management and internal control system, all four cases can be situated somewhere on
a continuum, ranging from ‘not formalised’ to ‘strongly formalised’. This paper has identified an important contextual
variable, by illustrating that the status of the risk management and internal control system, as well as the way management
approaches risks and internal controls, has an influence upon the specific needs for comfort of audit committees and,
consequently, upon the specific ways in which the internal audit function can provide comfort. This refers to what Carrington
and Catasús (2007) call the renewal sense of comfort. In other words, the perception of discomfort on behalf of the audit
committee changes, due to evolution in the company’s risk management and internal control approach. This offers interesting
opportunities for longitudinal research, to investigate how the needs for comfort on behalf of the audit committee change as
the status of the risk management and internal control system and management’s approach towards risks and internal
controls change over time.
 G. Sarens et al. / The British Accounting Review 41 (2009) 90–106 103

Institutional context: growing monitoring responsibilities

Risk management (RMAN) and internal control (IC) system

Input for audit planning

AUDIT COMMITTEE INTERNAL AUDIT

awareness on RMAN and IC - abstract system of knowledge
on RMAN and IC:
information asymmetry * general, conceptual knowledge
* company-specific knowledge
discomfort on: - interpersonal skills
- control environment
- internal controls - guard of corporate culture
- IC review (assurance)
- IC improvement via
* recommendations
* follow-up of recommendations
* facilitation of implementation
- formalisation of RMAN system
- joint audit approach with external
audit

comfort

Symbols of comfort:
- internal audit reports
- internal audit presentations
- informal / private contacts

Fig. 1. Major insights.

The case studies illustrate that the more the audit committee is aware of risk management and internal control issues and
its own monitoring responsibilities in this regard, the more its members tend to deal with these issues during their meetings;
and, consequently, the more they seek comfort, inspired by feelings of discomfort resulting from the information asymmetry
problem suggested by Raghunandan et al. (1998, 2001). Based upon the case study insights, it can be argued that the internal
audit function is an important source of comfort for audit committees, especially in the jurisdictional domain of risk
management and internal control. Audit committees signal their needs for comfort, through the provision of specific input for
the internal audit planning.
More specifically, the audit committees in this study require comfort in two specific areas, which can be interpreted in the
context of what Carrington and Catasús (2007) call the state sense of comfort. First, they feel uncomfortable about the overall
control environment of the company, which is inherent in their non-executive position. Therefore, the internal audit function
is expected to be the ‘guard of the corporate culture’, playing a communicator role between the audit committee and the
operational level, thereby relieving discomfort with respect to the control environment. Second, they need comfort with
respect to internal controls in high-risk areas. Comfort results from the internal audit function’s traditional assurance role,
stemming from the regular review of internal controls. Nevertheless, knowing that management can call on internal audit to
support and assist them, thereby contributing to the improvement of internal controls, seems to be an even more significant
source of comfort for audit committees. This finding is in line with the findings of Gendron et al. (2004), who found that audit
committee members become comfortable with internal controls by assessing the extent to which managers adopt appro-
priate measures to solve deficiencies highlighted in internal audit reports. This study determined that the internal audit
function’s advising, supportive and facilitative roles are significant in the relief of discomfort, as experienced by the audit
committee. Furthermore, it was found that, especially in those companies that lack a formal risk management system, the
internal audit function’s role in formalising the risk management system also can be a crucial source of comfort for the audit
committee. These findings confirm our argument that comfort must be considered the final effect of the different kinds of
internal audit service (ranging from an inherent guard role via basic assurance services to a broad range of advisory services)
on comfort seekers.
As suggested by Abbott (1988) and Reed (1996), this study confirms that the internal auditors’ unique abstract knowledge
base enables the internal audit function to provide comfort to the audit committee. This knowledge consists of general
conceptual knowledge, as well as more company-specific and practical knowledge on risk management and internal control.
The former often results from previous work experiences (e.g. in external auditing); conversely, the latter comes from the
internal auditors’ familiarity with the company, and intimate knowledge regarding its processes and procedures, which is in
104 G. Sarens et al. / The British Accounting Review 41 (2009) 90–106

