774852

research-article2018
JMIXXX10.1177/1056492618774852Journal of Management InquiryChristopher

Non-Traditional Research

Journal of Management Inquiry

The Failure of Internal Audit: Monitoring

1­–12
© The Author(s) 2018
Reprints and permissions:
Gaps and a Case for a New Focus sagepub.com/journalsPermissions.nav
DOI: 10.1177/1056492618774852
https://doi.org/10.1177/1056492618774852
jmi.sagepub.com
journals.sagepub.com/home/jmi

Joe Christopher1

Abstract
Within the management and organization field, the internal audit function (IAF) plays an important role in enhancing good
governance. Given the spate of corporate collapses over the last 20 years, this article draws on a multitheoretical approach
to governance and a critical review of the published literature to identify where IAFs have failed, and to provide a new focus
to strengthen their role. Common themes regarding monitoring gaps by IAFs were identified as occurring across three
governance levels. A contributory cause for these gaps is the poor structural and functional arrangements of the IAF, arising
from the considerable flexibility afforded in its setup and delivery of services. A negative consequence of this flexibility is the
ability of the board and management to manipulate the role of the IAF to the extent that it is not aligned with the intention
of its setup as encapsulated in its definition.

Keywords
corporate culture, ethics, financial control, multilevel framework, organizational behavior

