The current issue and full text archive of this journal is available on Emerald Insight at:
www.emeraldinsight.com/0967-5426.htm
JAAR
20,2
134
Received 24 September 2017
Revised 21 March 2018
24 June 2018
27 September 2018
Accepted 4 October 2018
Journal of Applied Accounting
Research
Vol. 20 No. 2, 2019
pp. 134-153
© Emerald Publishing Limited
0967-5426
DOI 10.1108/JAAR-09-2017-0098
Internal auditors’ perceptions
of the function’s ability
to investigate fraud
Sourour Hazami-Ammar
Department of Accounting and Taxation,
Institute of The Higher Business Studies (IHEC) of Sfax,
University of Sfax, Sfax, Tunisia
Abstract
Purpose – The purpose of this paper is to examine the relation between internal audit function (IAF)
characteristics and organizational variables and IAF’s self-investigation about fraud and irregularities (SIFI)
in the French context.
Design/methodology/approach – This paper uses the responses of 96 chief audit executives (CAEs) to a
global survey of the internal auditing profession carried out by the Institute of Internal Auditors Research
Foundation (IIARF) in 2010. A logistic regression model is used to determine factors influencing IAF’s SIFI.
Findings – The authors’ findings reveal that IAF’s SIFI is positively correlated to independence and
objectivity, the number of activities performed by the function, adoption of a systematic approach to evaluate
the effectiveness of risk management and the size of the company.
Research limitations/implications – This study examines the factors associated only to IAF’s investigation
rather than assessment of the risk of fraud. It remains for future research to analyze determinants those related to
internal auditors’ approaches when they evaluate the risk of fraud.
Practical implications – The findings have implications for CAEs who wish to improve the IAF’s ability to
investigate fraud.
Originality/value – Even if the IIA has stipulated since 2009 that internal auditors must have knowledge to
evaluate the risk of fraud, no disclosure requirement exists, in France, for IAF or its charter. The areas of research
related to internal audit behavior in relation to fraud concern fraud risk investigation of financial fraud and
management/employee misconduct.
Keywords Investigation, Internal control, Internal auditor
Paper type Research paper
1. Introduction
The advent of large-scale scandals in the world has resulted in a loss of confidence among
investors in the business world, a questioning of the reliability of financial information and
especially the disappearance of Anderson. Three main shortcomings were reconciled to the
conduct of Anderson being an external auditor of Worldcom (Ratdavone et al., 2012). First,
the potential for fraud on the part of managers has been poorly assessed. In addition, strong
reliance was given to the managers’ “statements” without corroborating the information
obtained. Finally, the auditors did not take into account the fact that managers had been
able to manipulate the figures to eliminate unexplained variations in the financial
statements. Whereas Caplan (1999) conducted research in order to examine the external
auditor’s decision to investigate for fraud, the purpose of our paper is to analyze internal
auditors’ decision. The increasing complexity of organizations means that the function of
financial auditing is no longer limited to an external mission but rather a complex process
integrating the work of internal audit services. The expansion and multiplication of fraud
types motivate us to consider internal auditors’ ultimate determinants to investigate for
fraud, even if we are conscious that the exact motive leading to fraud will not be known by
The author is grateful to the IIARF for access to the CBOK 2010 database. She also thanks the
anonymous reviewers for their careful reading and the relevance of their remarks.
internal auditors since they are required to identify opportunities for fraud and to The function’s
understand fraud schemes and scenarios, as well as be aware of the signs that point to fraud ability to
and knowing how to prevent it (IIA, 2009; Wilks and Zimbelman, 2004). It is important to investigate
study the relation between internal audit function (IAF) characteristics and organizational
variables and internal audit’s self-investigation about fraud and irregularities (SIFI) because fraud
knowledge about this relation helps companies to perform better regarding fraud detection
and to maintain an effective control system (Figure 1). 135
Fraud prevention consists of all the procedures that aim to prevent fraud and limit the
exposure to fraud when it occurs, such as controls related to the selection of customers and
providers. Fraud detection includes measures to discover that fraud or misconduct is ongoing
or has occurred. The preventive and detective procedures provided for in the context of
internal control must be flexible and up-to-date to respond to changes in the risk environment.
Internal audit’s SIFI aims to investigate fraud risks which are not prevented by preventive
procedures, nor discovered by detective procedures. For example, misappropriation of funds
or property followed by falsification of accounts to conceal this act may make it more difficult
to detect and investigation is necessary. In this case, despite monitoring, some residual friction
in the form of residual agency costs may exist ( Jensen and Meckling, 1976) and its
investigation lies with the internal auditor. If the fraud under investigation actually exists,
then the necessary measures must be taken by the internal auditor to update the detection and
prevention procedures. IAF’s SIFI improves the efficiency of the internal control system,
which, in turn, protects the company against the risk of fraud. The purpose of our paper is to
examine the relation between IAF’s characteristics and organizational variables and internal
audit’s SIFI. We attach importance to this task for several reasons. First, the investigation of
fraud represents judgments and the internal auditors may be exposed to the pressure exerted
on them by management, since internal auditors must estimate if management is carrying out
fraud. It should be noted that the management is responsible for the evaluation and promotion
of internal auditors and the temptation of the latter to soften the management can compromise
their independence. Second, knowledge about this relation helps companies to perform better
regarding fraud detection. Since managers can easily access to confidential information, they
are able to modify preventive and/or detective procedures and display more damage to the
organization than lower-level staff members. Third, knowing the most important factors
which are significantly related to the IAF’s SIFI is also important for external auditors who
remain unable to investigate fraud and irregularities and have been involved in expensive
litigations. The objective of this work is to address why and how IAF investigates the risk of
fraud and irregularities. We analyzed the responses of 96 chief audit executive (CAE) to
questions specifically designed to evaluate the background of the investigation decision. This
sample was based on the 2010 global survey of the internal auditing profession that the
Institute of Internal Auditors Research Foundation (IIARF) carried out. Only the respondents
who have CAE positions have been retained out of a total of 301 internal auditors with a

Update of preventive
procedures

Risk of fraud
Risk of fraud Risk of fraud
Preventive Detective
IAF’s SIFI Figure 1.
procedures procedures
Waste – abuse Red – flags IAF’S SIFI
Waste – abuse maintains an effective
control system
Source: Adapted from IIA (2009)
JAAR percentage of 32 percent. CAEs make decisions and are leaders of their IAF. Our research
20,2 examines the relationship between IAF’s SIFI and various characteristics of both IAF and
organization, taken from the literature. IAF characteristics include both independence and
objectivity and the number of activities performed by the respondent. Organizational
characteristics incorporate the existence of an internal control report, sound risk management
assurance and if IAF adopts a particular approach to assess the risk of fraud. Several studies
136 relating to IAF roles have been conducted and include two different areas: consulting to
management, i.e. performance of quality, health, safety and environmental audits and
monitoring roles involved in corporate governance, i.e. risk assessment, control assurance and
compliance work (Gramling et al., 2004). IAF’s role related to the risk of fraud investigation,
part of its monitoring role, has not been studied. We are conscious that the role of the internal
audit activity in fraud investigation must be defined in the internal audit charter but we have
not been able to verify such inclusion in the internal audit charts of our respondents. We can
justify this by the fact that no disclosure requirements exist in France for IAF or its charter
(Soh and Bennie, 2011). Our results indicate that the independence and objectivity variable is
significant and positively associated with the IAF’s SIFI. The number of activities executed by
the IAF is positively related to the predisposition to investigate for fraud and irregularities.
Our results attest also that the IAF’s adoption of a systematic approach to evaluate the
effectiveness of risk management promote sits predisposition to investigate. Finally, the size
of the company is negatively correlated with IAF’s SIFI. The remainder of this paper is
structured as follows: Section 2 envisages a synthetic discussion of literature and regulations
related to fraud risk investigation. It also provides the development of hypotheses. Section 3
presents the methodology adopted, comprising the model specification and source of data.
Section 4 supplies the statistical analysis and discussion of study results. Section 5 contains
the conclusion and synthesis of the research with propositions for future research.

