Review Article: 2019 Vol: 25 Issue: 2
Wadesango Newman, University of Limpopo
Madondo Alban, Midlands State University
Sitcha, Midlands State University
Wadesango Ongayi, University of Limpopo
This study mainly focused on non-implementation of internal audit recommendations in organizations. The research was specifically aimed at the organizational, individual factors and nature of findings that hinder the implementation of audit recommendations. The study adopted a desk top research methodology. The researchers used secondary sources of data such as internet journals, e-books and books from the library in their research. Some of the findings were that independency and objectivity are essential elements for any profession where professional judgment is provided without the judgment losing its value. So it is of great importance that an auditor enjoys independency and objectivity during the audit process. It also emerged that nonimplementation of internal audit recommendations can lead to high control risk. The study therefore recommends the establishment of audit committee to improve the implementation process by persuading management on implementing the internal audit recommendations.
Internal, Audit, Non-Implementation, Private Sector.
This study sites out the literature review and other academic material relating to the effects of non-implementation of internal audit recommendations to an organization. In the first section the factors hindering the implementation of internal audit recommendations shall be discussed, then ways to persuade management to implement the recommendations. Then the other section is going to site the effects of non-implementation of internal audit recommendations. Lastly the value of internal audit implementations will be outlined.
The internal auditors have various roles in an organization which include evaluating the governance of the organization that is to verify if the governance is in compliance with the government rules and regulations, the laws of the industry from which the organization is in, also if it is in accordance with the company’s polices Reding et al. (2015).The internal audit act as an agent which provides independent and objective assurance on the internal corporate governance, risk management, internal control and compliance Soh & Bennie (2015). Also it is the role of the internal audit to verify if the management is preparing the organization’s financial statements in compliance with the international accounting standards. If the internal auditors find anything wrong as they carry out their duties it is their duty to give recommendations to the management which help in improving the organization’s performance Pitt (2014).
The same as the internal auditors’ management have roles also in an organization which include setting of sound internal controls so as to ensure that the objectives of the organization are being achieved; also they have the duty of implementing the recommendations that are made by the internal auditors. The efficiency of internal audit helps develop the work of the organization by giving recommendations to the accounting and finance and the department implementing them.
Factors Hindering the Implementation of Internal Audit Recommendations
Quality of the internal audit recommendation
Cohen & Sayag (2014) assert that for the recommendations made by the internal auditor to be implemented they must be of great quality. The internal auditors should perform their auditing work in accordance to internal auditing standards because compliance with the internal auditing standards is the most important contributor to the quality of the auditor’s work which adds value. Audit reports may have a direct impact on the decision or course of action recommendation by the management. It can thus be argued that greater quality of internal auditor’s work understood in terms of compliance with the standards can improve the rate of implementations of recommendations made by the internal auditors. Audit recommendations must be clear, convincing and always state an understandable workable basis of implementation Hutchings (2014). Wadesango et al. (2018) outline that the internal auditors must be capable to provide useful audit findings and recommendations which will lead to the management being interested. Hoos (2018) argued that performing auditing work according to internal auditing standards contributes a lot to the effectiveness of auditing. Pizzin (2015) postulate that complying with professional standards is the most important contributor to IA’s added value.
Standards for audits and audit-related services are published by the IIA and include attribute, performance and implementation standards. In general, formal auditing standards recognize that internal auditors also provide services regarding information other than financial reports. They require auditors to carry out their role objectively and in compliance with accepted criteria for professional practice, such that internal audit activity will evaluate and contribute to the improvement of risk management, control and governance using a systematic and disciplined approach. This is important not only for compliance with legal requirements, but because the scope of an auditor’s duties could involve the evaluation of areas in which a high level of judgment is involved, and audit reports may have a direct impact on the decisions or the course of action adopted by management (Wadesango & Mhaka, 2017). It can thus be argued that greater quality of IA work–understood in terms of compliance with formal standards, as well as a high level of efficiency in the audit’s planning and execution–will improve the audit’s effectiveness.
Independency and objectivity
According to Baharud-den et al. (2014) independency and objectivity are some of the characteristics that an auditor should have where the auditor can carry out audit without bias creeping his/her mind. This is a crucial element in conducting audit because the auditors can pass their judgment without any bias contributing to the judgement as audit evidence but rather the audit can come up with recommendations from the evidence they themselves obtain in carrying out the audit with independency and objectivity. Wadesango et al. (2017) postulate that internal audit is an independent appraisal activity. We need to carefully note here that the word “Independent” is important, even though it gets neutralized by the fact that it is within an organization. Independence stands for an internal auditor being able to report on material facts and figures, uninfluenced by any favor or frown. An internal audit function is part of the entity and irrespective of the degree of its autonomy and objectivity cannot be the prime criterion for independence. This is because the reporting relationship may influence his decisions and reporting patterns (Zulkiyah, 2014). Endaya & Hanefah (2015) also concur by stating that objectivity is essential for any professional who provides professional judgment either by himself or through others without it this judgment loses its value and becomes meaningless to the users’ opinion.