Introduction an independent, objective assurance and consulting activity

Internal auditors are an important component of the gover-
nance framework drawn from the agency theory concept of
separation of ownership and control (Berle & Means, 1932;
Jensen & Meckling, 1976). The emphasis of such gover-
nance frameworks is on the development and implementa-
tion of incentives and control processes to maximize the
return on equity capital given the separation of ownership
and control (Shleifer & Vishny, 1997), and the monitoring of
such processes by external and internal auditors.
The goal of this monitoring activity is to ensure the
interests of the board and management are aligned with
those of shareholders (Soltani, 2014). While external audi-
tors focus on assuring investors that the board and manage-
ment are meeting their accountability obligations through
annual financial statement audits (Power, 1997, 1999),
internal auditors focus on assisting the board and manage-
ment with meeting their accountability obligations by mon-
itoring the effectiveness of the control processes developed
and implemented by them across the governance paradigm
(Beasley, Carcello, Hermanson, & Lapides, 2000; Coram,
Ferguson, & Moroney, 2008; Gramling, Maletta, Schneider,
& Church, 2004; Spira & Page, 2003). The monitoring role
of internal audit functions (IAFs) in this context has also
been described as a service that invariably provides a timely
fraud risk assessment and early detection of fraud (Ege,
2015; The Institute of Internal Auditors [IIA], 2013;
Rezaee, 2005). This broad role is encapsulated in the defi-
nition of IAF:
designed to add value and improve an organization’s operations.
It helps an organization accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control and governance
processes. (IIA, 1999)
The above theoretical framework for effective gover-
nance has unfortunately not been achieved on a consistent
basis in practice. This is evidenced by the spate of corporate
collapses that have occurred over the last 20 years because of
a breakdown of such controls and violations of them by cor-
rupt individuals who are in power for personal or group gain
(Williams, 2000; Zyglidopoulos, 2015).
In response to this corruption scenario, there have been
attempts to promote anti-corruption practices, but many of
these relate to external regulations, and expose tension
between corruption prevention and detection (Slager, 2017).
There have also been attempts to improve governance prac-
tices with a focus on a greater level of transparency require-
ments through improved disclosure and reporting
requirements and greater accountability of the external audi-
tors, board, and management.
1
RMIT University, Melbourne, Australia
Corresponding Author:
Joe Christopher, School of Accounting, RMIT University, 445 Swanston
Street, Melbourne, Victoria 3000, Australia.
Email: Joe.Christopher@rmit.edu.au
2 Journal of Management Inquiry 00(0)
Relevant research tends to focus on the persistent limita-
tions of external auditors in preventing or detecting corporate
frauds (e.g., Carnegie & O’Connell, 2014; Guenin-Paracini &
Gendron, 2010; Jones, 2011; Sikka, 2009), or corruption pre-
vention and detection procedures through external audit or
risk management means (Clemente & Gabbioneta, 2017;
Nelson, 2016; Slager, 2017; Zyglidopoulos, 2015); no study
has specifically sought to establish the limitations of IAFs in
preventing or detecting ongoing corporate fraud as part of
their wider role of enhancing governance.
This article addresses this research gap by critically ana-
lyzing the published literature on corporate failures, synthe-
sizing the areas in which controls across the governance
paradigm have been breached, and analyzing where the IAFs
have failed in their role of preventing or detecting these
breaches of controls in a timely manner. The consequent
research questions investigated are as follows:
Research Question 1: What are the monitoring gaps that
have caused corporate scandals?
Research Question 2: How can internal audits address
these monitoring gaps and prevent future corporate
scandals?
On a broader front, this study also responds to calls for
more research on shaping the behavior of individuals and
groups to halt the damaging march of the corruption norm
(Nelson, 2016). The study argues that IAFs, through an
improved role aligned with the definition of internal audit,
can assist in reversing this damaging trend.
The remainder of the article is arranged as follows. The
multitheoretical approach to governance is introduced to
illustrate the concept of the wider governance paradigm
resulting from a wider stakeholder base, wider contractual
obligations, and wider controls to be developed, imple-
mented, and monitored. The methodology used to review the
published literature for a critical analysis is thereafter dis-
cussed. The article then draws on the multitheoretical
approach to identify monitoring gaps that have contributed
to corporate scandals and uses this as a basis to develop a
suggested paradigm of controls on which internal auditors
need to focus in their reviews as part of their annual audit
plan to prevent and/or detect corporate scandals in the future.
The final section provides a concluding discussion.
Multitheoretical Approach
Contemporary views on governance suggest that the agency-
oriented governance paradigm (Berle & Means, 1932; Jensen
& Meckling, 1976) is too narrow and does not allow for the
recognition of a wider set of influencing forces affecting the
governance paradigms of organizations (Aguilera, Filatotchev,
Gospel, & Jackson, 2008; Daily, Dalton, & Canella, 2003;
Filatotchev, 2008; Young & Thyil, 2008). This suggestion has
led to the development of an extended governance paradigm,
drawn from multiple theories (Christopher, 2010). Effective
governance is achieved under this multitheoretical scenario
through the reconciliation of the wider set of contractual obli-
gations arising from wider influencing forces, with a corre-
spondingly wider set of controls.
The multitheoretical model (Christopher, 2010) posits
that these wider controls occur across three governance lev-
els. The first relates to controls that provide for the recogni-
tion of the varied environmental influencing forces, and
consequently the wider stakeholder base associated with
them; the second relates to those controls required to manage
the needs of the wider stakeholder base at the board level;
and the third relates to the control processes necessary at the
operational level to assist the board and management to meet
their wider accountabilities. The three control levels are dis-
cussed below.
The First Level of Control—The Stakeholder Level
of Governance
In the multitheoretical model, the need to recognize the inter-
ests of all stakeholders strategically and operationally is
informed by agency theory (Berle & Means, 1932; Jensen &
Meckling, 1976) and complemented by stakeholder theory
(Donaldson & Preston, 1995; Freeman, 1994). While agency
theory proposes the need to recognize the shareholders,
stakeholder theory identifies the need to recognize any group
or individual who can affect, or is affected by, the perfor-
mance of the organization. The actual stakeholder base of an
organization can therefore lie anywhere along this agency–
stakeholder spectrum.
It is argued that in today’s organizations, a wider stake-
holder base exists primarily as a result of their exposure to
wider global influences. This is attributed to changing social
trends, institutional expectations, and expectations from pri-
mary stakeholders. Waddock, Bodwell, and Graves (2002)
referred to these wider communities as including employees,
suppliers and customers whose continuing participation and
interest is crucial to the organization, as well as non-govern-
ment organizations, activists, communities, and governments,
arising from the growing concern for human rights standards,
labor standards, and environmental concerns. Berry and
Rondinelli (1998) and Cobb, Collison, Power, and Stevenson
(2005) also demonstrated similar evidence for the need to rec-
ognize the wider interests of these stakeholders, as they assist
in ensuring organizations make socially responsibly deci-
sions, and provide a strong link between corporate gover-
nance and corporate social responsibility. A further pressure
on the boards and management of today’s organizations to
recognize the wider stakeholder community results from the
changing legislative view of fiduciary duties, which places
responsibility on boards to also recognize the interest of non-
shareholder groups (Boatright, 1994; Marens & Wicks, 1999).
Christopher 3
The Second Level of Control—The Board Level of
Governance
The multitheoretical model suggests that agency theory and
stakeholder theory should be complemented with resource
dependency theory, which identifies the need to recognize
the different levels of quality and effectiveness of directors
(also referred to as “board capital”) to appropriately manage
the different or extended contractual obligations associated
with different stakeholder needs. The model essentially pos-
its that the level of an organization’s stakeholders can be any-
where along the agency–stakeholder axis, depending on its
complexity and the nature of its operations, and that these
various stakeholders require correspondingly skilled and
experienced representation on boards to ensure their needs
are addressed (Boyd, 1990; Daily & Dalton, 1994; Gales &
Kesner, 1994; Hillman, Cannella, & Paetzold, 2000; Pfeffer,
1972; Pfeffer & Salancik, 1978). This concept is also sup-
ported by prior studies that have demonstrated a strong rela-
tionship between board capital and firm performance (e.g.,
Boyd, 1990; Dalton, Daily, Johnson, & Ellstrand, 1999;
Pfeffer, 1972).
The quality of the board capital, therefore, invariably also
establishes the “tone at the top,” which is central to establish-
ing the overall ethical environment of the organization (Reed,
Vidaver-Cohen, & Colwell, 2011; M. S. Schwartz, Dunfee,
& Kline, 2005). It is thus argued that if an organization does
not have the right controls to facilitate an appropriate level of
board capital to oversee its operations, a culture could be cre-
ated that may facilitate a weak control environment and
fraud (Hermanson, Ivancevich, & Ivancevich, 2008;
Lamberton, Mihalek, & Smith, 2005).
The Third Level of Control—The Operational
Level of Governance
The types of controls implemented at this level vary with the
level of the trust culture associated with an organization.
Christopher’s multitheoretical model proposes that this sce-
nario is informed by agency theory and complemented by
stewardship theory (Davis, Schoorman, & Donaldson, 1997;
Donaldson & Davis, 1991). The model posits that at the
operational level of governance, all organizations are placed
along an agency–stewardship theory spectrum. At one end is
the agency-oriented governance paradigm, which is associ-
ated with less trust, and hence provides for a more stringent
monitoring control environment. This is characterized by
strong monitoring and extrinsic controls. At the other end is