2. Background and expectations

2.1 Fraud risk investigation
Considerable empirical research reports the importance of fraud risk investigation which
potential impact not only affects the company’s financial resources but also its image
(Erickson et al., 2000; Brazel et al., 2009; Carcello and Nagy, 2002). Decisions dominated by
management and weak internal controls increase the opportunity for fraud (Loebbecke et al.,
1989). When internal auditor investigates, he/she must undertake additional research which
increases the likelihood of finding fraud (Eutsler et al., 2016). Several theoretical frameworks
have been mobilized by this current research. Even if our study is interested in studying the
relation between IAF characteristics and organizational variables and internal audit’s SIFI,
it does not distinguish between different types of fraud. Moreover, the literature has
identified eleven cases of fraud that have been classified into two categories: management
and employee fraud (Rezaee, 2002). The IAF’s SIFI encompasses both financial fraud and
management misconduct in the form of corruption and intentionally misleading
representations. Thus, cases of poor management can only be discouraged when the IAF
is of high quality (Chadwick, 2000; COSO, 2012). The internal auditor obtains and assesses
evidence to estimate the likelihood of actions that may have an impact on the financial
statements (e.g. are customer receivables fairly reported? Are there instances of conflicts of
interest?). Then auditors rely on probabilistic judgments based on available information
(Smith and Kida, 1991). The risk of an erroneous decision about the actual state of financial
information and management can be underestimated and can have enormous repercussions
on the internal auditor’s reputation, the loss of his job and/or ineffective use of company
resources. While the potential for a reduction of management misconduct due to internal
audit investigation has been argued in the internal audit literature for six decades (Wallace,
1984; Whittington and Winters, 1990), only Coram et al. (2008), based on a self-reported
fraud from the 2004 KPMG Fraud Survey, found that the detection and self-reporting of The function’s
fraud are more likely in organizations with an IAF than those without. ability to
investigate
2.2 Hypothesis development fraud
Internal audit independence, objectivity and fraud risk investigation. Prior studies on fraud
risk investigation recognize the critical issue of organizational independence (Mihret and
Yismaw, 2007) and the objectivity of internal auditors (Mutchler et al., 2001). Different 137
definitions of independence and objectivity highlight that these attributes are essential for
an internal auditor in order to be unbiased when fulfilling his duties to management, audit
committees and external audit (Balkaran, 2007; Kaplan and Schultz, 2007; Salierno, 2007).
Pressures to remain autonomous are recurrent, especially when they relate to detecting
fraud. This is the reason why internal auditors are assimilated as “the eyes and ears” of the
audit committee and are empowered to investigate and discover management misconduct
(AICPA, 2005). High-risk areas might include data protection, vendor management, cyber
incident management and resiliency (Deloitte, 2016). Recent studies have demonstrated that
the lack of organizational independence reduces internal auditors’ ability to report problems
to the audit committee (McHugh and Raghunandan, 1994; Scarbrough et al., 1998) and to
fulfill their corporate governance duties effectively (Christopher et al., 2009; Chambers and
Odar, 2015). IAF’s independence and objectivity is strongly correlated with some
characteristics of the audit committee which attempts to mitigate the hierarchical
dependence of internal auditors on the executive, especially by a review of audit plans
(DeZoort, 1997; Klibi, 2015). However, its implementation is not without difficulties since the
audit committee strives to maintain the functional independence of internal auditors and the
IAF often remains under the influence of the chief executive or chief financial officer
(Piot and Kermiche, 2009). Recent studies have shown that the audit committee and the IAF
gain in the case of a functional and close relationship between them, particularly when
internal auditors decide to investigate fraud and irregularities (Goodwin-Stewart and Kent,
2006; Abbott et al., 2007; Cohen et al., 2011). Even if IAF investigates fraud and irregularities
the primary responsibility of management monitoring is relevant to the audit committee.
Thus, we understand that IAF plays a key role in this assignment (AICPA, 2005; COSO,
2012). Recent studies (Abbott et al., 2007; Cohen et al., 2011) highlighted the mutual
advantages that the audit committee and IAF benefit from in the case of functional
reporting between them. Regarding, the Audit Committee, the IAF, is supposed to provide
the essential information enabling the audit committee to perform its functions and
responsibilities. We expect that internal auditors are influenced by conflicting incentives
(Kunda, 1990). The person who faces incentives proceeds consciously and unconsciously to
adjustments of memory and cognitive processes. The decision maker creates illusions of
objectivity when he thinks that his decision-making processes are objective (Kruglanski,
1980; Kunda, 1990). We propose the following hypothesis:
H1. There is a positive association between the independence and objectivity of internal
auditors and the IAF’s SIFI.
Number of internal audit’s activities and fraud risk investigation. Internal auditors’ fraud
investigation is synonymous of a high-quality IAF able to deter management misconduct
(AICPA, 2005; COSO, 2012; IIA, 2012). Fraud investigation leads to better IAF quality and
explains the variety of activities carried out by internal auditors. In practice, fraud investigation
means activities performed in order to examine payroll for phantom employees, test
vendor invoices for overcharges, match vendor addresses with employee addresses to detect
fictitious vendors or evaluate errors to determine whether they could be an indication of fraud.
IAF must meet the expectations of its stakeholders, which are essentially management and the
JAAR audit committee. These latter perceive the internal audit differently. If management expects the
20,2 IAF to provide a consulting role, the audit committee will rely on the assurance role performed
by the IAF. The literature argues that the satisfaction of stakeholders’ expectations justifies the
variety of activities performed by internal auditors (D’Onza et al., 2015). In particular, IAF must
provide management and the audit committee with ongoing assessments of the company’s fraud
risk management processes and system of internal control (NYSE listing standard no. 303 A7). In
138 return, senior management and the audit committee need to support internal auditors to enable
all stakeholders to be aware that the organization is ready to react appropriately and without
delay to fraud risks. Internal control maturity orients expectations in one direction or another.
IAF provides objective and relevant assurance leading to the effectiveness and efficiency of
fraud risk management. At the same time, it examines evidence to provide an independent
assessment of risk management (IIA, 2012). A recent research paper argues that IAF quality is
negatively associated with the likelihood of management misconduct (Ege, 2015). Moreover, no
quality requirements and disclosures of the IAF have been claimed by regulators even if the
standards-setters suppose that a quality IAF provides a key resource to the audit committee for
monitoring senior management. Thus, we expect a positive association between fraud risk
awareness and the number of IAF activities:
H2. There is a positive association between the number of activities carried out and the
IAF’s SIFI.
Reporting on internal control and fraud risk investigation. The focus on internal control has
been increased by recent development in corporate governance and IAF has been identified as
playing a key role in assessing and improving its quality (Zain et al., 2006; SEC, 2003; Cohen
et al., 2002). French legislation encourages companies to adopt a dynamic approach to
improving their internal control and fraud risk management. The Chairman of the Board of
Directors shall report on the internal control procedures set up within the company in a report
attached to the management report. He must also insert, in this report, internal control
procedures set up by the company. Long before this law, the USA had already introduced SOX
in 2011, which provides, among other things, the same obligation for the CEO or CFO.
A fundamental difference between the two regulatory frameworks is that the Securities and
Exchange Commission has provided for the obligation to use a recognized benchmark referred
to in COSO, whereas there is an absence of any mention of such a reference by French law. We
can understand then that the shareholders are supposed to be informed of the effective
functioning of the board in terms of number of meetings held, attendance, existence and
missions of the committees, etc. This explanation leads to our third hypothesis:
H3. There is a positive association between reporting on internal control and the IAF’s SIFI.
Assurance of the internal control system and fraud risk investigation. In each organization, the
degree of ability to override internal control defines whether there is a low or high level of risk
of fraud (AICPA, 2005). The quality (good/bad) of internal control defines the decision of the
internal auditor (not to investigate/investigate) concerning the estimation of the risk of fraud.
Concretely, this is manifested by policies, awareness raising practices, tone at the top, as well
as board and senior management governance. Related practices contain assessment of
concordance of preventive and detective procedures in limiting fraud risk, investigation and
recovery procedures. Fraud attributed to managers and/or employees are committed in the
event of failure of controls. Audits conducted in accordance with Generally Accepted Auditing
Standards do not always distinguish between errors and fraud, which explains the importance
of internal control designed to prevent, or at least promptly reveal, errors and fraud without
forgetting the contribution of internal auditors. In the course of the normal exercise of their
due diligence, internal auditors assess fraud risk of the internal control system in place and the
attitude of the managers with regard to this system (AICPA, 2002). To contribute widely, we The function’s
assume that internal auditors may well be aware of the fraud risk, but will not invoke an ability to
investigation because of numerous reasons, including a lack of competence or resources, fear investigate
of management, and so on. If an internal auditor decides to investigate, he/she contributes to
the increase of the assurance of the internal control which could have a favorable impact on fraud
the business health diagnosis. We must therefore expect in our forth hypothesis a positive
association between fraud risk investigation and assurance of internal control: 139
H4. There is a positive association between assurance of the internal control and the
IAF’s SIFI.
Effectiveness of risk management and fraud risk investigation. IAF’s monitoring and
improvement of organizations’ internal control includes the prevention and detection of
material weaknesses in information systems that can cause financial misstatement
(Hermanson et al., 2008). The changing role of the IAF has resulted in a contribution to the
improvement of risk management activities. Internal auditors assist managers and the board
of directors or the audit committee by reviewing, assessing, reporting and recommending an
improvement in the adequacy and effectiveness of corporate risk (COSO II, 2005; Spira and
Page, 2003). Internal auditor’s involvement in the risk management process may come in
different forms (Allegrini and D’onza, 2003; Sarens and De Beelde, 2006). IAF can contribute to
the institutionalization of enterprise risk management activities, assisting managers in
effectively reducing the risks related to the commercial activity of the company, recommend
an improvement in the adequacy and effectiveness of the risk management process
and provide reasonable assurance regarding risk management suitability. Both management
and internal auditors are concerned with fraud risk investigation results aiming to discover
some details concerning the occurrence of conditions surrounding fraud including fraudsters’
identities (Hazami-Ammar, 2018). Recently, principles of risk management have been
incorporated in internal audit: the result is a risk-based auditing, where several aspects of risk
management are merging with the characteristics of internal auditing (Vijayakumar and
Nagaraja, 2012). Even if management assumes the responsibility for the effectiveness of risk
management, the internal auditor should provide his assistance to both management and the
audit committee by examining, evaluating, reporting and recommending ameliorations
regarding the adequacy and effectiveness of management’s risk processes (Practice Advisory
2100-3). This discussion leads to our final hypothesis:
H5. There is a positive association between a synthetic approach to appreciate the
effectiveness of risk management and the IAF’s SIFI.
Figure 2 summarizes the research hypotheses.

