Determinants Affecting Internal Audit Effectiveness

This study tries to identify the determinants that affect the effectiveness of internal auditing for listed firms in India. A sample of 300 listed companies was drawn. Questionnaires were mailed to the head of audit department, internal audit managers, internal auditor and head of accounts of each company. The overall response rate was 28.3%. The results were derived by applying multiple regression method and the three determinants turned out to be significant. The three determinants are risk-based planning, usage of Big Data and Analytics, and frequency of meetings of internal auditor (IA) with audit committee (AC) respectively. The model explains 42.8% of variations in the dependent variable (IA effectiveness). The study indeed encourages internal auditors to develop their core skills and competencies in the area of risk assessment and Big Data and Analytics for delivering better services to the auditees, the board of directors and the AC members. The implications of these findings may be of importance to internal audit professionals, accounting professional bodies and the regulators. Direction for future research is also provided.


I. Introduction *
Organizations have been facing rapid changes in economic complexity, increased regulatory requirements, and emergence of digital technology in recent years. Besides, the recent world-wide Covid-19 pandemic have also affected them badly. In the past, the corporate scandals and the global financial crisis also created awareness in the public and regulatory bodies to give unique position to internal audit in corporate governances for internal assurance services (Soh & Bennie, 2011). According to the Institute of Internal Auditors (IIA, 2010), internal audit is viewed as a significant tool to control the governance and operations of the organizations. According to the researchers (Ali & Omri, 2016), IA function deals with financial control, compliance assurance and safeguarding of all types of assets. However, the contemporary IA functional areas have been focusing more on the added value of IA from all audit stakeholders, because the requirements of regulatory bodies have increased particularly with respect of risk management (Cohen & Sayag, 2010;Erasmus & Coetzee, 2018). The value creation function of contemporary IA depends on how effectively IA is maintained by the organizations and there is need to measure the achievements of IA in terms of effectiveness and efficiency.
The term "effectiveness" has been defined as "the capacity to obtain results that is consistent with target objective" (Arena & Azzone, 2009). While, Bednarek (2018) points out the following: "If the IA quality is maintained, it will contribute to the adherence of the process and operations to the regulation or standard, and thus IA contributes to effectiveness of the auditee." There is plethora of studies on the concept of IA effectiveness and a number of literature reviews that discusses determinants of IAE (Badara & Saidin, 2013;Lenz, Sarens & Jeppesen, 2018). The influential factors of IA effectiveness are to be quantified and operationalized.
Considering the IA through its value-added services, until now there are no absolute or concrete metrics in existing literature to measure IA effectiveness. Additionally, there is lack of consensus among scholars to provide the best framework for IA effectiveness. This * The author is grateful to Indian Council of Social Sciences Research, India for awarding a Senior Fellowship to the author for conducting this research work.
varies depending on different organizations, industries, and countries context. Therefore, this research discusses the determinants that are considered to have an influence on the effectiveness of IA as are studied in the literature. Both researchers and practitioners do accept that an effective IA contributes value to the entities by ensuring the adherence to the established procedures, laws, and regulations. Additionally, IA provides opportunity to improve existing processes (Yee et al., 2008). According to Erasmus and Coetzee (2018), stakeholders are concerned with the widening gap that exists between the expectations of different stakeholders. Such concerns are usually found after the audit is conducted and reports whether the audit was effective or not (Bender, 2006). Furthermore, Bender (2006) suggested that quantifying the effectiveness might be peroxided by evaluating the factors that may influence the effectiveness of IA. Therefore, this study provides insights into factors that influence IA effectiveness, so the focus of this study is on providing insights into factors that can enhance or detract from IA effectiveness. The rest of the paper is divided into six sections. Section two discusses prior literature review, while sections three and four contain research framework and research methodology respectively. Section five discusses the study results and finally section six concludes the research findings and provides implications of the study findings.