the stewardship-oriented governance paradigm, which is
influenced by a culture of trust and professionalism. This
control environment is characterized by more empowerment
and greater use of intrinsic controls (Davis et al., 1997;
Donaldson & Davis, 1991). The theory posits that if organi-
zations are not appropriately equipped with the right type of
controls at the operational level of governance, a culture of
errors and fraud may develop.
Method
The selection of papers for this review focused on publica-
tions that have discussed and/or provided empirical evi-
dence concerning corporate scandals. We used three
electronic databases—ISI Web of Knowledge, SCOPUS,
and Proquest—and searched for publications containing the
terms “corporate scandals” or “scandal” or “fraud.” These
papers included those that discussed the causes of corporate
scandals in general but did not necessarily relate to a spe-
cific corporate scandal. We considered papers published
from 2000 to 2015. The main reason for choosing 2000 as a
cut-off point was that most large corporate scandals and cor-
porate governance reforms at an international level occurred
after that date.
We first screened the identified papers based on their titles
and abstracts. We then downloaded a selected set of papers
based on their relevance to the study, and read and summa-
rized them. We extracted key information relative to control
weaknesses from each paper to align them with the theoreti-
cal governance control paradigm of Christopher (2010).
These included control weaknesses at the stakeholder level
of governance, control weaknesses at the board level of gov-
ernance, and control weaknesses at the operational level of
governance. We also included an additional category: control
weaknesses in the setup of the IAF. This category essentially
gathered information to determine whether the IAFs were
established and operating as intended. General themes
regarding the specific nature of these control weaknesses
within each category were then identified.
To further confirm if the themes relating to the control
weaknesses that contributed to the scandals identified
through the general review related to all corporate scandals,
an extended review was undertaken covering six specific
corporate scandals that occurred between 2000 and 2015.
This aspect of the review was undertaken to provide the
rigor required in structured literature reviews (Massaro,
Dumay, & Guthrie, 2016), as well as to determine if any
fundamental changes in these control weaknesses have
occurred as a result of governance policy improvements
over the intervening years. The six corporate scandals iden-
tified via a Google search using the term “corporate scan-
dals” are WorldCom (the United States), Parmalat (Italy),
Lehman Brothers (the United States), Satyam (India),
Olympus (Japan), and Volkswagen (Germany). Some
aspects of the Lehman Brothers collapse were also covered
in the initial general review.
The study recognizes that controls are developed and
implemented across the governance paradigm to facilitate
good governance and prevent or detect fraud and hence is
only concerned with identifying control weaknesses in
4 Journal of Management Inquiry 00(0)
organizations where individuals or groups of individuals
have abused such control weaknesses. Therefore, the sam-
ples of organizations reviewed were selected only from such
organizations.
Analysis and Results
The First Level of Control—The Stakeholder Level
of Governance
The common theme arising from the corporate scandals
reviewed is that the wider stakeholder interest was not
addressed. In the Lehman Brothers case, for example, Presley
and Jones (2014) argue that the main stakeholders were the
debtors (investors in debt instruments) and not the stock-
holders, and that the management failed to provide oversight
to protect their interests. In the Enron case, one cause of the
scandal was attributed as being self-interested managers mis-
using their positions for their own benefit at the expense of
shareholders and other stakeholders (Arnold & De Lange,
2004; Clarke, 2005; Low, Davey, & Hooper, 2008; Roberts,
McNulty, & Stiles, 2006; J. M. Schwartz, 2002). In the case
of Salomon Brothers, Lewis (1990) describes how the com-
pany culture viewed customers as deserving to be exploited
because of their ignorance. Others, such as Ho (2009), illus-
trate how Wall Street investment banks rationalized ques-
tionable professional actions at the expense of their wider
stakeholder base. Power (2013) illustrates how rogue leaders
from Maxwell to Madoff have used their organizations to
engage in fraud against their wider stakeholder base, such as
employees, pensioners, customers, and other stakeholders.
Furthermore, Low and colleagues (2008) provide a list of
companies that have experienced financial distress because
the interests of such stakeholders (other than shareholders)
are not recognized strategically. This in turn has led to vari-
ous controls necessary for monitoring stakeholder needs
being bypassed at both the board and operational levels of
governance. Low and colleagues (2008) argue that the boards
and senior officers of the companies that caused these scan-
dals were more concerned with their self-interest and ignored
the consequences for society—an important stakeholder.
Young (2003) argues that the self-interest of certain indi-
viduals within organizations is associated with capitalist ide-
ology, and it is this ideology that has led to corporate
scandals; moreover, as monitoring agents, accountants have
played a role in them. In a similar vein, Saravanamuthu
(2004) refers to the external auditor’s alignment with com-
mercial interests as abandoning its public interest role toward
multiple stakeholders.
An analysis of a further six corporate collapse cases
(WorldCom, Parmalat, Lehman Brothers, Olympus, Satyam,
and Volkswagen) that occurred worldwide between 2000 and
2015 further confirmed the control weaknesses of not recogniz-
ing the interest of the wider stakeholder base as contributing to
the respective corporate collapses. These control weaknesses
occurred at the board and operational levels of governance and
refer to control processes that should be in place: strategically,
to ensure the interests of the various stakeholders are recog-
nized in the strategic plan as approved by the board; operation-
ally, to ensure their interests are embedded in the budgeting,
accounting, performance management, risk management, and
reporting systems; and that the whole cycle of control pro-
cesses at the strategic and operational levels of governance are
aligned and subject to regular oversight by the board and man-
agement through the monitoring role of external and internal
auditors.
The board and management, who are primarily responsi-
ble for developing and implementing the respective controls
to recognize the wider stakeholder base, appear to have failed
in their accountability obligations in meeting this responsi-
bility. This led to an abuse of the weak control environment.
Much of this was due to two types of corruption as defined
by Zyglidopoulos (2015): abuse of power by individuals or
groups for private gain given a system of existing norms or
rules/controls, and abuse of power by individuals or groups
in that they change the existing rules or norms to unfairly
benefit them.
While Young (2003), Saravanamuthu (2004), and a host
of other researchers (e.g., Carnegie & O’Connell, 2014;
Guenin-Paracini & Gendron, 2010; Jones, 2011) refer to a
lack of adequate monitoring by external auditors as contrib-
uting to these scandals, the analysis also implies that the IAF,
in its capacity as an important line of defense in the gover-
nance framework against corporate frauds, has failed in its
role of monitoring the stipulated required controls, which has
contributed to weaknesses at the stakeholder level of
governance.
The next two sections provide evidence regarding how
these abuses occurred at the board and operational levels of
governance and hence contributed to weaknesses at the
stakeholder level of governance.
The Second Level of Control—The Board Level of
Governance
The common themes arising from the review of the extant
literature on corporate collapses illustrate that boards have
generally not met the board capital requirement (as informed
by resource dependency theory) to provide an appropriate
oversight role to address the needs of the wider stakeholder
base (as informed by stakeholder theory). This is primarily
because of structural and functional weaknesses in these
boards, which can be summarized as follows: boards meet-
ing only a few times each year; boards being regarded as
overwhelmed, overscheduled, undereducated, and often
uncoordinated in addressing the key concerns of the organi-
zation and stakeholders (Carter & Lorsch, 2002); and boards
not having an appropriate risk management committee or the
Christopher 5
director lacking director independence on audit and risk
management committees, thus affecting risk-taking behavior
and subsequent performance (Conyon, Judge, & Useem,
2011). Pirson and Turnbull (2011) provide examples of how
these shortcomings caused weaknesses in the decision-mak-
ing processes of the boards of companies that experienced
significant losses and contributed to the 2008 financial crisis.
These companies include Lehman Brothers, Washington
Mutual, and American International Group (AIG).
Along with the above hard control weaknesses relating to
board structure, composition, and activities, soft control
weaknesses have also contributed to corporate collapses.
Pirson and Turnbull (2011) summarize these as self-serving
biases (e.g., rarely questioning or rejecting bonus sugges-
tions, such as paying Lehman’s chief operating officer a
US$16.2 million bonus when he was fired), overconfidence
(e.g., belief in the financial models that AIG used extensively
to price credit default swaps), anchoring and availability
biases (e.g., board members’ confidence in the ability of his-
torical data to predict future housing prices), commitment
bias (e.g., the long time it took many of the failed banks to
change their business habits), and group bias (e.g., the norm
of finding consensus and upholding a positive group identity
suppresses the realistic appraisal of alternative courses of
action). In this respect, the directors of Citibank and
Washington Mutual are described as timid, complacent, afraid
to raise objections, and deferential to the management.
The following longitudinal analysis of six specific corpo-
rate scandals from 2000 to 2015 identifies the above recur-
ring themes of control weaknesses and also suggests that
they have not improved over time, despite ongoing changes
to transparency, disclosure, and reporting requirements. For
example, in the WorldCom case, which occurred in 2003 in
the United States, Zekany, Braun, and Warder (2004) iden-
tify a lack of independence in the board because of the lack
of separation between the roles of chair and chief executive
officer (CEO). Compounding this was the lack of question-
ing or probing of major concerns in the operations of the