3. Methodology
3.1 Model specification
We created a logistic regression model to investigate the association between the IAF’s SIFI
and both IAF and organization’s characteristics. The model above serves to underline the
relationship between the dependent and independent variables for testing purposes:
I NV ESTI GATI ON ¼ b0 þb1 IND&OBJECT index þb2 ACTI V I TI ES
þb3 ORGAN I Z ATI ON I C þb4 ASSU RAN CE
þb5 RI SKM AN AGEM EN T þb6 Y EAREX þb7 SI Z E þe;
where the dependent variable (INVESTIGATION) is related to the IAF’s SIFI. The
dependent variable and independent ones are described in Table I. We assume that the
JAAR Independent

20,2 Dependent IAF

Characteristics
Internal auditors fraud
risk investigation
H1 H2

IND&OBJECT index ACTIVITIES

140
Organization
Characteristics

H3 H4 H5

ORGANIZATIONIC ASSURANCE RISKMANAGEMENT

YEAREX SIZE
Figure 2.
Hypotheses
Control variable Control variable
of research

number of years the IAF has existed, as a first control variable, can estimate the IAF’s
experience in accounting and auditing, and a positive association is argued between
YEAREX and IAF’s SIFI. We also suggest that there may be a positive association between
the size of the organization (SIZE), as a second control variable, and the IAF’s SIFI. We
perform analysis at two levels. At the beginning, we take into account all the answers apart
from the business sector of the company. The results of logistic regression will be used to
test our research hypotheses. Second, the significant differences due to the nature of the
industry will be highlighted in order to test the robustness of our research model.
In this panel, we are collecting the respondents according to whether they are
investigating the risk of fraud depending on the sector of activity of the company to which
they belong. We have respected the identification of 23 industries as defined by the Common
Body of Knowledge (CBOK) study. Table II only has 18 industries as indicated in the
database. It is obvious that approximately 31.25 percent of survey respondents do not
investigate fraud and irregularities. This percentage is not far from the world average, since
it is around 28 percent (Selim et al., 2014). Like D’onza et al. (2015), we decide to associate
these industries into two groups: financial services comprising banks, insurance companies
and other financial services, and non-financial services, including the rest of the industries.
The results are shown in Table III.
This table shows that, in the financial sector, the regulatory and institutional
framework and the supervisory role exercised by the competent authorities reinforce the
IAF’s predisposition to investigate fraud and promote the development of this function.
The same result was found in the 2006 global CBOK study (Burnaby and Hass, 2009). In
non-financial sectors, even if this finding is less evident, it is obvious that when
regulations evolve and corporate governance issues become more acute, internal auditors’
perceptions about their investigation of fraud shows that organizations and their boards
increasingly recognize the impotence of their intervention (Burnaby and Hass, 2009).
We want to know if these percentages of absence of investigations can be explained by
both IAF’s and organizations’ characteristics. It is important to clarify what the dependent
variable really captures. The key dependent variable IAF’s SIFI is a dummy based on
the answer of respondents to the question whether “Your IA activity investigates fraud
Variable Definition Measurement
The function’s
ability to
Dependent investigate
INVESTIGATION IAF’s SIFI A Binary variable with value ¼ 1 if respondents choose the
response “today” to the statement “your IA activity fraud
investigates fraud and irregularities”; ¼ 0 otherwise
Independent 141
IND&OBJECT index Independence and
A Composite score measuring independence and objectivity
objectivity and ranging between 0 and 3, with 0 indicating lowest
independence and 3 indicating highest independence, the
scores are formed by aggregating the composite score
obtained from following three broad constructs: 1
independence and objectivity (respondents were asked to
use a 1–5 scale, strongly disagree to strongly agree, to
indicate their agreement with the statement “your
internal audit activity is an independent objective
assurance and consulting activity”); 2 accessibility to
audit committee (a binary variable with value ¼ 1 if
respondents choose the response “Yes” to the question
“Do you have appropriate access to the audit committee?”
and 0 otherwise); and 3 administrative reporting
(a variable with value ¼ 1 if IAF provides administrative
reporting to the audit committee, (2) if it reports to the
CEO and (3) if not
ACTIVITIES Number of activities A Variable which assumes a value from 1 to 24.
Respondents were asked to select the activities they
performed in 2010 from a list of 24 activities
ORGANIZATIONIC Organization report A Variable with value ¼ 1 if organization provides a report
on internal control on internal control in its annual report, and (0) otherwise
ASSURANCE Assurance of the A Variable with value ¼ 1 if internal audit activity
internal control performance is measured by the assurance of sound risk
system management/internal control, and (0) otherwise
RISKMANAGEMENT Effectiveness of risk A Variable which assumes a value from 1 to 5. Respondents
management indicate their agreement with the statement “your
internal audit activity brings a systematic approach to
evaluate the effectiveness of risk management”
YEAREX Number of years the A Variable which assumes a value from 1 to 3. We use 1
IAF has existed if IAF’s existence is 10 years or less; 2 ¼ 11–50; 3 ¼
more than 51 years
SIZE Size of the A Variable which assumes a value from 1 to 4. We use 1 if
organization the value of the total assets (in US$) is 500m or less; Table I.
2 ¼ 501m–5bn; 3 ¼ 6–25bn; 4 ¼ over 25bn Description of
ε Error term the variables