II. Literature Review
It is posited by many researchers in the academic research that IA effectiveness has been largely unaddressed, therefore Hermanson and Rittenberg (2003) encouraged future research. Arena and Azzone (2007) suggested that, future studies could research the problem of the effectiveness of internal audit units in much more detail. In this context, PwC (2010) suggests that, "internal audit must seize opportunities to enhance its relevancy." Providing evidence of added value and effectiveness is one way to be perceived as a legitimate function in the eyes of major stakeholders. Effectiveness is viewed as the most important word for internal auditing.
It appears that "risk-based planning" is a fairly new factor to internal auditing function. Often, IA effectiveness is referred as a "risk-based concept that helps the organization to achieve its objectives by positively influencing the quality of corporate governance" (Lenz, 2013). In a survey conducted by IIA (2010), 77% of the respondents stated that the current role of internal auditor is to informally to provide consulting and advice on risk management practices while 40% stated that IA provides an independent assurance on risk management. The findings support the prior study by Castanheira et al. (2009) in the context of Portugal. The study examined five company-specific factors associated with the adoption of risk-based auditing and its relationship with the role of internal auditing in enterprise risk management. Their findings reveal that 82 percent of entities use a risk-based approach in annual audit planning; while only 31 percent applied it in planning each audit engagement. Similarly, Dejnaronk et al. (2015) in their study found that, the use

Determinants Affecting Internal Audit Effectiveness
Page |12| Emerging Markets Journal of a risk-based audit plan has a high influence to the internal audit function effectiveness in the context of Thailand. IIA Standards state that, a risk-based audit plan comes from the risk management framework, including using risk appetite levels set by management for the different activities or parts of the organization (IIA, 2012). Risk-based audit activities have stronger support for corporate governance stakeholders who are senior management and the board of directors including the audit committee (Sarens et al., 2012). Prior research have documented support to risk-driven approach by IA (e.g. Griffiths, 2006;Pelletier, 2008). Internal auditors perform their own risk assessment based on the objectives of the activity under review (Pelletier, 2008).
It is also argued that, the IA perspective has been changed from traditional focus on the compliance and monitoring against certain standards/regulatory requirements into a new perspective of organization"s performance (Allegrini et al., 2006;Arena & Azzone, 2009). Risk-based planning is viewed as a changed perspective which assists organizations to understand the risks that can hinder them in reaching their objectives (Arena & Azzone, 2009). By understanding their risk profile, companies can define certain controls to manage their risks and ultimately improve their processes and enhance IA effectiveness. In this context, risk-based audit activities have stronger support for corporate governance stakeholders who are senior management and the board of directors including the audit committee (Sarens et al., 2012). Additionally, Cioban (Lucan) et al., (2015) in Romanian context report that an early and accurate identification of the risks influences the internal audit effectiveness.
Internal audit can be a valuable resource for the AC, because disclosures suggest a possible underemphasis of internal audit. Spira (1998) argued that, one benefit of AC establishment is the raising of the status of the internal audit function. The IIA (2004) strongly insists that the Chief Audit Executive (CAE) should report functionally to the AC, which is critical to good corporate governance. Frequent meetings of IA with AC enable the AC to regularly evaluate the IAF"s objectivity and independence of judgement; and monitor and assess the role and effectiveness of the internal audit function. Raghunandan et al. (1998) argue that, the information asymmetry between audit committees and management is more likely to be reduced when there is high-quality interaction between AC and IA. Regular meetings between them make it more likely that the AC remains informed and knowledgeable about relevant accounting and auditing issues. Bishop et al. (2000) give an overview of more specific (theoretical) roles of internal auditors to support the audit committee. Providing information to AC enables AC in its evaluation of whether the company has satisfied its control objectives, monitor the company"s control environment, and providing information that will help the AC to monitor key financial and business risks. Thus frequent meetings enhance the IA effectiveness. Similarly, Arena and Azzone (2009) in Italian context report that it is possible that the structural characteristics of internal audit impact its effective work. The increase in internal audit effectiveness is contributed by the participation of AC in the internal audit tasks. Furthermore, the IA and AC are two different control bodies. The co-operation and frequent meetings between them is important for both parties as it is considered to have an impact on the effectiveness of the IA activities through exchanging of data and information (Alshbiel, 2017;Bednarek, 2018).
The use of technology-based audit techniques has also become an important part of the internal audit function. Big Data and Analytics (BDA) is one of such techniques. Big Data can be explained by five attributes namely as volume, velocity, variety, veracity and value. Volume refers to a large amount of data; velocity to the high speed of data; variety reflect the variety of different data sources; veracity to the integrity of the information; and value means converting data to something useful (Cao et al., 2015;Zhang et al., 2015). IA may determine an appropriate plan to provide coverage of Big Data risks and controls.
Internal auditors may also leverage Big Data solutions in support of their data analytic efforts for audit projects. BDA enables auditors testing complete sets of data, rather than just testing samples (Murphy & Tysiac, 2015). Therefore, Big Data is forming part of the internal (and external) audit process, supporting the identification, management and reporting of risk, as well as the effectiveness of internal controls (Sandwith, 2017). In this context, Bierwirth (2019) states the following: "Data analytics and "big data" have become a game changer for internal auditing, as firms search for opportunities to provide more value to clients and respond to new regulations and increased pressure from stakeholders. Integrating data analytics into the internal audit approach isn't easy, but the investment of time and money will help firms and businesses stay on the cutting edge and remain valuable in a dynamic business environment". Kaya et al. (2018) found that, BDA increases the effectiveness of internal audit. Using analytics in internal control, risk management and fraud detection have many benefits in identifying anomalies. Alles and Gray (2018) also stress the positive effect of implementing BDA in auditing and emphasize that BDA could be a way to increase the likelihood of detecting fraud. Similarly, in a survey by Protiviti (2015) on changing trends in IA and use of advanced analytics, reports that more IA analytics functions appear intent on having access to business data when they need it. Tang et al. (2017) investigate the types of tools internal auditors use, given the large amounts of data available to them for analytic purposes. The findings reveal that Chief Audit Executives (CAEs) value professional certifications and the use of data analytics in the IA function and they employ data analytics at different times and for different purposes. Deloitte (2018) survey of CIA finds that they apply analytics during the fieldwork stage of the audit. In case studies, it is found that data analytics have enabled internal audit to increased sample sizes to 100% in various audits, providing greater levels of assurance. Joshi and Marthandan (2019) make a strong case for the applications of Big Data and Analytics in continuous internal auditing. Last but not the least, Yoon et al., (2015) posit that, Big Data plays an important role in auditing because it complements and accompanies traditional evidence with sufficient, reliable, and relevant information. Use of Big Data decreases auditors' dependency on client data and also provides an Prem Lal Joshi Emerging Markets Journal | P a g e |13 independent benchmark to evaluate internal audit evidence. Thus, it may enhance the effectiveness of IA.