The need for objectivity is clearly evident in the business environment in general mostly with the auditors where the users which are the management and the stakeholders are depended on the auditor’s opinion. In addition, internal auditors must be free from any interference and they must have an impartial and unbiased attitudes and must avoid any conflict of interest so that the recommendations they make can be relied upon by the managements thus making it easy for management to implement the recommendations they make. Zakari (2014) shows that management may not respect the opinion of an internal auditor who is not independent as they might be doing dealings together that might cripple the organization. Fenton & Neil (2014) assert that internal auditor’s act from the position of an advisor, consultant, specialist who has a number of qualities one of the qualities the auditors must have is independence. Auditors must show both independence and objectivity throughout the course of audit (Goleman, 2016). Auditor’s efficiency comes when they are independent from the organization’s management which will then allow for objective assessment of the activities to be audited. According to Abuazza (2015) organizational independence and objectivity can allow the audit activity to conduct work without interference by any party for the audit task.
However, MacRae & Gills (2014) argued that implementation is not guaranteed when follow ups are done but rather when management appreciate the internal audit team they can implement without follow up action.
Ways of Persuading Management to Implement Recommendations Made By Internal Auditors
Audit committee
Baura et al. (2014) outlined that it is the role of the audit committee to oversee on the implementation of internal audit recommendations and the quality of monitoring the mechanism on which the internal audit recommendations are being implemented by the management. According to Magrance & Malthus (2015) the internal audit and the auditee committee work hand in hand on the improvement of the organizational governance, providing assurance on financial and compliance issues and the efficient use of resources. So since the internal auditors act as the agents of the audit committee all the recommendations they make must be overseen by the audit committee on their implementation by the management. Ibrahim (2014) supports that every organization must have an audit committee which is responsible for the reviewing of the internal controls of the entity and the scope to which the internal audit program and internal audit findings and also giving opinions on action to be taken where seen fit to the responsible authorities.
According to Hoos et al. (2018) since most organizations make their decisions basing on the recommendations made by the internal audit department, it is of great importance for the internal audit department to report directly to the audit committee other that reporting to senior management. Internal auditors are less objective when they report to senior management versus the audit committee (Hoos et al. 2015). Also if the internal audit department report to senior management their recommendations will be more consistent of the management’s preference since their objectivity is impaired. Coetzoe (2014) say that if internal audit report to senior management, they may feel accountable to them in the judgements they make, thus causing the judgements to be biased other than when they report to the audit committee. According to Zaman & Sarens (2014) the audit committee must review the internal audit function and also approve their roles and duties. It should ensure that there are sufficient resources for internal auditors to carry out their duties and that they have full access to information which enables fulfilment of the mandate. Warren et al. (2015) stated that the audit committee must have authority over and be ‘directly responsible’ for hiring, compensating and retaining the company’s independent auditor and for overseeing the work of the auditor in preparing or issuing any audit report, including resolving any disagreement between management and the auditor about financial reporting.
According to Ibrahim et al. (2014) every entity should establish an audit committee, which will be responsible for the reviewing of internal controls including the scope of the internal audit program and internal audit findings, and to recommend appropriate action to be taken by the responsible authorities. Ashouri et al. (2015) also supported that the Audit Committee is established with the aim of enhancing confidence in the integrity of an organization. The authors further explained that the committee also helps in the evaluation of the effectiveness of the external and internal audit functions. Audit Committees play major roles in the oversight of the company’s risk management policies and programs. Hutchings (2014) also states that the formal channel of communication used by the internal auditors in general, is through the Audit Committee, a sub-committee of the Board of Directors. This organization structure aids the independence of the internal auditors as a majority of the audit committee members are independent thus can persuade and ensure management implement audit recommendations.
Abdullah (2014) argued that if the staff in the accounting and finance department or the entire organization is incompetent implementation of internal audit recommendations will be difficult regardless of the audit committee persuasion. Nadon (2015) argued that for effective implementation the employees must acquire the right skills so as to make the implementation process simple and easy. Warren et al. (2015) also seconded that staffing shortages have also contributed to a significant backlog in the implementation process and the lack of competent and experienced workforce in the various departments also pose as a challenge in trying to implement internal audit recommendations effectively.