and irregularities.” CBOK deliberately integrates this question. When this body did not
specify the requirement (Board, audit committee, lenders or specific regulations applied to
the firm) of the investigation, it is aimed at self-investigation. We assume, conforming to
CBOK, that this question is related to a self-investigation to study the opportunity of fraud
(IFACI, 2000) and justified by the existence of red flags especially in cash management,
unusual activity of a supplier and the lifestyle of employees. The internal auditor
carries out the self-investigation of the risk of fraud with a view to ensure the existence or
non-existence of the fraud. The risk of fraud is defined by audit standards as “the
probability that an event or action will have a negative impact on the company” (Standard
410.01.1b). An Internal Auditor’s Guide to Detect and Prevent Fraud says “Internal
auditors are required to review the risks of fraud as part of each engagement. This is an
JAAR Fraud
20,2 Number of Percent of investigation
Industry classification firms firms Yes No

Building and construction 7 7.23 5 2

Pharmaceutical/chemical 7 7.2 3 4
Manufacturing 5 5.2 4 1
142 Transportation and logistics 5 5.2 3 2
Communication and telecommunication 2 2.1 1 1
Utilities 9 9.3 4 5
Wholesale and retail trade 5 5.2 2 3
Banking and financial institutions/credit unions/thrift and 15 15.625 14 1
savings and loan
Insurance 15 15.625 11 4
Real estate 3 3.1 2 1
Other financial: security and commodity services/holding 3 3.12 2 1
companies
Hospitality/hotels, leisure/tourism 4 4.2 3 1
IT/ICT 2 2.1 2 0
Education 1 1 0 1
Professional services 4 4.2 3 1
Trade services 4 4.2 4 0
Table II. Government – public administration and defense 3 3.1 1 2
French Other 2 2.3 2 0
firms frequency Total 96 100 66 30

Fraud investigation
Financial/non-financial classification Number of firms Percent of firms Yes No

Table III. Non-financial services 63 65.62 42 (66.7%) 21 (33.3%)

French Financial services 33 34.38 28 (84.5%) 5 (15.5%)
firms’ frequency Total 96 100 66 30

integral part of the Standards, but the auditors do not apply this rule very effectively”
(Araj, 2015). The elements discovered as a result of the self-investigation will be
transmitted verbally or through a written report and will motivate the conduct of an
investigation required by the parties named above.

3.2 Source of data

The initial sample was obtained from the Institute of Internal Auditors. This database
includes survey responses with participation from approximately 14,500 practitioners
representing more than 150 North American chapters and 106 global institutes in
166 countries. The IIARF provided us with the data on conditions of anonymity and
confidentiality. Data already collected by CBOK included practitioners’ responses from
several countries, and we are deliberately choosing the French perspective to test research
hypotheses for several reasons. First, France belongs to Europe and IFACI expressed in
its position published in 2000 that the resignation en bloc of European Commissioners in
early 1999 following allegations of mismanagement of funds, cronyism and conflicts of
interest, raised public awareness at a stroke to the extent and level of possible fraudulent
activity. “Despite the activities of various national committees in Europe (Vienot in
France, Turnbull in the UK) and the setting-up of independent regulatory authorities in
some countries, Europe will continue to experience significant fraudulent activity” (IFACI, The function’s
2000). Also, obligations concerning comments on internal control already exist in France ability to
(Law No. 2003-706 ON August 1, 2003), in Luxembourg (circular 98/143 of the IML) and in investigate
the Netherlands. An annual report on the internal control system in place should be
written. This reporting obligation, commendable as it may be, has been exploited by fraud
individuals placed at a high hierarchical level capable of handling this new “facade”
element. Third, in France, an important case has hit the headlines: an internal fraud by one 143
of its traders led “Société Générale” to a loss of €4.9BN in 2008. In this case, a subordinate
who perfectly mastered the internal control procedures was able to circumvent them.
The typical fraud has two years between its beginning and its discovery by the victim
organization according to a recent study carried out by the Association of Certified Fraud
Examiners. So, fraud is increasingly exploding and the percentage of companies in France
that have been victims of fraud has risen to 68 percent[1], compared with 55 percent in the
UK and 55 percent in Spain (PWC, 2016). All company sizes are affected by several
categories of fraud, the most important according to the results of the PWC study are:
misappropriation of assets, cybercrime and purchase fraud. In addition, is this due to the
fact that France is too lax in terms of corruption? The insufficient conformity of French
companies with the anti-corruption requirements of the Foreign Corrupt Practices Act[2]
or the UK Bribery Act justifies the reason for the Sapin II law no. 2016-1691, recently
promulgated in December 2016 and entitled “Transparency, Anti-Corruption and
Modernization.” The measures provided for in that law are preventive and reprehensible,
since a fine of up to 30 percent of the average annual turnover must be paid into the public
treasury by the legal person concerned. A promising but afterwards legislative movement
characterizes the French context and invites us to question what might motivate internal
audit to investigate fraud and irregularities.

4. Results
In this section, we present an overview of statistics for variables used in the above model.
Tables IV and V in particular indicate the association between the dependent variable, the
IAF’s SIFI, and independent variables. As indicated, 68 percent of the survey respondents
declare that their internal auditing activities investigate fraud and irregularities.
The second and third columns of Tables IV and V show an overview of explanatory and
control variables in terms of the IAF’s SIFI. The last two columns provide statistical tests results
as well as their degree of bilateral significance for the differences between each
INVESTIGATION variable. We have highlighted all the significant differences. The first
independent variable, the independence and objectivity (IND&OBJECT index), is significant
according to Table IV. This result is based on the fact that the difference between the
IND&OBJECT index of 4.61 (under “Yes” to “INVESTIGATION”) and 2.81 (under “No” to
“INVESTIGATION”) is significant from a statistical point of view ( po0.05). The decision to
investigate fraud and irregularities is therefore linked to the independence and objectivity of the
IAF. Internal auditors should not be biased in the exercise of their activities and engagements.