line with the arguments of Covaleski et al. (2003). Their involvement in improving internal controls, an important way to
provide comfort to the audit committee, also allows internal auditors to develop this knowledge (on-the-job learning).
Additionally, this study highlights the importance of the inter-personal and behavioural skills of internal auditors, while they
strive to be providers of comfort to the audit committee. In other words, their ability to provide comfort to the audit
committee strongly depends upon the qualifications of the internal auditors. Taking into account that it is not easy for
companies to recruit internal auditors with a suitable background (ECIIA, 2008) – that being a balance between conceptual
knowledge in risk management and internal controls and sufficient familiarity with the business, on one hand, and the
necessary inter-personal and behavioural skills, on the other – it remains a continuous challenge for internal audit functions
to keep providing comfort to their audit committees.
Internal audit reports and presentations at audit committee meetings are important, being what Power (1997) calls
symbols of comfort. Additionally, informal or private contacts between the internal audit function (via the head of the
department) and the audit committee seem to be crucial means to transfer comfort, thereby supporting the growing
importance of private and informal meetings for audit committee effectiveness, as previously suggested by Beasley et al.
(2009) and Turley and Zaman (2007). This finding also could explain the increased attention of current European corporate
governance guidelines to the strengthening of the relationship between the internal audit function and the audit committee,
via formal as well as informal meetings. One could argue that observations of these informal interactions would be the
ultimate way to further enhance our understanding of the complex relationship between them, as also suggested by Spira
(2002) and Gendron and Bédard (2006).
Contrary to the concept of inter-professional competition suggested by Abbott (1988) and previously illustrated by
Covaleski et al. (2003), this study argues that combining the knowledge and expertise of internal and external auditing via
a joint audit approach could be one way to enhance the overall level of comfort the audit committee experiences. Using
Abbott’s (1988) terminology, it can be suggested that the jurisdictional domain of risk management and internal control is
shared by internal and external auditors. A more detailed study of this joint audit approach, including interviews with both
groups, would be an interesting contribution to the literature.
This study suffers from a few shortcomings. Even though case studies do not allow us to generalize our findings, we are
convinced that the key findings gleaned from the four case studies are relevant to most Belgian, as well as many other
continental European companies. It must be stressed that we purposely selected four companies that can be considered
representative of Belgian companies that have both an audit committee and an internal audit function, in terms of four
specific variables (cf. methodology section). Moreover, Belgian audit committee practices are representative of any conti-
nental European country that is adopting a one-tier board structure (cf. Willekens et al., 2004). Nevertheless, future research
could investigate the robustness of our findings by taking into account, for example, the impact of different firm size,
differences in the geographical dispersion of operations, and different risk profiles.
Second, one must admit that neither the existing literature in this area nor this study provides straightforward evidence
that audit committees more comfortable with respect to risk management and internal control are more effective in fulfilling
their responsibilities, in terms of enhancing financial reporting quality. Though the findings of this study may suggest
a positive correlation, further research is needed to test this assumption, thereby taking both sources of comfort (internal and
external audit) into account; such research could be ground breaking.
Finally, we did not take into account the extent to which the internal audit function is perceived by the audit committee as
independent of management, or the impact that this perception has on the relationship between the internal audit function
and the audit committee. However, the basic requirements that should guarantee the independence of the internal audit
function are fulfilled in all four companies. In all four companies, the audit committee is in charge of the appointment,
evaluation and dismissal of the CAE, and approves the internal audit budget. Besides, the internal audit function at all four
companies has a direct reporting line to the audit committee. We do admit that independence also refers to more subjective
issues, such as any limitations in the scope of the internal audit function that might exist. Including the impact of this highly-
subjective dimension extends far beyond the scope of this paper; further research is needed to draw conclusions regarding
this issue. A recent Australian study by Christopher et al. (2009) has shown that the internal audit function’s relationship with
management could create serious independence threats. However, the investigators also found that the relationship with the
audit committee somewhat counteracts these independence threats.

Acknowledgement

Earlier drafts of this paper have been discussed at the PhD Workshop of the Third European Auditing Research Network
Symposium (Amsterdam – October 27, 2005), the Doctoral Colloquium of the European Accounting Association (Dublin –
March 19–21, 2006), the Fourth Academic Conference on Internal Audit and Corporate Governance (London – April 5–7, 2006)
and the Research Seminar in Accounting (Ghent – August 24, 2006). Special thanks to Jan Mouritsen (Copenhagen Business
School), Michael Shields (Michigan State University), Alfred Wagenhofer (University of Graz) and Rogier Deumes (University
of Maastricht) for their useful suggestions. Furthermore, we appreciate the comments provided by Jeffrey Ridley (London
South Bank University), Carlos Larrinaga (University of Burgos), Ann Vanstraelen (University of Maastricht) and Johan
Christiaens (Ghent University). We would also like to thank both referees and the associate editor for their constructive
feedback.
 G. Sarens et al. / The British Accounting Review 41 (2009) 90–106 105

Appendix 1. Interview guide

Guiding questions for the Head of the Audit Committee

 What does ‘corporate governance’ mean for your company?
 How did the responsibilities of your audit committee evolve during the past three to five years? How do you feel about
this?
 How does the company approach risk management and internal control? How do you feel about this approach? Could you
give examples?
 To what extent is your audit committee dealing with risk management and internal control? How did this evolve during
the past three years? Could you give examples?
 To what extent do the internal audit function in general and the internal audit work more specifically support your audit
committee? How do you feel about this? Could you give examples?
 Does your audit committee influence the agenda of the internal audit function? If yes, could you give examples?
 How do you feel about the role of the internal audit function in risk management and internal control?
 What is according to you the basis for this supporting role? Could you give examples?
 To what extent does the external auditor support your audit committee? How do you feel about this? Could you give
examples?
 Overall, how do you perceive the internal audit function within your company?