organization. Many of the directors were described as “CEO-
friendly” and hence did not provide appropriate oversight of
the CEO and chief financial officer (CFO) roles (Zekany
et al., 2004). It was also reported that the CEO and CFO
enjoyed some form of loyalty from the board, in that requests
that should have been denied were instead rubber-stamped,
and that they created a corporate culture in which leaders and
managers were not to be questioned or second-guessed
(Zekany et al., 2004).
The audit committee–internal audit relationship also did
not function adequately. Its independence and operations
were impaired as management controlled the IAF through
resource constraints, resulting in an understaffed department.
Operationally, auditors were distracted with operational
reviews and special projects rather than focusing on financial
audits (Zekany et al., 2004).
Similarly, in the Parmalat case, which occurred in 2003 in
Italy, Melis (2005) reveals that the chair and CEO was the
same person; there was a huge concentration of power in one
family, which controlled the board. The number of non-exec-
utive directors was also smaller than the number of executive
directors, thus impeding any effective probing of issues
(Melis, 2005).
The audit committee in Italy is reflected by a board of
statutory auditors. In Parmalat, this board was described as
ineffective because of its lack of access to information related
to shareholder activities and a lack of independence from the
controlling family (Gabbioneta, Greenwood, Mazzola, &
Minoja, 2013; Melis, 2005). The compliance structure also
required an internal control committee to assess the adequacy
of the internal control system and monitor the work of the
corporate internal auditing staff. This committee was also
rendered ineffective as its members were not independent.
Two of the members also sat on the executive committee;
one was a previous chief finance director and held the chair-
person position in the family holding company—a major
shareholder of Parmalat. The third member, the chair of the
committee, was the accountant for the Tanzi family—the
controlling shareholders—and an old personal friend of
Tanzi himself (Melis, 2005). The fact that key family mem-
bers held crucial positions in the company was a further
obstacle to transparency and independent checks (Gabbioneta
et al., 2013).
In the Lehman case, which broke in 2008 in the United
States, Presley and Jones (2014) reveal that the CEO had
also played a dual role, having been chair of the board since
1994. The CEO hence had enjoyed centralized control,
which was made more evident by his ownership of more
than 50% of the outstanding common stock held by officers
and directors. There were also independence issues because
most of the directors had financial ties to Lehman via invest-
ment and brokerage accounts, and investments in invest-
ment partnerships; some directors also served on boards that
provided revenue to Lehman Brothers (Presley & Jones,
2014). The 1-year term minimized the influence that direc-
tors could have on board decisions and board decision-mak-
ing processes.
An important role of the board is to also establish an
effective independent audit committee and IAF. In their anal-
ysis of the Lehman scandal, Presley and Jones (2014) note
that no member of the audit committee had experience in
financial services, banking, or investment services. The
organization’s finance and risk committee also did not func-
tion effectively (Presley & Jones, 2014).
A detailed analysis of the Olympus scandal, which took
place in 2009 in Japan, was undertaken by Dutta, Caplan,
and Marcinko (2014). These authors report that the board
role was compromised through the establishment of a man-
agement implementation committee that had become the
ultimate decision-making body for operational decisions.
6 Journal of Management Inquiry 00(0)
Under this arrangement the board had become a formality.
They also detail poor operational procedures for the board,
including no adoption of a voting method, such as a show of
hands; the practice of presenting agenda items on the same
day as voting occurred, thereby preventing directors study-
ing the issues at hand; and requests for more information on
an issue normally being dismissed as having already been
addressed through the management implementation commit-
tee. There were also structural and functional issues includ-
ing a lack of diversity of expertise on the board; directors
only were reviewing matters in their area of expertise; and
directors failing to question major issues of concern, partly
because they were not independent from the president, who
decided their remuneration packages.
A further important role of the board is to ensure that
independent external auditors are appointed. At Olympus,
the external auditor, KPMG AZSA, was terminated and
replaced because it questioned the accounting treatment of
the business valuation of three domestic companies and the
payment of advisory fees (Dutta et al., 2014). Moreover, the
audit committee—or the board of auditors as it was known—
did not consist of independent members. One of the external
members was a classmate of the president and another had a
supplier relationship with Olympus; none had professional
knowledge of accounting, auditing, and law. They relied on
the finance head for judgments on such issues (Dutta et al.,
2014). The head of the finance department supervised the
head of the IAF; hence the independence of the internal audit
was compromised. The internal audit department also was
reported not to have conducted a single audit of the finance
function over a period of 7 years (Dutta et al., 2014).
In the Satyam case in 2009 in India, Niazi and Ali (2015)
note major independence issues with the board, with central-
ization of power in one or two members. The chair and man-
aging director were brothers, which effectively meant no
separation of the two roles. A number of the other directors
resigned at the time of the scandal, revealing that although
they may be independent, they did not have authority on the
board. The board also had a shortage of members with finan-
cial expertise. Four directors were academics with no indus-
trial experience or practical knowledge of the business; two
other directors were over-occupied, serving on the boards of
eight other companies; and the directors were described as
“chairman-friendly,” meaning that they did not adequately
probe or question issues of concern on a timely basis. Bhasin
(2013) describes this scenario as a classic case of negligence
of fiduciary duties, breach of ethical standards, and lack of
corporate social responsibility.
Niazi and Ali (2015) also reveal problems with the estab-
lishment of the audit committee in Satyam. It was not inde-
pendent and thus not empowered to serve effectively, and did
not act on a whistleblower’s information. The problems with
the audit committee also resulted in effectiveness issues in
the internal audit department. The global head of the internal
audit department colluded with the chair by forging board
resolutions, illegally obtaining loans for the company, creat-
ing fake bank statements and salary accounts, and appropri-
ating money after it was deposited (Bhasin, 2013).
In the more recent Volkswagen case, in Germany in 2015,
Elson, Ferrere, and Goossen (2015) argue that the emissions-
reporting scandal was due to poor board oversight of man-
agement arising from structural weaknesses in the board
composition. The hard control weaknesses were described as
being due to the presence of the dominant shareholding
Porsche and Piech families on the board; the presence of a
government as a shareholder; and the organization of a
supervisory board that required significant labor representa-
tion. Elson and colleagues (2015) argue that these three
groups pursued conflicting objectives and interests, thereby
affecting their broad oversight role of management. Nelson
(2016) also asserts that the board structure inevitably resulted
in the presence of poor board soft controls, in that the board
failed to provide an appropriate counterweight to the domi-
nance of its chair, whose interest was growth at all costs,
without regard for profitability and shareholder value.
It was also noted that there was only one independent
member on the supervisory board. The other board members
represented shareholders (nine in total), and management,
union, and workers (10 in total). This lack of independent
directors also compromised the board’s role of monitoring
management (Bryant & Milne, 2015).
The Third Level of Control—The Operational
Level of Governance
The lack of oversight and monitoring of operations by the
board because of the hard and soft control weaknesses identi-
fied in the previous section invariably contribute to further
control weaknesses at the operational level of governance.
An analysis of numerous scandals reveals the following
common themes in the control weaknesses at the operational
level of governance: a lack of segregation of duties; no
proper policy and practice for authorization; no regular rec-
onciliations; management ability to override controls; a poor
risk management function; lack of proper whistleblowing
policies; poor controls for related party transactions; account-
ing figures based on significant estimates; significant,
unusual, or highly complex transactions; domination of man-
agement by a single person; ineffective accounting and infor-
mation systems; and poor supervision of accounting staff. Of
particular concern was the poor management of risk at the
operational level during financial crises caused by poor over-
sight of boards in exercising their fiduciary duty to manage
risk (Pirson & Turnbull, 2011).
These weak controls at the operational level eventually
led to core actors at this level deciding to commit the frauds
that contributed to these scandals. These include, but are not
limited to, personal greed and the need to maintain a high
Christopher 7
living standard, ambition, thirst for power/concentration of
power by a few, and an autocratic, bullying attitude requiring
people to meet unrealistic targets (Cohen, Ding, Lesage, &
Stolowy, 2010). It was also reported that most financial state-
ment frauds occurred with the participation, encouragement,
approval, and knowledge of top management, including
CEOs, CFOs, treasurers, and controllers (Rezaee, 2005).
More recently, Nelson (2016) describes this scenario as one
where there is a perceived culture of normalization of cor-
ruption. Nelson (2016) asserts that misconduct in financial
markets and industry is widespread; the fact that it is per-
ceived by individuals within these industries as widespread
has led to a culture where executives and companies have
exploited the normalization of corruption.
The above hard and soft operational controls, com-
pounded by weak board oversight, have led to numerous
frauds and large losses by organizations. The perpetrators
have inevitably taken advantage of the weak control environ-
ment to falsify, alter, or manipulate financial records; make