IAF fraud investigation

Yes No
Variable (68.75%) (31.25%) Statistic Significance

IND&OBJECT index 0–3 mean (number of cases) 2.30 (66) 1.78 (30) t ¼ 3.118 o 0.05
ACTIVITIES: min ¼ 2, max ¼ 18 mean (number of cases) 10.27 (66) 7.34 (30) t ¼ − 2.93 o 0.05 Table IV.
RISKMANAGEMENT scale 1–5 (disagree to agree) mean 4.05 (66) 3.44 (30) t ¼ − 3.340 o 0.01 Results of
(number of cases) univariate analysis (1)
JAAR IAF fraud investigation
20,2 Variable Yes (68.75%) No (31.25%) Statistic Significance

ORGANIZATIONIC
No report 18 (51.4%) 17 (48.6%)
Report on internal control 46 (75.4%) 15 (24.6%) χ2 ¼ 5.756 o 0.01

144 ASSURANCE
No assurance 50 (78%) 14 (22%) χ2 ¼ 5.689 o 0.01
Assurance 14 (93.3%) 1 (6.7%)
YEAREX
10 years or less 6 (40%) 9 (60%) χ2 ¼ 7.355 o 0.05
From 11 to 50 44 (76%) 14 (24%)
More than 51 years 14 (61%) 9 (39%)
SIZE
500m or less 6 (60%) 4 (40%) χ2 ¼ 9.353 o 0.05
Table V. 500m–5bn 20 (57.1%) 15 (42.9%)
Results of univariate 6–25bn 32 (84.2%) 6 (15.8%)
analysis (2) Over 25bn 6 (46.1%) 7 (53.9%)

The variable IND&OBJECT index’ measure is three inter-related parameters at the same time:
the perception of independence of the internal auditor, his/her access to the audit committee and
his/her functional reporting. Significance then concerns these three parameters.
Concerning the number of performed activities (ACTIVITIES), it is interesting to note that
the means of “Yes” to “IA activity investigates fraud and irregularities” is higher than that of
“No” to “IA activity investigates fraud and irregularities.” This result shows that when a higher
number of activities is executed, this gives rise to the perception that IAF is investigating fraud
and irregularities. This result only concerns the activities cited by CBOK.
Also, Table IV shows that the variable associated with the role played by IAF in the
evaluation of the effectiveness of risk management “RISKMANAGEMENT” is significant
( p o0.01). This means that the difference between the RISKMANAGEMENT of 4.05 (under
Yes to “INVESTIGATION”) is higher than that of “No” to “INVESTIGATION.” The idea
that the IAF has been further engaged in assessing the risk management process as one that
is linked to the investigation of fraud and irregularities is supported.
The remaining explanatory variables are significant ( po0.01). With respect to the variable
associated with ORGANIZATIONIC, it is interesting to note that 46 of 64 respondents
investigating fraud and irregularities (i.e. 75 percent) declare that the organization provides a
report on internal control in its annual report. This result indicates that when a report on
internal control is carried out by management, the implication of internal auditors in
investigation of fraud and irregularities is higher, leading to the generation of strong internal
control. Regarding the variable ASSURANCE, the result is impressive. Indeed, 50 of 64 internal
auditors who investigate fraud and irregularities (i.e. 78 percent) assume that internal audit
activity performance is not measured by the assurance of sound risk management/internal
control. This supports the view that as the performance of internal audit activity is
measured by the assurance of internal control, IAF’s implication in investigation of fraud and
irregularities is lower. The control variables, the number of years the IAF has existed
(YEAREX) and the size of organization (SIZE) are significant ( po0.05). When the experience
of IAF in terms of number of years is higher, the perception of investigating fraud and
irregularities is rather positive. So when the size of the organization increases, awareness of the
IAF regarding the likelihood of fraud and irregularities increases, thus increasing investigation
efforts. We report in Table VI the Pearson correlation matrix of independent variables.
 IND&OBJECT index ACTIVITIES ORGANIZATIONIC ASSURANCE RISKMANAGEMENT YEAREX SIZE

IND&OBJECT index 1.00

ACTIVITIES 0.133 1.00
ORGANIZATIONIC −0.17 0.15 1.00
ASSURANCE 0.077 0.282** 0.028 1.00
RISKMANAGEMENT 0.382** 0.117 −0.152 0.098 1.00
YEAREX −0.015 0.079 0.016 0.187 −0.159 1.00
SIZE −0.058 0.117 0.348** 0.086 −0.087 0.326** 1.00
Notes: Variables are as defined in model specification in text. **Pearson correlation is significant at the 0.01 level (two-tailed)
investigate
fraud

145
ability to
The function’s

Table VI.

matrix of
Pearson correlation

independent variables
JAAR According to this table, four significant correlations exist between explanatory variables. The
20,2 highest correlation is between independence and objectivity (IND&OBJECT index) and
organization report on internal control (ORGANIZATIONIC) with a coefficient of 0.382. Our
model does not pose a problem of multicollinearity since, as reported in Table VII, all VIF
coefficients are under the level of 5.

146 5. Regression analysis

5.1 Findings concerning all internal auditors
We report in Table VII the regression analysis results of our fraud risk investigation model.
It includes all the explanatory and control variables. The overall model is significant
( p o0.01); an adjusted R2 of 0.31 is found. For each independent variable, we mention the
coefficient β without forgetting its Wald statistics and significance. This table also shows a
tolerance value and variance inflation factor which are expected to test if there is a problem
of multicollinearity. Results included in Table VII show that there is no concern about
multicollinearity. It is important to report that all coefficients of tolerance respect the level of
0.2, considered to be critical. We must add that the VIF coefficient, as indicated in the
regression results, also respects the critical conventional level of 5 (Neter et al., 1990).
Table VII also provides the value of the χ2 statistic of the order of 37.30.
In terms of explanatory variables, and consistent with prior research, independence and
objectivity variable (IND&OBJECT index) is significant ( p o0.05) and has a positive
association with the IAF’s SIFI. Thus, our H1 is supported, and informs us that commitment
to the investigation of fraud and irregularities requires an independent IAF and objective
internal auditors reinforced by an audit committee which receives the internal audit report
and whose access is facilitated. This result is similar to prior studies that have used data
from the same sources as ours. D’Onza et al. (2015) find independence and objectivity of IAF
is positively associated with the IAF’s ability to add value. Also, an independent IAF makes
for better effectiveness of control, risk management and governance processes (Gramling
et al., 2004). In accordance with our initial presumption, while the IAF has been able to
maintain its organizational independence and internal auditors perform their assurance and
consulting activity with integrity, their autonomy is enhanced, which, in turn, strengthens
the audit service’s ability to investigate.
The finding also supports H2, which refers to the activities performed by internal
auditors (ACTIVITIES). The results indicate that the number of activities is significantly
( p o0.05) and positively associated with the IAF’s SIFI. When the internal auditor is not
interested in the investigation of fraud and irregularities, his/her assessment of audit