Guiding questions for the Internal Auditor or Head of Internal Audit (dealt with during the two interviews)
 How does your company approach risk management and internal control? How did this evolve during the past three
years? Could you give examples?
 To what extent is the audit committee dealing with risk management and internal control? How did this evolve during the
past three years? Could you give examples?
 How do you perceive your relationship with the audit committee? How did this relationship evolve during the past three
to five years? Could you give examples?
 Does the audit committee influence the agenda of the internal audit function? If yes, could you give examples?
 What is, in your company, the role of the internal audit function in risk management and internal control?
 To what extent does the internal audit function’s role in risk management and internal control support the audit
committee? Could you give specific examples?
 What is according to you the basis for this supporting role? Could you give examples?
 To what extent are you collaborating with the external auditor?
 Overall, how is the internal audit function perceived within your company?

References

Abbott, A., 1988. The Systems of Professions: an Essay on the Division of Expert Labor. The University of Chicago Press, Chicago.
Abbott, L.J., Park, Y., Parker, S., 2000. The effects of audit committee activity and independence on corporate fraud. Managerial Finance 26 (11), 55–67.
Beasley, M.S., 1996. An empirical analysis of the relation between the board of director composition and financial statement fraud. The Accounting Review
71 (4), 443–466.
Beasley, M.S., Carcello, J.V., Hermanson, D.R., Lapides, P.D., 2000. Fraudulent financial reporting: consideration of industry traits and corporate governance
mechanisms. Accounting Horizons 14 (4), 441–454.
Beasley, M.S., Carcello, J.V., Hermanson, D.R., Neal, T.L., 2009. The audit committee oversight process. Contemporary Accounting Research 26 (1),
65–122.
Bédard, J., Marrakchi Chtourou, S., Courteau, L., 2004. The effect of audit committee expertise, independence, and activity on aggressive earnings
management. Auditing: A Journal of Practice & Theory 23 (2), 13–35.
Belgian Corporate Governance Committee, 2004. Belgian code on corporate governance. Available from: http://www.commissiecorporategovernance.be.
Carcello, J.V., Hermanson, D.R., Raghunandan, K., 2005. Changes in internal auditing during the time of the major US accounting scandals. International
Journal of Auditing 9 (2), 117–127.
Carrington, T., Catasús, B., 2007. Auditing stories about discomfort: becoming comfortable with comfort theory. European Accounting Review 16 (1), 35–58.
Chambers, A., 2005. Tottel’s Corporate Governance Handbook, third ed. Tottel Publishing, Haywards Heath.
Christopher, J., Sarens, G., Leung, P., 2009. A critical analysis of the independence of the internal audit function: evidence from Australia. Accounting,
Auditing & Accountability Journal 22 (2), 200–220.
Cohen, J.G., Krishnamoorthy, G., Wright, A.M., 2004. The corporate governance mosaic and financial reporting quality. Journal of Accounting Literature 23,
87–152.
Collier, P., Zaman, M., 2005. Convergence in European corporate governance: the audit committee concept. Corporate Governance: An International Review
13 (6), 753–768.
Cooper, R., 1992. Forms of organization as representation: remote control, displacement and abbreviation. In: Reed, M., Hughes, M. (Eds.), Rethinking
Organization: New Directions in Organization Theory and Analysis. Sage, London, pp. 254–272.
Covaleski, M.A., Dirsmith, M.W., Rittenberg, L., 2003. Jurisdictional disputes over professional work: the institutionalization of the global knowledge expert.
Accounting, Organizations and Society 28 (4), 323–355.
Dechow, P.M., Sloan, R.G., Sweeney, A.P., 1996. Causes and consequences of earnings manipulation: an analysis of firms subject to enforcement action by the
SEC. Contemporary Accounting Research 13 (1), 1–36.
DeFond, M.L., Jiambalvo, J., 1991. Incidence and circumstances of accounting errors. The Accounting Review 66 (3), 643–655.
DeZoort, F.T., Salterio, S., 2001. The effects of corporate governance experience and audit knowledge on audit committee members’ judgment. Auditing: A
Journal of Practice and Theory 20 (2), 31–47.
106 G. Sarens et al. / The British Accounting Review 41 (2009) 90–106