intentional false statements by omitting or misrepresenting
information; and manipulate existing accounting standards
to their own benefit (Rezaee, 2005). Some specific examples
of corporate collapses resulting from financial misstatements
by individuals or groups are cited in Low et al. (2008) as off-
balance sheet contrivances resulting in billions of equity
value lost (Enron); a massive charge of US$6 billion to earn-
ings after disposal of the CIT unit (Tyco; US$3.8 billion
fraud); accounting profits overstated by US$1.4 billion
(Xerox); false entries created in income statements and bal-
ance sheets, representing a US$1.4 billion fraud (Health
South). Nelson (2016) also broadly refers to the misconduct
of the individuals or groups within organizations that con-
tributed to the widespread mortgage fraud that led to the col-
lapse of international markets in 2007/2008 and the large
scale 2015/2016 London Interbank Offered Rate (LIBOR)
manipulation.
The above common themes of control weaknesses at the
operational level of governance are further confirmed by an
analysis of the six corporate scandals. In the Satyam and
WorldCom cases, there was an unusual concentration of
power among a few at the operational level. One of these was
the CFO. As a consequence, there was an environment of
non-existent controls to identify or prevent deliberate over-
statement of profits, understatement of liabilities, and no
ability to prevent the creation of fictitious accounts/invoices
by the CFO and others who colluded with him in committing
the fraud. Through these weaknesses, losses were concealed
to prevent the fraud being detected or, alternatively, were
concealed because the aggressive growth strategy did not go
as planned.
In the WorldCom case, management’s excessive desire to
increase the stock price, complicity between the CEO and
CFO, and weak monitoring of controls contributed to the
scandal (Cohen et al., 2010). These control weaknesses
eventually led to misstatement of the company’s financial
position. The company improperly booked US$3.8 billion as
capital expenditure to boost cash flow and profit over the
five previous quarters (Soltani, 2014).
In Parmalat, the company began to incur losses in 1990,
and management, led by the CEO at the operational level of
governance, began to disguise the losses in the financial
statements through fraud and collusion. Assets were over-
stated and liabilities were understated by approximately
€14.5 billion (Soltani, 2014). The lengthy period over which
this fraud occurred was sustained by a systematic and cre-
atively planned accounting misrepresentation (Gabbioneta
et al., 2013). Management essentially bypassed basic con-
trols by creating fake transactions through a double-billing
scheme to inflate revenues; using receivables from these fake
sales as collateral to borrow more money from banks; creat-
ing fake assets, thereby inflating reported assets; taking on
legitimate debt that they hid from investors; working with
investment bankers to engage in financial engineering that
moved debt off the balance sheet or disguised it as equity on
the balance sheet; and colluding with third-party auditors
and bankers to finance the fraud indefinitely (Rimkus, 2016).
Other than attempting to cover up the losses of the company,
the CEO and 16 other executives were reported to have col-
lectively misappropriated over €1 billion for personal gain
(Rimkus, 2016).
At Lehman Brothers, at the heart of the scandal was the
use of a highly risky new business model that forced the
company to borrow billions of dollars to finance new risky
investments with short-term financing (highly leveraged).
Pirson and Turnbull (2011) suggest that the risk manage-
ment function managed at the operational level was ineffec-
tive. The finance and risk committee responsible for
managing risk at the operational level was reported as not
having informed the board of the risks associated with Repo
105 transactions. It also did not inform the board of the
changes to the risk management system that made the risk
assessment process meaningless (Presley & Jones, 2014). A
contributing factor to the risk-taking transactions at the
operational level of governance was that “compensation
packages of senior managers encouraged risk-taking behav-
ior by privatizing the benefits through leveraged compensa-
tion while socializing any costs to shareholders and the
economy” (Siepel & Nightingale, 2014, p. 32). Lack of
independence and segregation of duties was also a contrib-
uting factor. The CEO held both CEO and chairperson roles;
thus, there was no proper oversight of his role. He also held
more than 50% of the beneficial ownership owned by direc-
tors and officers, and had held the CEO position since 1990.
The CEO was also alleged to have acted with gross negli-
gence and to have filed misleading financial statements
(Valukas, Vol. 3, p. 997, cited in Presley & Jones, 2014). In
summary, management operated in an environment where it
could present a highly inaccurate picture of its activities to
8 Journal of Management Inquiry 00(0)
the board and regulators because checks to prevent this were
not required (Siepel & Nightingale, 2014).
With respect to Olympus, Dutta and colleagues (2014)
observe that poor board oversight allowed basic audit weak-
nesses, such as no segregation of duties at key positions and
no job rotation. For example, the head of finance also served
in other roles, such as head of audit, head of administration,
and corporate center manager, thus creating an unusual con-
centration of power. There was also minimal rotation of jobs
at senior levels in the accounting and finance departments.
This allowed an unusual concentration of power in the hands
of a few. In essence, various parties involved in the financial
reporting process contributing to the fraud had complemen-
tary conflicting roles for deterring and detecting fraud
(Dutta, 2013).
In the more recent case of Volkswagen, there were opera-
tional control weaknesses in ensuring correct fuel emission
reporting. A reason for the control weaknesses was the
unusual concentration of power in the chair and CEO posi-
tions. This led to an autocratic centralized decision-making
process with high pressure management methods at the oper-
ational level. Nelson (2016) asserts that this had put pressure
on subordinates to cheat to satisfy the executives’ demands.
Cheating was in the form of providing misleading emission
reports with massive multibillion dollar losses. Nelson
(2016) further suggests that the culture of management at
Volkswagen was to tacitly approve of this cheating to nor-
malize the corruption. Employees were also operating in an
autocratic environment that fostered a culture of fear among
them, preventing the misdeeds of supervisors being reported.
It also prevented an adequate whistleblowing policy from
being successfully implemented (Bryant & Milne, 2015).
Discussion and Conclusion
The current role of the IAF is to enhance governance by
monitoring controls across the governance paradigm of an
organization. The scope of controls across the governance
control paradigm to be monitored by the IAF is encapsulated
in the broad definition of internal audit. This study has drawn
on the multitheoretical governance framework (Christopher,
2010) to establish the ideal governance control paradigm and
the consequent scope of controls to be developed and imple-
mented by the board and management and monitored by
internal audit. The framework recognizes that because of
global influences, organizations are affected by a wider range
of stakeholders and hence a wider control paradigm. These
wider stakeholders have an inherent interest in the organiza-
tion and their contractual obligations need to be recognized
through a wider set of controls than those present in the
agency-oriented control paradigm. It is these wider controls
that determine the scope of controls that must be subse-
quently implemented across the stakeholder, board, and
operational levels of governance.
This study addressed the first research question by criti-
cally examining the published literature on corporate col-
lapses in light of the governance paradigm outlined above to
identify if adequate controls had been developed and imple-
mented across the three governance levels. The findings
revealed common themes in control weaknesses at each of
the governance levels that contributed to the corporate col-
lapses. The findings also revealed that internal auditors had
not been involved in monitoring these controls at each of the
suggested levels from a holistic perspective. These relate to
controls ensuring that the company is meeting stakeholder
needs; controls that ensure the board is meeting its gover-
nance accountabilities by addressing stakeholder needs; and
controls that monitor whether management operationalizes
the company’s activities efficiently and effectively to address
stakeholder needs.
The evidence from the literature review is further con-
firmed by an extended critical review of six corporate col-
lapses that occurred over the period 2000 to 2015. The
findings of the longitudinal analysis of corporate scandals
over this 15-year period also suggest that the legislation and
governance policy directions for improvements have had
little or no major effect on improving the role of the IAF.
Common themes for the control weaknesses identified in
2003 were still in existence in 2015, and this occurred world-
wide (see Table 1 for a summarized version of these control
weaknesses and monitoring gaps).
This article addresses the second research question by
suggesting that there is considerable scope for internal audi-
tors to narrow this theory–practice gap by extending their
scope of audits to cover all three governance controls. In
making this proposal, it is also recognized that one of the
causes of the monitoring gap is the flexibility afforded to the
structural and functional setup of IAFs and audit committees.
A factor contributing to this scenario is that in most coun-
tries, organizations operate in an environment where there is
no mandatory requirement for them to implement a fully
funded IAF by providing a consistent scope of activities
aligned with the definition of internal audit, or to establish an
audit committee in line with best practice. A negative aspect
of this flexibility is that many IAFs operate under physical
and financial constraints and/or structural and functional set-
ups that may not serve the purpose of their expected role. A
further negative aspect of this flexibility, as evidenced by this
study, is that boards and management are in a position to
manipulate the role of the IAF and audit committee to an
extent where their scope of services is not aligned with their
intended role as encapsulated in the definition of internal
audit. Audit committees, or versions of them, were also
observed as not being adequately structured, with many
exhibiting weak power compared with management, and
lacking independence.
Other than the evidence of poor monitoring of controls by
the IAF in the corporate scandals reviewed in this study, the
Christopher 9