β Wald Sig. Tolerance VIF

IND&OBJECT index 0.773 3.027 0.042 0.840 1.191

ACTIVITIES 0.193 6.668 0.013 0.878 1.139
ORGANIZATIONIC −0.421 0.477 0.528 0.829 1.207
ASSURANCE −0.500 0.364 0.565 0.884 1.131
RISKMANAGEMENT 0.728 5.407 0.007 0.792 1.262
YEAREX −0.170 0.314 0.667 0.827 1.209
SIZE −0.751 1.576 0.052 0.771 1.297
Constant −2.367 0.145
χ2 37.30 ( p o 0.01)
R2 Nagelkerke 31.28%
Table VII.
Regression results: Notes: n ¼ 96
fraud risk INVESTIGATION ¼ β0 + β1 IND&OBJECT index + β2 ACTIVITIES + β3 ORGANIZATIONIC +
investigation model β4 ASSURANCE + β5 RISKMANAGEMENT + β6 YEAREX + β7 SIZE + ε
evidence cannot be critical and the likelihood that they will uncover possible fraudulent The function’s
activity is decreased. It should be pointed out that the limitation in the activities carried out ability to
by the internal auditor may not be due solely to a lack of interest in the investigation investigate
but because of his incompetence, lack of means or even lack of freedom. Prior studies
(Selim et al., 2014) argue that the increase in the activities that the CAEs must carry out is a fraud
response to the desire to meet the high expectations expressed by the stakeholders.
A similar result is found for the variable “the effectiveness of risk management” 147
(RISKMANAGEMENT) ( po0.01). This result means that the IAF’s good/bad perception
about the effectiveness of risk management is associated with the IAF’s decision to investigate
for fraud and irregularities. Thus, H5 is supported and IAF’s SIFI contributes to the
enhancement of the risk management process. The changing role of internal audit, from an
improvement of an organization’s internal control to an internal auditor’s involvement in the
risk management process, can explain the interest in the IAF’s improvement of the risk
management process (Spira and Page, 2003; COSO II, 2005; Sarens and De Beelde, 2006). This
result indicates that when IAF is engaged in assessing the risk management process, it
identifies, manages and controls potential situations that can be a potential source of fraud. An
investigation of fraud and irregularities is produced in order to assist management and the
audit committee in the improvement of the adequacy and effectiveness of management’s risk
control process. Results do not support H3 (ORGANIZATIONIC) related to the reporting on
internal control and H4 (ASSURANCE) linked to the assurance of sound risk management/
internal control. Regarding the control variables, Table VII shows that the control variables
YEAREX (number of years the IAF has existed) do not reveal significant correlation regarding
IAF’s SIFI. On the other hand, our second control variable (SIZE) is significant and is
negatively correlated to IAF’s SIFI. This result is not consistent with our original prediction.
We said that there may be a positive association between the IAF’s SIFI and the size of the
organization. Regression analysis results show that if the organization grows, the interest of
the internal auditor in investigating fraud decreases, all things being equal. Large companies
can adopt a good quality internal control system capable of responding in a timely manner to
any potential risk. Also, the capacity of the internal auditor to investigate fraud can be slowed
down in large companies compared to small ones, particularly in the case of a managerial firm
characterized by the absence of a controlling shareholder in the company. In fact, in such a
case, the board of directors through its audit committee may help minimize the internal
auditor’s brakes in his willingness to investigate fraud.

5.2 Robustness test of the logistic regression model

We conduct a second regression model in order to examine the model’s robustness,
changing the variable ORGANIZATIONIC which leads to a non-verified H3 by the variable
SIGN−IC, which is equal to “1” if the chairman of the audit committee signs the report on
internal control and “0” otherwise (D’Onza et al., 2015). The details of this measure are given
in Table VIII.
Table IX indicates the result of the regression analysis. We are comparing between the initial
regression with ORGANIZATIONIC and regression with SIGN−IC. It shows that SIGN−IC’s
variable is significantly related to INVESTIGATION ( p ¼ 0.051). There is a negative
association between reporting on internal control and the IAF’s SIFI. For the remainder of the
variables, the results obtained are largely in line with those recorded in Table VII.

Variable Definition Measurement

Table VIII.
SIGN−IC Pearson who signs the report on “1” if the chairman of the audit committee signs the report on Changing variable for
internal control internal control and “0” otherwise robustness test
JAAR These results show that H1, H2 and H5 remain verified and IAF’s SIFI is significantly and
20,2 positively associated with the independence and objectivity index, IAF’s activities and IAF’s
contribution to appreciate the effectiveness of risk management. Table IX mentions the
results of the logistic regression model. Always, in order to test the robustness of the model,
we will opt for a Probit regression. The results are shown in Table X.
The same results are obtained with a logistic or probit regression. The robustness of the
148 model is verified.

5.3 Analyzing by industries

In order to see if the SIFI factors differ between industries, we have tested the logistic regression
model by considering separately the responses provided by internal auditors working in
financial and non-financial services industries. Table XI reports the results of the logistic
regression analyses.
When comparing the financial and non-financial sectors, the variable ACTIVITIES is
significant in both sectors and supports H2. The other hypotheses are not confirmed for the
financial sector because of the limited number of internal auditors who do not investigate fraud
(only five) due to a regulatory and institutional framework that supports integrity. In
non-financial services, the same results are obtained as those in Table VII. The only difference is
that ORGANIZATIONIC became significant. This result supports H3 and means that a positive
association exists between reporting on internal control and the IAF’s SIFI. This result implies
that the more there is a report on the internal control which is supposed to relate, especially the
failures, the more the internal auditor investigates the fraud and irregularities.

Regression with SIGN−IC Regression with ORGANIZATIONIC

β Sig. β Sig.

IND&OBJECT index 0.781 0.047 0.773 0.042

ACTIVITIES 0.198 0.011 0.193 0.013
ORGANIZATIONIC/SIGN−IC 1.488 0.051 −0.421 0.528
ASSURANCE −1.000 0.280 −0.500 0.565
RISKMANAGEMENT 0.797 0.006 0.728 0.007
YEAREX −0.039 0.921 −0.170 0.667
SIZE −0.906 0.014 −0.751 0.052
Constant −2.962 0.074 −2.367 0.145
Table IX. χ2 41.33 ( po 0.01) 37.30 ( p o 0.01)
Results of R2 Nagelkerke 34.66% 31.28%
sensitivity analysis Note: n ¼ 96

Probit regression Logit regression

β Sig. β Sig.

IND&OBJECT index 0.473 0.031 0.773 0.042

ACTIVITIES 0.107 0.009 0.193 0.013
ORGANIZATIONIC −0.326 0.389 −0.421 0.528
ASSURANCE −0.206 0.675 −0.500 0.565
RISKMANAGEMENT 0.446 0.007 0.728 0.007
YEAREX −0.145 0.525 −0.170 0.667
SIZE −0.373 0.066 −0.751 0.052
Constant −1.408 0.134 −2.367 0.145
Table X. χ2 37.16 ( p o 0.01) 37.30 ( p o 0.01)
Results of R2 Nagelkerke 31.16% 31.28%
regression analysis Note: n ¼ 96
 Financial services Non-financial services
The function’s
β Sig. β Sig. ability to
investigate
IND&OBJECT index 1.547 0.446 1.119 0.058
ACTIVITIES 1.359 0.067 0.185 0.063 fraud
ORGANIZATIONIC 1.175 0.891 2.411 0.030
ASSURANCE 1.000 0.791 −0.869 0.421
RISKMANAGEMENT 2.104 0.254 0.906 0.019 149
YEAREX 1.219 0.790 −0.260 0.647
SIZE 0.342 0.116 −1.077 0.041
Constant 0.102 0.526 −3.426 0.109
χ2 7.8 ( p W 0.01) 37.02 ( p o 0.01) Table XI.
R2 Nagelkerke 22.42% 44.94% Results of
n 33 63 analysis per industries