III. Research Methodology
Based on the above description of prior literature, the following hypotheses are proposed:

Figure 1. Model Framework
A proportionate progressive random sampling method was used in the present study. The Nifty500 listed companies was the universe for sample source. Based on 2018 market capitalization for 2018, a total of 252 companies were sent questionnaire or online link. The sample companies represented various industries such as manufacturing, information technology, trading, banking and financial services. The study was conducted during January-April 2020. After working on outliers and excluding incomplete responses, finally 60 responses were analyzed for the results. Questions in the questionnaire were measured using Likert scale of 1 to 5.

IV. Discussion of Results
In the Exploratory Factor Analysis (EFA), the researcher used the Varimax rotation, the Principal Component extraction method to get the factor loading. Results are presented in Table 1.

Table 1: Results of Factor Loading, Kaiser-Meyer-Olkin (KMO) and Reliability Test
The collected data were analysed using factor loading, KPO and reliability test which are presented in Table 1. It is clear that, the questions included in the study to indicate the independent variables meet the required parameters. The reliability of the measures was assessed by Cronbach"s alpha test and the values are greater than 0.70 for all the independent variables "frequent meetings of IA with A", "risk-based planning" and "usage of BDA". On the other hand, it is clear that KMO values are greater than 0.5 with a significant Bartlett"s Test (p < 0.01).
Descriptive statistics i.e., mean and standard deviation for the dependent and independent variables are presented in Table 2. The number of responses (N) is 60.