Table 1.  Common Themes of Monitoring Gaps Identified in Corporate Collapses.

Internal audit monitoring gaps: Control weaknesses at the Internal audit monitoring gaps: Control weaknesses
organizational level that contributed to the corporate collapses attributable to IAF structural and functional weaknesses

First level of control: Stakeholder level of governance

  Current operations require the recognition of a wider stakeholder base Internal audits were not focused on ensuring all stakeholder
due to changing social trends, institutional expectations. Controls to interests were addressed. The continued existence of this scenario
ensure the interest of this wider stakeholder base are addressed (as in current IAFs is supported by a recent global survey that reports
informed by both stakeholder and agency theory) were not in place or only 32% of respondents (comprising chief audit executives)
breached. Examples include the following: compared their audit outcomes to those agreed by stakeholders.
 Management failed to provide oversight that the interests of the wider
stakeholders are protected.
 Self-interested managers misused their positions at the expenses of the
wider stakeholder base.
 Some categories of stakeholders were exploited because of their
ignorance or lack of access to transparent information on the financial
affairs/operations of the organization
  In general controls were not in place to ensure the interests of the wider  
stakeholders’s base were embedded in the strategic and operational
directions of the organization. These had led to an abuse of control
weaknesses at both the board and operational levels and are reflected in
the following two sections.

Second level of control: Board level of governance

  Controls to ensure proper oversight by the board (as informed by Internal audits were not focused on ensuring controls at the board
resource dependency theory) to manage the varied interest of the wider level of governance were addressed. The continued existence
stakeholder base (as informed by stakeholder theory) were not in place of this scenario in current IAFs is supported by a recent global
or breached. Examples include the following: survey that reports the monitoring of controls at the board level is
 Lack of separation between chair and CEO generally not featured in internal audit plans.
 No proper oversight on the CEO/CFO
 CEO/CFO enjoying some form of loyalty from the board
 Audit committee-internal audit relationship breakdown
 Board had lack of access to information related to stakeholder interest/
activities
 Lack of diversity and expertise of board members
 Directors only reviewing matters in their area of expertise directors
failing to question major issues of concern due to lack of independence
 Audit committee was not independent/not empowered to serve
effectively
 Groups within boards pursued conflicting objectives affecting their broad
oversight responsibility
  In general “hard” controls relating to structure, experience and  
qualifications of board members were not in place or breached. In
addition, “soft” board controls were not in place or breached (e.g.,
self-serving biases; overconfidence; anchoring and availability biases;
commitment biases, and; group bias).

Third level of control: Operational level of governance

  Control processes to promote efficiency and effectiveness that focus
on outputs and results-based information at the operational level of
governance (as informed by both agency and stewardship theory) were
not in place or breached. Examples include the following:
 Lack of segregation of duties
 No proper policy and practice for authorization
 No regular reconciliation
 Management ability to override controls
 Poor risk management function
 Lack of proper whistleblowing policies
 Significant/unusual or highly complex transactions
 Domination of management by a single or few persons
 Poor oversight and supervision of accounting staff
The results of the study suggest considerable monitoring gaps at
the operational level due to a non-holistic approach of review
across all three governance levels. The continued existence of
this scenario in current IAFs is supported by a recent study that
reports IAFs tend to focus on a wide range of audits thus diluting
their impact on financial reviews: (6.2% on corporate governance,
24.5% on operational audits, 15% on compliance/regulatory audits,
12% on risk management, 10% on strategic business risks, 8.3% on
IT audits, 6.7% on general financial audits, and 3.5% on fraud not
covered in other audits). The remaining audits were spread over
other miscellaneous areas including Sarbanes–Oxley testing or
support (Sobel, 2016).

General comment:
The multitheoretical approach to governance posits that controls across the three governance levels are interdependent. Internal audit plans did not
take a holistic perspective in monitoring controls across all three levels. Other structural and functional weaknesses of the IAF contributing to these
monitoring gaps across all three levels are attributable to the non-mandatory requirement for internal auditors to be IIA members. This has had a
negative impact on the consistent compliance with IIA standards by all internal auditors and hence quality of audits overall.