6. Discussion and conclusions

Prior studies have tried to establish principal reasons for the internal audit value creation
processes. Mixed results have not resolved this dilemma. These researchers have identified some
value reasons such as the organization characteristics of IAF, the management style of this
function, as well as its quality. Standard-setters assert IAF quality prevents management
misconduct. Thereby, internal auditors are expected to be assurance providers of business risk
including accounting and non-accounting-related business risks. Fraud risk, as a risk of an
illegal act characterized by deceit, concealment or violation of trust, can be due to management
( financial statement fraud, misappropriation of assets, conflict of interest) and/or employee
(embezzlement of money or property, breach of fiduciary duty). This study extends the present
literature by examining the characteristics of the IAF and the organization, as well as its
engagement in the investigations of fraud and irregularities. The motivation of this study is the
relationship that may exist between the characteristics of the organization and the possibility for
internal auditors to contribute to the SIFI. Likewise, IAF characteristics, through the IAF’s
independence and objectivity index and number of activities carried out, were also expected to
be correlated to the IAF’s contribution to the investigation of fraud and irregularities. Overall
findings support H1, H2 and H5. H1 establishes that IAF’s independence and objectivity
improve internal auditors’ integrity and autonomy, audit services are strengthened, and the
ability to reduce the likelihood of fraud is reinforced since a fraud investigation effort is provided
in return for a high consciousness of fraud risk. Moreover, results support H2, proving the
significant association between activities performed by internal auditors and their SIFI. In this
paper, we are only interested in activity amount without making a distinction between
assurance and consulting activities. We consider that an IAF’s favorable decision to investigate
fraud and irregularities occurs when the internal control structures’ robustness is low. Fraud
investigation is explained by activities carried out by internal auditors such as: business
viability (going concern) assessments, audit of enterprise risk management processes, auditing
of IT/ICT risks. IAF’s SIFI purpose is to enable all stakeholders to be aware that relevant
assurance is provided and leads to an effective and efficient fraud risk management. Thus, when
the amount of activities increases, the probability for the internal auditor to self-investigate for
fraud and irregularities also increases. Our results reveal a significant positive association
between IAF’s SIFI and its contribution to the strengthening of the adequacy of the risk
management process. H5 is supported. Thus, the higher the risk management effectiveness, the
more implicated internal auditing is in fraud risk investigations. These findings are
subordinated to the extent of the interaction with the audit committee as well as internal audit
quality via competence. Little prior literature has found a positive association between the audit
committee monitoring variable and the amount of IAF’s internal controls-based activities.
JAAR The oversight role played by the audit committee promotes its interaction with IAF and audit
20,2 committee–IAF interaction vis-à-vis management. Linking with our results, if IAF investigates
for fraud and irregularities, it reinforces the risk management process and multiplies its control
activities. In the light of the results, three implications can be stated. First, from a theoretical
level, the study results should allow researchers and professors to take into consideration these
findings in the theory of internal auditing. Second, from an institutional level, it is necessary
150 from IIA institute to consider the investigation of fraud as a qualification standard to be
respected and to remind members that IAF’s SIFI requires an independent and objective IAF, an
increase in the audit activities performed and the systematic implementation of an approach
designed to evaluate the effectiveness of risk management. Third, from a personnel level, CAEs
need to be aware that lack of independence can be a barrier in many ways: self-assessment,
social pressure and familiarity (Brody and Lowe, 2000). The multiplication of audit activities
performed by the CAEs will allow them to expand the field of intervention. Finally, investigation
of fraud and irregularities by internal auditors must be an aspect of due professional care. This
study suffers from two major limitations since based on a survey analysis. The first is the effect
of the researcher’s representations concerning the variables studied. Omitted variables such as
the structure of the property may explain the cases of non-investigation. The second is the
cross-sectional analysis used. Extending the study over a period of time may allow us to report
other significant variables may explain IAF’s SIFI.

Notes
1. More than 2/3 of French companies have been victims of fraud in the last 24 months.
2. Foreign Corrupt Practices Act (FCPA) is a US federal law of 1977 to combat corruption, which
punishes bribes or similar activities.