Determinants Affecting Internal Audit Effectiveness
Page |14| Emerging Markets Journal  We performed Pearson Correlations on the independent and dependent variables and results are shown in Table 3. Results show that, by and large a correlation among independent variables is on lower side. The highest correlation is 0.331 between BDA and riskbased planning as well as guidelines. This also indicates absence of any multicollinearity problems in the study.  Table 4. The sign is positive for all independent variables. It is interesting to note that, three independent variables are explaining the effectiveness of IA. The variables are Big Data and Analytics -BDA (t = 2.016; p < 0.05), Risk-based Plan and Guidelines (t = 3.010; p < 0.001) and frequent meetings of IA with AC (t = 3.018; p < 0.001). All the three independent variables are positively significant in explaining the effectiveness of IA. This means that, all three independent variables have a positive effect on IAE. The F value is very high and significant, which implies that the regression model is significant at 0.01 level. The R square value shows that, 42.8 percent of variations in dependent variable (IAE) can be explained by the independent variables. There is no multicollinearity problem in the data set as the VIF values are low.
Regarding relationships between the dependent and independent variables, two main findings are worth for further analysis. In other words, regression results show very strong support for all the three hypotheses. Risk-based internal auditing allows internal auditor to provide assurance to the Board of Directors that risk management processes are managing risks effectively. Zacchea (2003) suggested that, the risk-based audit plan may be improved by risk management framework. This factor can focus and assists IA to target audits that are highly productive in adding value and maximizing the utilization of scarce resources.
The positive and significant relationship of "frequent meetings of IA with AC" provides an insight that IA function is an important information provider to the AC which may be considered useful for strengthening corporate governance practices. IIA (2004) suggested reporting by the Chief Internal Auditor (CIA) to the AC for discussing on confidential matters and strengthening the corporate governance practices. They may also enable the organization to maintain organizational independence of IA from management. The BDA also turned out to be a positive and significant determinant in our study despite very limited prior evidence. This suggests that, the integration of BDA into the internal audit may help to mitigate compliance and reputational risks. Additionally, it may also lead to better financial reporting and insights to ultimately drive better decisions and actions within an organization to create strategic value (Ernst & Young, 2015). Additionally, IA can use Big Data to help highlight red flags like significant control weaknesses, potential fraud risks, and pick up emerging trends (Sandwith, 2017). Internal auditors may use BDA to develop a good understanding of the audit process that enhances internal audit effectiveness.

V. Conclusions and Recommendations for Future Research
The recent global unprecedented events have brought the corporate sector operations at the global level at standstill. The Corona virus spread and increasing war clouds are impacting economies and corporate sector companies" performance. These events are forcing IA function to re-think in changing their approaches and methodologies for investigating risks and control issues in the organization. This study is especially important becausefirstly, it may convey policy makers some information on the major determinants of IA effectiveness in Indian companies. This should ensure that, the scarce resources are effectively utilized for robust organization performance. Secondly, the findings would add to acute lack of literature on the subject matter in Indian context.
The present study elucidates the factors that will help the IA effectiveness in terms of "frequent meetings of IA with AC", using "Big Data Analytics" and "risk-based planning". Considering these factors by internal auditors in the conduct of their audit of the operational efficiency, control, and risk assessment enable management to review business continuity planning. This contributes to the ability of the IAs to perform an audit approach which improves the Prem Lal Joshi Emerging Markets Journal | P a g e |15 effectiveness of the internal audit. Furthermore, through interactions with AC, IA needs to independently assess the going concern assumption. Asare (2009) opines that, the modern concept of internal auditing can be identified as dealing with the evaluation and improvement of risk management, control and governance processes.
It is to be noted that, this study is considered the first one in Indian context that investigates the determinants of IA effectiveness. It contributes to the Indian internal auditing profession in addition to providing information to important accounting professional bodies in India viz., the Institute of Internal Auditors (India), the Institute of Chartered Accountants of India (ICAI) and the Institute of Cost and Management Accountants of India (ICMAI). The findings and implications of this empirical study may be for non-management level, management level, Chief of IA function, and the board of directors. Needless to state that an understanding of the main determinants affecting the IA effectiveness and the framework may help internal auditors to improve the efficiency, efficacy and effectiveness of IA function. Regulatory body should pay more attention to the issue of maintaining an IA function mandatory. Future research should investigate the effects of COVID-19 on internal audit effectiveness as COVID-19 might have changed the going concern issues of the organizations. New variables such as usage of data analytics, mediation effect of IA and interactive skills on the effectiveness of IA may also be examined. These determinants may also be examined using alternative research methods such as mixed methods and case studies approach in specialized industries.