Note. IAF = internal audit function; CEO = chief executive officer; CFO = chief financial officer; IIA = Institute of Internal Auditors.
10 Journal of Management Inquiry 00(0)
limited scope of IAF activities monitoring the required set of
controls can also be derived from the results of a worldwide
survey of internal audit activities (Common Body of
Knowledge) conducted by the IIA in 2010 and 2015 (IIA,
2014; Harrington & Piper, 2015; Sobel, 2016). The respon-
dents were the chief internal audit executives of IAFs. The
survey results revealed that IAFs were mostly concerned
with operational audits at the operational level of gover-
nance, with no specific emphasis on the monitoring of con-
trols at the stakeholder and board levels of governance. The
level of coverage pertaining to governance was also reported
to be inconsistent, with a broad range of audit coverage that
emphasized certain aspects of governance, rather than recog-
nizing the interdependency of the governance levels and
reviewing controls from a holistic perspective across all
three. For example, only 6.2% of audit plans focused on cor-
porate governance as a category of audits in their audit plan,
with 24.5% on operational audits, 15% on compliance/regu-
latory audits, 12% on risk management, 10% on strategic
business risks, 8.3% on IT audits, 6.7% on general financial
audits, and 3.5% on fraud not covered in other audits. The
remaining audits were spread over other miscellaneous areas
including Sarbanes–Oxley testing or support (Sobel, 2016).
While the highest activity and that considered the most val-
ued, was in relation to assuring the adequacy and effective-
ness of internal control systems, there was no mention of
board or stakeholder control processes being reviewed. This
restricted and inconsistent level of activity conducted by
IAFs across the globe does not reconcile well with the scope
of activities to be conducted in the governance area implied
by the definition of the internal audit. It was also of concern
that most audit plans were not generally aligned to the orga-
nization’s strategic plan and only 32% of respondents glob-
ally compared their audit outcomes to those agreed by
stakeholders (Harrington & Piper, 2015).
A further issue contributing to the theory–practice gap is
that chief audit executives or internal auditors do not as a rule
need to be members of the IIA and/or comply with its stan-
dards on a mandatory basis. A negative aspect of this is that
only 54% of the respondents said they were in full compliance
with the IIA standards, raising further concerns regarding the
quality of the audits conducted (Harrington & Piper, 2015).
The practical and policy implications of the findings are
that to overcome the above constraints, it is suggested that
governance and internal audit policy makers should consider
improving current structural and functional arrangements of
IAFs within organizations that have contributed to the moni-
toring gaps. These include their independence, their relation-
ship with an independent audit committee, and their scope of
audits which should include a mandate to review on a consis-
tent basis the identified controls across the three governance
levels on a yearly basis. In essence, the flexibility provided
to current arrangements should be removed to prevent the
monitoring gaps identified. It is also suggested that internal
auditors should be members of the IIA as a prerequisite to
practicing as internal auditors as it would assist toward the
consistent compliance with the IIA’s standards by all internal
auditors. It is envisaged that these policy directions will
assist IAFs to maintain the quality required of them to fulfill
their theoretical role in practice on a consistent basis. It
should be noted that these suggestions do not represent an
additional burden on organizations; they are merely an
improvement to the current structural and functional role of
IAFs as a control mechanism that is already embedded in the
governance framework.
The theoretical implication of the findings is that the multi-
theoretical approach to governance best informs the scope of
controls to be developed and implemented by management
across the governance levels for enhancing governance. It also
best informs the benchmark criteria of controls to be monitored
by IAFs. The use of this multitheoretical approach to gover-
nance and the development of controls is also supported by
recent studies on corporate collapses that have revealed inher-
ent vulnerabilities of the strictly agency-oriented governance
conceptualization and that call for new alternatives that recog-
nize the benefits of a stakeholder-oriented approach to gover-
nance (Bottenberg, Tuschke, & Flickinger, 2017).
It should be noted that the findings are subject to a num-
ber of limitations. The first is that they are based on a struc-
tured analysis of a limited sample of corporate collapses
from the literature; the second is that issues relating to gov-
ernance breakdowns and instances of fraud constitutes a cor-
relation and not a causation and hence problems with
confirmatory bias needs to be acknowledged; and the third is
that more insights on the reasons for the monitoring gaps
could be achieved through a qualitative approach targeting
key players within the management and organization field,
such as audit committee members, CEOs, chief audit execu-
tives, and CFOs. These limitations provide avenues for fur-
ther research in these areas.
Acknowledgments
The author wishes to thank the Section Editor and two anonymous
reviewers for their valuable suggestions toward the refinement of
this article.
Declaration of Conflicting Interests
The author(s) declared no potential conflicts of interest with respect
to the research, authorship, and/or publication of this article.
Funding
The author(s) received no financial support for the research, author-
ship, and/or publication of this article.
References
Aguilera, R. V., Filatotchev, I., Gospel, H., & Jackson, G. (2008). An
organizational approach to comparative corporate governance:
Costs, contingencies, and complementarities. Organization
Science, 19, 475-492.
Christopher 11
Arnold, B., & De Lange, B. (2004). Enron: An examination of agency
problems. Critical Perspectives on Accounting, 15, 751-765.
Beasley, M. S., Carcello, J. V., Hermanson, D. R., & Lapides, P. D.
(2000). Fraudulent financial reporting: Consideration of indus-
try traits and corporate governance mechanisms. Accounting
Horizons, 14, 441-454.
Berle, A., & Means, G. (1932). The modern corporation and pri-
vate property. New York, NY: Macmillan.
Berry, M. A., & Rondinelli, D. A. (1998). Proactive corporate envi-
ronmental management: A new industrial revolution. Academy
of Management Executive, 12, 38-50.
Bhasin, M. (2013). Corporate accounting scandal at Satyam: A
case study of India’s Enron. European Journal of Business and
Social Sciences, 12, 25-47.
Boatright, J. R. (1994). Fiduciary duties and the shareholder-man-
agement relation: Or, what’s so special about shareholders?
Business Ethics Quarterly, 4, 393-407.
Bottenberg, K., Tuschke, A., & Flickinger, M. (2017). Corporate gov-
ernance between shareholder and stakeholder orientation: Lessons
from Germany. Journal of Management Inquiry, 26, 165-180.
Boyd, B. (1990). Corporate linkages and organizational environ-
ment: A test of the resource dependence model. Strategic
Management Journal, 11, 419-430.
Bryant, C., & Milne, R. (2015, October). Volkswagen’s “uniquely
awful” governance at fault in emissions scandal. CNBC.
Retrieved from https://www.cnbc.com/2015/10/04/volkswagens-
uniquely-awful-governance-at-fault-in-emissions-scandal.html
Carnegie, G. D., & O’Connell, B. T. (2014). A longitudinal study
of the interplay of corporate collapse, accounting failure and
governance change in Australia: Early 1890s to early 2000s.
Critical Perspectives on Accounting, 25, 446-468.
Carter, C., & Lorsch, J. W. (2002). Back to the drawing board:
Designing corporate boards for a complex world. Boston, MA:
Harvard Business School Press.
Christopher, J. (2010). Corporate governance—A multi-theoretical
approach to recognizing the wider influencing forces impacting on
organizations. Critical Perspectives on Accounting, 21, 683-695.
Clarke, T. (2005). Accounting for Enron: Shareholder value and
stakeholder interests. Corporate Governance, 13, 598-612.
Clemente, M., & Gabbioneta, C. (2017). How does the media frame
corporate scandals? The case of German newspapers and the
Volkswagen diesel scandal. Journal of Management Inquiry,
26, 287-302.
Cobb, G., Collison, D., Power, D., & Stevenson, L. (2005). FTSE4Good:
Perceptions and performance (ACCA Research Report No. 88).
London, England: Certified Accountants Educational Trust.
Cohen, J., Ding, Y., Lesage, C., & Stolowy, H. (2010). Corporate
fraud and managers’ behavior: Evidence from the press.
Journal of Business Ethics, 95, 271-315.
Conyon, M., Judge, W. Q., & Useem, M. (2011). Corporate gover-
nance and the 2008–09 financial crisis. Corporate Governance,
19, 399-404.
Coram, P., Ferguson, C., & Moroney, R. (2008). Internal audit,
alternative internal audit structures and the level of misappro-
priation of assets fraud. Accounting & Finance, 48, 543-559.
Daily, C. M., & Dalton, D. R. (1994). Bankruptcy and corporate
governance: The impact of board composition and structure.