DeZoort, F.T., Hermanson, D.R., Archambeault, D.S., Reed, S.A., 2002. Audit committee effectiveness: a synthesis of the empirical audit committee literature.
Journal of Accounting Literature 21, 31–47.
European Parliament and Council of the European Union, 2006. Directive on Statutory Audits of Annual Accounts and Consolidated Accounts.
European Confederation of Institutes of Internal Auditing, 2005. Position Paper: Internal Auditing in Europe.
European Confederation of Institutes of Internal Auditing, 2008. Common Body of Knowledge: a State of the Art of the Internal Audit Profession in Europe.
Research Report. Erich Schmidt Verlag, Berlin.
Gendron, Y., Bédard, J., Gosselin, M., 2004. Getting inside the black box: a field study of practices in ‘‘effective’’ audit committees. Auditing: A Journal of
Practice and Theory 23 (1), 153–171.
Gendron, Y., Bédard, J., 2006. On the constitution of audit committee effectiveness. Accounting, Organizations and Society 31 (3), 211–239.
Kolcaba, K.Y., Kolcaba, R.J., 1991. An analysis of the concept of comfort. Journal of Advanced Nursing 16 (11), 1301–1311.
Krishnan, J., 2005. Audit committee quality and internal control: an empirical analysis. The Accounting Review 80 (2), 649–675.
McMullen, D.A., 1996. Audit committee performance: an investigation of the consequences associated with audit committee. Auditing: A Journal of Practice
and Theory 15 (1), 87–103.
Miles, M.B., Huberman, A.M., 1994. Qualitative Data Analysis, second ed. Sage Publications, London.
Patton, M.Q., 2002. Qualitative Research and Evaluation Methods, third ed. Sage Publications, California.
Pentland, B.T., 1993. Getting comfortable with the numbers: auditing and the micro-production of macro-order. Accounting, Organizations and Society 18
(7–8), 605–620.
Power, M., 1997. The Audit Society: Rituals of Verification. Oxford University Press, Oxford.
Raghunandan, K.R., Rama, D.V., Scarbrough, D.P., 1998. Accounting and auditing knowledge level of Canadian audit committees: some empirical evidence.
Journal of International Accounting, Auditing and Taxation 7 (2), 181–194.
Raghunandan, K.R., Read, W.J., Rama, D.V., 2001. Audit committee composition, gray directors, and interaction with internal auditing. Accounting Horizons
15 (2), 105–118.
Reed, M.I., 1996. Expert power and control in late modernity: an empirical review and theoretical synthesis. Organization Studies 17 (4), 573–597.
Sarens, G., De Beelde, I., 2006. The relationship between internal audit and senior management: a qualitative analysis of expectations and perceptions.
International Journal of Auditing 10 (3), 219–241.
Scarbrough, D.P., Rama, D.V., Raghunandan, K.R., 1998. Audit committee composition and interaction with internal auditing: Canadian evidence. Accounting
Horizons 12 (1), 51–62.
Spira, L.F., 1999. Ceremonies of governance: perspectives on the role of the audit committee. Journal of Management and Governance 3 (3), 231–260.
Spira, L.F., 2002. The Audit Committee: Performing Corporate Governance. Kluwer Academic Publishers, London.
Spira, L.F., 2003. Audit committees: begging the question. Corporate Governance: An International Review 11 (3), 180–188.
The Institute of Internal Auditors, 1994. The IIA’s Perspective on Outsourcing Internal Auditing. Altamonte Springs, Florida.
The Institute of Internal Auditors, 2004. International standards for the professional practice of internal auditing. Available from: http://www.theiia.org/
?doc_id¼1499.
The Institute of Internal Auditors Belgium, 2006. Internal Audit in Belgium: the Shaping of Internal Audit Today and the Future Expectations – Survey
Results. The Institute of Internal Auditors Belgium, Brussels.
Turley, S., Zaman, M., 2004. The corporate governance effects of audit committees. Journal of Management and Governance 8 (3), 305–332.
Turley, S., Zaman, M., 2007. Audit committee effectiveness: informal processes and behavioral effects. Accounting, Auditing & Accountability Journal 20 (5),
765–788.
Willekens, M., Vander Bauwhede, H., Gaeremynck, A., 2004. Voluntary audit committee formation and practices among Belgian listed companies. Inter-
national Journal of Auditing 8 (3), 207–222.
Yin, R.K., 1994. Case study research: design and methods. In: Applied Social Research Methods Series, second ed., vol. 5. Sage Publications, Thousand Oaks.