Follow ups by internal auditors
Chartered Institute of Internal Auditors (2017) outlined that follow ups can be a good way to persuade management on implementation of internal audit recommendations since follow ups may show the seriousness of the internal auditors and how they value the implementation of the recommendations. According to Masood & Lodhi (2015) if management is given pressure by the internal auditors in the way of follow ups, they might be persuaded into implementing the recommendations since the internal auditors will be regularly checking up on the implementation process. Rehman et al. (2016) support by outlining that accomplishment of the organization’s desired goals require the auditors and management to work together and continuously follow up on the implementation process. Organizations should have a scheme that provides the makeup of regulation desirable to encourage action on audit recommendations according to Ali et al. (2014). The authors also explain that the internal audit function should make sure that recommendations are aggressively pursued until they have been resolute and successfully implemented.
O’Hearn (2015) supports that auditors should assess whether the agencies they audit have a follow up system that adequately meets their fundamental responsibility for resolving and implementing audit recommendations. Brown (2017) noted that management support is needed and that with such support, sufficient resources are usually allocated for the audit function and this will ensure that its audit recommendations will be implemented. Rehman et al. (2016) also state that to achieve desired goals auditors and management should work together and continuously follow up on the status of the audit recommendations given. Management and the workforce should also know the importance of the IAF and their value to business environment and realize that auditors are not employed to look for mistakes but are there to help management to execute their duties more effectively.
Johl et al. (2017) argued that follow ups can be of no use if there are financial constraints and lack of resources required on the implementation of the recommendation. Hajee & Rafi (2014) supported that most of the recommendation made by the internal auditors require huge funding and lots of resources for them to be implemented so even if the auditors follow up on the recommendations they made as long there are no resources and funds implementation of the recommendation will be unsuccessful.
The researchers’ point of view is that the stated above are some of the ways and methods of persuading management to implement the recommendations made by the internal auditors
Value of Internal Audit Recommendations
Contribution to the risk management
Internal auditors contribute in the improvement and monitoring of the company’s risk profile (Stewart & Kent, 2015). According to Lee & Park (2016) risk management refer to the possibility to assist the organization on the risks that are faced by the organization as a whole. Risk management can be achieved through the recommendations made the internal auditors who held in identifying and evaluate the risk to which the organization is exposed to and they prescribe the best way to manage the risk. The other important role of the internal auditors is the improvement of the risk management activities by helping the management with identification, assessment and mitigation of the organization’s risks. Contribution to the risk management is made up of a range of different aspects such as helping the organization institutionalize its enterprise risk management activities, helping managers in effective mitigation of business risk and provide assurance regarding risk management system adequacy. Cioban et al. (2016) say that risk management refers to the assistance of the organization by the internal audit function, to identify and evaluate risks to which the organization and its operations are being exposed to. So it is the role of the internal audit department to contribute to improved risk management and control systems.
According to Hutching (2014), the internal auditor’s role in risk management involves assessing and monitoring the risk which are faced by the organization, recommending controls so as to mitigate the risks and evaluating the trade-offs which are necessary for the accomplishment of the strategy and operational objectives of the organization. Rehman et al. (2016) posited that there also exist affirmative associations linking non-implementation of audit recommendations and the financial performance of the organization as non-implementation of the recommendations results in poor business processes which result in reduced production and revenue. Paape (2014) also supported that organizations that do not implement audit recommendations have business processes that get more and more inefficient and outdated meanwhile reducing productivity and revenue for the organization. Wadesango et al. (2017) outlined that non implementation of internal audit recommendations leads to increase in fraud risk which will result to the organization.
However, the recommendations made by the internal auditors may not be of value to the organization when they are not of quality. According Cohen & Sayag (2014) say that for a recommendation to be of value it must be of great quality so that it can be able to deal as a great solution to the problem. Also Wadesango et al. (2017) argued that the value of the audit recommendation can be seen as valuable when the management implements the recommendation. According to Brown (2014) performing auditing in accordance to the internal auditing standards contribute to the quality of the recommendation they make. Ridely & D’sliva (2016) stated that compliance with the professional and internal auditing standards is a contributor to the value of the recommendations made by the internal auditors. So if the audit work is done only in accordance with the internal auditing standards then the recommendations that are made will be of greater value.
Improvement in the internal control system and compliance
According to Fenton & Neil (2014) the internal auditors are responsible for monitoring the internal control system of the organization and establishing adequate internal control improvements where there is a short fall in the internal control system of the organization. Internal auditors have the role of reviewing the compliance with the rules and regulations both internal and external. Brown (2014) asserts that the recommendations made by the internal auditors are valuable on the management and improvement of the internal control system and the compliance of rule and regulation by the members of the organization. The traditional role of internal auditors is to monitor and improve the organization’s internal controls by contributing in the avoidance of material weakness in the organization’s information system that may cause financial misstatements.
According to Abuazza et al. (2015) it is the role of internal auditors to monitor the internal controls. Establishment of the adequate internal controls is the responsibility of management but they assign the internal audit by for monitoring the internal controls and recommend for improvements where short fall is found. Warren et al. (2015) postulate that internal control are policies and procedures put by management to the organization aiming on the promotion of accountability. Internal audit has a key function of reporting to the senior management on the function of the internal control systems and recommend improvement where applicable.