Academy of Management Journal, 37, 1603-1617.
Daily, C. M., Dalton, D. R., & Canella, A. A. (2003). Corporate
governance: Decades of dialogue and data. Academy of
Management Review, 28, 371-382.
Dalton, D. R., Daily, C. M., Johnson, J., & Ellstrand, A. (1999).
Number of directors and financial performance: A meta-analy-
sis. Academy of Management Journal, 42, 674-686.
Davis, J. H., Schoorman, F. D., & Donaldson, L. (1997). Toward a
stewardship theory of management. Academy of Management
Review, 22, 20-47.
Donaldson, L., & Davis, J. H. (1991). Stewardship theory or agency
theory: CEO governance and shareholder returns. Australian
Journal of Management, 16, 49-64.
Donaldson, T., & Preston, L. E. (1995). The stakeholder theory
of the corporation: Concepts, evidence, and implications.
Academy of Management Review, 20, 65-91.
Dutta, S. K. (2013). Statistical techniques for forensic accounting:
Understanding the theory and application of data analysis.
New York, NY: FT Press.
Dutta, S. K., Caplan, D. H., & Marcinko, D. J. (2014). Blurred
vision, perilous future: Management fraud at Olympus. Issues
in Accounting Education, 29, 459-480.
Ege, M. (2015). Does internal audit function quality deter manage-
ment misconduct? The Accounting Review, 90, 495-527.
Elson, C. M., Ferrere, C. K., & Goossen, N. J. (2015). The bug at
Volkswagen: Lessons in co-determination, ownership, and board
structure. Journal of Applied Corporate Finance, 27, 36-43.
Filatotchev, I. (2008). Developing an organizational theory of corpo-
rate governance: Comments on Henry L. Tosi, Jr. (2008) “Quo
Vadis? Suggestions for future corporate governance research.”
Journal of Management & Governance, 12, 171-178.
Freeman, E. (1994). Strategic management: A stakeholder
approach. Englewood Cliffs, NJ: Prentice Hall.
Gabbioneta, C., Greenwood, R., Mazzola, P., & Minoja, M. (2013).
The influence of the institutional context on corporate illegal-
ity. Accounting, Organizations and Society, 38, 484-504.
Gales, L., & Kesner, I. (1994). An analysis of board of director
size and composition in bankrupt organizations. Journal of
Business Research, 30, 271-282.
Gramling, A. A., Maletta, M. J., Schneider, A., & Church, B. K.
(2004). The role of the internal audit function in corporate
governance: A synthesis of the extant internal auditing litera-
ture and directions for future research. Journal of Accounting
Literature, 23, 194-244.
Guenin-Paracini, H., & Gendron, Y. (2010). Auditors as modern
pharmakoi: Legitimacy paradoxes and the production of eco-
nomic order. Critical Perspectives on Accounting, 21, 134-158.
Harrington, L., & Piper, A. (2015). Driving success in a chang-
ing world: 10 imperatives for Internal Audit. Retrieved from:
https://dl.theiia.org/IC/Driving-Success-in-a-Changing-
World-10-Imperatives-for-Internal-Audit.pdf
Hermanson, D. R., Ivancevich, D. M., & Ivancevich, S. H. (2008). Tone
at the top: Insights from section 404. Strategic Finance, 90, 39-45.
Hillman, A. J., Cannella, A. A., & Paetzold, R. L. (2000). The
resource dependence role of corporate directors: Strategic
adaptation of board composition in response to environmental
change. Journal of Management Studies, 37, 235-256.
Ho, K. (2009). Liquidated: An ethnography of wall street. Durham,
NC: Duke University Press.
The Institute of Internal Auditors. (1999). Internal auditing definition.
Retrieved from https://na.theiia.org/standards-guidance/manda-
tory-guidance/Pages/Definition-of-Internal-Auditing.aspx
The Institute of Internal Auditors. (2013). The three lines of defense
in effective risk management and control (IIA position paper).
Altamonte Springs, FL: IIA Research Foundation.
12 Journal of Management Inquiry 00(0)
The Institute of Internal Auditors. (2014). Internal audit around the
world: A perspective on global regions. Altamonte Springs,
FL: IIA Research Foundation.
Jensen, M. C., & Meckling, W. (1976). Theory of the firm:
Managerial behavior, agency costs and ownership structure.
Journal of Financial Economics, 3, 305-360.
Jones, M. (2011). Conclusion—Looking backwards and forwards.
In M. Jones (Ed.), Creative accounting, fraud and interna-
tional accounting scandals (pp. 495-508). Chichester, UK:
John Wiley.
Lamberton, B., Mihalek, P. H., & Smith, C. S. (2005). The tone at the
top and ethical conduct connection. Strategic Finance, 86, 37-39.
Lewis, M. (1990). Liar’s poker: Rising through the wreckage of
wall street. New York, NY: Penguin Books.
Low, M., Davey, H., & Hooper, K. (2008). Accounting scan-
dals, ethical dilemmas and educational challenges. Critical
Perspectives on Accounting, 19, 222-254.
Marens, R., & Wicks, A. (1999). Getting real: Stakeholder theory,
managerial practice, and the general irrelevance of fiduciary duties
owed to shareholders. Business Ethics Quarterly, 9, 273-293.
Massaro, M., Dumay, J., & Guthrie, J. (2016). On the shoulders of
giants: Undertaking a structured literature review in accounting.
Accounting, Auditing & Accountability Journal, 29, 767-801.
Melis, A. (2005). Corporate governance failures: To what extent
is Parmalat a particularly Italian case? Corporate Governance,
13, 478-488.
Nelson, J. S. (2016). The normalization of corruption. Journal of
Management Inquiry, 25, 1-7.
Niazi, A., & Ali, M. (2015). The debacle of Satyam Computers
Ltd: A case study from management’s perspective. Universal
Journal of Industrial and Business Management, 3, 58-65.
Pfeffer, J. (1972). Size and composition of corporate boards of
directors: The organization and its environment. Administrative
Science Quarterly, 17, 218-228.
Pfeffer, J., & Salancik, G. R. (1978). The external control of orga-
nizations: A resource dependence perspective. New York, NY:
Harper & Row.
Pirson, M., & Turnbull, S. (2011). Corporate governance, risk man-
agement, and the financial crisis: An information processing
view. Corporate Governance, 19, 459-470.
Power, M. (1997). Expertise and the construction of rele-
vance: Accountants and environmental audit. Accounting,
Organizations and Society, 22, 123-146.
Power, M. (1999). The audit society: Rituals of verification. Oxford,
UK: Oxford University Press.
Power, M. (2013). The apparatus of fraud risk. Accounting,
Organizations and Society, 13, 525-543.
Presley, T. J., & Jones, B. (2014). Lehman brothers: The case
against self-regulation. Journal of Leadership, Accountability
and Ethics, 11, 11-28.
Reed, L. L., Vidaver-Cohen, D., & Colwell, S. R. (2011). A new
scale to measure executive servant leadership: Development,
analysis, and implications for research. Journal of Business
Ethics, 101, 415-434.
Rezaee, Z. (2005). Causes, consequences, and deterrence of finan-
cial statement fraud. Critical Perspectives on Accounting, 16,
277-298.
Rimkus, R. (2016). Financial scandals, scoundrels & crises. CFA
Institute. Retrieved from https://www.econcrises.org/2016/11/29/
parmalat/
Roberts, J., McNulty, T., & Stiles, P. (2006). Beyond agency
conceptions of the work of the non-executive director:
Creating accountability in the boardroom. British Journal of
Management, 16, S5-S26.
Saravanamuthu, K. (2004). Gold-collarism in the academy:
The dilemma in transforming bean-counters into knowl-
edge consultants. Critical Perspectives on Accounting, 15,
587-607.
Schwartz, J. M. (2002, Summer). The Enron debacle: Casino
capitalism and lemon socialism. Dissent, pp. 5-7. Retrieved
from https://www.dissentmagazine.org/article/the-enron-
debacle
Schwartz, M. S., Dunfee, T. W., & Kline, M. J. (2005). Tone at the
top: An ethics code for directors? Journal of Business Ethics,
58, 79-100.
Shleifer, A., & Vishny, R. W. (1997). A survey of corporate gover-
nance. Journal of Finance, 52, 737-783.
Siepel, J., & Nightingale, P. (2014). Anglo-Saxon governance:
Similarities, difference and outcomes in a financialised world.
Critical Perspectives on Accounting, 25, 27-35.
Sikka, P. (2009). Financial crisis and the silence of the auditors.
Accounting, Organizations and Society, 34, 868-873.
Slager, R. (2017). The discursive construction of corruption risk.
Journal of Management Inquiry, 26, 366-382.
Sobel, P. J. (2016). Who owns risk? A look at internal audit’s chang-
ing role. Altamonte Springs, FL: IIA Research Foundation.
Soltani, B. (2014). The anatomy of corporate fraud: A compara-
tive analysis of high profile American and European corporate
scandals. Journal of Business Ethics, 120, 251-274.
Spira, L. F., & Page, M. (2003). Risk management: The rein-
vention of internal control and the changing role of internal
audit. Accounting, Auditing & Accountability Journal, 16,
640-661.
Waddock, S. A., Bodwell, C., & Graves, S. B. (2002). Responsibility:
The new business imperative. Academy of Management
Executive, 16, 132-148.
Williams, R. (2000). The Politics of Corruption: Vol. 1. Explaining
corruption. Cheltenham, UK: Edward Elgar.
Young, S. (2003). Moral capitalism: Reconciling private interest
with the public good. San Francisco, CA: Berrett-Koehler.
Young, S., & Thyil, V. (2008). A holistic model of corporate gov-
ernance: A new research framework. Corporate Governance,
8, 94-108.
Zekany, K. E., Braun, L. W., & Warder, Z. T. (2004). Behind closed
doors at WorldCom: 2001. Issues in Accounting Education, 19,
101-117.
Zyglidopoulos, S. (2015). Toward a theory of second-order corrup-
tion. Journal of Management Inquiry, 25, 3-10.