References
Abbott, L.J., Parker, S., Peters, G.F. and Rama, D.V. (2007), “Corporate governance, audit quality, and
the Sarbanes Oxley Act: evidence from internal audit outsourcing”, The Accounting Review,
Vol. 82 No. 4, pp. 803-835.
AICPA (2002), Consideration of Fraud in A Financial Statement Audit, Statement on Auditing
Standards No. 82, AICPA, New York, NY.
AICPA (2005), “Management override of internal controls the Achilles’ hell of fraud prevention”.
Allegrini, M. and D’onza, G. (2003), “Internal auditing and risk assessment in large Italian companies:
an empirical survey”, International Journal of Auditing, Vol. 7 No. 3, pp. 191-208.
Araj, F.G. (2015), “Faire face au risque de fraude, exploration du rôle de l’audit interne”, CBOK, The IIA
research Foundation, pp. 1-27.
Balkaran, L. (2007), “A solid reporting line”, Internal Auditor, Vol. 64 No. 2, p. 35.
Brazel, J.F., Jones, K.J. and Zimbelman, M.F. (2009), “Using nonfinancial measures to assess fraud risk”,
Journal of Accounting Research, Vol. 47 No. 5, pp. 1135-1166.
Brody, R.G. and Lowe, J.D. (2000), “The new role of the internal auditor: implications for internal
auditor objectivity”, International Journal of Auditing, Vol. 4 No. 2, pp. 169-176.
Burnaby, P and Hass, S (2009), “Ten steps to enterprise-wide risk management”, Corporate
Governance: The International Journal of Business in Society, Vol. 9 No. 5, pp. 539-550.
Caplan, D. (1999), “Internal controls and the detection of management fraud”, Journal of Accounting
Research, Vol. 37 No. 1, pp. 101-117.
Carcello, J.V. and Nagy, A.L. (2002), “Auditor industry specialization and fraudulent financial
reporting”, working paper, University of Tennessee.
Chadwick, W.E. (2000), “Keeping internal auditing in-house”, Internal Auditor, Vol. 57 No. 3, p. 88. The function’s
Chambers, A.D. and Odar, M. (2015), “A new vision for internal audit”, Managerial Auditing Journal, ability to
Vol. 30 No. 1, pp. 34-55. investigate
Christopher, J., Sarens, G. and Leung, P. (2009), “A critical analysis of the independence of the internal fraud
audit function: evidence from Australia”, Accounting, Auditing & Accountability Journal, Vol. 22
No. 2, pp. 200-220.
Cohen, J., Krishnamoorthy, G. and Wright, A.M. (2002), “Corporate governance and the audit process”, 151
Contemporary Accounting Research, Vol. 19 No. 4, pp. 573-594.
Cohen, J.R., Milici Gaynor, L., Krishnamoorthy, G. and Wright, M.A. (2011), “The impact on auditor
judgments of CEO influence on audit committee independence”, Auditing: A Journal of Practice
& Theory, Vol. 30 No. 4, pp. 129-147.
COSO (2012), “Internal control–integrated framework”, Exposure Draft, Committee of Sponsoring
Organizations of the Treadway Commission, September, pp. 1-178, available at:
https://ce.jalisco.gob.mx/sites/ce.jalisco.gob.mx/files/coso_mejoras_al_control_interno.pd
COSO II (2005), Le management des risques de L’Entreprise, cadre de référence – Technique
d’application, Committee of Sponsoring Organizations, Eyrolles., Ed. d’Organisation, Paris,
Committee of Sponsoring Organizations.
Coram, P., Ferguson, C. and Moroney, R. (2008), “Internal audit, alternative internal audit structures
and the level of misappropriation of assets fraud”, Accounting and Finance, Vol. 48 No. 4,
pp. 543-559.
D’Onza, G., Selim, G.M., Melville, R. and Allegrini, M. (2015), “A study on internal auditor perceptions of
the function’s ability to add value”, International Journal of Auditing, Vol. 19 No. 3, pp. 182-194.
Deloitte (2016), “Internal audit insights’, high impact areas of focus, 2016-2017”.
DeZoort, F.T. (1997), “An investigation of audit committees’ oversight responsibilities”, Abacus, Vol. 33
No. 2, pp. 208-228.
Ege, M.S. (2015), “Does internal audit function quality deter management misconduct?”, the Accounting
Review, Vol. 90 No. 2, pp. 495-527.
Erickson, M., Mayhew, B.W. and Felix, W.L. Jr (2000), “Why do audits fail? Evidence from Lincoln
savings and loan”, Journal of Accounting Research, Vol. 38 No. 1, pp. 165-194.
Eutsler, J., Nickell, E.B. and Robb, S.W.G. (2016), “Fraud risk awareness and the likelihood of audit
enforcement action”, Accounting Horizons, Vol. 30 No. 3, pp. 379-392.
Goodwin-Stewart, J. and Kent, P. (2006), “Relation between external audit fees, audit committee
characteristics and internal audit”, Accounting and Finance, Vol. 46 No. 3, pp. 387-404.
Gramling, A.A., Maletta, M.J., Schneider, A. and Church, B.K. (2004), “The role of the internal audit
function in corporate governance: a synthesis of the extant internal auditing and directions for
future research”, Journal of Accounting Literature, Vol. 23, pp. 194-244, 51pp.
Hazami-Ammar, S. (2018), “La contribution de l’auditeur interne à l’Enterprise Risk Management:
résultats d’une étude exploratoire”, Recherches en Sciences de Gestion, No. 127, pp. 109-133.
Hermanson, D.R., Ivancevich, D.M. and Ivancevich, S.H. (2008), “Building an effective internal audit
function: learning from SOX section 404 Reports”, Review of Business, Vol. 28 No. 2, pp. 13-28.
IFACI (2000), “Le rôle de l’auditeur interne dans la prévention de la fraude : Prise de position de
l’ECIIA”, pp. 1-53.
IIA (2009), “Internal auditing and fraud”, IPPF – Practice Guide, December, pp. 1-42, available at:
http://www.kcgaudit.co.uk/wp-content/uploads/2016/01/internal_auditing_and_fraud.pdf
IIA (2012), “International standards for the professional practice of internal auditing”,
Altamonte Spring, FL, pp. 1-26, available at: https://na.theiia.org/standards-guidance/Public%
20Documents/IPPF%202013%20English.pdf
Jensen, M. and Meckling, W. (1976), “Theory of the firm: managerial behavior, agency cost and
ownership structure”, Journal of Financial Economics, Vol. 3 No. 4, pp. 305-360.
JAAR Kaplan, S.E. and Schultz, J. (2007), “Intentions to report questionable acts: an examination of the
20,2 influence of anonymous reporting channel, internal audit quality and setting”, Journal of
Business Ethics, Vol. 71 No. 2, pp. 109-124.
Klibi, M.F. (2015), “Contribution to the understanding of audit committees’ effectiveness: exploratory
study in the Tunisian context”, International Management, Vol. 19, numéro spécial, pp. 219-234.
Kruglanski, A. (1980), “Lay epistemology process and contents”, Psychological Review, Vol. 87 No. 1,
152 pp. 70-87.
Kunda, Z. (1990), “The case for motivated reasoning”, Psychological Bulletin, Vol. 108 No. 3, pp. 480-498.
Loebbecke, J.K., Eining, M.M. and Willingham, J.J. (1989), “Auditors’ experience with material
irregularities: frequency, nature, and detectability”, Auditing, A Journal of Practice & Theory,
Vol. 9 No. 1, pp. 1-28.
McHugh, J. and Raghunandan, K. (1994), “Hiring and firing the chief internal auditor”, Internal Auditor,
Vol. 51 No. 4, pp. 34-40.
Mihret, D.G. and Yismaw, A.W. (2007), “Internal audit effectiveness: an Ethiopian public sector case
study”, Managerial Auditing Journal, Vol. 22 No. 5, pp. 470-484.
Mutchler, J., Chang, S. and Prawitt, D. (2001), Independence and Objectivity: A Framework for Internal
Auditors, IIARF, Altamonte Springs, FL.
Neter, J., Wasserman, W. and Kutner, M.H. (1990), Applied Linear Statistical Models, Irwin, Burr Ridge,
IL, p. 1181.
Piot, C. and Kermiche, L. (2009), “A quoi servent les comités d’audit”, Comptabilité Contrôle Audit,
Tome, Vol. 15 No. 3, pp. 9-54.
PWC (2016), “La fraude explose en France”, Global Economic Crime Survey, pp. 1-36.
Ratdavone, K., Gendron, Y. and Malsch, B. (2012), “Affaire Worldcom : Incompétence des auditeurs ou
manquement à leur obligation d’indépendance”, International Journal of Case Studies in
Management, Vol. 10 No. 4.
Rezaee, Z. (2002), Financial Statement Fraud: Prevention and Detection, John Wiley & Sons, Inc., pp. 16-17.
Salierno, D. (2007), “Managing change”, The Internal Auditor, Vol. 64 No. 1, pp. 51-54.
Sarens, G. and De Beelde, I. (2006), “Internal auditors’ perception about their role in risk management:
a comparison between US and Belgian companies”, Managerial Auditing Journal, Vol. 21 No. 1,
pp. 63-80.
Scarbrough, D.P., Rama, D.V. and Raghunandan, K. (1998), “Audit committee composition and interaction
with internal auditing: a Canadian evidence”, Accounting Horizons, Vol. 12 No. 1, pp. 51-62.
SEC (2003), “Comments on proposed rule: standards relating to listed company audit committees”.
Selim, G., Melville, R., D’Onza, G., Pelligrini, M. and Kotoupis, A. (2014), Internal Audit Around the
World: A Perspective on Global Regions, IIARF, FL, Research Report, available at: www.theiia.
org/research
Smith, J.F. and Kida, T. (1991), “Heuristics and Biases: expertise and task realism in auditing”,
Psychological Bulletin, Vol. 109 No. 3, pp. 472-489.
Soh, D.S.B. and Bennie, N.M. (2011), “The internal audit function: perceptions of internal audit roles,
effectiveness, and evaluation”, Managerial Auditing Journal, Vol. 26 No. 7, pp. 605-622.
Spira, L.F. and Page, M. (2003), “Risk management: the reinvention of internal control and the changing
role of internal audit”, Accounting, Auditing & Accountability Journal, Vol. 4 No. 16, pp. 640-661.
Vijayakumar, A. and Nagaraja, N. (2012), “Internal control systems: effectiveness of internal audit in
risk management at public sector enterprises”, BVIMR Management Edge, Vol. 1, pp. 1-8.
Wallace, W.A. (1984), “Enhancing your relationship with internal auditors”, The CPA Journal, Vol. 54
No. 12, p. 47.
Whittington, O.R. and Winters, A.J. (1990), “Considering the work of an internal auditor”, The CPA
Journal, Vol. 60 No. 4, p. 28.
Wilks, T.J. and Zimbelman, M.F. (2004), “Decomposition of fraud assessments and auditors’ sensitivity The function’s
to fraud cues”, Contemporary Accounting Research, Vol. 21 No. 3, pp. 719-745. ability to
Zain, M.M., Subramaniam, N. and Stewart, J. (2006), “Internal auditors’ assessment of their contribution investigate
to financial statement audits: the relation with audit committee and internal audit function
characteristics”, International Journal of Auditing, Vol. 10 No. 1, pp. 1-18. fraud
About the author
Sourour Hazami-Ammar is Assistant Professor of Accounting and Corporate Governance at The 153
Institute of The Higher Business Studies (IHEC) of Sfax, University of Sfax (TUNISA). She holds a PhD
in Management Sciences from the IAE of Poitiers (FRANCE) and the Habilitation to Research.
Hazami-Ammar is particularly interested in topics related to the field of external auditor’s competence,
external audit fees, reporting on internal control and role of the internal auditor in risk management.
Sourour Hazami-Ammar can be contacted at: ammar_sourour@yahoo.fr

For instructions on how to order reprints of this article, please visit our website:
www.emeraldgrouppublishing.com/licensing/reprints.htm
Or contact us for further details: permissions@emeraldinsight.com