The researchers conclude that internal audit recommendations can only be valuable if the management support by implementing them.
Effects of Not Implementing Internal Audit Recommendations
Control risk and the risk of material misstatements
Wiley (2014) posit that since the internal auditors are responsible for evaluating the internal control systems and their weaknesses. And give solutions to the weakness they find during their audit work. Non implementation of such recommendations may result to the risk of fraud by the members of the organization due to weak internal control system which won’t be able to prevent the risk. According to D’onza et al. (2015) non implementation of internal audit recommendations can cause the management to continue to misrepresent the company by preparing the financial information in the wrong way. Also it’s likely for material misstatements to go unnoticed if the recommendations made by the internal recommendation are not implemented in time (Hutching et al., 2014).
According to Jackson & Stent (2010), control risk is a component of the audit risk that relates to a misstatement that could occur in an assertion and that could be material, individually or when aggregated with other misstatements, will not be prevented or detected and corrected on a timely basis by the entity’s internal control system. Ashouri et al. (2015) assert that the design and implementation of effective internal control system is the responsibility of management. The authors further explain that the responsibility of the auditor is to make an independent evaluation of the effectiveness of the internal control system such that if the internal control system is not effective the auditor will bring the matter together with recommendations of improving the internal control system to the attention of management. If management does not get quick action on the recommendations, then the control risk will remain very high. This means that failure by management to implement audit recommendations that have been designed to strengthen the control environment and reduce risk will result in the increase of control risk. According to Wadesango et al. (2017) non implementation of internal audit recommendations can encourage fraud due to reduced effectiveness of the internal controls of the organization.
Business risk
Risk arises or remains when the recommendations are not implemented on the right time they should be implemented by the management (Warren et al., 2015). This means that the organization will continue wasting the resources and violating the legislation on which they must abide to which can result in penalties and legal problems to the organization. Rehaman et al. (2016) say that non implementation of internal audit recommendation can result to poor business process which will lead to decrease in the productivity and revenue of the organization. Cioban et al. (2015) outline that internal auditors must have a clear understanding about the management and internal controls of the organization, so that it will be easy for them to identify and assess risks associated with the operations of the organization. Since risks have a negative effect on the achievement of the entity, so with the presence of internal audit department these risks will be closely monitored.
However, Neal et al. (2014) argued that some recommendations made may have an effect on the business risk such as the chance of financial statement presentations.
The researchers conclude that non implementation of internal auditor’s recommendations have huge negative effects to the organization so for avoidance of such effects, management must implement the recommendations made by the internal auditors.
The study adopted a desk top research methodology. The researchers used secondary sources of data such as internet journals, e-books and books from the library in their research.
To investigate the effects of non-implementation of the internal audit recommendations.
Research Objectives
1) To discuss the value of the recommendations made by the internal audit.
2) To investigate the factors hindering the implementation of the recommendation.
3) To establish the ways to persuade the management to implement the recommendations.
4) To identify the effects of not implementing the internal audit function recommendations.
The following sections present results and discussion on what emerged from previous studies conducted by other scholars on non-implementation of internal audit recommendations in an organization. The issues that are going to be discussed are as follows:
1. Factors hindering the implementation of internal audit recommendations.
2. Ways of persuading management to implement recommendations made by internal auditors.
3. Value of internal audit recommendations.
4. Effects of not implementing internal audit recommendations.
The researchers scrutinized studies on non-implementation of internal audit recommendation. The study found that the major factors affecting the implementation of audit recommendations are financial constraints, time and the lack of follow ups. Other authors were also of the view that institutions do not have sufficient financial resources targeted towards implementation of audit recommendations and also manpower to supervise and follow up on the progress of the implementation process. Furthermore, it was found that independence and objectivity affect the implementation of internal audit recommendations. Some of the scholars outlined that lack of management support hinders the effective implementation of internal audit recommendations.
The information and statistics in this current study may not give a true reflection of what is taking place in each and every organization since the study focused on literature review only. The other limitation factor is that the data gathered in this current study on non-implementation of internal audit recommendations in an organization may not be very rich since the authors were just reviewing literature on previous studies conducted and there was no room to probe since it was not an empirical study. The authors are therefore going to submit another empirical manuscript to the same journal and it is almost finished.
Below are the recommendations which the researchers came up with based on the findings explained above:
1) Management is encouraged to seriously consider recommendations given and implement them to ensure audit risk is reduced and better financial performance for their companies.
2) Management should also be accountable for non-implementations’ of recommendations made to them by the internal auditors without good and concrete reasons.
The study was focused on non-implementation of internal audit recommendations in an organization, but did not find out the costs of operating the IAF. The researcher therefore suggests that further research be done on the cost of having the IAF and the effects of the costs on the financial performance of organizations.